FIPS Product: YES FIPS Kernel: NO FIPS Mode: NO NSS DB directory: sql:/etc/ipsec.d Initializing NSS Opening NSS database "sql:/etc/ipsec.d" read-only NSS initialized NSS crypto library initialized FIPS HMAC integrity support [enabled] FIPS mode disabled for pluto daemon FIPS HMAC integrity verification self-test FAILED libcap-ng support [enabled] Linux audit support [enabled] Linux audit activated Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:6290 core dump dir: /tmp secrets file: /etc/ipsec.secrets leak-detective enabled NSS crypto [enabled] XAUTH PAM support [enabled] | libevent is using pluto's memory allocator Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) | libevent_malloc: new ptr-libevent@0x5641ad896488 size 40 | libevent_malloc: new ptr-libevent@0x5641ad895cd8 size 40 | libevent_malloc: new ptr-libevent@0x5641ad895dd8 size 40 | creating event base | libevent_malloc: new ptr-libevent@0x5641ad91a2b8 size 56 | libevent_malloc: new ptr-libevent@0x5641ad8be4d8 size 664 | libevent_malloc: new ptr-libevent@0x5641ad91a328 size 24 | libevent_malloc: new ptr-libevent@0x5641ad91a378 size 384 | libevent_malloc: new ptr-libevent@0x5641ad91a278 size 16 | libevent_malloc: new ptr-libevent@0x5641ad895908 size 40 | libevent_malloc: new ptr-libevent@0x5641ad895d38 size 48 | libevent_realloc: new ptr-libevent@0x5641ad8be168 size 256 | libevent_malloc: new ptr-libevent@0x5641ad91a528 size 16 | libevent_free: release ptr-libevent@0x5641ad91a2b8 | libevent initialized | libevent_realloc: new ptr-libevent@0x5641ad91a2b8 size 64 | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds | init_nat_traversal() initialized with keep_alive=0s NAT-Traversal support [enabled] | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized | global one-shot timer EVENT_FREE_ROOT_CERTS initialized | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds | global one-shot timer EVENT_REVIVE_CONNS initialized | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds | encryption algorithm assertion checks | encryption algorithm AES_CCM_16, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 16, IKEv2 id: 16 | IKEv1 ESP ID id: 16 enum name: AES_CCM_C | IKEv2 ID id: 16 enum name: AES_CCM_C | encryption algorithm AES_CCM_12, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 15, IKEv2 id: 15 | IKEv1 ESP ID id: 15 enum name: AES_CCM_B | IKEv2 ID id: 15 enum name: AES_CCM_B | encryption algorithm AES_CCM_8, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 14, IKEv2 id: 14 | IKEv1 ESP ID id: 14 enum name: AES_CCM_A | IKEv2 ID id: 14 enum name: AES_CCM_A | encryption algorithm 3DES_CBC, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: 3, IKEv2 id: 3 | IKEv1 OAKLEY ID id: 5 enum name: 3DES_CBC | IKEv1 ESP ID id: 3 enum name: 3DES | IKEv2 ID id: 3 enum name: 3DES | encryption algorithm CAMELLIA_CTR, IKEv1 OAKLEY id: 24, IKEv1 ESP_INFO id: 24, IKEv2 id: 24 | IKEv1 OAKLEY ID id: 24 enum name: CAMELLIA_CTR | IKEv1 ESP ID id: 24 enum name: CAMELLIA_CTR | IKEv2 ID id: 24 enum name: CAMELLIA_CTR | encryption algorithm CAMELLIA_CBC, IKEv1 OAKLEY id: 8, IKEv1 ESP_INFO id: 22, IKEv2 id: 23 | IKEv1 OAKLEY ID id: 8 enum name: CAMELLIA_CBC | IKEv1 ESP ID id: 22 enum name: CAMELLIA | IKEv2 ID id: 23 enum name: CAMELLIA_CBC | encryption algorithm AES_GCM_16, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 20, IKEv2 id: 20 | IKEv1 ESP ID id: 20 enum name: AES_GCM_C | IKEv2 ID id: 20 enum name: AES_GCM_C | encryption algorithm AES_GCM_12, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 19, IKEv2 id: 19 | IKEv1 ESP ID id: 19 enum name: AES_GCM_B | IKEv2 ID id: 19 enum name: AES_GCM_B | encryption algorithm AES_GCM_8, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 18, IKEv2 id: 18 | IKEv1 ESP ID id: 18 enum name: AES_GCM_A | IKEv2 ID id: 18 enum name: AES_GCM_A | encryption algorithm AES_CTR, IKEv1 OAKLEY id: 13, IKEv1 ESP_INFO id: 13, IKEv2 id: 13 | IKEv1 OAKLEY ID id: 13 enum name: AES_CTR | IKEv1 ESP ID id: 13 enum name: AES_CTR | IKEv2 ID id: 13 enum name: AES_CTR | encryption algorithm AES_CBC, IKEv1 OAKLEY id: 7, IKEv1 ESP_INFO id: 12, IKEv2 id: 12 | IKEv1 OAKLEY ID id: 7 enum name: AES_CBC | IKEv1 ESP ID id: 12 enum name: AES | IKEv2 ID id: 12 enum name: AES_CBC | encryption algorithm SERPENT_CBC, IKEv1 OAKLEY id: 65004, IKEv1 ESP_INFO id: 252, IKEv2 id: 65004 | IKEv1 OAKLEY ID id: 65004 enum name: SERPENT_CBC | IKEv1 ESP ID id: 252 enum name: SERPENT | IKEv2 ID id: 65004 enum name: SERPENT_CBC | encryption algorithm TWOFISH_CBC, IKEv1 OAKLEY id: 65005, IKEv1 ESP_INFO id: 253, IKEv2 id: 65005 | IKEv1 OAKLEY ID id: 65005 enum name: TWOFISH_CBC | IKEv1 ESP ID id: 253 enum name: TWOFISH | IKEv2 ID id: 65005 enum name: TWOFISH_CBC | encryption algorithm TWOFISH_SSH, IKEv1 OAKLEY id: 65289, IKEv1 ESP_INFO id: -1, IKEv2 id: 65289 | IKEv1 OAKLEY ID id: 65289 enum name: TWOFISH_CBC_SSH | IKEv2 ID id: 65289 enum name: TWOFISH_CBC_SSH | encryption algorithm NULL_AUTH_AES_GMAC, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 23, IKEv2 id: 21 | IKEv1 ESP ID id: 23 enum name: NULL_AUTH_AES_GMAC | IKEv2 ID id: 21 enum name: NULL_AUTH_AES_GMAC | encryption algorithm NULL, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 11, IKEv2 id: 11 | IKEv1 ESP ID id: 11 enum name: NULL | IKEv2 ID id: 11 enum name: NULL | encryption algorithm CHACHA20_POLY1305, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: -1, IKEv2 id: 28 | IKEv2 ID id: 28 enum name: CHACHA20_POLY1305 Encryption algorithms: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac NULL IKEv1: ESP IKEv2: ESP [] CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 | hash algorithm assertion checks | hash algorithm MD5, IKEv1 OAKLEY id: 1, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 1 enum name: MD5 | hash algorithm SHA1, IKEv1 OAKLEY id: 2, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 2 enum name: SHA1 | hash algorithm SHA2_256, IKEv1 OAKLEY id: 4, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 4 enum name: SHA2_256 | hash algorithm SHA2_384, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 5 enum name: SHA2_384 | hash algorithm SHA2_512, IKEv1 OAKLEY id: 6, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 6 enum name: SHA2_512 Hash algorithms: MD5 IKEv1: IKE IKEv2: SHA1 IKEv1: IKE IKEv2: FIPS sha SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 | PRF algorithm assertion checks | PRF algorithm HMAC_MD5, IKEv1 OAKLEY id: 1, IKEv1 ESP_INFO id: -1, IKEv2 id: 1 | IKEv1 OAKLEY ID id: 1 enum name: MD5 | IKEv2 ID id: 1 enum name: HMAC_MD5 | PRF algorithm HMAC_SHA1, IKEv1 OAKLEY id: 2, IKEv1 ESP_INFO id: -1, IKEv2 id: 2 | IKEv1 OAKLEY ID id: 2 enum name: SHA1 | IKEv2 ID id: 2 enum name: HMAC_SHA1 | PRF algorithm HMAC_SHA2_256, IKEv1 OAKLEY id: 4, IKEv1 ESP_INFO id: -1, IKEv2 id: 5 | IKEv1 OAKLEY ID id: 4 enum name: SHA2_256 | IKEv2 ID id: 5 enum name: HMAC_SHA2_256 | PRF algorithm HMAC_SHA2_384, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: -1, IKEv2 id: 6 | IKEv1 OAKLEY ID id: 5 enum name: SHA2_384 | IKEv2 ID id: 6 enum name: HMAC_SHA2_384 | PRF algorithm HMAC_SHA2_512, IKEv1 OAKLEY id: 6, IKEv1 ESP_INFO id: -1, IKEv2 id: 7 | IKEv1 OAKLEY ID id: 6 enum name: SHA2_512 | IKEv2 ID id: 7 enum name: HMAC_SHA2_512 | PRF algorithm AES_XCBC, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: -1, IKEv2 id: 4 | IKEv2 ID id: 4 enum name: AES128_XCBC PRF algorithms: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc | integrity algorithm assertion checks | integrity algorithm HMAC_MD5_96, IKEv1 OAKLEY id: 1, IKEv1 ESP_INFO id: 1, IKEv2 id: 1 | IKEv1 OAKLEY ID id: 1 enum name: MD5 | IKEv1 ESP ID id: 1 enum name: HMAC_MD5 | IKEv2 ID id: 1 enum name: HMAC_MD5_96 | integrity algorithm HMAC_SHA1_96, IKEv1 OAKLEY id: 2, IKEv1 ESP_INFO id: 2, IKEv2 id: 2 | IKEv1 OAKLEY ID id: 2 enum name: SHA1 | IKEv1 ESP ID id: 2 enum name: HMAC_SHA1 | IKEv2 ID id: 2 enum name: HMAC_SHA1_96 | integrity algorithm HMAC_SHA2_512_256, IKEv1 OAKLEY id: 6, IKEv1 ESP_INFO id: 7, IKEv2 id: 14 | IKEv1 OAKLEY ID id: 6 enum name: SHA2_512 | IKEv1 ESP ID id: 7 enum name: HMAC_SHA2_512 | IKEv2 ID id: 14 enum name: HMAC_SHA2_512_256 | integrity algorithm HMAC_SHA2_384_192, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: 6, IKEv2 id: 13 | IKEv1 OAKLEY ID id: 5 enum name: SHA2_384 | IKEv1 ESP ID id: 6 enum name: HMAC_SHA2_384 | IKEv2 ID id: 13 enum name: HMAC_SHA2_384_192 | integrity algorithm HMAC_SHA2_256_128, IKEv1 OAKLEY id: 4, IKEv1 ESP_INFO id: 5, IKEv2 id: 12 | IKEv1 OAKLEY ID id: 4 enum name: SHA2_256 | IKEv1 ESP ID id: 5 enum name: HMAC_SHA2_256 | IKEv2 ID id: 12 enum name: HMAC_SHA2_256_128 | integrity algorithm HMAC_SHA2_256_TRUNCBUG, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 252, IKEv2 id: -1 | IKEv1 ESP ID id: 252 enum name: HMAC_SHA2_256_TRUNCBUG | integrity algorithm AES_XCBC_96, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 9, IKEv2 id: 5 | IKEv1 ESP ID id: 9 enum name: AES_XCBC | IKEv2 ID id: 5 enum name: AES_XCBC_96 | integrity algorithm AES_CMAC_96, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 250, IKEv2 id: 8 | IKEv1 ESP ID id: 250 enum name: AES_CMAC_96 | IKEv2 ID id: 8 enum name: AES_CMAC_96 | integrity algorithm NONE, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 0, IKEv2 id: 0 | IKEv1 ESP ID id: 0 enum name: NONE | IKEv2 ID id: 0 enum name: NONE Integrity algorithms: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac NONE IKEv1: ESP IKEv2: IKE ESP FIPS null | DH algorithm assertion checks | DH algorithm NONE, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: -1, IKEv2 id: 0 | IKEv2 ID id: 0 enum name: NONE | DH algorithm MODP1536, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: 5, IKEv2 id: 5 | IKEv1 OAKLEY ID id: 5 enum name: MODP1536 | IKEv1 ESP ID id: 5 enum name: MODP1536 | IKEv2 ID id: 5 enum name: MODP1536 | DH algorithm MODP2048, IKEv1 OAKLEY id: 14, IKEv1 ESP_INFO id: 14, IKEv2 id: 14 | IKEv1 OAKLEY ID id: 14 enum name: MODP2048 | IKEv1 ESP ID id: 14 enum name: MODP2048 | IKEv2 ID id: 14 enum name: MODP2048 | DH algorithm MODP3072, IKEv1 OAKLEY id: 15, IKEv1 ESP_INFO id: 15, IKEv2 id: 15 | IKEv1 OAKLEY ID id: 15 enum name: MODP3072 | IKEv1 ESP ID id: 15 enum name: MODP3072 | IKEv2 ID id: 15 enum name: MODP3072 | DH algorithm MODP4096, IKEv1 OAKLEY id: 16, IKEv1 ESP_INFO id: 16, IKEv2 id: 16 | IKEv1 OAKLEY ID id: 16 enum name: MODP4096 | IKEv1 ESP ID id: 16 enum name: MODP4096 | IKEv2 ID id: 16 enum name: MODP4096 | DH algorithm MODP6144, IKEv1 OAKLEY id: 17, IKEv1 ESP_INFO id: 17, IKEv2 id: 17 | IKEv1 OAKLEY ID id: 17 enum name: MODP6144 | IKEv1 ESP ID id: 17 enum name: MODP6144 | IKEv2 ID id: 17 enum name: MODP6144 | DH algorithm MODP8192, IKEv1 OAKLEY id: 18, IKEv1 ESP_INFO id: 18, IKEv2 id: 18 | IKEv1 OAKLEY ID id: 18 enum name: MODP8192 | IKEv1 ESP ID id: 18 enum name: MODP8192 | IKEv2 ID id: 18 enum name: MODP8192 | DH algorithm DH19, IKEv1 OAKLEY id: 19, IKEv1 ESP_INFO id: -1, IKEv2 id: 19 | IKEv1 OAKLEY ID id: 19 enum name: ECP_256 | IKEv2 ID id: 19 enum name: ECP_256 | DH algorithm DH20, IKEv1 OAKLEY id: 20, IKEv1 ESP_INFO id: -1, IKEv2 id: 20 | IKEv1 OAKLEY ID id: 20 enum name: ECP_384 | IKEv2 ID id: 20 enum name: ECP_384 | DH algorithm DH21, IKEv1 OAKLEY id: 21, IKEv1 ESP_INFO id: -1, IKEv2 id: 21 | IKEv1 OAKLEY ID id: 21 enum name: ECP_521 | IKEv2 ID id: 21 enum name: ECP_521 | DH algorithm DH31, IKEv1 OAKLEY id: 31, IKEv1 ESP_INFO id: -1, IKEv2 id: 31 | IKEv1 OAKLEY ID id: 31 enum name: CURVE25519 | IKEv2 ID id: 31 enum name: CURVE25519 DH algorithms: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 testing CAMELLIA_CBC: Camellia: 16 bytes with 128-bit key | decode_to_chunk: raw_key: input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38d0 | result: symkey-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: CAMELLIA_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38b8 | result: symkey-key@0x5641ad895ec0 (16-bytes, CAMELLIA_CBC) | symkey: release tmp-key@0x5641ad89c080 | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C" | decode_to_chunk: output: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: ciphertext: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C" | decode_to_chunk: output: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C" | decode_to_chunk: output: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c | decode_to_chunk: cipertext: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C" | decode_to_chunk: output: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x5641ad895ec0 | test_ctr_vector: Camellia: 16 bytes with 128-bit key passed Camellia: 16 bytes with 128-bit key | decode_to_chunk: raw_key: input "0x00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF" | decode_to_chunk: output: | 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38d0 | result: symkey-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: CAMELLIA_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38b8 | result: symkey-key@0x5641ad895ec0 (16-bytes, CAMELLIA_CBC) | symkey: release tmp-key@0x5641ad89c080 | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37" | decode_to_chunk: output: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37 | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 " | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 | decode_to_chunk: ciphertext: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37" | decode_to_chunk: output: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37" | decode_to_chunk: output: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37 | decode_to_chunk: cipertext: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37" | decode_to_chunk: output: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37 | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 " | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x5641ad895ec0 | test_ctr_vector: Camellia: 16 bytes with 128-bit key passed Camellia: 16 bytes with 256-bit key | decode_to_chunk: raw_key: input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38d0 | result: symkey-key@0x5641ad89c080 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: CAMELLIA_CBC | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x5641ad89c080 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38b8 | result: symkey-key@0x5641ad895ec0 (32-bytes, CAMELLIA_CBC) | symkey: release tmp-key@0x5641ad89c080 | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D" | decode_to_chunk: output: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: ciphertext: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D" | decode_to_chunk: output: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D" | decode_to_chunk: output: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d | decode_to_chunk: cipertext: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D" | decode_to_chunk: output: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x5641ad895ec0 | test_ctr_vector: Camellia: 16 bytes with 256-bit key passed Camellia: 16 bytes with 256-bit key | decode_to_chunk: raw_key: input "0x00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF FF EE DD CC BB AA 99 88 77 66 55 44 33 22 11 00" | decode_to_chunk: output: | 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff | ff ee dd cc bb aa 99 88 77 66 55 44 33 22 11 00 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38d0 | result: symkey-key@0x5641ad89c080 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: CAMELLIA_CBC | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x5641ad89c080 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38b8 | result: symkey-key@0x5641ad895ec0 (32-bytes, CAMELLIA_CBC) | symkey: release tmp-key@0x5641ad89c080 | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 " | decode_to_chunk: output: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23 | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 | decode_to_chunk: ciphertext: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 " | decode_to_chunk: output: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 " | decode_to_chunk: output: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23 | decode_to_chunk: cipertext: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 " | decode_to_chunk: output: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23 | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x5641ad895ec0 | test_ctr_vector: Camellia: 16 bytes with 256-bit key passed testing AES_GCM_16: empty string | decode_to_chunk: raw_key: input "0xcf063a34d4a9a76c2c86787d3f96db71" | decode_to_chunk: output: | cf 06 3a 34 d4 a9 a7 6c 2c 86 78 7d 3f 96 db 71 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3870 | result: symkey-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_GCM | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3858 | result: symkey-key@0x5641ad895ec0 (16-bytes, AES_GCM) | symkey: release tmp-key@0x5641ad89c080 | decode_to_chunk: salted IV: input "0x113b9785971864c83b01c787" | decode_to_chunk: output: | 11 3b 97 85 97 18 64 c8 3b 01 c7 87 | decode_to_chunk: AAD: input "" | decode_to_chunk: output: | | decode_to_chunk: plaintext: input "" | decode_to_chunk: output: | | decode_to_chunk: ciphertext: input "" | decode_to_chunk: output: | | decode_to_chunk: tag: input "0x72ac8493e3a5228b5d130a69d2510e42" | decode_to_chunk: output: | 72 ac 84 93 e3 a5 22 8b 5d 13 0a 69 d2 51 0e 42 | test_gcm_vector: decrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=0 tag-size=16 | test_gcm_vector: text+tag on call | 72 ac 84 93 e3 a5 22 8b 5d 13 0a 69 d2 51 0e 42 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 72 ac 84 93 e3 a5 22 8b 5d 13 0a 69 d2 51 0e 42 | test_gcm_vector: encrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=0 tag-size=16 | test_gcm_vector: text+tag on call | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 72 ac 84 93 e3 a5 22 8b 5d 13 0a 69 d2 51 0e 42 | test_gcm_vector: release sym_key-key@0x5641ad895ec0 | test_gcm_vector: passed one block | decode_to_chunk: raw_key: input "0xe98b72a9881a84ca6b76e0f43e68647a" | decode_to_chunk: output: | e9 8b 72 a9 88 1a 84 ca 6b 76 e0 f4 3e 68 64 7a | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3870 | result: symkey-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_GCM | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3858 | result: symkey-key@0x5641ad895ec0 (16-bytes, AES_GCM) | symkey: release tmp-key@0x5641ad89c080 | decode_to_chunk: salted IV: input "0x8b23299fde174053f3d652ba" | decode_to_chunk: output: | 8b 23 29 9f de 17 40 53 f3 d6 52 ba | decode_to_chunk: AAD: input "" | decode_to_chunk: output: | | decode_to_chunk: plaintext: input "0x28286a321293253c3e0aa2704a278032" | decode_to_chunk: output: | 28 28 6a 32 12 93 25 3c 3e 0a a2 70 4a 27 80 32 | decode_to_chunk: ciphertext: input "0x5a3c1cf1985dbb8bed818036fdd5ab42" | decode_to_chunk: output: | 5a 3c 1c f1 98 5d bb 8b ed 81 80 36 fd d5 ab 42 | decode_to_chunk: tag: input "0x23c7ab0f952b7091cd324835043b5eb5" | decode_to_chunk: output: | 23 c7 ab 0f 95 2b 70 91 cd 32 48 35 04 3b 5e b5 | test_gcm_vector: decrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=16 tag-size=16 | test_gcm_vector: text+tag on call | 5a 3c 1c f1 98 5d bb 8b ed 81 80 36 fd d5 ab 42 | 23 c7 ab 0f 95 2b 70 91 cd 32 48 35 04 3b 5e b5 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 28 28 6a 32 12 93 25 3c 3e 0a a2 70 4a 27 80 32 | 23 c7 ab 0f 95 2b 70 91 cd 32 48 35 04 3b 5e b5 | test_gcm_vector: encrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=16 tag-size=16 | test_gcm_vector: text+tag on call | 28 28 6a 32 12 93 25 3c 3e 0a a2 70 4a 27 80 32 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 5a 3c 1c f1 98 5d bb 8b ed 81 80 36 fd d5 ab 42 | 23 c7 ab 0f 95 2b 70 91 cd 32 48 35 04 3b 5e b5 | test_gcm_vector: release sym_key-key@0x5641ad895ec0 | test_gcm_vector: passed two blocks | decode_to_chunk: raw_key: input "0xbfd414a6212958a607a0f5d3ab48471d" | decode_to_chunk: output: | bf d4 14 a6 21 29 58 a6 07 a0 f5 d3 ab 48 47 1d | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3870 | result: symkey-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_GCM | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3858 | result: symkey-key@0x5641ad895ec0 (16-bytes, AES_GCM) | symkey: release tmp-key@0x5641ad89c080 | decode_to_chunk: salted IV: input "0x86d8ea0ab8e40dcc481cd0e2" | decode_to_chunk: output: | 86 d8 ea 0a b8 e4 0d cc 48 1c d0 e2 | decode_to_chunk: AAD: input "" | decode_to_chunk: output: | | decode_to_chunk: plaintext: input "0xa6b76a066e63392c9443e60272ceaeb9d25c991b0f2e55e2804e168c05ea591a" | decode_to_chunk: output: | a6 b7 6a 06 6e 63 39 2c 94 43 e6 02 72 ce ae b9 | d2 5c 99 1b 0f 2e 55 e2 80 4e 16 8c 05 ea 59 1a | decode_to_chunk: ciphertext: input "0x62171db33193292d930bf6647347652c1ef33316d7feca99d54f1db4fcf513f8" | decode_to_chunk: output: | 62 17 1d b3 31 93 29 2d 93 0b f6 64 73 47 65 2c | 1e f3 33 16 d7 fe ca 99 d5 4f 1d b4 fc f5 13 f8 | decode_to_chunk: tag: input "0xc28280aa5c6c7a8bd366f28c1cfd1f6e" | decode_to_chunk: output: | c2 82 80 aa 5c 6c 7a 8b d3 66 f2 8c 1c fd 1f 6e | test_gcm_vector: decrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=32 tag-size=16 | test_gcm_vector: text+tag on call | 62 17 1d b3 31 93 29 2d 93 0b f6 64 73 47 65 2c | 1e f3 33 16 d7 fe ca 99 d5 4f 1d b4 fc f5 13 f8 | c2 82 80 aa 5c 6c 7a 8b d3 66 f2 8c 1c fd 1f 6e | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | a6 b7 6a 06 6e 63 39 2c 94 43 e6 02 72 ce ae b9 | d2 5c 99 1b 0f 2e 55 e2 80 4e 16 8c 05 ea 59 1a | c2 82 80 aa 5c 6c 7a 8b d3 66 f2 8c 1c fd 1f 6e | test_gcm_vector: encrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=32 tag-size=16 | test_gcm_vector: text+tag on call | a6 b7 6a 06 6e 63 39 2c 94 43 e6 02 72 ce ae b9 | d2 5c 99 1b 0f 2e 55 e2 80 4e 16 8c 05 ea 59 1a | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 62 17 1d b3 31 93 29 2d 93 0b f6 64 73 47 65 2c | 1e f3 33 16 d7 fe ca 99 d5 4f 1d b4 fc f5 13 f8 | c2 82 80 aa 5c 6c 7a 8b d3 66 f2 8c 1c fd 1f 6e | test_gcm_vector: release sym_key-key@0x5641ad895ec0 | test_gcm_vector: passed two blocks with associated data | decode_to_chunk: raw_key: input "0x006c458100fc5f4d62949d2c833b82d1" | decode_to_chunk: output: | 00 6c 45 81 00 fc 5f 4d 62 94 9d 2c 83 3b 82 d1 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3870 | result: symkey-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_GCM | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3858 | result: symkey-key@0x5641ad895ec0 (16-bytes, AES_GCM) | symkey: release tmp-key@0x5641ad89c080 | decode_to_chunk: salted IV: input "0xa4e9c4bc5725a21ff42c82b2" | decode_to_chunk: output: | a4 e9 c4 bc 57 25 a2 1f f4 2c 82 b2 | decode_to_chunk: AAD: input "0x2efb14fb3657cdd6b9a8ff1a5f5a39b9" | decode_to_chunk: output: | 2e fb 14 fb 36 57 cd d6 b9 a8 ff 1a 5f 5a 39 b9 | decode_to_chunk: plaintext: input "0xf381d3bfbee0a879f7a4e17b623278cedd6978053dd313530a18f1a836100950" | decode_to_chunk: output: | f3 81 d3 bf be e0 a8 79 f7 a4 e1 7b 62 32 78 ce | dd 69 78 05 3d d3 13 53 0a 18 f1 a8 36 10 09 50 | decode_to_chunk: ciphertext: input "0xf39b4db3542d8542fb73fd2d66be568f26d7f814b3f87d1eceac3dd09a8d697e" | decode_to_chunk: output: | f3 9b 4d b3 54 2d 85 42 fb 73 fd 2d 66 be 56 8f | 26 d7 f8 14 b3 f8 7d 1e ce ac 3d d0 9a 8d 69 7e | decode_to_chunk: tag: input "0x39f045cb23b698c925db134d56c5" | decode_to_chunk: output: | 39 f0 45 cb 23 b6 98 c9 25 db 13 4d 56 c5 | test_gcm_vector: decrypt: aad-size=16 salt-size=4 wire-IV-size=8 text-size=32 tag-size=14 | test_gcm_vector: text+tag on call | f3 9b 4d b3 54 2d 85 42 fb 73 fd 2d 66 be 56 8f | 26 d7 f8 14 b3 f8 7d 1e ce ac 3d d0 9a 8d 69 7e | 39 f0 45 cb 23 b6 98 c9 25 db 13 4d 56 c5 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | f3 81 d3 bf be e0 a8 79 f7 a4 e1 7b 62 32 78 ce | dd 69 78 05 3d d3 13 53 0a 18 f1 a8 36 10 09 50 | 39 f0 45 cb 23 b6 98 c9 25 db 13 4d 56 c5 | test_gcm_vector: encrypt: aad-size=16 salt-size=4 wire-IV-size=8 text-size=32 tag-size=14 | test_gcm_vector: text+tag on call | f3 81 d3 bf be e0 a8 79 f7 a4 e1 7b 62 32 78 ce | dd 69 78 05 3d d3 13 53 0a 18 f1 a8 36 10 09 50 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | f3 9b 4d b3 54 2d 85 42 fb 73 fd 2d 66 be 56 8f | 26 d7 f8 14 b3 f8 7d 1e ce ac 3d d0 9a 8d 69 7e | 39 f0 45 cb 23 b6 98 c9 25 db 13 4d 56 c5 | test_gcm_vector: release sym_key-key@0x5641ad895ec0 | test_gcm_vector: passed testing AES_CTR: Encrypting 16 octets using AES-CTR with 128-bit key | decode_to_chunk: raw_key: input "0x AE 68 52 F8 12 10 67 CC 4B F7 A5 76 55 77 F3 9E" | decode_to_chunk: output: | ae 68 52 f8 12 10 67 cc 4b f7 a5 76 55 77 f3 9e | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38d0 | result: symkey-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38b8 | result: symkey-key@0x5641ad895ec0 (16-bytes, AES_CTR) | symkey: release tmp-key@0x5641ad89c080 | decode_to_chunk: input counter-block: : input "0x 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01" | decode_to_chunk: output: | 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: Ciphertext: input "0x E4 09 5D 4F B7 A7 B3 79 2D 61 75 A3 26 13 11 B8" | decode_to_chunk: output: | e4 09 5d 4f b7 a7 b3 79 2d 61 75 a3 26 13 11 b8 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 02" | decode_to_chunk: output: | 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01" | decode_to_chunk: output: | 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x E4 09 5D 4F B7 A7 B3 79 2D 61 75 A3 26 13 11 B8" | decode_to_chunk: output: | e4 09 5d 4f b7 a7 b3 79 2d 61 75 a3 26 13 11 b8 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 02" | decode_to_chunk: output: | 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x5641ad895ec0 | test_ctr_vector: Encrypting 16 octets using AES-CTR with 128-bit key passed Encrypting 32 octets using AES-CTR with 128-bit key | decode_to_chunk: raw_key: input "0x 7E 24 06 78 17 FA E0 D7 43 D6 CE 1F 32 53 91 63" | decode_to_chunk: output: | 7e 24 06 78 17 fa e0 d7 43 d6 ce 1f 32 53 91 63 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38d0 | result: symkey-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38b8 | result: symkey-key@0x5641ad895ec0 (16-bytes, AES_CTR) | symkey: release tmp-key@0x5641ad89c080 | decode_to_chunk: input counter-block: : input "0x 00 6C B6 DB C0 54 3B 59 DA 48 D9 0B 00 00 00 01" | decode_to_chunk: output: | 00 6c b6 db c0 54 3b 59 da 48 d9 0b 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: Ciphertext: input "0x51 04 A1 06 16 8A 72 D9 79 0D 41 EE 8E DA D3 88EB 2E 1E FC 46 DA 57 C8 FC E6 30 DF 91 41 BE 28" | decode_to_chunk: output: | 51 04 a1 06 16 8a 72 d9 79 0d 41 ee 8e da d3 88 | eb 2e 1e fc 46 da 57 c8 fc e6 30 df 91 41 be 28 | decode_to_chunk: expected counter-block: : input "0x 00 6C B6 DB C0 54 3B 59 DA 48 D9 0B 00 00 00 03" | decode_to_chunk: output: | 00 6c b6 db c0 54 3b 59 da 48 d9 0b 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 6C B6 DB C0 54 3B 59 DA 48 D9 0B 00 00 00 01" | decode_to_chunk: output: | 00 6c b6 db c0 54 3b 59 da 48 d9 0b 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x51 04 A1 06 16 8A 72 D9 79 0D 41 EE 8E DA D3 88EB 2E 1E FC 46 DA 57 C8 FC E6 30 DF 91 41 BE 28" | decode_to_chunk: output: | 51 04 a1 06 16 8a 72 d9 79 0d 41 ee 8e da d3 88 | eb 2e 1e fc 46 da 57 c8 fc e6 30 df 91 41 be 28 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: expected counter-block: : input "0x 00 6C B6 DB C0 54 3B 59 DA 48 D9 0B 00 00 00 03" | decode_to_chunk: output: | 00 6c b6 db c0 54 3b 59 da 48 d9 0b 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x5641ad895ec0 | test_ctr_vector: Encrypting 32 octets using AES-CTR with 128-bit key passed Encrypting 36 octets using AES-CTR with 128-bit key | decode_to_chunk: raw_key: input "0x 76 91 BE 03 5E 50 20 A8 AC 6E 61 85 29 F9 A0 DC" | decode_to_chunk: output: | 76 91 be 03 5e 50 20 a8 ac 6e 61 85 29 f9 a0 dc | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38d0 | result: symkey-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38b8 | result: symkey-key@0x5641ad895ec0 (16-bytes, AES_CTR) | symkey: release tmp-key@0x5641ad89c080 | decode_to_chunk: input counter-block: : input "0x 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 01" | decode_to_chunk: output: | 00 e0 01 7b 27 77 7f 3f 4a 17 86 f0 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: Ciphertext: input "0xC1 CF 48 A8 9F 2F FD D9 CF 46 52 E9 EF DB 72 D745 40 A4 2B DE 6D 78 36 D5 9A 5C EA AE F3 10 5325 B2 07 2F" | decode_to_chunk: output: | c1 cf 48 a8 9f 2f fd d9 cf 46 52 e9 ef db 72 d7 | 45 40 a4 2b de 6d 78 36 d5 9a 5c ea ae f3 10 53 | 25 b2 07 2f | decode_to_chunk: expected counter-block: : input "0x 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 04" | decode_to_chunk: output: | 00 e0 01 7b 27 77 7f 3f 4a 17 86 f0 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 01" | decode_to_chunk: output: | 00 e0 01 7b 27 77 7f 3f 4a 17 86 f0 00 00 00 01 | decode_to_chunk: Ciphertext: input "0xC1 CF 48 A8 9F 2F FD D9 CF 46 52 E9 EF DB 72 D745 40 A4 2B DE 6D 78 36 D5 9A 5C EA AE F3 10 5325 B2 07 2F" | decode_to_chunk: output: | c1 cf 48 a8 9f 2f fd d9 cf 46 52 e9 ef db 72 d7 | 45 40 a4 2b de 6d 78 36 d5 9a 5c ea ae f3 10 53 | 25 b2 07 2f | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: expected counter-block: : input "0x 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 04" | decode_to_chunk: output: | 00 e0 01 7b 27 77 7f 3f 4a 17 86 f0 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x5641ad895ec0 | test_ctr_vector: Encrypting 36 octets using AES-CTR with 128-bit key passed Encrypting 16 octets using AES-CTR with 192-bit key | decode_to_chunk: raw_key: input "0x16 AF 5B 14 5F C9 F5 79 C1 75 F9 3E 3B FB 0E ED86 3D 06 CC FD B7 85 15" | decode_to_chunk: output: | 16 af 5b 14 5f c9 f5 79 c1 75 f9 3e 3b fb 0e ed | 86 3d 06 cc fd b7 85 15 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38d0 | result: symkey-key@0x5641ad89c080 (40-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x5641ad89c080 (40-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38b8 | result: symkey-key@0x5641ad895ec0 (24-bytes, AES_CTR) | symkey: release tmp-key@0x5641ad89c080 | decode_to_chunk: input counter-block: : input "0x 00 00 00 48 36 73 3C 14 7D 6D 93 CB 00 00 00 01" | decode_to_chunk: output: | 00 00 00 48 36 73 3c 14 7d 6d 93 cb 00 00 00 01 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: Ciphertext: input "0x 4B 55 38 4F E2 59 C9 C8 4E 79 35 A0 03 CB E9 28" | decode_to_chunk: output: | 4b 55 38 4f e2 59 c9 c8 4e 79 35 a0 03 cb e9 28 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 48 36 73 3C 14 7D 6D 93 CB 00 00 00 02" | decode_to_chunk: output: | 00 00 00 48 36 73 3c 14 7d 6d 93 cb 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 00 00 48 36 73 3C 14 7D 6D 93 CB 00 00 00 01" | decode_to_chunk: output: | 00 00 00 48 36 73 3c 14 7d 6d 93 cb 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x 4B 55 38 4F E2 59 C9 C8 4E 79 35 A0 03 CB E9 28" | decode_to_chunk: output: | 4b 55 38 4f e2 59 c9 c8 4e 79 35 a0 03 cb e9 28 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 48 36 73 3C 14 7D 6D 93 CB 00 00 00 02" | decode_to_chunk: output: | 00 00 00 48 36 73 3c 14 7d 6d 93 cb 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x5641ad895ec0 | test_ctr_vector: Encrypting 16 octets using AES-CTR with 192-bit key passed Encrypting 32 octets using AES-CTR with 192-bit key | decode_to_chunk: raw_key: input "0x7C 5C B2 40 1B 3D C3 3C 19 E7 34 08 19 E0 F6 9C67 8C 3D B8 E6 F6 A9 1A" | decode_to_chunk: output: | 7c 5c b2 40 1b 3d c3 3c 19 e7 34 08 19 e0 f6 9c | 67 8c 3d b8 e6 f6 a9 1a | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38d0 | result: symkey-key@0x5641ad89c080 (40-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x5641ad89c080 (40-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38b8 | result: symkey-key@0x5641ad895ec0 (24-bytes, AES_CTR) | symkey: release tmp-key@0x5641ad89c080 | decode_to_chunk: input counter-block: : input "0x 00 96 B0 3B 02 0C 6E AD C2 CB 50 0D 00 00 00 01" | decode_to_chunk: output: | 00 96 b0 3b 02 0c 6e ad c2 cb 50 0d 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: Ciphertext: input "0x45 32 43 FC 60 9B 23 32 7E DF AA FA 71 31 CD 9F84 90 70 1C 5A D4 A7 9C FC 1F E0 FF 42 F4 FB 00" | decode_to_chunk: output: | 45 32 43 fc 60 9b 23 32 7e df aa fa 71 31 cd 9f | 84 90 70 1c 5a d4 a7 9c fc 1f e0 ff 42 f4 fb 00 | decode_to_chunk: expected counter-block: : input "0x 00 96 B0 3B 02 0C 6E AD C2 CB 50 0D 00 00 00 03" | decode_to_chunk: output: | 00 96 b0 3b 02 0c 6e ad c2 cb 50 0d 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 96 B0 3B 02 0C 6E AD C2 CB 50 0D 00 00 00 01" | decode_to_chunk: output: | 00 96 b0 3b 02 0c 6e ad c2 cb 50 0d 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x45 32 43 FC 60 9B 23 32 7E DF AA FA 71 31 CD 9F84 90 70 1C 5A D4 A7 9C FC 1F E0 FF 42 F4 FB 00" | decode_to_chunk: output: | 45 32 43 fc 60 9b 23 32 7e df aa fa 71 31 cd 9f | 84 90 70 1c 5a d4 a7 9c fc 1f e0 ff 42 f4 fb 00 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: expected counter-block: : input "0x 00 96 B0 3B 02 0C 6E AD C2 CB 50 0D 00 00 00 03" | decode_to_chunk: output: | 00 96 b0 3b 02 0c 6e ad c2 cb 50 0d 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x5641ad895ec0 | test_ctr_vector: Encrypting 32 octets using AES-CTR with 192-bit key passed Encrypting 36 octets using AES-CTR with 192-bit key | decode_to_chunk: raw_key: input "0x02 BF 39 1E E8 EC B1 59 B9 59 61 7B 09 65 27 9BF5 9B 60 A7 86 D3 E0 FE" | decode_to_chunk: output: | 02 bf 39 1e e8 ec b1 59 b9 59 61 7b 09 65 27 9b | f5 9b 60 a7 86 d3 e0 fe | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38d0 | result: symkey-key@0x5641ad89c080 (40-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x5641ad89c080 (40-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38b8 | result: symkey-key@0x5641ad895ec0 (24-bytes, AES_CTR) | symkey: release tmp-key@0x5641ad89c080 | decode_to_chunk: input counter-block: : input "0x 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 01" | decode_to_chunk: output: | 00 07 bd fd 5c bd 60 27 8d cc 09 12 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: Ciphertext: input "0x96 89 3F C5 5E 5C 72 2F 54 0B 7D D1 DD F7 E7 58D2 88 BC 95 C6 91 65 88 45 36 C8 11 66 2F 21 88AB EE 09 35" | decode_to_chunk: output: | 96 89 3f c5 5e 5c 72 2f 54 0b 7d d1 dd f7 e7 58 | d2 88 bc 95 c6 91 65 88 45 36 c8 11 66 2f 21 88 | ab ee 09 35 | decode_to_chunk: expected counter-block: : input "0x 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 04" | decode_to_chunk: output: | 00 07 bd fd 5c bd 60 27 8d cc 09 12 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 01" | decode_to_chunk: output: | 00 07 bd fd 5c bd 60 27 8d cc 09 12 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x96 89 3F C5 5E 5C 72 2F 54 0B 7D D1 DD F7 E7 58D2 88 BC 95 C6 91 65 88 45 36 C8 11 66 2F 21 88AB EE 09 35" | decode_to_chunk: output: | 96 89 3f c5 5e 5c 72 2f 54 0b 7d d1 dd f7 e7 58 | d2 88 bc 95 c6 91 65 88 45 36 c8 11 66 2f 21 88 | ab ee 09 35 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: expected counter-block: : input "0x 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 04" | decode_to_chunk: output: | 00 07 bd fd 5c bd 60 27 8d cc 09 12 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x5641ad895ec0 | test_ctr_vector: Encrypting 36 octets using AES-CTR with 192-bit key passed Encrypting 16 octets using AES-CTR with 256-bit key | decode_to_chunk: raw_key: input "0x77 6B EF F2 85 1D B0 6F 4C 8A 05 42 C8 69 6F 6C6A 81 AF 1E EC 96 B4 D3 7F C1 D6 89 E6 C1 C1 04" | decode_to_chunk: output: | 77 6b ef f2 85 1d b0 6f 4c 8a 05 42 c8 69 6f 6c | 6a 81 af 1e ec 96 b4 d3 7f c1 d6 89 e6 c1 c1 04 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38d0 | result: symkey-key@0x5641ad89c080 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x5641ad89c080 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38b8 | result: symkey-key@0x5641ad895ec0 (32-bytes, AES_CTR) | symkey: release tmp-key@0x5641ad89c080 | decode_to_chunk: input counter-block: : input "0x 00 00 00 60 DB 56 72 C9 7A A8 F0 B2 00 00 00 01" | decode_to_chunk: output: | 00 00 00 60 db 56 72 c9 7a a8 f0 b2 00 00 00 01 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: Ciphertext: input "0x 14 5A D0 1D BF 82 4E C7 56 08 63 DC 71 E3 E0 C0" | decode_to_chunk: output: | 14 5a d0 1d bf 82 4e c7 56 08 63 dc 71 e3 e0 c0 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 60 DB 56 72 C9 7A A8 F0 B2 00 00 00 02" | decode_to_chunk: output: | 00 00 00 60 db 56 72 c9 7a a8 f0 b2 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 00 00 60 DB 56 72 C9 7A A8 F0 B2 00 00 00 01" | decode_to_chunk: output: | 00 00 00 60 db 56 72 c9 7a a8 f0 b2 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x 14 5A D0 1D BF 82 4E C7 56 08 63 DC 71 E3 E0 C0" | decode_to_chunk: output: | 14 5a d0 1d bf 82 4e c7 56 08 63 dc 71 e3 e0 c0 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 60 DB 56 72 C9 7A A8 F0 B2 00 00 00 02" | decode_to_chunk: output: | 00 00 00 60 db 56 72 c9 7a a8 f0 b2 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x5641ad895ec0 | test_ctr_vector: Encrypting 16 octets using AES-CTR with 256-bit key passed Encrypting 32 octets using AES-CTR with 256-bit key | decode_to_chunk: raw_key: input "0xF6 D6 6D 6B D5 2D 59 BB 07 96 36 58 79 EF F8 86C6 6D D5 1A 5B 6A 99 74 4B 50 59 0C 87 A2 38 84" | decode_to_chunk: output: | f6 d6 6d 6b d5 2d 59 bb 07 96 36 58 79 ef f8 86 | c6 6d d5 1a 5b 6a 99 74 4b 50 59 0c 87 a2 38 84 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38d0 | result: symkey-key@0x5641ad89c080 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x5641ad89c080 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38b8 | result: symkey-key@0x5641ad895ec0 (32-bytes, AES_CTR) | symkey: release tmp-key@0x5641ad89c080 | decode_to_chunk: input counter-block: : input "0x 00 FA AC 24 C1 58 5E F1 5A 43 D8 75 00 00 00 01" | decode_to_chunk: output: | 00 fa ac 24 c1 58 5e f1 5a 43 d8 75 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: Ciphertext: input "0xF0 5E 23 1B 38 94 61 2C 49 EE 00 0B 80 4E B2 A9B8 30 6B 50 8F 83 9D 6A 55 30 83 1D 93 44 AF 1C" | decode_to_chunk: output: | f0 5e 23 1b 38 94 61 2c 49 ee 00 0b 80 4e b2 a9 | b8 30 6b 50 8f 83 9d 6a 55 30 83 1d 93 44 af 1c | decode_to_chunk: expected counter-block: : input "0x 00 FA AC 24 C1 58 5E F1 5A 43 D8 75 00 00 00 03" | decode_to_chunk: output: | 00 fa ac 24 c1 58 5e f1 5a 43 d8 75 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 FA AC 24 C1 58 5E F1 5A 43 D8 75 00 00 00 01" | decode_to_chunk: output: | 00 fa ac 24 c1 58 5e f1 5a 43 d8 75 00 00 00 01 | decode_to_chunk: Ciphertext: input "0xF0 5E 23 1B 38 94 61 2C 49 EE 00 0B 80 4E B2 A9B8 30 6B 50 8F 83 9D 6A 55 30 83 1D 93 44 AF 1C" | decode_to_chunk: output: | f0 5e 23 1b 38 94 61 2c 49 ee 00 0b 80 4e b2 a9 | b8 30 6b 50 8f 83 9d 6a 55 30 83 1d 93 44 af 1c | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: expected counter-block: : input "0x 00 FA AC 24 C1 58 5E F1 5A 43 D8 75 00 00 00 03" | decode_to_chunk: output: | 00 fa ac 24 c1 58 5e f1 5a 43 d8 75 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x5641ad895ec0 | test_ctr_vector: Encrypting 32 octets using AES-CTR with 256-bit key passed Encrypting 36 octets using AES-CTR with 256-bit key | decode_to_chunk: raw_key: input "0xFF 7A 61 7C E6 91 48 E4 F1 72 6E 2F 43 58 1D E2AA 62 D9 F8 05 53 2E DF F1 EE D6 87 FB 54 15 3D" | decode_to_chunk: output: | ff 7a 61 7c e6 91 48 e4 f1 72 6e 2f 43 58 1d e2 | aa 62 d9 f8 05 53 2e df f1 ee d6 87 fb 54 15 3d | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38d0 | result: symkey-key@0x5641ad89c080 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x5641ad89c080 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38b8 | result: symkey-key@0x5641ad895ec0 (32-bytes, AES_CTR) | symkey: release tmp-key@0x5641ad89c080 | decode_to_chunk: input counter-block: : input "0x 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 01" | decode_to_chunk: output: | 00 1c c5 b7 51 a5 1d 70 a1 c1 11 48 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: Ciphertext: input "0xEB 6C 52 82 1D 0B BB F7 CE 75 94 46 2A CA 4F AAB4 07 DF 86 65 69 FD 07 F4 8C C0 B5 83 D6 07 1F1E C0 E6 B8" | decode_to_chunk: output: | eb 6c 52 82 1d 0b bb f7 ce 75 94 46 2a ca 4f aa | b4 07 df 86 65 69 fd 07 f4 8c c0 b5 83 d6 07 1f | 1e c0 e6 b8 | decode_to_chunk: expected counter-block: : input "0x 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 04" | decode_to_chunk: output: | 00 1c c5 b7 51 a5 1d 70 a1 c1 11 48 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 01" | decode_to_chunk: output: | 00 1c c5 b7 51 a5 1d 70 a1 c1 11 48 00 00 00 01 | decode_to_chunk: Ciphertext: input "0xEB 6C 52 82 1D 0B BB F7 CE 75 94 46 2A CA 4F AAB4 07 DF 86 65 69 FD 07 F4 8C C0 B5 83 D6 07 1F1E C0 E6 B8" | decode_to_chunk: output: | eb 6c 52 82 1d 0b bb f7 ce 75 94 46 2a ca 4f aa | b4 07 df 86 65 69 fd 07 f4 8c c0 b5 83 d6 07 1f | 1e c0 e6 b8 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: expected counter-block: : input "0x 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 04" | decode_to_chunk: output: | 00 1c c5 b7 51 a5 1d 70 a1 c1 11 48 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x5641ad895ec0 | test_ctr_vector: Encrypting 36 octets using AES-CTR with 256-bit key passed testing AES_CBC: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key | decode_to_chunk: raw_key: input "0x06a9214036b8a15b512e03d534120006" | decode_to_chunk: output: | 06 a9 21 40 36 b8 a1 5b 51 2e 03 d5 34 12 00 06 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38d0 | result: symkey-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38b8 | result: symkey-key@0x5641ad895ec0 (16-bytes, AES_CBC) | symkey: release tmp-key@0x5641ad89c080 | decode_to_chunk: IV: : input "0x3dafba429d9eb430b422da802c9fac41" | decode_to_chunk: output: | 3d af ba 42 9d 9e b4 30 b4 22 da 80 2c 9f ac 41 | decode_to_chunk: new IV: : input "0xe353779c1079aeb82708942dbe77181a" | decode_to_chunk: output: | e3 53 77 9c 10 79 ae b8 27 08 94 2d be 77 18 1a | decode_to_chunk: plaintext: : input "Single block msg" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: ciphertext: : input "0xe353779c1079aeb82708942dbe77181a" | decode_to_chunk: output: | e3 53 77 9c 10 79 ae b8 27 08 94 2d be 77 18 1a | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x3dafba429d9eb430b422da802c9fac41" | decode_to_chunk: output: | 3d af ba 42 9d 9e b4 30 b4 22 da 80 2c 9f ac 41 | decode_to_chunk: new IV: : input "0xe353779c1079aeb82708942dbe77181a" | decode_to_chunk: output: | e3 53 77 9c 10 79 ae b8 27 08 94 2d be 77 18 1a | decode_to_chunk: cipertext: : input "0xe353779c1079aeb82708942dbe77181a" | decode_to_chunk: output: | e3 53 77 9c 10 79 ae b8 27 08 94 2d be 77 18 1a | decode_to_chunk: plaintext: : input "Single block msg" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x5641ad895ec0 | test_ctr_vector: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key passed Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key | decode_to_chunk: raw_key: input "0xc286696d887c9aa0611bbb3e2025a45a" | decode_to_chunk: output: | c2 86 69 6d 88 7c 9a a0 61 1b bb 3e 20 25 a4 5a | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38d0 | result: symkey-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38b8 | result: symkey-key@0x5641ad895ec0 (16-bytes, AES_CBC) | symkey: release tmp-key@0x5641ad89c080 | decode_to_chunk: IV: : input "0x562e17996d093d28ddb3ba695a2e6f58" | decode_to_chunk: output: | 56 2e 17 99 6d 09 3d 28 dd b3 ba 69 5a 2e 6f 58 | decode_to_chunk: new IV: : input "0xd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1" | decode_to_chunk: output: | d2 96 cd 94 c2 cc cf 8a 3a 86 30 28 b5 e1 dc 0a | 75 86 60 2d 25 3c ff f9 1b 82 66 be a6 d6 1a b1 | decode_to_chunk: plaintext: : input "0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: ciphertext: : input "0xd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1" | decode_to_chunk: output: | d2 96 cd 94 c2 cc cf 8a 3a 86 30 28 b5 e1 dc 0a | 75 86 60 2d 25 3c ff f9 1b 82 66 be a6 d6 1a b1 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x562e17996d093d28ddb3ba695a2e6f58" | decode_to_chunk: output: | 56 2e 17 99 6d 09 3d 28 dd b3 ba 69 5a 2e 6f 58 | decode_to_chunk: new IV: : input "0xd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1" | decode_to_chunk: output: | d2 96 cd 94 c2 cc cf 8a 3a 86 30 28 b5 e1 dc 0a | 75 86 60 2d 25 3c ff f9 1b 82 66 be a6 d6 1a b1 | decode_to_chunk: cipertext: : input "0xd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1" | decode_to_chunk: output: | d2 96 cd 94 c2 cc cf 8a 3a 86 30 28 b5 e1 dc 0a | 75 86 60 2d 25 3c ff f9 1b 82 66 be a6 d6 1a b1 | decode_to_chunk: plaintext: : input "0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x5641ad895ec0 | test_ctr_vector: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key passed Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key | decode_to_chunk: raw_key: input "0x6c3ea0477630ce21a2ce334aa746c2cd" | decode_to_chunk: output: | 6c 3e a0 47 76 30 ce 21 a2 ce 33 4a a7 46 c2 cd | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38d0 | result: symkey-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38b8 | result: symkey-key@0x5641ad895ec0 (16-bytes, AES_CBC) | symkey: release tmp-key@0x5641ad89c080 | decode_to_chunk: IV: : input "0xc782dc4c098c66cbd9cd27d825682c81" | decode_to_chunk: output: | c7 82 dc 4c 09 8c 66 cb d9 cd 27 d8 25 68 2c 81 | decode_to_chunk: new IV: : input "0xd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684" | decode_to_chunk: output: | d0 a0 2b 38 36 45 17 53 d4 93 66 5d 33 f0 e8 86 | 2d ea 54 cd b2 93 ab c7 50 69 39 27 67 72 f8 d5 | 02 1c 19 21 6b ad 52 5c 85 79 69 5d 83 ba 26 84 | decode_to_chunk: plaintext: : input "This is a 48-byte message (exactly 3 AES blocks)" | decode_to_chunk: output: | 54 68 69 73 20 69 73 20 61 20 34 38 2d 62 79 74 | 65 20 6d 65 73 73 61 67 65 20 28 65 78 61 63 74 | 6c 79 20 33 20 41 45 53 20 62 6c 6f 63 6b 73 29 | decode_to_chunk: ciphertext: : input "0xd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684" | decode_to_chunk: output: | d0 a0 2b 38 36 45 17 53 d4 93 66 5d 33 f0 e8 86 | 2d ea 54 cd b2 93 ab c7 50 69 39 27 67 72 f8 d5 | 02 1c 19 21 6b ad 52 5c 85 79 69 5d 83 ba 26 84 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0xc782dc4c098c66cbd9cd27d825682c81" | decode_to_chunk: output: | c7 82 dc 4c 09 8c 66 cb d9 cd 27 d8 25 68 2c 81 | decode_to_chunk: new IV: : input "0xd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684" | decode_to_chunk: output: | d0 a0 2b 38 36 45 17 53 d4 93 66 5d 33 f0 e8 86 | 2d ea 54 cd b2 93 ab c7 50 69 39 27 67 72 f8 d5 | 02 1c 19 21 6b ad 52 5c 85 79 69 5d 83 ba 26 84 | decode_to_chunk: cipertext: : input "0xd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684" | decode_to_chunk: output: | d0 a0 2b 38 36 45 17 53 d4 93 66 5d 33 f0 e8 86 | 2d ea 54 cd b2 93 ab c7 50 69 39 27 67 72 f8 d5 | 02 1c 19 21 6b ad 52 5c 85 79 69 5d 83 ba 26 84 | decode_to_chunk: plaintext: : input "This is a 48-byte message (exactly 3 AES blocks)" | decode_to_chunk: output: | 54 68 69 73 20 69 73 20 61 20 34 38 2d 62 79 74 | 65 20 6d 65 73 73 61 67 65 20 28 65 78 61 63 74 | 6c 79 20 33 20 41 45 53 20 62 6c 6f 63 6b 73 29 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x5641ad895ec0 | test_ctr_vector: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key passed Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key | decode_to_chunk: raw_key: input "0x56e47a38c5598974bc46903dba290349" | decode_to_chunk: output: | 56 e4 7a 38 c5 59 89 74 bc 46 90 3d ba 29 03 49 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38d0 | result: symkey-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38b8 | result: symkey-key@0x5641ad895ec0 (16-bytes, AES_CBC) | symkey: release tmp-key@0x5641ad89c080 | decode_to_chunk: IV: : input "0x8ce82eefbea0da3c44699ed7db51b7d9" | decode_to_chunk: output: | 8c e8 2e ef be a0 da 3c 44 69 9e d7 db 51 b7 d9 | decode_to_chunk: new IV: : input "0xc30e32ffedc0774e6aff6af0869f71aa0f3af07a9a31a9c684db207eb0ef8e4e35907aa632c3ffdf868bb7b29d3d46ad83ce9f9a102ee99d49a53e87f4c3da55" | decode_to_chunk: output: | c3 0e 32 ff ed c0 77 4e 6a ff 6a f0 86 9f 71 aa | 0f 3a f0 7a 9a 31 a9 c6 84 db 20 7e b0 ef 8e 4e | 35 90 7a a6 32 c3 ff df 86 8b b7 b2 9d 3d 46 ad | 83 ce 9f 9a 10 2e e9 9d 49 a5 3e 87 f4 c3 da 55 | decode_to_chunk: plaintext: : input "0xa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedf" | decode_to_chunk: output: | a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 aa ab ac ad ae af | b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf | c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf | d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df | decode_to_chunk: ciphertext: : input "0xc30e32ffedc0774e6aff6af0869f71aa0f3af07a9a31a9c684db207eb0ef8e4e35907aa632c3ffdf868bb7b29d3d46ad83ce9f9a102ee99d49a53e87f4c3da55" | decode_to_chunk: output: | c3 0e 32 ff ed c0 77 4e 6a ff 6a f0 86 9f 71 aa | 0f 3a f0 7a 9a 31 a9 c6 84 db 20 7e b0 ef 8e 4e | 35 90 7a a6 32 c3 ff df 86 8b b7 b2 9d 3d 46 ad | 83 ce 9f 9a 10 2e e9 9d 49 a5 3e 87 f4 c3 da 55 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x8ce82eefbea0da3c44699ed7db51b7d9" | decode_to_chunk: output: | 8c e8 2e ef be a0 da 3c 44 69 9e d7 db 51 b7 d9 | decode_to_chunk: new IV: : input "0xc30e32ffedc0774e6aff6af0869f71aa0f3af07a9a31a9c684db207eb0ef8e4e35907aa632c3ffdf868bb7b29d3d46ad83ce9f9a102ee99d49a53e87f4c3da55" | decode_to_chunk: output: | c3 0e 32 ff ed c0 77 4e 6a ff 6a f0 86 9f 71 aa | 0f 3a f0 7a 9a 31 a9 c6 84 db 20 7e b0 ef 8e 4e | 35 90 7a a6 32 c3 ff df 86 8b b7 b2 9d 3d 46 ad | 83 ce 9f 9a 10 2e e9 9d 49 a5 3e 87 f4 c3 da 55 | decode_to_chunk: cipertext: : input "0xc30e32ffedc0774e6aff6af0869f71aa0f3af07a9a31a9c684db207eb0ef8e4e35907aa632c3ffdf868bb7b29d3d46ad83ce9f9a102ee99d49a53e87f4c3da55" | decode_to_chunk: output: | c3 0e 32 ff ed c0 77 4e 6a ff 6a f0 86 9f 71 aa | 0f 3a f0 7a 9a 31 a9 c6 84 db 20 7e b0 ef 8e 4e | 35 90 7a a6 32 c3 ff df 86 8b b7 b2 9d 3d 46 ad | 83 ce 9f 9a 10 2e e9 9d 49 a5 3e 87 f4 c3 da 55 | decode_to_chunk: plaintext: : input "0xa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedf" | decode_to_chunk: output: | a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 aa ab ac ad ae af | b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf | c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf | d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x5641ad895ec0 | test_ctr_vector: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key passed testing AES_XCBC: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "" | decode_to_chunk: output: | | decode_to_chunk: test_prf_vector: input "0x75f0251d528ac01c4573dfd584d79f29" | decode_to_chunk: output: | 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | PRF chunk interface PRF aes_xcbc init key-chunk@0x5641ad91ef88 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3850 | result: key-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3838 | result: key-key@0x5641ad895ec0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x5641ad89c080 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad895ec0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3818 | result: key-key@0x5641ad89c080 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x5641ad895ec0 | PRF chunk interface PRF aes_xcbc crypt-prf@0x5641ad91a568 | PRF chunk interface PRF aes_xcbc update message-bytes@0x5641ad91f038 (length 0) | | XCBC: data | K extracting all 16 bytes of key@0x5641ad89c080 | K: symkey-key@0x5641ad89c080 (16-bytes, AES_ECB) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5641ad91fd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)-1398836336: 6e 3a a2 4e d5 20 0d 2a c7 2c 71 c7 b2 c9 9a 38 | K: release slot-key-key@0x5641ad91fd40 | K extracted len 16 bytes at 0x5641ad91f938 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b37b0 | result: k1-key@0x5641ad91ff20 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad91ff20 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3798 | result: k1-key@0x5641ad895ec0 (16-bytes, AES_ECB) | k1: release tmp-key@0x5641ad91ff20 | Computing E[0] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] | XCBC: M[n] | XCBC: M[n]:80...^E[n-1]^K3 | 41 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: MAC 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | xcbc: release k1-key@0x5641ad895ec0 | PRF chunk interface: release key-key@0x5641ad89c080 | PRF chunk interface PRF aes_xcbc final-chunk@0x5641ad91f648 (length 16) | 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | chunk output 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | verify_chunk_data: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: ok | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38c0 | result: key symkey-key@0x5641ad895ec0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad895ec0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38a8 | result: key symkey-key@0x5641ad89c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x5641ad895ec0 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x5641ad89c080 (size 16) | PRF symkey interface: key symkey-key@0x5641ad89c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad89c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3848 | result: key symkey-key@0x5641ad895ec0 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x5641ad91a568 | PRF symkey interface PRF aes_xcbc update symkey message-key@(nil) (size 0) | PRF symkey interface: symkey message-key@NULL | symkey message NULL key has no bytes | XCBC: data | K extracting all 16 bytes of key@0x5641ad895ec0 | K: symkey-key@0x5641ad895ec0 (16-bytes, AES_ECB) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5641ad91fd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1023: 6e 3a a2 4e d5 20 0d 2a c7 2c 71 c7 b2 c9 9a 38 | K: release slot-key-key@0x5641ad91fd40 | K extracted len 16 bytes at 0x5641ad91ef48 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b37d0 | result: k1-key@0x5641ad9217a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad9217a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b37b8 | result: k1-key@0x5641ad91ff20 (16-bytes, AES_ECB) | k1: release tmp-key@0x5641ad9217a0 | Computing E[0] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] | XCBC: M[n] | XCBC: M[n]:80...^E[n-1]^K3 | 41 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: MAC 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | xcbc: release k1-key@0x5641ad91ff20 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3860 | result: xcbc-key@0x5641ad9217a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad9217a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3848 | result: xcbc-key@0x5641ad91ff20 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x5641ad9217a0 | PRF symkey interface: release key-key@0x5641ad895ec0 | PRF symkey interface PRF aes_xcbc final-key@0x5641ad91ff20 (size 16) | PRF symkey interface: key-key@0x5641ad91ff20 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x5641ad91ff20 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input extracting all 16 bytes of key@0x5641ad91ff20 | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: symkey-key@0x5641ad91ff20 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: new slot-key@0x5641ad91fd40 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)-1398952086: 60 f1 66 01 da 00 b5 78 d6 7b e2 28 92 63 0e af | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: release slot-key-key@0x5641ad91fd40 | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input extracted len 16 bytes at 0x5641ad91f608 | unwrapped: 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | verify_chunk_data: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: ok | test_prf_vector: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input passed | test_prf_vector: release symkey-key@0x5641ad91ff20 | test_prf_vector: release message-key@NULL | test_prf_vector: release key-key@0x5641ad89c080 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102" | decode_to_chunk: output: | 00 01 02 | decode_to_chunk: test_prf_vector: input "0x5b376580ae2f19afe7219ceef172756f" | decode_to_chunk: output: | 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | PRF chunk interface PRF aes_xcbc init key-chunk@0x5641ad91f038 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3850 | result: key-key@0x5641ad91ff20 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad91ff20 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3838 | result: key-key@0x5641ad89c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x5641ad91ff20 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad89c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3818 | result: key-key@0x5641ad91ff20 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x5641ad89c080 | PRF chunk interface PRF aes_xcbc crypt-prf@0x5641ad91a568 | PRF chunk interface PRF aes_xcbc update message-bytes@0x5641ad91f608 (length 3) | 00 01 02 | XCBC: data 00 01 02 | K extracting all 16 bytes of key@0x5641ad91ff20 | K: symkey-key@0x5641ad91ff20 (16-bytes, AES_ECB) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5641ad91fd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)-1398836336: 6e 3a a2 4e d5 20 0d 2a c7 2c 71 c7 b2 c9 9a 38 | K: release slot-key-key@0x5641ad91fd40 | K extracted len 16 bytes at 0x5641ad91fa58 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b37b0 | result: k1-key@0x5641ad895ec0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad895ec0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3798 | result: k1-key@0x5641ad89c080 (16-bytes, AES_ECB) | k1: release tmp-key@0x5641ad895ec0 | Computing E[1] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 01 02 | XCBC: M[n] 00 01 02 | XCBC: M[n]:80...^E[n-1]^K3 | c1 a6 a9 21 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: MAC 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | xcbc: release k1-key@0x5641ad89c080 | PRF chunk interface: release key-key@0x5641ad91ff20 | PRF chunk interface PRF aes_xcbc final-chunk@0x5641ad91faf8 (length 16) | 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | chunk output 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | verify_chunk_data: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: ok | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38c0 | result: key symkey-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38a8 | result: key symkey-key@0x5641ad91ff20 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x5641ad89c080 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x5641ad91ff20 (size 16) | PRF symkey interface: key symkey-key@0x5641ad91ff20 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad91ff20 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3848 | result: key symkey-key@0x5641ad89c080 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x5641ad91a568 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38c0 | result: message symkey-key@0x5641ad9217a0 (19-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 3 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 3-bytes | base: base-key@0x5641ad9217a0 (19-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38a8 | result: message symkey-key@0x5641ad895ec0 (3-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x5641ad9217a0 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x5641ad895ec0 (size 3) | PRF symkey interface: symkey message-key@0x5641ad895ec0 (3-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 3 bytes of key@0x5641ad895ec0 | symkey message: symkey-key@0x5641ad895ec0 (3-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x5641ad91fd40 (3-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)-1398952032: ac 8c 20 1a dd d6 0b 6a 78 08 95 15 08 66 17 86 | symkey message: release slot-key-key@0x5641ad91fd40 | symkey message extracted len 16 bytes at 0x5641ad91ef48 | unwrapped: 00 01 02 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 | K extracting all 16 bytes of key@0x5641ad89c080 | K: symkey-key@0x5641ad89c080 (16-bytes, AES_ECB) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5641ad91fd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 6e 3a a2 4e d5 20 0d 2a c7 2c 71 c7 b2 c9 9a 38 | K: release slot-key-key@0x5641ad91fd40 | K extracted len 16 bytes at 0x5641ad91f938 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b37d0 | result: k1-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b37b8 | result: k1-key@0x5641ad9217a0 (16-bytes, AES_ECB) | k1: release tmp-key@0x5641ad923020 | Computing E[1] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 01 02 | XCBC: M[n] 00 01 02 | XCBC: M[n]:80...^E[n-1]^K3 | c1 a6 a9 21 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: MAC 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | xcbc: release k1-key@0x5641ad9217a0 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3860 | result: xcbc-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3848 | result: xcbc-key@0x5641ad9217a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x5641ad923020 | PRF symkey interface: release key-key@0x5641ad89c080 | PRF symkey interface PRF aes_xcbc final-key@0x5641ad9217a0 (size 16) | PRF symkey interface: key-key@0x5641ad9217a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x5641ad9217a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input extracting all 16 bytes of key@0x5641ad9217a0 | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: symkey-key@0x5641ad9217a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: new slot-key@0x5641ad91fd40 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)-1398952086: ce 9e b8 98 82 11 73 7f 3e 3b cd d0 33 65 75 ac | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: release slot-key-key@0x5641ad91fd40 | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input extracted len 16 bytes at 0x5641ad91ef48 | unwrapped: 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | verify_chunk_data: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: ok | test_prf_vector: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input passed | test_prf_vector: release symkey-key@0x5641ad9217a0 | test_prf_vector: release message-key@0x5641ad895ec0 | test_prf_vector: release key-key@0x5641ad91ff20 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0xd2a246fa349b68a79998a4394ff7a263" | decode_to_chunk: output: | d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | PRF chunk interface PRF aes_xcbc init key-chunk@0x5641ad91f608 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3850 | result: key-key@0x5641ad895ec0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad895ec0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3838 | result: key-key@0x5641ad91ff20 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x5641ad895ec0 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad91ff20 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3818 | result: key-key@0x5641ad895ec0 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x5641ad91ff20 | PRF chunk interface PRF aes_xcbc crypt-prf@0x5641ad91a568 | PRF chunk interface PRF aes_xcbc update message-bytes@0x5641ad91ef48 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | K extracting all 16 bytes of key@0x5641ad895ec0 | K: symkey-key@0x5641ad895ec0 (16-bytes, AES_ECB) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5641ad91fd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: 6e 3a a2 4e d5 20 0d 2a c7 2c 71 c7 b2 c9 9a 38 | K: release slot-key-key@0x5641ad91fd40 | K extracted len 16 bytes at 0x5641ad91f078 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b37b0 | result: k1-key@0x5641ad9217a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad9217a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3798 | result: k1-key@0x5641ad91ff20 (16-bytes, AES_ECB) | k1: release tmp-key@0x5641ad9217a0 | XCBC: Computing E[1] using K2 | XCBC: K2 bd 86 2f fb 97 ad 2f b8 f8 b8 91 f6 03 2f 36 cb | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: M[n]^E[n-1]^K2 | bd 87 2d f8 93 a8 29 bf f0 b1 9b fd 0f 22 38 c4 | XCBC: MAC d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | xcbc: release k1-key@0x5641ad91ff20 | PRF chunk interface: release key-key@0x5641ad895ec0 | PRF chunk interface PRF aes_xcbc final-chunk@0x5641ad91ef88 (length 16) | d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | chunk output d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | verify_chunk_data: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: ok | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38c0 | result: key symkey-key@0x5641ad91ff20 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad91ff20 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38a8 | result: key symkey-key@0x5641ad895ec0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x5641ad91ff20 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x5641ad895ec0 (size 16) | PRF symkey interface: key symkey-key@0x5641ad895ec0 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad895ec0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3848 | result: key symkey-key@0x5641ad91ff20 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x5641ad91a568 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38c0 | result: message symkey-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38a8 | result: message symkey-key@0x5641ad9217a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x5641ad89c080 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x5641ad9217a0 (size 16) | PRF symkey interface: symkey message-key@0x5641ad9217a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 16 bytes of key@0x5641ad9217a0 | symkey message: symkey-key@0x5641ad9217a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x5641ad91fd40 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)-1398952032: 6e 3a a2 4e d5 20 0d 2a c7 2c 71 c7 b2 c9 9a 38 | symkey message: release slot-key-key@0x5641ad91fd40 | symkey message extracted len 16 bytes at 0x5641ad91f938 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | K extracting all 16 bytes of key@0x5641ad91ff20 | K: symkey-key@0x5641ad91ff20 (16-bytes, AES_ECB) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5641ad91fd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 6e 3a a2 4e d5 20 0d 2a c7 2c 71 c7 b2 c9 9a 38 | K: release slot-key-key@0x5641ad91fd40 | K extracted len 16 bytes at 0x5641ad91fa58 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b37d0 | result: k1-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b37b8 | result: k1-key@0x5641ad89c080 (16-bytes, AES_ECB) | k1: release tmp-key@0x5641ad923020 | XCBC: Computing E[1] using K2 | XCBC: K2 bd 86 2f fb 97 ad 2f b8 f8 b8 91 f6 03 2f 36 cb | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: M[n]^E[n-1]^K2 | bd 87 2d f8 93 a8 29 bf f0 b1 9b fd 0f 22 38 c4 | XCBC: MAC d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | xcbc: release k1-key@0x5641ad89c080 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3860 | result: xcbc-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3848 | result: xcbc-key@0x5641ad89c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x5641ad923020 | PRF symkey interface: release key-key@0x5641ad91ff20 | PRF symkey interface PRF aes_xcbc final-key@0x5641ad89c080 (size 16) | PRF symkey interface: key-key@0x5641ad89c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x5641ad89c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input extracting all 16 bytes of key@0x5641ad89c080 | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: symkey-key@0x5641ad89c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: new slot-key@0x5641ad91fd40 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)-1398952086: 2f 0b dc 26 83 90 50 c7 6f 2a d7 2d c3 2d b5 23 | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: release slot-key-key@0x5641ad91fd40 | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input extracted len 16 bytes at 0x5641ad91f938 | unwrapped: d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | verify_chunk_data: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: ok | test_prf_vector: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input passed | test_prf_vector: release symkey-key@0x5641ad89c080 | test_prf_vector: release message-key@0x5641ad9217a0 | test_prf_vector: release key-key@0x5641ad895ec0 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f10111213" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | decode_to_chunk: test_prf_vector: input "0x47f51b4564966215b8985c63055ed308" | decode_to_chunk: output: | 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | PRF chunk interface PRF aes_xcbc init key-chunk@0x5641ad91ef48 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3850 | result: key-key@0x5641ad9217a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad9217a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3838 | result: key-key@0x5641ad895ec0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x5641ad9217a0 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad895ec0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3818 | result: key-key@0x5641ad9217a0 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x5641ad895ec0 | PRF chunk interface PRF aes_xcbc crypt-prf@0x5641ad91ed48 | PRF chunk interface PRF aes_xcbc update message-bytes@0x5641ad91a568 (length 20) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x5641ad9217a0 | K: symkey-key@0x5641ad9217a0 (16-bytes, AES_ECB) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5641ad91fd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: 6e 3a a2 4e d5 20 0d 2a c7 2c 71 c7 b2 c9 9a 38 | K: release slot-key-key@0x5641ad91fd40 | K extracted len 16 bytes at 0x5641ad91f038 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b37b0 | result: k1-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3798 | result: k1-key@0x5641ad895ec0 (16-bytes, AES_ECB) | k1: release tmp-key@0x5641ad89c080 | Computing E[2] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | cc b2 f1 48 ed 77 08 69 0d be 33 56 c1 6e ed dd | XCBC: MAC 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | xcbc: release k1-key@0x5641ad895ec0 | PRF chunk interface: release key-key@0x5641ad9217a0 | PRF chunk interface PRF aes_xcbc final-chunk@0x5641ad91ef88 (length 16) | 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | chunk output 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | verify_chunk_data: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: ok | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38c0 | result: key symkey-key@0x5641ad895ec0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad895ec0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38a8 | result: key symkey-key@0x5641ad9217a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x5641ad895ec0 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x5641ad9217a0 (size 16) | PRF symkey interface: key symkey-key@0x5641ad9217a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad9217a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3848 | result: key symkey-key@0x5641ad895ec0 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x5641ad91ed48 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38c0 | result: message symkey-key@0x5641ad91ff20 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad91ff20 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38a8 | result: message symkey-key@0x5641ad89c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x5641ad91ff20 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x5641ad89c080 (size 20) | PRF symkey interface: symkey message-key@0x5641ad89c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 20 bytes of key@0x5641ad89c080 | symkey message: symkey-key@0x5641ad89c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398952032: 6e 3a a2 4e d5 20 0d 2a c7 2c 71 c7 b2 c9 9a 38 dc 13 29 4a bf bf b5 07 13 03 d1 34 aa a8 11 7d | symkey message: release slot-key-key@0x5641ad91fd40 | symkey message extracted len 32 bytes at 0x5641ad91ede8 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x5641ad895ec0 | K: symkey-key@0x5641ad895ec0 (16-bytes, AES_ECB) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5641ad91fd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 6e 3a a2 4e d5 20 0d 2a c7 2c 71 c7 b2 c9 9a 38 | K: release slot-key-key@0x5641ad91fd40 | K extracted len 16 bytes at 0x5641ad91fa58 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b37d0 | result: k1-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b37b8 | result: k1-key@0x5641ad91ff20 (16-bytes, AES_ECB) | k1: release tmp-key@0x5641ad923020 | Computing E[2] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | cc b2 f1 48 ed 77 08 69 0d be 33 56 c1 6e ed dd | XCBC: MAC 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | xcbc: release k1-key@0x5641ad91ff20 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3860 | result: xcbc-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3848 | result: xcbc-key@0x5641ad91ff20 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x5641ad923020 | PRF symkey interface: release key-key@0x5641ad895ec0 | PRF symkey interface PRF aes_xcbc final-key@0x5641ad91ff20 (size 16) | PRF symkey interface: key-key@0x5641ad91ff20 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x5641ad91ff20 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input extracting all 16 bytes of key@0x5641ad91ff20 | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: symkey-key@0x5641ad91ff20 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: new slot-key@0x5641ad91fd40 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)-1398952086: 2f e8 9c 9a e4 ba f4 38 e8 76 9b cf 44 f3 c6 12 | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: release slot-key-key@0x5641ad91fd40 | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input extracted len 16 bytes at 0x5641ad91fa58 | unwrapped: 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | verify_chunk_data: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: ok | test_prf_vector: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input passed | test_prf_vector: release symkey-key@0x5641ad91ff20 | test_prf_vector: release message-key@0x5641ad89c080 | test_prf_vector: release key-key@0x5641ad9217a0 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: test_prf_vector: input "0xf54f0ec8d2b9f3d36807734bd5283fd4" | decode_to_chunk: output: | f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | PRF chunk interface PRF aes_xcbc init key-chunk@0x5641ad91f938 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3850 | result: key-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3838 | result: key-key@0x5641ad9217a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x5641ad89c080 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad9217a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3818 | result: key-key@0x5641ad89c080 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x5641ad9217a0 | PRF chunk interface PRF aes_xcbc crypt-prf@0x5641ad91ed48 | PRF chunk interface PRF aes_xcbc update message-bytes@0x5641ad91a568 (length 32) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | K extracting all 16 bytes of key@0x5641ad89c080 | K: symkey-key@0x5641ad89c080 (16-bytes, AES_ECB) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5641ad91fd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540619040: 6e 3a a2 4e d5 20 0d 2a c7 2c 71 c7 b2 c9 9a 38 | K: release slot-key-key@0x5641ad91fd40 | K extracted len 16 bytes at 0x5641ad91f648 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b37b0 | result: k1-key@0x5641ad91ff20 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad91ff20 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3798 | result: k1-key@0x5641ad9217a0 (16-bytes, AES_ECB) | k1: release tmp-key@0x5641ad91ff20 | XCBC: Computing E[2] using K2 | XCBC: K2 bd 86 2f fb 97 ad 2f b8 f8 b8 91 f6 03 2f 36 cb | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: M[n]^E[n-1]^K2 | b0 93 75 12 4c f5 a5 c0 b5 18 18 37 16 b2 15 67 | XCBC: MAC f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | xcbc: release k1-key@0x5641ad9217a0 | PRF chunk interface: release key-key@0x5641ad89c080 | PRF chunk interface PRF aes_xcbc final-chunk@0x5641ad91fa58 (length 16) | f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | chunk output f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | verify_chunk_data: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: ok | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38c0 | result: key symkey-key@0x5641ad9217a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad9217a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38a8 | result: key symkey-key@0x5641ad89c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x5641ad9217a0 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x5641ad89c080 (size 16) | PRF symkey interface: key symkey-key@0x5641ad89c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad89c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3848 | result: key symkey-key@0x5641ad9217a0 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x5641ad91ed48 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38c0 | result: message symkey-key@0x5641ad895ec0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x5641ad895ec0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38a8 | result: message symkey-key@0x5641ad91ff20 (32-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x5641ad895ec0 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x5641ad91ff20 (size 32) | PRF symkey interface: symkey message-key@0x5641ad91ff20 (32-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 32 bytes of key@0x5641ad91ff20 | symkey message: symkey-key@0x5641ad91ff20 (32-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x5641ad91fd40 (32-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398952032: 6e 3a a2 4e d5 20 0d 2a c7 2c 71 c7 b2 c9 9a 38 b0 9e 08 ad 6d 5f 18 d6 84 73 69 8a 3e 6f 9b 9a | symkey message: release slot-key-key@0x5641ad91fd40 | symkey message extracted len 32 bytes at 0x5641ad91ede8 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | K extracting all 16 bytes of key@0x5641ad9217a0 | K: symkey-key@0x5641ad9217a0 (16-bytes, AES_ECB) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5641ad91fd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 6e 3a a2 4e d5 20 0d 2a c7 2c 71 c7 b2 c9 9a 38 | K: release slot-key-key@0x5641ad91fd40 | K extracted len 16 bytes at 0x5641ad91ef88 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b37d0 | result: k1-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b37b8 | result: k1-key@0x5641ad895ec0 (16-bytes, AES_ECB) | k1: release tmp-key@0x5641ad923020 | XCBC: Computing E[2] using K2 | XCBC: K2 bd 86 2f fb 97 ad 2f b8 f8 b8 91 f6 03 2f 36 cb | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: M[n]^E[n-1]^K2 | b0 93 75 12 4c f5 a5 c0 b5 18 18 37 16 b2 15 67 | XCBC: MAC f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | xcbc: release k1-key@0x5641ad895ec0 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3860 | result: xcbc-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3848 | result: xcbc-key@0x5641ad895ec0 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x5641ad923020 | PRF symkey interface: release key-key@0x5641ad9217a0 | PRF symkey interface PRF aes_xcbc final-key@0x5641ad895ec0 (size 16) | PRF symkey interface: key-key@0x5641ad895ec0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x5641ad895ec0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input extracting all 16 bytes of key@0x5641ad895ec0 | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: symkey-key@0x5641ad895ec0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: new slot-key@0x5641ad91fd40 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)-1398952086: 49 34 26 a9 03 0c 56 5d d2 21 2c 48 63 cb 0d f9 | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: release slot-key-key@0x5641ad91fd40 | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input extracted len 16 bytes at 0x5641ad91ef88 | unwrapped: f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | verify_chunk_data: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: ok | test_prf_vector: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input passed | test_prf_vector: release symkey-key@0x5641ad895ec0 | test_prf_vector: release message-key@0x5641ad91ff20 | test_prf_vector: release key-key@0x5641ad89c080 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f2021" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 | decode_to_chunk: test_prf_vector: input "0xbecbb3bccdb518a30677d5481fb6b4d8" | decode_to_chunk: output: | be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | PRF chunk interface PRF aes_xcbc init key-chunk@0x5641ad91ef48 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3850 | result: key-key@0x5641ad91ff20 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad91ff20 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3838 | result: key-key@0x5641ad89c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x5641ad91ff20 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad89c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3818 | result: key-key@0x5641ad91ff20 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x5641ad89c080 | PRF chunk interface PRF aes_xcbc crypt-prf@0x5641ad91a568 | PRF chunk interface PRF aes_xcbc update message-bytes@0x5641ad91fa98 (length 34) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: data 20 21 | K extracting all 16 bytes of key@0x5641ad91ff20 | K: symkey-key@0x5641ad91ff20 (16-bytes, AES_ECB) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5641ad91fd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540619040: 6e 3a a2 4e d5 20 0d 2a c7 2c 71 c7 b2 c9 9a 38 | K: release slot-key-key@0x5641ad91fd40 | K extracted len 16 bytes at 0x5641ad91f078 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b37b0 | result: k1-key@0x5641ad895ec0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad895ec0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3798 | result: k1-key@0x5641ad89c080 (16-bytes, AES_ECB) | k1: release tmp-key@0x5641ad895ec0 | Computing E[3] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 09 02 5e 5a 67 25 20 72 44 14 5c 6b 80 66 85 79 | XCBC: M[n] 20 21 | XCBC: M[n] 20 21 | XCBC: M[n]:80...^E[n-1]^K3 | e8 84 75 fb c5 1f b4 74 1c 13 fc e7 48 88 55 17 | XCBC: MAC be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | xcbc: release k1-key@0x5641ad89c080 | PRF chunk interface: release key-key@0x5641ad91ff20 | PRF chunk interface PRF aes_xcbc final-chunk@0x5641ad91ef88 (length 16) | be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | chunk output be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | verify_chunk_data: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: ok | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38c0 | result: key symkey-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38a8 | result: key symkey-key@0x5641ad91ff20 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x5641ad89c080 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x5641ad91ff20 (size 16) | PRF symkey interface: key symkey-key@0x5641ad91ff20 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad91ff20 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3848 | result: key symkey-key@0x5641ad89c080 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x5641ad91a568 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38c0 | result: message symkey-key@0x5641ad9217a0 (50-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 34 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 34-bytes | base: base-key@0x5641ad9217a0 (50-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38a8 | result: message symkey-key@0x5641ad895ec0 (34-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x5641ad9217a0 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x5641ad895ec0 (size 34) | PRF symkey interface: symkey message-key@0x5641ad895ec0 (34-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 34 bytes of key@0x5641ad895ec0 | symkey message: symkey-key@0x5641ad895ec0 (34-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x5641ad91fd40 (34-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)-1398952032: 6e 3a a2 4e d5 20 0d 2a c7 2c 71 c7 b2 c9 9a 38 b0 9e 08 ad 6d 5f 18 d6 84 73 69 8a 3e 6f 9b 9a 64 00 fd c0 a1 7f 7e fc c6 ec 4f a0 30 0d 3e 8b | symkey message: release slot-key-key@0x5641ad91fd40 | symkey message extracted len 48 bytes at 0x5641ad91fc98 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | unwrapped: 20 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: data 20 21 | K extracting all 16 bytes of key@0x5641ad89c080 | K: symkey-key@0x5641ad89c080 (16-bytes, AES_ECB) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5641ad91fd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 6e 3a a2 4e d5 20 0d 2a c7 2c 71 c7 b2 c9 9a 38 | K: release slot-key-key@0x5641ad91fd40 | K extracted len 16 bytes at 0x5641ad91f608 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b37d0 | result: k1-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b37b8 | result: k1-key@0x5641ad9217a0 (16-bytes, AES_ECB) | k1: release tmp-key@0x5641ad923020 | Computing E[3] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 09 02 5e 5a 67 25 20 72 44 14 5c 6b 80 66 85 79 | XCBC: M[n] 20 21 | XCBC: M[n] 20 21 | XCBC: M[n]:80...^E[n-1]^K3 | e8 84 75 fb c5 1f b4 74 1c 13 fc e7 48 88 55 17 | XCBC: MAC be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | xcbc: release k1-key@0x5641ad9217a0 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3860 | result: xcbc-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3848 | result: xcbc-key@0x5641ad9217a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x5641ad923020 | PRF symkey interface: release key-key@0x5641ad89c080 | PRF symkey interface PRF aes_xcbc final-key@0x5641ad9217a0 (size 16) | PRF symkey interface: key-key@0x5641ad9217a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x5641ad9217a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input extracting all 16 bytes of key@0x5641ad9217a0 | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: symkey-key@0x5641ad9217a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: new slot-key@0x5641ad91fd40 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)-1398952086: 77 7c 13 b8 97 20 19 1c 9a 7e ef cf 01 c4 ca 3f | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: release slot-key-key@0x5641ad91fd40 | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input extracted len 16 bytes at 0x5641ad91f608 | unwrapped: be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | verify_chunk_data: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: ok | test_prf_vector: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input passed | test_prf_vector: release symkey-key@0x5641ad9217a0 | test_prf_vector: release message-key@0x5641ad895ec0 | test_prf_vector: release key-key@0x5641ad91ff20 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0xf0dafee895db30253761103b5d84528f" | decode_to_chunk: output: | f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | PRF chunk interface PRF aes_xcbc init key-chunk@0x5641ad91f608 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3850 | result: key-key@0x5641ad895ec0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad895ec0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3838 | result: key-key@0x5641ad91ff20 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x5641ad895ec0 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad91ff20 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3818 | result: key-key@0x5641ad895ec0 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x5641ad91ff20 | PRF chunk interface PRF aes_xcbc crypt-prf@0x5641ad91a568 | PRF chunk interface PRF aes_xcbc update message-bytes@0x5641ad9248c8 (length 1000) | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 | K extracting all 16 bytes of key@0x5641ad895ec0 | K: symkey-key@0x5641ad895ec0 (16-bytes, AES_ECB) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5641ad91fd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540028960: 6e 3a a2 4e d5 20 0d 2a c7 2c 71 c7 b2 c9 9a 38 | K: release slot-key-key@0x5641ad91fd40 | K extracted len 16 bytes at 0x5641ad91f078 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b37b0 | result: k1-key@0x5641ad9217a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad9217a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3798 | result: k1-key@0x5641ad91ff20 (16-bytes, AES_ECB) | k1: release tmp-key@0x5641ad9217a0 | Computing E[63] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 5c 88 af cc 1e 1e 83 fc c4 2c 0c e4 12 12 f5 17 | XCBC: M[n] 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 00 00 00 00 00 00 00 | XCBC: M[n]:80...^E[n-1]^K3 | 9d 2f 04 6d bc 24 17 fa 1c 2b ac 68 da fc 25 79 | XCBC: MAC f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | xcbc: release k1-key@0x5641ad91ff20 | PRF chunk interface: release key-key@0x5641ad895ec0 | PRF chunk interface PRF aes_xcbc final-chunk@0x5641ad91fa58 (length 16) | f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | chunk output f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | verify_chunk_data: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: ok | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38c0 | result: key symkey-key@0x5641ad91ff20 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad91ff20 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38a8 | result: key symkey-key@0x5641ad895ec0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x5641ad91ff20 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x5641ad895ec0 (size 16) | PRF symkey interface: key symkey-key@0x5641ad895ec0 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad895ec0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3848 | result: key symkey-key@0x5641ad91ff20 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x5641ad91a568 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38c0 | result: message symkey-key@0x5641ad89c080 (1016-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 1000 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 1000-bytes | base: base-key@0x5641ad89c080 (1016-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38a8 | result: message symkey-key@0x5641ad9217a0 (1000-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x5641ad89c080 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x5641ad9217a0 (size 1000) | PRF symkey interface: symkey message-key@0x5641ad9217a0 (1000-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 1000 bytes of key@0x5641ad9217a0 | symkey message: symkey-key@0x5641ad9217a0 (1000-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x5641ad91fd40 (1000-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 1008 | wrapper: (SECItemType)-1398952032: ec 82 8e c8 86 1c 38 fe 75 bd cb b8 b4 f3 32 d6 ec 82 8e c8 86 1c 38 fe 75 bd cb b8 b4 f3 32 d6 ec 82 8e c8 86 1c 38 fe 75 bd cb b8 b4 f3 32 d6 ec 82 8e c8 86 1c 38 fe 75 bd cb b8 b4 f3 32 d6 ec 82 8e c8 86 1c 38 fe 75 bd cb b8 b4 f3 32 d6 ec 82 8e c8 86 1c 38 fe 75 bd cb b8 b4 f3 32 d6 ec 82 8e c8 86 1c 38 fe 75 bd cb b8 b4 f3 32 d6 ec 82 8e c8 86 1c 38 fe 75 bd cb b8 b4 f3 32 d6 ec 82 8e c8 86 1c 38 fe 75 bd cb b8 b4 f3 32 d6 ec 82 8e c8 86 1c 38 fe 75 bd cb b8 b4 f3 32 d6 ec 82 8e c8 86 1c 38 fe 75 bd cb b8 b4 f3 32 d6 ec 82 8e c8 86 1c 38 fe 75 bd cb b8 b4 f3 32 d6 ec 82 8e c8 86 1c 38 fe 75 bd cb b8 b4 f3 32 d6 ec 82 8e c8 86 1c 38 fe 75 bd cb b8 b4 f3 32 d6 ec 82 8e c8 86 1c 38 fe 75 bd cb b8 b4 f3 32 d6 ec 82 8e c8 86 1c 38 fe 75 bd cb b8 b4 f3 32 d6 ec 82 8e c8 86 1c 38 fe 75 bd cb b8 b4 f3 32 d6 ec 82 8e c8 86 1c 38 fe 75 bd cb b8 b4 f3 32 d6 ec 82 8e c8 86 1c 38 fe 75 bd cb b8 b4 f3 3 | symkey message: release slot-key-key@0x5641ad91fd40 | symkey message extracted len 1008 bytes at 0x5641ad926ec8 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 | K extracting all 16 bytes of key@0x5641ad91ff20 | K: symkey-key@0x5641ad91ff20 (16-bytes, AES_ECB) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5641ad91fd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 6e 3a a2 4e d5 20 0d 2a c7 2c 71 c7 b2 c9 9a 38 | K: release slot-key-key@0x5641ad91fd40 | K extracted len 16 bytes at 0x5641ad91ef88 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b37d0 | result: k1-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b37b8 | result: k1-key@0x5641ad89c080 (16-bytes, AES_ECB) | k1: release tmp-key@0x5641ad923020 | Computing E[63] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 5c 88 af cc 1e 1e 83 fc c4 2c 0c e4 12 12 f5 17 | XCBC: M[n] 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 00 00 00 00 00 00 00 | XCBC: M[n]:80...^E[n-1]^K3 | 9d 2f 04 6d bc 24 17 fa 1c 2b ac 68 da fc 25 79 | XCBC: MAC f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | xcbc: release k1-key@0x5641ad89c080 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3860 | result: xcbc-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3848 | result: xcbc-key@0x5641ad89c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x5641ad923020 | PRF symkey interface: release key-key@0x5641ad91ff20 | PRF symkey interface PRF aes_xcbc final-key@0x5641ad89c080 (size 16) | PRF symkey interface: key-key@0x5641ad89c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x5641ad89c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input extracting all 16 bytes of key@0x5641ad89c080 | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: symkey-key@0x5641ad89c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: new slot-key@0x5641ad91fd40 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)-1398952086: 3a e9 47 4e e4 c4 80 ce d1 75 f1 6b 8e 3a 53 94 | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: release slot-key-key@0x5641ad91fd40 | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input extracted len 16 bytes at 0x5641ad91ef88 | unwrapped: f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | verify_chunk_data: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: ok | test_prf_vector: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input passed | test_prf_vector: release symkey-key@0x5641ad89c080 | test_prf_vector: release message-key@0x5641ad9217a0 | test_prf_vector: release key-key@0x5641ad895ec0 | test_prf_vector: release output-key@NULL RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f10111213" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | decode_to_chunk: test_prf_vector: input "0x47f51b4564966215b8985c63055ed308" | decode_to_chunk: output: | 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | PRF chunk interface PRF aes_xcbc init key-chunk@0x5641ad91faf8 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3850 | result: key-key@0x5641ad9217a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad9217a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3838 | result: key-key@0x5641ad895ec0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x5641ad9217a0 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad895ec0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3818 | result: key-key@0x5641ad9217a0 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x5641ad895ec0 | PRF chunk interface PRF aes_xcbc crypt-prf@0x5641ad91ed48 | PRF chunk interface PRF aes_xcbc update message-bytes@0x5641ad91a568 (length 20) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x5641ad9217a0 | K: symkey-key@0x5641ad9217a0 (16-bytes, AES_ECB) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5641ad91fd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: 6e 3a a2 4e d5 20 0d 2a c7 2c 71 c7 b2 c9 9a 38 | K: release slot-key-key@0x5641ad91fd40 | K extracted len 16 bytes at 0x5641ad91f648 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b37b0 | result: k1-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3798 | result: k1-key@0x5641ad895ec0 (16-bytes, AES_ECB) | k1: release tmp-key@0x5641ad89c080 | Computing E[2] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | cc b2 f1 48 ed 77 08 69 0d be 33 56 c1 6e ed dd | XCBC: MAC 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | xcbc: release k1-key@0x5641ad895ec0 | PRF chunk interface: release key-key@0x5641ad9217a0 | PRF chunk interface PRF aes_xcbc final-chunk@0x5641ad91ef88 (length 16) | 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | chunk output 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): ok | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38c0 | result: key symkey-key@0x5641ad895ec0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad895ec0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38a8 | result: key symkey-key@0x5641ad9217a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x5641ad895ec0 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x5641ad9217a0 (size 16) | PRF symkey interface: key symkey-key@0x5641ad9217a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad9217a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3848 | result: key symkey-key@0x5641ad895ec0 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x5641ad91ed48 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38c0 | result: message symkey-key@0x5641ad91ff20 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad91ff20 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38a8 | result: message symkey-key@0x5641ad89c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x5641ad91ff20 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x5641ad89c080 (size 20) | PRF symkey interface: symkey message-key@0x5641ad89c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 20 bytes of key@0x5641ad89c080 | symkey message: symkey-key@0x5641ad89c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398952032: 6e 3a a2 4e d5 20 0d 2a c7 2c 71 c7 b2 c9 9a 38 dc 13 29 4a bf bf b5 07 13 03 d1 34 aa a8 11 7d | symkey message: release slot-key-key@0x5641ad91fd40 | symkey message extracted len 32 bytes at 0x5641ad91ede8 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x5641ad895ec0 | K: symkey-key@0x5641ad895ec0 (16-bytes, AES_ECB) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5641ad91fd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 6e 3a a2 4e d5 20 0d 2a c7 2c 71 c7 b2 c9 9a 38 | K: release slot-key-key@0x5641ad91fd40 | K extracted len 16 bytes at 0x5641ad91fa58 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b37d0 | result: k1-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b37b8 | result: k1-key@0x5641ad91ff20 (16-bytes, AES_ECB) | k1: release tmp-key@0x5641ad923020 | Computing E[2] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | cc b2 f1 48 ed 77 08 69 0d be 33 56 c1 6e ed dd | XCBC: MAC 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | xcbc: release k1-key@0x5641ad91ff20 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3860 | result: xcbc-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3848 | result: xcbc-key@0x5641ad91ff20 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x5641ad923020 | PRF symkey interface: release key-key@0x5641ad895ec0 | PRF symkey interface PRF aes_xcbc final-key@0x5641ad91ff20 (size 16) | PRF symkey interface: key-key@0x5641ad91ff20 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x5641ad91ff20 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) extracting all 16 bytes of key@0x5641ad91ff20 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): symkey-key@0x5641ad91ff20 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): new slot-key@0x5641ad91fd40 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)-1398952086: 2f e8 9c 9a e4 ba f4 38 e8 76 9b cf 44 f3 c6 12 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): release slot-key-key@0x5641ad91fd40 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) extracted len 16 bytes at 0x5641ad91fa58 | unwrapped: 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): ok | test_prf_vector: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) passed | test_prf_vector: release symkey-key@0x5641ad91ff20 | test_prf_vector: release message-key@0x5641ad89c080 | test_prf_vector: release key-key@0x5641ad9217a0 | test_prf_vector: release output-key@NULL RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) | decode_to_chunk: test_prf_vector: input "0x00010203040506070809" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f10111213" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | decode_to_chunk: test_prf_vector: input "0x0fa087af7d866e7653434e602fdde835" | decode_to_chunk: output: | 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | PRF chunk interface PRF aes_xcbc init key-chunk@0x5641ad91f608 (length 10) | 00 01 02 03 04 05 06 07 08 09 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3850 | result: key-key@0x5641ad89c080 (26-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 10 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 10-bytes | base: base-key@0x5641ad89c080 (26-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3838 | result: key-key@0x5641ad9217a0 (10-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x5641ad89c080 | XCBC: Key 10<16 too small, padding with zeros | xcbc: reference tmp-key@0x5641ad9217a0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad9217a0 (10-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff837b37f0 | result: tmp+=0-key@0x5641ad89c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5641ad9217a0 | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad89c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3818 | result: PRF chunk interface-key@0x5641ad91ff20 (16-bytes, AES_ECB) | PRF chunk interface: release tmp-key@0x5641ad89c080 | PRF chunk interface: release clone-key@0x5641ad9217a0 | PRF chunk interface PRF aes_xcbc crypt-prf@0x5641ad91ed48 | PRF chunk interface PRF aes_xcbc update message-bytes@0x5641ad91a568 (length 20) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x5641ad91ff20 | K: symkey-key@0x5641ad91ff20 (16-bytes, AES_ECB) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5641ad91fd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: 1b 62 59 bc 14 f7 aa 5b 18 3e 49 29 28 26 c3 74 | K: release slot-key-key@0x5641ad91fd40 | K extracted len 16 bytes at 0x5641ad91f038 | unwrapped: 00 01 02 03 04 05 06 07 08 09 00 00 00 00 00 00 | XCBC: K: 00 01 02 03 04 05 06 07 08 09 00 00 00 00 00 00 | XCBC: K1 50 ca b2 4d 03 34 45 5e 40 7b 25 0f dd 7c f8 d5 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b37b0 | result: k1-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3798 | result: k1-key@0x5641ad9217a0 (16-bytes, AES_ECB) | k1: release tmp-key@0x5641ad89c080 | Computing E[2] using K3 | XCBC: K3 8e f7 48 db 56 f1 f7 26 24 72 f2 c5 63 b0 3f 88 | XCBC: E[n-1] fe 1f 63 e9 65 1a 4b bb 3c cc cd 0d cc 83 e4 30 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | 60 f9 39 21 b3 eb bc 9d 18 be 3f c8 af 33 db b8 | XCBC: MAC 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | xcbc: release k1-key@0x5641ad9217a0 | PRF chunk interface: release key-key@0x5641ad91ff20 | PRF chunk interface PRF aes_xcbc final-chunk@0x5641ad91fa58 (length 16) | 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | chunk output 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): ok | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38c0 | result: key symkey-key@0x5641ad9217a0 (26-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 10 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 10-bytes | base: base-key@0x5641ad9217a0 (26-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38a8 | result: key symkey-key@0x5641ad91ff20 (10-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x5641ad9217a0 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x5641ad91ff20 (size 10) | PRF symkey interface: key symkey-key@0x5641ad91ff20 (10-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 10<16 too small, padding with zeros | xcbc: reference tmp-key@0x5641ad91ff20 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad91ff20 (10-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff837b3820 | result: tmp+=0-key@0x5641ad9217a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5641ad91ff20 | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad9217a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3848 | result: PRF symkey interface-key@0x5641ad89c080 (16-bytes, AES_ECB) | PRF symkey interface: release tmp-key@0x5641ad9217a0 | PRF symkey interface PRF aes_xcbc crypt-prf@0x5641ad91ed48 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38c0 | result: message symkey-key@0x5641ad895ec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad895ec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38a8 | result: message symkey-key@0x5641ad9217a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x5641ad895ec0 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x5641ad9217a0 (size 20) | PRF symkey interface: symkey message-key@0x5641ad9217a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 20 bytes of key@0x5641ad9217a0 | symkey message: symkey-key@0x5641ad9217a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398952032: 6e 3a a2 4e d5 20 0d 2a c7 2c 71 c7 b2 c9 9a 38 dc 13 29 4a bf bf b5 07 13 03 d1 34 aa a8 11 7d | symkey message: release slot-key-key@0x5641ad91fd40 | symkey message extracted len 32 bytes at 0x5641ad91ede8 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x5641ad89c080 | K: symkey-key@0x5641ad89c080 (16-bytes, AES_ECB) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5641ad91fd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 1b 62 59 bc 14 f7 aa 5b 18 3e 49 29 28 26 c3 74 | K: release slot-key-key@0x5641ad91fd40 | K extracted len 16 bytes at 0x5641ad91ef88 | unwrapped: 00 01 02 03 04 05 06 07 08 09 00 00 00 00 00 00 | XCBC: K: 00 01 02 03 04 05 06 07 08 09 00 00 00 00 00 00 | XCBC: K1 50 ca b2 4d 03 34 45 5e 40 7b 25 0f dd 7c f8 d5 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b37d0 | result: k1-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b37b8 | result: k1-key@0x5641ad895ec0 (16-bytes, AES_ECB) | k1: release tmp-key@0x5641ad923020 | Computing E[2] using K3 | XCBC: K3 8e f7 48 db 56 f1 f7 26 24 72 f2 c5 63 b0 3f 88 | XCBC: E[n-1] fe 1f 63 e9 65 1a 4b bb 3c cc cd 0d cc 83 e4 30 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | 60 f9 39 21 b3 eb bc 9d 18 be 3f c8 af 33 db b8 | XCBC: MAC 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | xcbc: release k1-key@0x5641ad895ec0 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3860 | result: xcbc-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3848 | result: xcbc-key@0x5641ad895ec0 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x5641ad923020 | PRF symkey interface: release key-key@0x5641ad89c080 | PRF symkey interface PRF aes_xcbc final-key@0x5641ad895ec0 (size 16) | PRF symkey interface: key-key@0x5641ad895ec0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x5641ad895ec0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) extracting all 16 bytes of key@0x5641ad895ec0 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): symkey-key@0x5641ad895ec0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): new slot-key@0x5641ad91fd40 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)-1398952086: 77 9d 29 91 5e de 0b f2 7a 0b 1d 4d af aa 9b 78 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): release slot-key-key@0x5641ad91fd40 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) extracted len 16 bytes at 0x5641ad91ef88 | unwrapped: 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): ok | test_prf_vector: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) passed | test_prf_vector: release symkey-key@0x5641ad895ec0 | test_prf_vector: release message-key@0x5641ad9217a0 | test_prf_vector: release key-key@0x5641ad91ff20 | test_prf_vector: release output-key@NULL RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0fedcb" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | ed cb | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f10111213" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | decode_to_chunk: test_prf_vector: input "0x8cd3c93ae598a9803006ffb67c40e9e4" | decode_to_chunk: output: | 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | PRF chunk interface PRF aes_xcbc init key-chunk@0x5641ad91a568 (length 18) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | ed cb | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3850 | result: key-key@0x5641ad9217a0 (34-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 18 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 18-bytes | base: base-key@0x5641ad9217a0 (34-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3838 | result: key-key@0x5641ad91ff20 (18-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x5641ad9217a0 | XCBC: Key 18>16 too big, rehashing to size | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b37f0 | result: key-key@0x5641ad895ec0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad895ec0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b37d8 | result: key-key@0x5641ad9217a0 (16-bytes, AES_ECB) | key: release tmp-key@0x5641ad895ec0 | key extracting all 18 bytes of key@0x5641ad91ff20 | key: symkey-key@0x5641ad91ff20 (18-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | key: new slot-key@0x5641ad91fd40 (18-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1701522796: 6e 3a a2 4e d5 20 0d 2a c7 2c 71 c7 b2 c9 9a 38 dc f0 e2 39 43 c2 de 12 70 6a 75 43 8c 08 79 47 | key: release slot-key-key@0x5641ad91fd40 | key extracted len 32 bytes at 0x5641ad91ede8 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: ed cb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data ed cb | K extracting all 16 bytes of key@0x5641ad9217a0 | K: symkey-key@0x5641ad9217a0 (16-bytes, AES_ECB) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5641ad91fd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)808460336: ec 82 8e c8 86 1c 38 fe 75 bd cb b8 b4 f3 32 d6 | K: release slot-key-key@0x5641ad91fd40 | K extracted len 16 bytes at 0x5641ad91ef88 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: K: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: K1 e1 4d 5d 0e e2 77 15 df 08 b4 15 2b a2 3d a8 e0 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3770 | result: k1-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3758 | result: k1-key@0x5641ad895ec0 (16-bytes, AES_ECB) | k1: release tmp-key@0x5641ad89c080 | Computing E[2] using K3 | XCBC: K3 8d 34 ef cb 3b d5 45 ca 06 2a ec df ef 7c 0b fa | XCBC: E[n-1] 0b 72 b2 ae 0a 37 79 81 75 6a d5 9c 79 c0 e6 96 | XCBC: M[n] ed cb | XCBC: M[n] ed cb | XCBC: M[n]:80...^E[n-1]^K3 | 6b 8d dd 65 31 e2 3c 4b 73 40 39 43 96 bc ed 6c | XCBC: MAC 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | xcbc: release k1-key@0x5641ad895ec0 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b37f0 | result: key-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b37d8 | result: key-key@0x5641ad895ec0 (16-bytes, AES_ECB) | key: release tmp-key@0x5641ad89c080 | PRF chunk interface: release clone-key@0x5641ad91ff20 | PRF chunk interface PRF aes_xcbc crypt-prf@0x5641ad91ede8 | PRF chunk interface PRF aes_xcbc update message-bytes@0x5641ad91ed48 (length 20) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x5641ad895ec0 | K: symkey-key@0x5641ad895ec0 (16-bytes, AES_ECB) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5641ad91fd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: 84 7a e8 e0 fb df 5d 77 7e b0 dc e2 f5 d9 cb 9a | K: release slot-key-key@0x5641ad91fd40 | K extracted len 16 bytes at 0x5641ad91f078 | unwrapped: 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | XCBC: K: 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | XCBC: K1 27 f3 88 2f b7 b9 4b a4 16 36 09 d5 d2 39 c5 7f | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b37b0 | result: k1-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3798 | result: k1-key@0x5641ad91ff20 (16-bytes, AES_ECB) | k1: release tmp-key@0x5641ad89c080 | Computing E[2] using K3 | XCBC: K3 50 9e d8 ae 74 5a 75 4c 93 4d 6c 91 98 fe e2 1b | XCBC: E[n-1] ec 26 f6 dd e8 bb 1b d1 ec 76 c4 91 78 37 ca 4b | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | ac a9 3c 60 1c e1 6e 9d 7f 3b a8 00 e0 c9 28 50 | XCBC: MAC 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | xcbc: release k1-key@0x5641ad91ff20 | PRF chunk interface: release key-key@0x5641ad895ec0 | PRF chunk interface PRF aes_xcbc final-chunk@0x5641ad91f608 (length 16) | 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | chunk output 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): ok | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38c0 | result: key symkey-key@0x5641ad91ff20 (34-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 18 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 18-bytes | base: base-key@0x5641ad91ff20 (34-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38a8 | result: key symkey-key@0x5641ad895ec0 (18-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x5641ad91ff20 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x5641ad895ec0 (size 18) | PRF symkey interface: key symkey-key@0x5641ad895ec0 (18-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 18>16 too big, rehashing to size | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3820 | result: key symkey-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3808 | result: key symkey-key@0x5641ad91ff20 (16-bytes, AES_ECB) | key symkey: release tmp-key@0x5641ad89c080 | key symkey extracting all 18 bytes of key@0x5641ad895ec0 | key symkey: symkey-key@0x5641ad895ec0 (18-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | key symkey: new slot-key@0x5641ad91fd40 (18-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1701522796: 6e 3a a2 4e d5 20 0d 2a c7 2c 71 c7 b2 c9 9a 38 dc f0 e2 39 43 c2 de 12 70 6a 75 43 8c 08 79 47 | key symkey: release slot-key-key@0x5641ad91fd40 | key symkey extracted len 32 bytes at 0x5641ad91ed98 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: ed cb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data ed cb | K extracting all 16 bytes of key@0x5641ad91ff20 | K: symkey-key@0x5641ad91ff20 (16-bytes, AES_ECB) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5641ad91fd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)808460336: ec 82 8e c8 86 1c 38 fe 75 bd cb b8 b4 f3 32 d6 | K: release slot-key-key@0x5641ad91fd40 | K extracted len 16 bytes at 0x5641ad91ef88 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: K: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: K1 e1 4d 5d 0e e2 77 15 df 08 b4 15 2b a2 3d a8 e0 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b37a0 | result: k1-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3788 | result: k1-key@0x5641ad89c080 (16-bytes, AES_ECB) | k1: release tmp-key@0x5641ad923020 | Computing E[2] using K3 | XCBC: K3 8d 34 ef cb 3b d5 45 ca 06 2a ec df ef 7c 0b fa | XCBC: E[n-1] 0b 72 b2 ae 0a 37 79 81 75 6a d5 9c 79 c0 e6 96 | XCBC: M[n] ed cb | XCBC: M[n] ed cb | XCBC: M[n]:80...^E[n-1]^K3 | 6b 8d dd 65 31 e2 3c 4b 73 40 39 43 96 bc ed 6c | XCBC: MAC 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | xcbc: release k1-key@0x5641ad89c080 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3820 | result: key symkey-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3808 | result: key symkey-key@0x5641ad89c080 (16-bytes, AES_ECB) | key symkey: release tmp-key@0x5641ad923020 | PRF symkey interface PRF aes_xcbc crypt-prf@0x5641ad91ed98 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38c0 | result: message symkey-key@0x5641ad924ad0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad924ad0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38a8 | result: message symkey-key@0x5641ad923020 (20-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x5641ad924ad0 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x5641ad923020 (size 20) | PRF symkey interface: symkey message-key@0x5641ad923020 (20-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 20 bytes of key@0x5641ad923020 | symkey message: symkey-key@0x5641ad923020 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398952032: 6e 3a a2 4e d5 20 0d 2a c7 2c 71 c7 b2 c9 9a 38 dc 13 29 4a bf bf b5 07 13 03 d1 34 aa a8 11 7d | symkey message: release slot-key-key@0x5641ad91fd40 | symkey message extracted len 32 bytes at 0x5641ad924c78 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x5641ad89c080 | K: symkey-key@0x5641ad89c080 (16-bytes, AES_ECB) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5641ad91fd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 84 7a e8 e0 fb df 5d 77 7e b0 dc e2 f5 d9 cb 9a | K: release slot-key-key@0x5641ad91fd40 | K extracted len 16 bytes at 0x5641ad91ef88 | unwrapped: 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | XCBC: K: 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | XCBC: K1 27 f3 88 2f b7 b9 4b a4 16 36 09 d5 d2 39 c5 7f | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b37d0 | result: k1-key@0x5641ad926530 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5641ad926530 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b37b8 | result: k1-key@0x5641ad924ad0 (16-bytes, AES_ECB) | k1: release tmp-key@0x5641ad926530 | Computing E[2] using K3 | XCBC: K3 50 9e d8 ae 74 5a 75 4c 93 4d 6c 91 98 fe e2 1b | XCBC: E[n-1] ec 26 f6 dd e8 bb 1b d1 ec 76 c4 91 78 37 ca 4b | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | ac a9 3c 60 1c e1 6e 9d 7f 3b a8 00 e0 c9 28 50 | XCBC: MAC 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | xcbc: release k1-key@0x5641ad924ad0 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3860 | result: xcbc-key@0x5641ad926530 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad926530 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3848 | result: xcbc-key@0x5641ad924ad0 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x5641ad926530 | PRF symkey interface: release key-key@0x5641ad89c080 | PRF symkey interface PRF aes_xcbc final-key@0x5641ad924ad0 (size 16) | PRF symkey interface: key-key@0x5641ad924ad0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x5641ad924ad0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) extracting all 16 bytes of key@0x5641ad924ad0 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): symkey-key@0x5641ad924ad0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): new slot-key@0x5641ad91fd40 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)-1398952086: a5 dc ce b1 77 d2 7c b1 71 7d 4d a1 0c 2c 0e 07 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): release slot-key-key@0x5641ad91fd40 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) extracted len 16 bytes at 0x5641ad91ef88 | unwrapped: 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): ok | test_prf_vector: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) passed | test_prf_vector: release symkey-key@0x5641ad924ad0 | test_prf_vector: release message-key@0x5641ad923020 | test_prf_vector: release key-key@0x5641ad895ec0 | test_prf_vector: release output-key@NULL testing HMAC_MD5: RFC 2104: MD5_HMAC test 1 | decode_to_chunk: test_prf_vector: input "0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b" | decode_to_chunk: output: | 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b | decode_to_chunk: test_prf_vector: input "Hi There" | decode_to_chunk: output: | 48 69 20 54 68 65 72 65 | decode_to_chunk: test_prf_vector: input "0x9294727a3638bb1c13f48ef8158bfc9d" | decode_to_chunk: output: | 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | PRF chunk interface PRF md5 init key-chunk@0x5641ad91faf8 (length 16) | 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3840 | result: PRF chunk interface-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3828 | result: PRF chunk interface-key@0x5641ad895ec0 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF chunk interface: release tmp-key@0x5641ad923020 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad895ec0 (16-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff837b3780 | result: trimed key-key@0x5641ad923020 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5641ad895ec0 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5641ad923020 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff837b37c0 | result: result-key@0x5641ad895ec0 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF chunk interface PRF md5 crypt-prf@0x5641ad924a48 | PRF chunk interface PRF md5 update message-bytes@0x5641ad91ef88 (length 8) | 48 69 20 54 68 65 72 65 | CONCATENATE_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5641ad895ec0 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 16-bytes@0x7fff837b38b0 | result: message-key@0x5641ad924ad0 (72-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_bytes: release lhs-key@0x5641ad895ec0 | PRF HMAC inner hash hash md5 inner-key@0x5641ad924ad0 (size 72) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x5641ad924ad0 (size 72) | PRF HMAC inner hash: inner-key@0x5641ad924ad0 (72-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x5641ad91f038 (length 16) | 90 1d 23 73 2e dc c0 f1 a1 06 53 2f 6b e5 ec eb | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3740 | result: PRF HMAC inner hash-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3728 | result: PRF HMAC inner hash-key@0x5641ad895ec0 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x5641ad89c080 | PRF chunk interface: release inner-key@0x5641ad924ad0 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5641ad923020 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff837b37b0 | result: result-key@0x5641ad924ad0 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5641ad924ad0 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7fff837b3798 | result: result-key@0x5641ad89c080 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x5641ad924ad0 | PRF chunk interface: release hashed-inner-key@0x5641ad895ec0 | PRF chunk interface: release key-key@0x5641ad923020 | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x5641ad89c080 (size 80) | PRF HMAC outer hash: outer-key@0x5641ad89c080 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final bytes@0x5641ad91f078 (length 16) | 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | PRF chunk interface: release outer-key@0x5641ad89c080 | PRF chunk interface PRF md5 final-chunk@0x5641ad91f078 (length 16) | 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | chunk output 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | verify_chunk_data: RFC 2104: MD5_HMAC test 1: ok | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38c0 | result: key symkey-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38a8 | result: key symkey-key@0x5641ad89c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x5641ad923020 | PRF symkey interface PRF md5 init key symkey-key@0x5641ad89c080 (size 16) | PRF symkey interface: key symkey-key@0x5641ad89c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface: reference key-key@0x5641ad89c080 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff837b3780 | result: trimed key-key@0x5641ad923020 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5641ad89c080 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5641ad923020 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff837b37c0 | result: result-key@0x5641ad895ec0 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF symkey interface PRF md5 crypt-prf@0x5641ad924c78 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38c0 | result: message symkey-key@0x5641ad926530 (24-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 8 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 8-bytes | base: base-key@0x5641ad926530 (24-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38a8 | result: message symkey-key@0x5641ad924ad0 (8-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x5641ad926530 | PRF symkey interface PRF md5 update symkey message-key@0x5641ad924ad0 (size 8) | PRF symkey interface: symkey message-key@0x5641ad924ad0 (8-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5641ad895ec0 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7fff837b38d8 | result: result-key@0x5641ad926530 (72-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x5641ad895ec0 | PRF HMAC inner hash hash md5 inner-key@0x5641ad926530 (size 72) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x5641ad926530 (size 72) | PRF HMAC inner hash: inner-key@0x5641ad926530 (72-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x5641ad91f078 (length 16) | 90 1d 23 73 2e dc c0 f1 a1 06 53 2f 6b e5 ec eb | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3760 | result: PRF HMAC inner hash-key@0x5641ad926910 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad926910 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3748 | result: PRF HMAC inner hash-key@0x5641ad895ec0 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x5641ad926910 | PRF symkey interface: release inner-key@0x5641ad926530 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5641ad923020 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff837b37d0 | result: result-key@0x5641ad926530 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5641ad926530 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7fff837b37b8 | result: result-key@0x5641ad926910 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x5641ad926530 | PRF symkey interface: release hashed-inner-key@0x5641ad895ec0 | PRF symkey interface: release key-key@0x5641ad923020 | PRF HMAC outer hash hash md5 outer-key@0x5641ad926910 (size 80) | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x5641ad926910 (size 80) | PRF HMAC outer hash: outer-key@0x5641ad926910 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final chunk@0x5641ad91f078 (length 16) | 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3820 | result: PRF HMAC outer hash-key@0x5641ad895ec0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad895ec0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3808 | result: PRF HMAC outer hash-key@0x5641ad923020 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC outer hash: release tmp-key@0x5641ad895ec0 | PRF symkey interface: release outer-key@0x5641ad926910 | : hashed-outer-key@0x5641ad923020 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface PRF md5 final-key@0x5641ad923020 (size 16) | PRF symkey interface: key-key@0x5641ad923020 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x5641ad923020 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 2104: MD5_HMAC test 1 extracting all 16 bytes of key@0x5641ad923020 | RFC 2104: MD5_HMAC test 1: symkey-key@0x5641ad923020 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | RFC 2104: MD5_HMAC test 1: new slot-key@0x5641ad91fd40 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)-1398952086: 41 a2 ad 23 19 01 26 87 90 31 79 a9 92 5a 73 e8 | RFC 2104: MD5_HMAC test 1: release slot-key-key@0x5641ad91fd40 | RFC 2104: MD5_HMAC test 1 extracted len 16 bytes at 0x5641ad91f038 | unwrapped: 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | verify_chunk_data: RFC 2104: MD5_HMAC test 1: ok | test_prf_vector: RFC 2104: MD5_HMAC test 1 passed | test_prf_vector: release symkey-key@0x5641ad923020 | test_prf_vector: release message-key@0x5641ad924ad0 | test_prf_vector: release key-key@0x5641ad89c080 | test_prf_vector: release output-key@NULL RFC 2104: MD5_HMAC test 2 | decode_to_chunk: test_prf_vector: input "Jefe" | decode_to_chunk: output: | 4a 65 66 65 | decode_to_chunk: test_prf_vector: input "what do ya want for nothing?" | decode_to_chunk: output: | 77 68 61 74 20 64 6f 20 79 61 20 77 61 6e 74 20 | 66 6f 72 20 6e 6f 74 68 69 6e 67 3f | decode_to_chunk: test_prf_vector: input "0x750c783e6ab0b503eaa86e310a5db738" | decode_to_chunk: output: | 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | PRF chunk interface PRF md5 init key-chunk@0x5641ad91f608 (length 4) | 4a 65 66 65 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3840 | result: PRF chunk interface-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 4 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 4-bytes | base: base-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3828 | result: PRF chunk interface-key@0x5641ad89c080 (4-bytes, EXTRACT_KEY_FROM_KEY) | PRF chunk interface: release tmp-key@0x5641ad924ad0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89c080 (4-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff837b3780 | result: trimed key-key@0x5641ad924ad0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5641ad89c080 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5641ad924ad0 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff837b37c0 | result: result-key@0x5641ad89c080 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF chunk interface PRF md5 crypt-prf@0x5641ad926898 | PRF chunk interface PRF md5 update message-bytes@0x5641ad91a568 (length 28) | 77 68 61 74 20 64 6f 20 79 61 20 77 61 6e 74 20 | 66 6f 72 20 6e 6f 74 68 69 6e 67 3f | CONCATENATE_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5641ad89c080 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 16-bytes@0x7fff837b38b0 | result: message-key@0x5641ad923020 (92-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_bytes: release lhs-key@0x5641ad89c080 | PRF HMAC inner hash hash md5 inner-key@0x5641ad923020 (size 92) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x5641ad923020 (size 92) | PRF HMAC inner hash: inner-key@0x5641ad923020 (92-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x5641ad91f038 (length 16) | c3 db 14 c0 65 f5 52 03 b0 33 c8 1a 69 7b 97 c5 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3740 | result: PRF HMAC inner hash-key@0x5641ad926910 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad926910 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3728 | result: PRF HMAC inner hash-key@0x5641ad89c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x5641ad926910 | PRF chunk interface: release inner-key@0x5641ad923020 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5641ad924ad0 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff837b37b0 | result: result-key@0x5641ad923020 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5641ad923020 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7fff837b3798 | result: result-key@0x5641ad926910 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x5641ad923020 | PRF chunk interface: release hashed-inner-key@0x5641ad89c080 | PRF chunk interface: release key-key@0x5641ad924ad0 | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x5641ad926910 (size 80) | PRF HMAC outer hash: outer-key@0x5641ad926910 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final bytes@0x5641ad91ef88 (length 16) | 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | PRF chunk interface: release outer-key@0x5641ad926910 | PRF chunk interface PRF md5 final-chunk@0x5641ad91ef88 (length 16) | 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | chunk output 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | verify_chunk_data: RFC 2104: MD5_HMAC test 2: ok | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38c0 | result: key symkey-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 4 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 4-bytes | base: base-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38a8 | result: key symkey-key@0x5641ad926910 (4-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x5641ad924ad0 | PRF symkey interface PRF md5 init key symkey-key@0x5641ad926910 (size 4) | PRF symkey interface: key symkey-key@0x5641ad926910 (4-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface: reference key-key@0x5641ad926910 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad926910 (4-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff837b3780 | result: trimed key-key@0x5641ad924ad0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5641ad926910 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5641ad924ad0 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff837b37c0 | result: result-key@0x5641ad89c080 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF symkey interface PRF md5 crypt-prf@0x5641ad924a48 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38c0 | result: message symkey-key@0x5641ad895ec0 (44-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 28 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 28-bytes | base: base-key@0x5641ad895ec0 (44-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38a8 | result: message symkey-key@0x5641ad923020 (28-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x5641ad895ec0 | PRF symkey interface PRF md5 update symkey message-key@0x5641ad923020 (size 28) | PRF symkey interface: symkey message-key@0x5641ad923020 (28-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5641ad89c080 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7fff837b38d8 | result: result-key@0x5641ad895ec0 (92-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x5641ad89c080 | PRF HMAC inner hash hash md5 inner-key@0x5641ad895ec0 (size 92) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x5641ad895ec0 (size 92) | PRF HMAC inner hash: inner-key@0x5641ad895ec0 (92-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x5641ad91ef88 (length 16) | c3 db 14 c0 65 f5 52 03 b0 33 c8 1a 69 7b 97 c5 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3760 | result: PRF HMAC inner hash-key@0x5641ad926530 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad926530 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3748 | result: PRF HMAC inner hash-key@0x5641ad89c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x5641ad926530 | PRF symkey interface: release inner-key@0x5641ad895ec0 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5641ad924ad0 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff837b37d0 | result: result-key@0x5641ad895ec0 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5641ad895ec0 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7fff837b37b8 | result: result-key@0x5641ad926530 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x5641ad895ec0 | PRF symkey interface: release hashed-inner-key@0x5641ad89c080 | PRF symkey interface: release key-key@0x5641ad924ad0 | PRF HMAC outer hash hash md5 outer-key@0x5641ad926530 (size 80) | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x5641ad926530 (size 80) | PRF HMAC outer hash: outer-key@0x5641ad926530 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final chunk@0x5641ad91ef88 (length 16) | 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3820 | result: PRF HMAC outer hash-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3808 | result: PRF HMAC outer hash-key@0x5641ad924ad0 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC outer hash: release tmp-key@0x5641ad89c080 | PRF symkey interface: release outer-key@0x5641ad926530 | : hashed-outer-key@0x5641ad924ad0 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface PRF md5 final-key@0x5641ad924ad0 (size 16) | PRF symkey interface: key-key@0x5641ad924ad0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x5641ad924ad0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 2104: MD5_HMAC test 2 extracting all 16 bytes of key@0x5641ad924ad0 | RFC 2104: MD5_HMAC test 2: symkey-key@0x5641ad924ad0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | RFC 2104: MD5_HMAC test 2: new slot-key@0x5641ad91fd40 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)-1398952086: 23 3c f7 4c 86 34 cf 8e 6f 6a a0 c4 99 b1 ee 4f | RFC 2104: MD5_HMAC test 2: release slot-key-key@0x5641ad91fd40 | RFC 2104: MD5_HMAC test 2 extracted len 16 bytes at 0x5641ad91f038 | unwrapped: 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | verify_chunk_data: RFC 2104: MD5_HMAC test 2: ok | test_prf_vector: RFC 2104: MD5_HMAC test 2 passed | test_prf_vector: release symkey-key@0x5641ad924ad0 | test_prf_vector: release message-key@0x5641ad923020 | test_prf_vector: release key-key@0x5641ad926910 | test_prf_vector: release output-key@NULL RFC 2104: MD5_HMAC test 3 | decode_to_chunk: test_prf_vector: input "0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" | decode_to_chunk: output: | aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa | decode_to_chunk: test_prf_vector: input "0xDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD" | decode_to_chunk: output: | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd | decode_to_chunk: test_prf_vector: input "0x56be34521d144c88dbb8c733f0e8b3f6" | decode_to_chunk: output: | 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | PRF chunk interface PRF md5 init key-chunk@0x5641ad91faf8 (length 16) | aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3840 | result: PRF chunk interface-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3828 | result: PRF chunk interface-key@0x5641ad926910 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF chunk interface: release tmp-key@0x5641ad923020 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad926910 (16-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff837b3780 | result: trimed key-key@0x5641ad923020 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5641ad926910 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5641ad923020 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff837b37c0 | result: result-key@0x5641ad926910 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF chunk interface PRF md5 crypt-prf@0x5641ad9268e8 | PRF chunk interface PRF md5 update message-bytes@0x5641ad91ee38 (length 50) | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd | CONCATENATE_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5641ad926910 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 16-bytes@0x7fff837b38b0 | result: message-key@0x5641ad924ad0 (114-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_bytes: release lhs-key@0x5641ad926910 | PRF HMAC inner hash hash md5 inner-key@0x5641ad924ad0 (size 114) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x5641ad924ad0 (size 114) | PRF HMAC inner hash: inner-key@0x5641ad924ad0 (114-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x5641ad91ef88 (length 16) | 82 0a 6b 33 5d 18 7b 90 dc ba b1 7e f5 b4 26 ff | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3740 | result: PRF HMAC inner hash-key@0x5641ad926530 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad926530 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3728 | result: PRF HMAC inner hash-key@0x5641ad926910 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x5641ad926530 | PRF chunk interface: release inner-key@0x5641ad924ad0 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5641ad923020 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff837b37b0 | result: result-key@0x5641ad924ad0 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5641ad924ad0 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7fff837b3798 | result: result-key@0x5641ad926530 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x5641ad924ad0 | PRF chunk interface: release hashed-inner-key@0x5641ad926910 | PRF chunk interface: release key-key@0x5641ad923020 | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x5641ad926530 (size 80) | PRF HMAC outer hash: outer-key@0x5641ad926530 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final bytes@0x5641ad91f038 (length 16) | 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | PRF chunk interface: release outer-key@0x5641ad926530 | PRF chunk interface PRF md5 final-chunk@0x5641ad91f038 (length 16) | 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | chunk output 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | verify_chunk_data: RFC 2104: MD5_HMAC test 3: ok | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38c0 | result: key symkey-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38a8 | result: key symkey-key@0x5641ad926530 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x5641ad923020 | PRF symkey interface PRF md5 init key symkey-key@0x5641ad926530 (size 16) | PRF symkey interface: key symkey-key@0x5641ad926530 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface: reference key-key@0x5641ad926530 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad926530 (16-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff837b3780 | result: trimed key-key@0x5641ad923020 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5641ad926530 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5641ad923020 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff837b37c0 | result: result-key@0x5641ad926910 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF symkey interface PRF md5 crypt-prf@0x5641ad91ede8 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b38c0 | result: message symkey-key@0x5641ad89c080 (66-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 50 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 50-bytes | base: base-key@0x5641ad89c080 (66-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b38a8 | result: message symkey-key@0x5641ad924ad0 (50-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x5641ad89c080 | PRF symkey interface PRF md5 update symkey message-key@0x5641ad924ad0 (size 50) | PRF symkey interface: symkey message-key@0x5641ad924ad0 (50-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5641ad926910 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7fff837b38d8 | result: result-key@0x5641ad89c080 (114-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x5641ad926910 | PRF HMAC inner hash hash md5 inner-key@0x5641ad89c080 (size 114) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x5641ad89c080 (size 114) | PRF HMAC inner hash: inner-key@0x5641ad89c080 (114-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x5641ad91f038 (length 16) | 82 0a 6b 33 5d 18 7b 90 dc ba b1 7e f5 b4 26 ff | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3760 | result: PRF HMAC inner hash-key@0x5641ad895ec0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad895ec0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3748 | result: PRF HMAC inner hash-key@0x5641ad926910 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x5641ad895ec0 | PRF symkey interface: release inner-key@0x5641ad89c080 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5641ad923020 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff837b37d0 | result: result-key@0x5641ad89c080 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5641ad89c080 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7fff837b37b8 | result: result-key@0x5641ad895ec0 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x5641ad89c080 | PRF symkey interface: release hashed-inner-key@0x5641ad926910 | PRF symkey interface: release key-key@0x5641ad923020 | PRF HMAC outer hash hash md5 outer-key@0x5641ad895ec0 (size 80) | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x5641ad895ec0 (size 80) | PRF HMAC outer hash: outer-key@0x5641ad895ec0 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final chunk@0x5641ad91f038 (length 16) | 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b3820 | result: PRF HMAC outer hash-key@0x5641ad926910 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5641ad926910 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b3808 | result: PRF HMAC outer hash-key@0x5641ad923020 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC outer hash: release tmp-key@0x5641ad926910 | PRF symkey interface: release outer-key@0x5641ad895ec0 | : hashed-outer-key@0x5641ad923020 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface PRF md5 final-key@0x5641ad923020 (size 16) | PRF symkey interface: key-key@0x5641ad923020 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x5641ad923020 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 2104: MD5_HMAC test 3 extracting all 16 bytes of key@0x5641ad923020 | RFC 2104: MD5_HMAC test 3: symkey-key@0x5641ad923020 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | RFC 2104: MD5_HMAC test 3: new slot-key@0x5641ad91fd40 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)-1398952086: e5 10 ff a5 ad a3 7b ee 6b 16 6c ab c7 60 32 55 | RFC 2104: MD5_HMAC test 3: release slot-key-key@0x5641ad91fd40 | RFC 2104: MD5_HMAC test 3 extracted len 16 bytes at 0x5641ad91ef88 | unwrapped: 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | verify_chunk_data: RFC 2104: MD5_HMAC test 3: ok | test_prf_vector: RFC 2104: MD5_HMAC test 3 passed | test_prf_vector: release symkey-key@0x5641ad923020 | test_prf_vector: release message-key@0x5641ad924ad0 | test_prf_vector: release key-key@0x5641ad926530 | test_prf_vector: release output-key@NULL 8 CPU cores online starting up 7 crypto helpers started thread for crypto helper 0 | starting up helper thread 0 | status value returned by setting the priority of this thread (crypto helper 0) 22 | crypto helper 0 waiting (nothing to do) started thread for crypto helper 1 | starting up helper thread 1 | status value returned by setting the priority of this thread (crypto helper 1) 22 | crypto helper 1 waiting (nothing to do) started thread for crypto helper 2 started thread for crypto helper 3 | starting up helper thread 3 started thread for crypto helper 4 | starting up helper thread 4 | status value returned by setting the priority of this thread (crypto helper 3) 22 | crypto helper 3 waiting (nothing to do) | status value returned by setting the priority of this thread (crypto helper 4) 22 | crypto helper 4 waiting (nothing to do) started thread for crypto helper 5 | starting up helper thread 5 | starting up helper thread 2 | status value returned by setting the priority of this thread (crypto helper 5) 22 | starting up helper thread 6 | crypto helper 5 waiting (nothing to do) | status value returned by setting the priority of this thread (crypto helper 2) 22 | crypto helper 2 waiting (nothing to do) | status value returned by setting the priority of this thread (crypto helper 6) 22 started thread for crypto helper 6 | crypto helper 6 waiting (nothing to do) | checking IKEv1 state table | MAIN_R0: category: half-open IKE SA flags: 0: | -> MAIN_R1 EVENT_SO_DISCARD | MAIN_I1: category: half-open IKE SA flags: 0: | -> MAIN_I2 EVENT_RETRANSMIT | MAIN_R1: category: open IKE SA flags: 200: | -> MAIN_R2 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_I2: category: open IKE SA flags: 0: | -> MAIN_I3 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_R2: category: open IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | -> MAIN_R3 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_I3: category: open IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | -> MAIN_I4 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_R3: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | MAIN_I4: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | AGGR_R0: category: half-open IKE SA flags: 0: | -> AGGR_R1 EVENT_SO_DISCARD | AGGR_I1: category: half-open IKE SA flags: 0: | -> AGGR_I2 EVENT_SA_REPLACE | -> AGGR_I2 EVENT_SA_REPLACE | AGGR_R1: category: open IKE SA flags: 200: | -> AGGR_R2 EVENT_SA_REPLACE | -> AGGR_R2 EVENT_SA_REPLACE | AGGR_I2: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | AGGR_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | QUICK_R0: category: established CHILD SA flags: 0: | -> QUICK_R1 EVENT_RETRANSMIT | QUICK_I1: category: established CHILD SA flags: 0: | -> QUICK_I2 EVENT_SA_REPLACE | QUICK_R1: category: established CHILD SA flags: 0: | -> QUICK_R2 EVENT_SA_REPLACE | QUICK_I2: category: established CHILD SA flags: 200: | -> UNDEFINED EVENT_NULL | QUICK_R2: category: established CHILD SA flags: 0: | -> UNDEFINED EVENT_NULL | INFO: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | INFO_PROTECTED: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | XAUTH_R0: category: established IKE SA flags: 0: | -> XAUTH_R1 EVENT_NULL | XAUTH_R1: category: established IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | MODE_CFG_R0: category: informational flags: 0: | -> MODE_CFG_R1 EVENT_SA_REPLACE | MODE_CFG_R1: category: established IKE SA flags: 0: | -> MODE_CFG_R2 EVENT_SA_REPLACE | MODE_CFG_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | MODE_CFG_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | XAUTH_I0: category: established IKE SA flags: 0: | -> XAUTH_I1 EVENT_RETRANSMIT | XAUTH_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_RETRANSMIT | checking IKEv2 state table | PARENT_I0: category: ignore flags: 0: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) | PARENT_I1: category: half-open IKE SA flags: 0: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) | PARENT_I2: category: open IKE SA flags: 0: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) | PARENT_I3: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) | PARENT_R0: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) | PARENT_R1: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) | PARENT_R2: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) | V2_CREATE_I0: category: established IKE SA flags: 0: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) | V2_CREATE_I: category: established IKE SA flags: 0: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) | V2_REKEY_IKE_I: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: | V2_CREATE_R: category: established IKE SA flags: 0: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) | V2_REKEY_IKE_R: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: | V2_IPSEC_I: category: established CHILD SA flags: 0: | V2_IPSEC_R: category: established CHILD SA flags: 0: | IKESA_DEL: category: established IKE SA flags: 0: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) | CHILDSA_DEL: category: informational flags: 0: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 | Hard-wiring algorithms | adding AES_CCM_16 to kernel algorithm db | adding AES_CCM_12 to kernel algorithm db | adding AES_CCM_8 to kernel algorithm db | adding 3DES_CBC to kernel algorithm db | adding CAMELLIA_CBC to kernel algorithm db | adding AES_GCM_16 to kernel algorithm db | adding AES_GCM_12 to kernel algorithm db | adding AES_GCM_8 to kernel algorithm db | adding AES_CTR to kernel algorithm db | adding AES_CBC to kernel algorithm db | adding SERPENT_CBC to kernel algorithm db | adding TWOFISH_CBC to kernel algorithm db | adding NULL_AUTH_AES_GMAC to kernel algorithm db | adding NULL to kernel algorithm db | adding CHACHA20_POLY1305 to kernel algorithm db | adding HMAC_MD5_96 to kernel algorithm db | adding HMAC_SHA1_96 to kernel algorithm db | adding HMAC_SHA2_512_256 to kernel algorithm db | adding HMAC_SHA2_384_192 to kernel algorithm db | adding HMAC_SHA2_256_128 to kernel algorithm db | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db | adding AES_XCBC_96 to kernel algorithm db | adding AES_CMAC_96 to kernel algorithm db | adding NONE to kernel algorithm db | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds | setup kernel fd callback | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x5641ad91ee38 | libevent_malloc: new ptr-libevent@0x5641ad9033b8 size 128 | libevent_malloc: new ptr-libevent@0x5641ad91f608 size 16 | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x5641ad91f978 | libevent_malloc: new ptr-libevent@0x5641ad8bf978 size 128 | libevent_malloc: new ptr-libevent@0x5641ad91faf8 size 16 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff20b (length 11) | 4b 41 4d 45 2f 72 61 63 6f 6f 6e | vendor id hash md5 final bytes@0x5641ad91f038 (length 16) | 70 03 cb c1 09 7d be 9c 26 00 ba 69 83 bc 8b 35 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641aca00000 (length 46) | 4e 4c 42 53 5f 50 52 45 53 45 4e 54 28 4e 4c 42 | 2f 4d 53 43 53 20 66 61 73 74 20 66 61 69 6c 6f | 76 65 72 20 73 75 70 70 6f 72 74 65 64 29 | vendor id hash md5 final bytes@0x5641ad91f078 (length 16) | ec 22 62 b5 12 32 63 83 67 12 3b ce 3d 37 3c 5e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641aca00030 (length 32) | 4d 53 2d 4d 61 6d 69 65 45 78 69 73 74 73 28 41 | 75 74 68 49 50 20 73 75 70 70 6f 72 74 65 64 29 | vendor id hash md5 final bytes@0x5641ad91fa58 (length 16) | 6f fe a4 ae ec 37 f4 9a 02 6f 97 cf b5 53 30 6d | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff38e (length 17) | 49 4b 45 20 43 47 41 20 76 65 72 73 69 6f 6e 20 | 31 | vendor id hash md5 final bytes@0x5641ad91f648 (length 16) | e3 a5 96 6a 76 37 9f e7 07 22 82 31 e5 ce 86 52 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641aca00058 (length 32) | 4d 53 2d 4e 65 67 6f 74 69 61 74 69 6f 6e 20 44 | 69 73 63 6f 76 65 72 79 20 43 61 70 61 62 6c 65 | vendor id hash md5 final bytes@0x5641ad91fb38 (length 16) | fb 1d e3 cd f3 41 b7 ea 16 b7 e5 be 08 55 f1 20 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff3a0 (length 23) | 4d 69 63 72 6f 73 6f 66 74 20 58 62 6f 78 20 4f | 6e 65 20 32 30 31 33 | vendor id hash md5 final bytes@0x5641ad91ef48 (length 16) | 8a a3 94 cf 8a 55 77 dc 31 10 c1 13 b0 27 a4 f2 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff3b8 (length 22) | 58 62 6f 78 20 49 4b 45 76 32 20 4e 65 67 6f 74 | 69 61 74 69 6f 6e | vendor id hash md5 final bytes@0x5641ad91f938 (length 16) | aa 28 1f cc d6 8c f8 a8 dc b8 5c c0 a7 10 40 2a | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff3cf (length 28) | 4d 53 46 54 20 49 50 73 65 63 20 53 65 63 75 72 | 69 74 79 20 52 65 61 6c 6d 20 49 64 | vendor id hash md5 final bytes@0x5641ad926a78 (length 16) | 68 6a 8c bd fe 63 4b 40 51 46 fb 2b af 33 e9 e8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641aca00080 (length 39) | 41 20 47 53 53 2d 41 50 49 20 41 75 74 68 65 6e | 74 69 63 61 74 69 6f 6e 20 4d 65 74 68 6f 64 20 | 66 6f 72 20 49 4b 45 | vendor id hash md5 final bytes@0x5641ad92bd58 (length 16) | ad 2c 0d d0 b9 c3 20 83 cc ba 25 b8 86 1e c4 55 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff3ec (length 6) | 47 53 53 41 50 49 | vendor id hash md5 final bytes@0x5641ad92bd98 (length 16) | 62 1b 04 bb 09 88 2a c1 e1 59 35 fe fa 24 ae ee | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff3f3 (length 12) | 53 53 48 20 53 65 6e 74 69 6e 65 6c | vendor id hash md5 final bytes@0x5641ad92bdd8 (length 16) | 05 41 82 a0 7c 7a e2 06 f9 d2 cf 9d 24 32 c4 82 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff400 (length 16) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 31 | vendor id hash md5 final bytes@0x5641ad92be18 (length 16) | b9 16 23 e6 93 ca 18 a5 4c 6a 27 78 55 23 05 e8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff411 (length 16) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 32 | vendor id hash md5 final bytes@0x5641ad92be58 (length 16) | 54 30 88 8d e0 1a 31 a6 fa 8f 60 22 4e 44 99 58 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff422 (length 16) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 33 | vendor id hash md5 final bytes@0x5641ad92be98 (length 16) | 7e e5 cb 85 f7 1c e2 59 c9 4a 5c 73 1e e4 e7 52 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff433 (length 16) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 34 | vendor id hash md5 final bytes@0x5641ad92bed8 (length 16) | 63 d9 a1 a7 00 94 91 b5 a0 a6 fd eb 2a 82 84 f0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff444 (length 18) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 34 | 2e 31 | vendor id hash md5 final bytes@0x5641ad92bf18 (length 16) | eb 4b 0d 96 27 6b 4e 22 0a d1 62 21 a7 b2 a5 e6 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641aca000a8 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 31 2e 30 | vendor id hash md5 final bytes@0x5641ad92bf58 (length 16) | fb f4 76 14 98 40 31 fa 8e 3b b6 19 80 89 b2 23 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641aca000e0 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 31 2e 31 | vendor id hash md5 final bytes@0x5641ad92bf98 (length 16) | 19 52 dc 91 ac 20 f6 46 fb 01 cf 42 a3 3a ee 30 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641aca00118 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 31 2e 32 | vendor id hash md5 final bytes@0x5641ad92bfd8 (length 16) | e8 bf fa 64 3e 5c 8f 2c d1 0f da 73 70 b6 eb e5 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641aca00150 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 32 2e 31 | vendor id hash md5 final bytes@0x5641ad92c018 (length 16) | c1 11 1b 2d ee 8c bc 3d 62 05 73 ec 57 aa b9 cb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641aca00188 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 32 2e 32 | vendor id hash md5 final bytes@0x5641ad92c058 (length 16) | 09 ec 27 bf bc 09 c7 58 23 cf ec bf fe 56 5a 2e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641aca001c0 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 32 2e 30 2e 30 | vendor id hash md5 final bytes@0x5641ad92c098 (length 16) | 7f 21 a5 96 e4 e3 18 f0 b2 f4 94 4c 23 84 cb 84 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641aca001f8 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 32 2e 31 2e 30 | vendor id hash md5 final bytes@0x5641ad92c0d8 (length 16) | 28 36 d1 fd 28 07 bc 9e 5a e3 07 86 32 04 51 ec | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641aca00230 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 32 2e 31 2e 31 | vendor id hash md5 final bytes@0x5641ad92c118 (length 16) | a6 8d e7 56 a9 c5 22 9b ae 66 49 80 40 95 1a d5 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641aca00268 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 32 2e 31 2e 32 | vendor id hash md5 final bytes@0x5641ad92c158 (length 16) | 3f 23 72 86 7e 23 7c 1c d8 25 0a 75 55 9c ae 20 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641aca002a0 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 33 2e 30 2e 30 | vendor id hash md5 final bytes@0x5641ad92c198 (length 16) | 0e 58 d5 77 4d f6 02 00 7d 0b 02 44 36 60 f7 eb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641aca002d8 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 33 2e 30 2e 31 | vendor id hash md5 final bytes@0x5641ad92c1d8 (length 16) | f5 ce 31 eb c2 10 f4 43 50 cf 71 26 5b 57 38 0f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641aca00310 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 34 2e 30 2e 30 | vendor id hash md5 final bytes@0x5641ad92c218 (length 16) | f6 42 60 af 2e 27 42 da dd d5 69 87 06 8a 99 a0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641aca00348 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 34 2e 30 2e 31 | vendor id hash md5 final bytes@0x5641ad92c258 (length 16) | 7a 54 d3 bd b3 b1 e6 d9 23 89 20 64 be 2d 98 1c | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641aca00380 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 34 2e 31 2e 30 | vendor id hash md5 final bytes@0x5641ad92c298 (length 16) | 9a a1 f3 b4 34 72 a4 5d 5f 50 6a eb 26 0c f2 14 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641aca003b8 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 34 2e 32 2e 30 | vendor id hash md5 final bytes@0x5641ad92c2d8 (length 16) | 68 80 c7 d0 26 09 91 14 e4 86 c5 54 30 e7 ab ee | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641aca003f0 (length 41) | 4c 69 6e 75 78 20 46 72 65 65 53 2f 57 41 4e 20 | 32 2e 30 30 20 50 4c 55 54 4f 5f 53 45 4e 44 53 | 5f 56 45 4e 44 4f 52 49 44 | vendor id hash md5 final bytes@0x7fff837b39a0 (length 16) | 44 76 1b d7 6b 80 85 41 74 87 ee 8a 51 cf fc f3 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641aca00420 (length 53) | 4c 69 6e 75 78 20 46 72 65 65 53 2f 57 41 4e 20 | 32 2e 30 30 20 58 2e 35 30 39 2d 31 2e 33 2e 31 | 20 50 4c 55 54 4f 5f 53 45 4e 44 53 5f 56 45 4e | 44 4f 52 49 44 | vendor id hash md5 final bytes@0x7fff837b39a0 (length 16) | b7 0e 8a c3 92 b1 6e 05 48 2f c4 dc 36 10 91 68 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641aca00458 (length 58) | 4c 69 6e 75 78 20 46 72 65 65 53 2f 57 41 4e 20 | 32 2e 30 30 20 58 2e 35 30 39 2d 31 2e 33 2e 31 | 20 4c 44 41 50 20 50 4c 55 54 4f 5f 53 45 4e 44 | 53 5f 56 45 4e 44 4f 52 49 44 | vendor id hash md5 final bytes@0x7fff837b39a0 (length 16) | 97 1d ea 93 c3 c2 06 74 f9 ae 35 40 83 de 3e 2f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff531 (length 14) | 4f 70 65 6e 73 77 61 6e 20 32 2e 32 2e 30 | vendor id hash md5 final bytes@0x7fff837b39a0 (length 16) | 08 72 0b ee 9e 28 95 3c e0 8f 0a 18 b6 e2 9d da | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641aca004c0 (length 37) | 64 72 61 66 74 2d 73 74 65 6e 62 65 72 67 2d 69 | 70 73 65 63 2d 6e 61 74 2d 74 72 61 76 65 72 73 | 61 6c 2d 30 31 | vendor id hash md5 final bytes@0x5641ad92c498 (length 16) | 27 ba b5 dc 01 ea 07 60 ea 4e 31 90 ac 27 c0 d0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641aca004e8 (length 37) | 64 72 61 66 74 2d 73 74 65 6e 62 65 72 67 2d 69 | 70 73 65 63 2d 6e 61 74 2d 74 72 61 76 65 72 73 | 61 6c 2d 30 32 | vendor id hash md5 final bytes@0x5641ad92c4d8 (length 16) | 61 05 c4 22 e7 68 47 e4 3f 96 84 80 12 92 ae cd | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff559 (length 10) | 45 53 50 54 68 72 75 4e 41 54 | vendor id hash md5 final bytes@0x5641ad92c518 (length 16) | 50 76 0f 62 4c 63 e5 c5 3e ea 38 6c 68 5c a0 83 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641aca00510 (length 38) | 64 72 61 66 74 2d 68 75 74 74 75 6e 65 6e 2d 69 | 70 73 65 63 2d 65 73 70 2d 69 6e 2d 75 64 70 2d | 30 30 2e 74 78 74 | vendor id hash md5 final bytes@0x5641ad92c558 (length 16) | 6a 74 34 c1 9d 7e 36 34 80 90 a0 23 34 c9 c8 05 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff564 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 30 | vendor id hash md5 final bytes@0x5641ad92c598 (length 16) | 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff582 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 31 | vendor id hash md5 final bytes@0x5641ad92c5d8 (length 16) | 16 f6 ca 16 e4 a4 06 6d 83 82 1a 0f 0a ea a8 62 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff5a0 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 32 | vendor id hash md5 final bytes@0x5641ad92c618 (length 16) | cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641aca00538 (length 30) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 32 0a | vendor id hash md5 final bytes@0x5641ad92c658 (length 16) | 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff5be (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 33 | vendor id hash md5 final bytes@0x5641ad92c698 (length 16) | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff5dc (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 34 | vendor id hash md5 final bytes@0x5641ad92c6d8 (length 16) | 99 09 b6 4e ed 93 7c 65 73 de 52 ac e9 52 fa 6b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff5fa (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 35 | vendor id hash md5 final bytes@0x5641ad92c718 (length 16) | 80 d0 bb 3d ef 54 56 5e e8 46 45 d4 c8 5c e3 ee | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff618 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 36 | vendor id hash md5 final bytes@0x5641ad92c758 (length 16) | 4d 1e 0e 13 6d ea fa 34 c4 f3 ea 9f 02 ec 72 85 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff636 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 37 | vendor id hash md5 final bytes@0x5641ad92c798 (length 16) | 43 9b 59 f8 ba 67 6c 4c 77 37 ae 22 ea b8 f5 82 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff654 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 38 | vendor id hash md5 final bytes@0x5641ad92c7d8 (length 16) | 8f 8d 83 82 6d 24 6b 6f c7 a8 a6 a4 28 c1 1d e8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff672 (length 26) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 | vendor id hash md5 final bytes@0x5641ad92c818 (length 16) | 4d f3 79 28 e9 fc 4f d1 b3 26 21 70 d5 15 c6 62 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff68d (length 8) | 52 46 43 20 33 39 34 37 | vendor id hash md5 final bytes@0x5641ad92c858 (length 16) | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641aca084f9 (length 13) | 46 52 41 47 4d 45 4e 54 41 54 49 4f 4e | vendor id hash md5 final bytes@0x5641ad92c918 (length 16) | 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff73d (length 19) | 56 69 64 2d 49 6e 69 74 69 61 6c 2d 43 6f 6e 74 | 61 63 74 | vendor id hash md5 final bytes@0x5641ad92c958 (length 16) | 26 24 4d 38 ed db 61 b3 17 2a 36 e3 d0 cf b8 19 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641aca00058 (length 32) | 4d 53 2d 4e 65 67 6f 74 69 61 74 69 6f 6e 20 44 | 69 73 63 6f 76 65 72 79 20 43 61 70 61 62 6c 65 | vendor id hash md5 final bytes@0x5641ad92c998 (length 16) | fb 1d e3 cd f3 41 b7 ea 16 b7 e5 be 08 55 f1 20 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff38e (length 17) | 49 4b 45 20 43 47 41 20 76 65 72 73 69 6f 6e 20 | 31 | vendor id hash md5 final bytes@0x5641ad92c9d8 (length 16) | e3 a5 96 6a 76 37 9f e7 07 22 82 31 e5 ce 86 52 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff751 (length 14) | 4d 53 2d 4d 61 6d 69 65 45 78 69 73 74 73 | vendor id hash md5 final bytes@0x5641ad92ca18 (length 16) | 21 4c a4 fa ff a7 f3 2d 67 48 e5 30 33 95 ae 83 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ee8dd (length 10) | 73 74 72 6f 6e 67 53 77 61 6e | vendor id hash md5 final bytes@0x5641ad92ca58 (length 16) | 88 2f e5 6d 6f d2 0d bc 22 51 61 3b 2e be 5b eb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff760 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 30 | vendor id hash md5 final bytes@0x5641ad92ca98 (length 16) | 2c e9 c9 46 a4 c8 79 bf 11 b5 0b 76 cc 56 92 cb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff771 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 31 | vendor id hash md5 final bytes@0x5641ad92cad8 (length 16) | 9d bb af cf 1d b0 dd 59 5a e0 65 29 40 03 ad 3e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff782 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 32 | vendor id hash md5 final bytes@0x5641ad92cb18 (length 16) | 77 e8 ee a6 f5 56 a4 99 de 3f fe 7f 7f 95 66 1c | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff793 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 33 | vendor id hash md5 final bytes@0x5641ad92cb58 (length 16) | b1 81 b1 8e 11 4f c2 09 b3 c6 e2 6c 3a 80 71 8e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff7a4 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 34 | vendor id hash md5 final bytes@0x5641ad92cb98 (length 16) | 1e f2 83 f8 35 49 b5 ff 96 08 b6 d6 34 f8 4d 75 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff7b5 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 35 | vendor id hash md5 final bytes@0x5641ad92cbd8 (length 16) | dd 18 0d 21 e5 ce 65 5a 76 8b a3 22 11 dd 8a d9 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff7c6 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 36 | vendor id hash md5 final bytes@0x5641ad92cc18 (length 16) | 4c 90 13 69 46 57 7b 51 91 9d 8d 9a 6b 8e 4a 9f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff7d7 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 37 | vendor id hash md5 final bytes@0x5641ad92cc58 (length 16) | ab 07 46 22 1c c8 fd 0d 52 38 f7 3a 9b 3d a5 57 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff7e8 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 30 | vendor id hash md5 final bytes@0x5641ad92cc98 (length 16) | 47 94 ce f6 84 34 22 98 0d 1a 3d 06 af 41 c5 cd | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff7f9 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 31 | vendor id hash md5 final bytes@0x5641ad92ccd8 (length 16) | d3 f1 c4 88 c3 68 17 5d 5f 40 a8 f5 ca 5f 5e 12 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff80a (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 32 | vendor id hash md5 final bytes@0x5641ad92cd18 (length 16) | 15 a1 ac e7 ee 52 fd df ef 04 f9 28 db 2d d1 34 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff81b (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 33 | vendor id hash md5 final bytes@0x5641ad92cd58 (length 16) | 58 49 ab 6d 8b ea bd 6e 4d 09 e5 a3 b8 8c 08 9a | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff82c (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 34 | vendor id hash md5 final bytes@0x5641ad92cd98 (length 16) | 31 2f 9c b1 a6 b9 0e 19 de 75 28 c9 04 ac 30 87 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff83d (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 35 | vendor id hash md5 final bytes@0x5641ad92cdd8 (length 16) | bf 0f bf 73 06 eb b7 82 70 42 d8 93 53 98 86 e2 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff84e (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 36 | vendor id hash md5 final bytes@0x5641ad92ce18 (length 16) | d1 96 83 36 8a f4 b0 ed c2 1c cd e9 82 b1 d1 b0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff85f (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 37 | vendor id hash md5 final bytes@0x5641ad92ce58 (length 16) | ea 84 0a a4 df c9 71 2d 6c 32 b5 a1 6e b3 29 a3 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff870 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 38 | vendor id hash md5 final bytes@0x5641ad92ce98 (length 16) | 66 a2 04 55 07 c1 19 da 78 a4 66 62 59 cd ea 48 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff881 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 39 | vendor id hash md5 final bytes@0x5641ad92ced8 (length 16) | 78 fd d2 87 de f0 1a 3f 07 4b 53 69 ea b4 fd 1c | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff892 (length 17) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 31 | 30 | vendor id hash md5 final bytes@0x5641ad92cf18 (length 16) | bf 3a 89 ae 5b ef 8e 72 d4 4d ac 8b b8 8d 7d 5f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff8a4 (length 17) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 31 | 31 | vendor id hash md5 final bytes@0x5641ad92cf58 (length 16) | b7 bd 9f 2f 97 8e 32 59 a7 aa 9f 7a 13 96 ad 6c | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff8b6 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 32 2e 30 | vendor id hash md5 final bytes@0x5641ad92cf98 (length 16) | 9f 68 90 13 25 a9 72 89 43 35 30 2a 95 31 ab 9f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff8c7 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 32 2e 31 | vendor id hash md5 final bytes@0x5641ad92cfd8 (length 16) | ba b2 53 f4 cb 10 a8 10 8a 7c 92 7c 56 c8 78 86 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff8d8 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 32 2e 32 | vendor id hash md5 final bytes@0x5641ad92d018 (length 16) | 2a 51 7d 0d 23 c3 7d 08 bc e7 c2 92 a0 21 7b 39 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff8e9 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 32 2e 33 | vendor id hash md5 final bytes@0x5641ad92d058 (length 16) | 2d 1f 40 61 18 fb d5 d2 84 74 79 1f fa 00 48 8a | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff8fa (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 38 | vendor id hash md5 final bytes@0x5641ad92d098 (length 16) | 8c 4a 3b cb 72 9b 11 f7 03 d2 2a 5b 39 64 0c a8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff90b (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 37 | vendor id hash md5 final bytes@0x5641ad92d0d8 (length 16) | 3a 0d 4e 7c a4 e4 92 ed 4d fe 47 6d 1a c6 01 8b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff91c (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 36 | vendor id hash md5 final bytes@0x5641ad92d118 (length 16) | fe 3f 49 70 6e 26 a9 fb 36 a8 7b fc e9 ea 36 ce | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff92d (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 35 | vendor id hash md5 final bytes@0x5641ad92d158 (length 16) | 4c 7e fa 31 b3 9e 51 04 32 a3 17 57 0d 97 bb b9 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff93e (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 34 | vendor id hash md5 final bytes@0x5641ad92d198 (length 16) | 76 c7 2b fd 39 84 24 dd 00 1b 86 d0 01 2f e0 61 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff94f (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 33 | vendor id hash md5 final bytes@0x5641ad92d1d8 (length 16) | fb 46 41 ad 0e eb 2a 34 49 1d 15 f4 ef f5 10 63 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff960 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 32 | vendor id hash md5 final bytes@0x5641ad92d218 (length 16) | 29 99 32 27 7b 7d fe 38 2c e2 34 65 33 3a 7d 23 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff971 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 31 | vendor id hash md5 final bytes@0x5641ad92d258 (length 16) | e3 7f 2d 5b a8 9a 62 cd 20 2e e2 7d ac 06 c8 a8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff982 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 30 | vendor id hash md5 final bytes@0x5641ad92d298 (length 16) | 32 f0 e9 b9 c0 6d fe 8c 9a d5 59 9a 63 69 71 a1 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff993 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 37 2e 33 | vendor id hash md5 final bytes@0x5641ad92d2d8 (length 16) | 7f 50 cc 4e bf 04 c2 d9 da 73 ab fd 69 b7 7a a2 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff9a4 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 37 2e 32 | vendor id hash md5 final bytes@0x5641ad92d318 (length 16) | a1 94 e2 aa dd d0 ba fb 95 25 3d d9 6d c7 33 eb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff9b5 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 37 2e 31 | vendor id hash md5 final bytes@0x5641ad92d358 (length 16) | 81 34 87 85 82 12 17 85 ba 65 ea 34 5d 6b a7 24 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff9c6 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 37 2e 30 | vendor id hash md5 final bytes@0x5641ad92d398 (length 16) | 07 fa 12 8e 47 54 f9 44 7b 1d d4 63 74 ee f3 60 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff9d7 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 34 | vendor id hash md5 final bytes@0x5641ad92d3d8 (length 16) | b9 27 f9 52 19 a0 fe 36 00 db a3 c1 18 2a e5 5f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff9e8 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 33 | vendor id hash md5 final bytes@0x5641ad92d418 (length 16) | b2 86 0e 78 37 f7 11 be f3 d0 ee b1 06 87 2d ed | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ff9f9 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 32 | vendor id hash md5 final bytes@0x5641ad92d458 (length 16) | 5b 1c d6 fe 7d 05 0e da 6c 93 87 1c 10 7d b3 d2 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ffa0a (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 31 | vendor id hash md5 final bytes@0x5641ad92d498 (length 16) | 66 af bc 12 bb fe 6c e1 08 b1 f6 9f 4b c9 17 b7 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ffa1b (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 30 | vendor id hash md5 final bytes@0x5641ad92d4d8 (length 16) | 3f 32 66 49 9f fd bd 85 95 0e 70 22 98 06 28 44 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ffa2c (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 37 | vendor id hash md5 final bytes@0x5641ad92d518 (length 16) | 1f 44 42 29 6b 83 d7 e3 3a 8b 45 20 9b a0 e5 90 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ffa3d (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 36 | vendor id hash md5 final bytes@0x5641ad92d558 (length 16) | 3c 5e ba 3d 85 64 92 8e 32 ae 43 c3 d9 92 4d ee | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ffa4e (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 35 | vendor id hash md5 final bytes@0x5641ad92d598 (length 16) | 3f 26 7e d6 21 ad a7 ee 6c 7d 88 93 cc b0 b1 4b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ffa5f (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 34 | vendor id hash md5 final bytes@0x5641ad92d5d8 (length 16) | 7a 6b f5 b7 df 89 64 2a 75 a7 8e f7 d6 57 c1 c0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ffa70 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 33 | vendor id hash md5 final bytes@0x5641ad92d618 (length 16) | df 5b 1f 0f 1d 56 79 d9 f8 51 2b 16 c5 5a 60 65 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ffa81 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 32 | vendor id hash md5 final bytes@0x5641ad92d658 (length 16) | 86 1c e5 eb 72 16 4b 19 0e 9e 62 9a 31 cf 49 01 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ffa92 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 31 | vendor id hash md5 final bytes@0x5641ad92d698 (length 16) | 9a 4a 46 48 f6 0f 8e da 7c fc bf e2 71 ee 5b 7d | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ffaa3 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 30 | vendor id hash md5 final bytes@0x5641ad92d6d8 (length 16) | 9e b3 d9 07 ed 7a da 4e 3c bc ac b9 17 ab c8 e4 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ffab4 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 34 | vendor id hash md5 final bytes@0x5641ad92d718 (length 16) | 48 5a 70 36 1b 44 33 b3 1d ea 1c 6b e0 df 24 3e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ffac5 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 33 | vendor id hash md5 final bytes@0x5641ad92d758 (length 16) | 98 2b 7a 06 3a 33 c1 43 a8 ea dc 88 24 9f 6b cc | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ffad6 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 32 | vendor id hash md5 final bytes@0x5641ad92d798 (length 16) | e7 a3 fd 0c 6d 77 1a 8f 1b 8a 86 a4 16 9c 9e a4 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ffae7 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 31 | vendor id hash md5 final bytes@0x5641ad92d7d8 (length 16) | 75 b0 65 3c b2 81 eb 26 d3 1e de 38 c8 e1 e2 28 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ffaf8 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 30 | vendor id hash md5 final bytes@0x5641ad92d818 (length 16) | e8 29 c8 81 49 ba b3 c0 ce e8 5d a6 0e 18 ae 9b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ffb09 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 33 2e 32 | vendor id hash md5 final bytes@0x5641ad92d858 (length 16) | 42 a4 83 4c 92 ab 9a 77 77 06 3a fa 25 4b cb 69 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ffb1a (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 33 2e 31 | vendor id hash md5 final bytes@0x5641ad92d898 (length 16) | f6 97 c1 af cc 2e c8 dd cd f9 9d c7 af 03 a6 7f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ffb2b (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 33 2e 30 | vendor id hash md5 final bytes@0x5641ad92d8d8 (length 16) | b8 f9 2b 2f a2 d3 fe 5f e1 58 34 4b da 1c c6 ae | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ffb3c (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 32 2e 32 | vendor id hash md5 final bytes@0x5641ad92d918 (length 16) | 99 dc 7c c8 23 37 6b 3b 33 d0 43 57 89 6a e0 7b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ffb4d (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 32 2e 31 | vendor id hash md5 final bytes@0x5641ad92d958 (length 16) | d9 11 8b 1e 9d e5 ef ce d9 cc 9d 88 3f 21 68 ff | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641ac9ffb5e (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 32 2e 30 | vendor id hash md5 final bytes@0x5641ad92d998 (length 16) | 85 b6 cb ec 48 0d 5c 8c d9 88 2c 82 5a c2 c2 44 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5641aca084f9 (length 13) | 46 52 41 47 4d 45 4e 54 41 54 49 4f 4e | vendor id hash md5 final bytes@0x5641ad92d9d8 (length 16) | 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | global one-shot timer EVENT_CHECK_CRLS initialized selinux support is enabled. | unbound context created - setting debug level to 5 | /etc/hosts lookups activated | /etc/resolv.conf usage activated | outgoing-port-avoid set 0-65535 | outgoing-port-permit set 32768-60999 | Loading dnssec root key from:/var/lib/unbound/root.key | No additional dnssec trust anchors defined via dnssec-trusted= option | Setting up events, loop start | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x5641ad91f9e8 | libevent_malloc: new ptr-libevent@0x5641ad92bca8 size 128 | libevent_malloc: new ptr-libevent@0x5641ad936e78 size 16 | libevent_realloc: new ptr-libevent@0x5641ad936eb8 size 256 | libevent_malloc: new ptr-libevent@0x5641ad936fe8 size 8 | libevent_realloc: new ptr-libevent@0x5641ad891918 size 144 | libevent_malloc: new ptr-libevent@0x5641ad8bf038 size 152 | libevent_malloc: new ptr-libevent@0x5641ad937028 size 16 | signal event handler PLUTO_SIGCHLD installed | libevent_malloc: new ptr-libevent@0x5641ad937068 size 8 | libevent_malloc: new ptr-libevent@0x5641ad8c69b8 size 152 | signal event handler PLUTO_SIGTERM installed | libevent_malloc: new ptr-libevent@0x5641ad9370a8 size 8 | libevent_malloc: new ptr-libevent@0x5641ad9370e8 size 152 | signal event handler PLUTO_SIGHUP installed | libevent_malloc: new ptr-libevent@0x5641ad9371b8 size 8 | libevent_realloc: release ptr-libevent@0x5641ad891918 | libevent_realloc: new ptr-libevent@0x5641ad9371f8 size 256 | libevent_malloc: new ptr-libevent@0x5641ad937328 size 152 | signal event handler PLUTO_SIGSYS installed | created addconn helper (pid:6376) using fork+execve | forked child 6376 | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.2.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.23 Kernel supports NIC esp-hw-offload adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth1/eth1 192.1.2.23:4500 adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth0/eth0 192.0.2.254:4500 adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface lo/lo 127.0.0.1:4500 | no interfaces to sort | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | add_fd_read_event_handler: new ethX-pe@0x5641ad937908 | libevent_malloc: new ptr-libevent@0x5641ad92bbf8 size 128 | libevent_malloc: new ptr-libevent@0x5641ad937978 size 16 | setup callback for interface lo 127.0.0.1:4500 fd 22 | add_fd_read_event_handler: new ethX-pe@0x5641ad9379b8 | libevent_malloc: new ptr-libevent@0x5641ad8c1f68 size 128 | libevent_malloc: new ptr-libevent@0x5641ad937a28 size 16 | setup callback for interface lo 127.0.0.1:500 fd 21 | add_fd_read_event_handler: new ethX-pe@0x5641ad937a68 | libevent_malloc: new ptr-libevent@0x5641ad8c6a88 size 128 | libevent_malloc: new ptr-libevent@0x5641ad937ad8 size 16 | setup callback for interface eth0 192.0.2.254:4500 fd 20 | add_fd_read_event_handler: new ethX-pe@0x5641ad937b18 | libevent_malloc: new ptr-libevent@0x5641ad89b138 size 128 | libevent_malloc: new ptr-libevent@0x5641ad937b88 size 16 | setup callback for interface eth0 192.0.2.254:500 fd 19 | add_fd_read_event_handler: new ethX-pe@0x5641ad937bc8 | libevent_malloc: new ptr-libevent@0x5641ad8964e8 size 128 | libevent_malloc: new ptr-libevent@0x5641ad937c38 size 16 | setup callback for interface eth1 192.1.2.23:4500 fd 18 | add_fd_read_event_handler: new ethX-pe@0x5641ad937c78 | libevent_malloc: new ptr-libevent@0x5641ad8961d8 size 128 | libevent_malloc: new ptr-libevent@0x5641ad937ce8 size 16 | setup callback for interface eth1 192.1.2.23:500 fd 17 | certs and keys locked by 'free_preshared_secrets' | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | id type added to secret(0x5641ad891c48) PKK_PSK: @east | id type added to secret(0x5641ad891c48) PKK_PSK: @west | Processing PSK at line 1: passed | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.483 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.2.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.23 | no interfaces to sort | libevent_free: release ptr-libevent@0x5641ad92bbf8 | free_event_entry: release EVENT_NULL-pe@0x5641ad937908 | add_fd_read_event_handler: new ethX-pe@0x5641ad937908 | libevent_malloc: new ptr-libevent@0x5641ad92bbf8 size 128 | setup callback for interface lo 127.0.0.1:4500 fd 22 | libevent_free: release ptr-libevent@0x5641ad8c1f68 | free_event_entry: release EVENT_NULL-pe@0x5641ad9379b8 | add_fd_read_event_handler: new ethX-pe@0x5641ad9379b8 | libevent_malloc: new ptr-libevent@0x5641ad8c1f68 size 128 | setup callback for interface lo 127.0.0.1:500 fd 21 | libevent_free: release ptr-libevent@0x5641ad8c6a88 | free_event_entry: release EVENT_NULL-pe@0x5641ad937a68 | add_fd_read_event_handler: new ethX-pe@0x5641ad937a68 | libevent_malloc: new ptr-libevent@0x5641ad8c6a88 size 128 | setup callback for interface eth0 192.0.2.254:4500 fd 20 | libevent_free: release ptr-libevent@0x5641ad89b138 | free_event_entry: release EVENT_NULL-pe@0x5641ad937b18 | add_fd_read_event_handler: new ethX-pe@0x5641ad937b18 | libevent_malloc: new ptr-libevent@0x5641ad89b138 size 128 | setup callback for interface eth0 192.0.2.254:500 fd 19 | libevent_free: release ptr-libevent@0x5641ad8964e8 | free_event_entry: release EVENT_NULL-pe@0x5641ad937bc8 | add_fd_read_event_handler: new ethX-pe@0x5641ad937bc8 | libevent_malloc: new ptr-libevent@0x5641ad8964e8 size 128 | setup callback for interface eth1 192.1.2.23:4500 fd 18 | libevent_free: release ptr-libevent@0x5641ad8961d8 | free_event_entry: release EVENT_NULL-pe@0x5641ad937c78 | add_fd_read_event_handler: new ethX-pe@0x5641ad937c78 | libevent_malloc: new ptr-libevent@0x5641ad8961d8 size 128 | setup callback for interface eth1 192.1.2.23:500 fd 17 | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | id type added to secret(0x5641ad891c48) PKK_PSK: @east | id type added to secret(0x5641ad891c48) PKK_PSK: @west | Processing PSK at line 1: passed | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.313 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned pid 6376 (exited with status 0) | reaped addconn helper child (status 0) | waitpid returned ECHILD (no child processes left) | spent 0.0223 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection east with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048, 3DES_CBC-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048,3des-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048, 3DES_CBC-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.23:500 192.1.2.45:500 -> hp@(nil): none | new hp@0x5641ad938f38 added connection description "east" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.2.45<192.1.2.45>[@west]===192.0.1.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.269 milliseconds in whack | spent 0.00335 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 7a e4 6e e4 f2 25 1d 04 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 18 1c 86 dc 75 25 e0 69 3b 21 99 4f | b4 7e e7 cb 80 98 55 00 1f d7 28 21 3f e8 85 47 | 60 ee de 0b 99 a4 41 9b 7d a4 c3 89 ac 42 b2 76 | 30 d9 22 c3 b6 b3 75 af 99 f1 85 f8 8c e9 e4 f6 | 09 4e e5 e3 3a 85 f4 f7 c6 a0 d1 bd ac f7 5e e1 | 5d 89 87 73 c2 53 6f b3 92 51 5c 57 1e f2 b3 c1 | a3 43 fe bb 5d 28 9e 19 7d 41 86 0a 89 ca bc 6c | 36 c1 94 6e 88 62 d6 2d ea f8 cb 1a da 19 02 ba | 62 f9 97 ea cf 89 50 4d 83 48 f3 4e 93 66 77 25 | b1 17 29 8f fb d6 f5 cb fd 59 62 a1 c8 a4 8b 4a | 15 96 a1 35 af 45 0e bc 81 53 26 f9 ce f6 77 28 | 57 a6 df 5e ae 69 4c d5 c7 18 48 79 d8 51 90 3c | e7 fa 0d f2 cb 31 e8 6d b6 79 7c ba fe ea 99 3e | 89 3e f7 46 85 39 f2 29 fb 5f 4d e6 8a d1 58 48 | de cc 11 02 ed 8b b1 9d ab 3d aa d3 50 06 da cd | 87 ef 4b 43 06 ed a1 a4 d9 42 43 3c 71 e6 84 c9 | ba d7 5c 83 29 00 00 24 3a 07 3c c2 6a 9c d3 17 | d9 c8 ba 09 34 16 3d a5 c7 b7 80 9a 7d 44 84 29 | 28 03 47 a4 54 bd aa 69 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 a0 7e 6c d2 97 f4 e4 ea | a0 a0 91 8d 69 6a b0 2f 45 96 9e 0e 00 00 00 1c | 00 00 40 05 ca 66 fd 2d f0 2d 36 04 e9 a2 5c 99 | 4d 23 22 c8 e1 0a 18 d3 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 7a e4 6e e4 f2 25 1d 04 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x5641ad939378 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x5641aca74700 (length 32) | 64 59 39 7d cd b9 28 1d f1 c8 1c 37 a1 76 10 ce | 60 62 36 da 0f 08 a7 5a 08 fd 21 a0 d8 62 36 c1 | IKE SPIr hash sha2_256 digest counter-bytes@0x5641aca746e0 (length 4) | 01 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff837b2220 (length 32) | d9 00 2b 22 79 6a 05 0a 8e a7 4c 70 4a e4 04 46 | 83 7a c3 45 44 65 25 8c 76 e3 53 e2 56 ac 26 a8 | creating state object #1 at 0x5641ad93ab38 | State DB: adding IKEv2 state #1 in UNDEFINED | pstats #1 ikev2.ike started | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #1 connection "east" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #1 connection "east" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #1 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | constructing local IKE proposals for east (IKE SA responder matching remote proposals) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | converting ike_info 3DES_CBC-HMAC_SHA1-MODP2048 to ikev2 ... | omitting IKEv2 PROTO_v2_IKE 3des_cbc ENCRYPT transform key-length | ... ikev2_proposal: 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "east": constructed local IKE proposals for east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 "east" #1: proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | DH public value received: | 18 1c 86 dc 75 25 e0 69 3b 21 99 4f b4 7e e7 cb | 80 98 55 00 1f d7 28 21 3f e8 85 47 60 ee de 0b | 99 a4 41 9b 7d a4 c3 89 ac 42 b2 76 30 d9 22 c3 | b6 b3 75 af 99 f1 85 f8 8c e9 e4 f6 09 4e e5 e3 | 3a 85 f4 f7 c6 a0 d1 bd ac f7 5e e1 5d 89 87 73 | c2 53 6f b3 92 51 5c 57 1e f2 b3 c1 a3 43 fe bb | 5d 28 9e 19 7d 41 86 0a 89 ca bc 6c 36 c1 94 6e | 88 62 d6 2d ea f8 cb 1a da 19 02 ba 62 f9 97 ea | cf 89 50 4d 83 48 f3 4e 93 66 77 25 b1 17 29 8f | fb d6 f5 cb fd 59 62 a1 c8 a4 8b 4a 15 96 a1 35 | af 45 0e bc 81 53 26 f9 ce f6 77 28 57 a6 df 5e | ae 69 4c d5 c7 18 48 79 d8 51 90 3c e7 fa 0d f2 | cb 31 e8 6d b6 79 7c ba fe ea 99 3e 89 3e f7 46 | 85 39 f2 29 fb 5f 4d e6 8a d1 58 48 de cc 11 02 | ed 8b b1 9d ab 3d aa d3 50 06 da cd 87 ef 4b 43 | 06 ed a1 a4 d9 42 43 3c 71 e6 84 c9 ba d7 5c 83 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff837b1c20 (length 8) | 7a e4 6e e4 f2 25 1d 04 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff837b1c28 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff837b1bb4 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff837b1ba6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff837b1c30 (length 20) | ca 66 fd 2d f0 2d 36 04 e9 a2 5c 99 4d 23 22 c8 | e1 0a 18 d3 | natd_hash: hasher=0x5641aca57800(20) | natd_hash: icookie= 7a e4 6e e4 f2 25 1d 04 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= ca 66 fd 2d f0 2d 36 04 e9 a2 5c 99 4d 23 22 c8 | natd_hash: hash= e1 0a 18 d3 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff837b1c20 (length 8) | 7a e4 6e e4 f2 25 1d 04 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff837b1c28 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff837b1bb4 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff837b1ba6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff837b1c50 (length 20) | a0 7e 6c d2 97 f4 e4 ea a0 a0 91 8d 69 6a b0 2f | 45 96 9e 0e | natd_hash: hasher=0x5641aca57800(20) | natd_hash: icookie= 7a e4 6e e4 f2 25 1d 04 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= a0 7e 6c d2 97 f4 e4 ea a0 a0 91 8d 69 6a b0 2f | natd_hash: hash= 45 96 9e 0e | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 | adding ikev2_inI1outR1 KE work-order 1 for state #1 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5641ad93a768 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x5641ad93c5a8 size 128 | #1 spent 0.313 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND | suspending state #1 and saving MD | #1 is busy; has a suspended MD | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) | "east" #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | stop processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #1 spent 0.728 milliseconds in ikev2_process_packet() | crypto helper 0 resuming | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | crypto helper 0 starting work-order 1 for state #1 | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | crypto helper 0 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1 | spent 0.748 milliseconds in comm_handle_cb() reading and processing packet | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f49fc003a28: created | NSS: Local DH MODP2048 secret (pointer): 0x7f49fc003a28 | NSS: Public DH wire value: | b9 3b 0d 6f 2c 02 5c e2 2e 62 89 76 9b 10 d3 b9 | 5d 95 29 7b b4 3d 98 d4 e1 68 36 57 f1 3a 39 b8 | f2 f3 29 ec 08 36 79 28 62 56 c6 fd 76 14 9b 52 | 84 73 03 c1 bf 47 b9 49 78 32 1e 3e 4f aa 16 9c | dd c8 d5 70 55 ec 83 91 2c 7e 8f 3f 5f 15 f7 94 | 3d 12 86 78 b2 00 f5 bb 87 96 9d 4e 40 ef aa e6 | 31 1e e2 ea 6e 16 0b c1 75 ea 26 fd 59 3c 0e c1 | 89 9f 34 8d c8 c7 6c 32 43 77 01 07 f0 8f 27 cd | 7b bc 4c 06 46 09 49 12 cb f9 71 f1 89 2c 2b 60 | 9e 95 ff 83 3e 2c c0 0f 18 51 1a 6d 51 29 dc f1 | 7e 87 61 ba 52 ed 72 94 21 9b c9 5d 66 99 c8 b5 | 43 73 02 e5 c1 18 20 b4 b0 b8 b7 56 80 07 78 0d | ac 19 dd 7c b5 d3 9a 4e f6 61 27 ab c4 aa ea ec | 5d 94 31 8e c3 33 16 09 2f 64 25 3e a6 c6 20 61 | 98 58 6e 84 71 eb 8d 13 fb 3b 98 77 09 7d 15 43 | 68 3c f7 07 2a 98 2c 95 97 78 0a 34 b9 6a b6 08 | Generated nonce: 04 5b 12 9b fc d7 31 c0 7b 49 97 4c 74 b8 c1 57 | Generated nonce: 64 a0 d4 c0 72 78 5a 2e 50 43 d4 47 be bf 97 d1 | crypto helper 0 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.000776 seconds | (#1) spent 0.763 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr) | crypto helper 0 sending results from work-order 1 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7f49fc002888 size 128 | crypto helper 0 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 1 | calling continuation function 0x5641ac982b50 | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1 | **emit ISAKMP Message: | initiator cookie: | 7a e4 6e e4 f2 25 1d 04 | responder cookie: | d9 00 2b 22 79 6a 05 0a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Emitting ikev2_proposal ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f49fc003a28: transferring ownership from helper KE to state #1 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x b9 3b 0d 6f 2c 02 5c e2 2e 62 89 76 9b 10 d3 b9 | ikev2 g^x 5d 95 29 7b b4 3d 98 d4 e1 68 36 57 f1 3a 39 b8 | ikev2 g^x f2 f3 29 ec 08 36 79 28 62 56 c6 fd 76 14 9b 52 | ikev2 g^x 84 73 03 c1 bf 47 b9 49 78 32 1e 3e 4f aa 16 9c | ikev2 g^x dd c8 d5 70 55 ec 83 91 2c 7e 8f 3f 5f 15 f7 94 | ikev2 g^x 3d 12 86 78 b2 00 f5 bb 87 96 9d 4e 40 ef aa e6 | ikev2 g^x 31 1e e2 ea 6e 16 0b c1 75 ea 26 fd 59 3c 0e c1 | ikev2 g^x 89 9f 34 8d c8 c7 6c 32 43 77 01 07 f0 8f 27 cd | ikev2 g^x 7b bc 4c 06 46 09 49 12 cb f9 71 f1 89 2c 2b 60 | ikev2 g^x 9e 95 ff 83 3e 2c c0 0f 18 51 1a 6d 51 29 dc f1 | ikev2 g^x 7e 87 61 ba 52 ed 72 94 21 9b c9 5d 66 99 c8 b5 | ikev2 g^x 43 73 02 e5 c1 18 20 b4 b0 b8 b7 56 80 07 78 0d | ikev2 g^x ac 19 dd 7c b5 d3 9a 4e f6 61 27 ab c4 aa ea ec | ikev2 g^x 5d 94 31 8e c3 33 16 09 2f 64 25 3e a6 c6 20 61 | ikev2 g^x 98 58 6e 84 71 eb 8d 13 fb 3b 98 77 09 7d 15 43 | ikev2 g^x 68 3c f7 07 2a 98 2c 95 97 78 0a 34 b9 6a b6 08 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 04 5b 12 9b fc d7 31 c0 7b 49 97 4c 74 b8 c1 57 | IKEv2 nonce 64 a0 d4 c0 72 78 5a 2e 50 43 d4 47 be bf 97 d1 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff837b2160 (length 8) | 7a e4 6e e4 f2 25 1d 04 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff837b2168 (length 8) | d9 00 2b 22 79 6a 05 0a | NATD hash sha digest IP addr-bytes@0x7fff837b2094 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff837b2086 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff837b2110 (length 20) | 18 4f 9d c4 c9 64 02 fa 0b fc 56 ca 01 0d e6 34 | 98 48 56 47 | natd_hash: hasher=0x5641aca57800(20) | natd_hash: icookie= 7a e4 6e e4 f2 25 1d 04 | natd_hash: rcookie= d9 00 2b 22 79 6a 05 0a | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 18 4f 9d c4 c9 64 02 fa 0b fc 56 ca 01 0d e6 34 | natd_hash: hash= 98 48 56 47 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 18 4f 9d c4 c9 64 02 fa 0b fc 56 ca 01 0d e6 34 | Notify data 98 48 56 47 | emitting length of IKEv2 Notify Payload: 28 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff837b2160 (length 8) | 7a e4 6e e4 f2 25 1d 04 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff837b2168 (length 8) | d9 00 2b 22 79 6a 05 0a | NATD hash sha digest IP addr-bytes@0x7fff837b2094 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff837b2086 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff837b2110 (length 20) | 18 40 c9 a4 29 af af b9 2f 4d 1f 6e b6 d6 a1 d8 | b3 b6 05 07 | natd_hash: hasher=0x5641aca57800(20) | natd_hash: icookie= 7a e4 6e e4 f2 25 1d 04 | natd_hash: rcookie= d9 00 2b 22 79 6a 05 0a | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 18 40 c9 a4 29 af af b9 2f 4d 1f 6e b6 d6 a1 d8 | natd_hash: hash= b3 b6 05 07 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 18 40 c9 a4 29 af af b9 2f 4d 1f 6e b6 d6 a1 d8 | Notify data b3 b6 05 07 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) | Message ID: updating counters for #1 to 0 after switching state | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 "east" #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 440 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 b9 3b 0d 6f 2c 02 5c e2 2e 62 89 76 | 9b 10 d3 b9 5d 95 29 7b b4 3d 98 d4 e1 68 36 57 | f1 3a 39 b8 f2 f3 29 ec 08 36 79 28 62 56 c6 fd | 76 14 9b 52 84 73 03 c1 bf 47 b9 49 78 32 1e 3e | 4f aa 16 9c dd c8 d5 70 55 ec 83 91 2c 7e 8f 3f | 5f 15 f7 94 3d 12 86 78 b2 00 f5 bb 87 96 9d 4e | 40 ef aa e6 31 1e e2 ea 6e 16 0b c1 75 ea 26 fd | 59 3c 0e c1 89 9f 34 8d c8 c7 6c 32 43 77 01 07 | f0 8f 27 cd 7b bc 4c 06 46 09 49 12 cb f9 71 f1 | 89 2c 2b 60 9e 95 ff 83 3e 2c c0 0f 18 51 1a 6d | 51 29 dc f1 7e 87 61 ba 52 ed 72 94 21 9b c9 5d | 66 99 c8 b5 43 73 02 e5 c1 18 20 b4 b0 b8 b7 56 | 80 07 78 0d ac 19 dd 7c b5 d3 9a 4e f6 61 27 ab | c4 aa ea ec 5d 94 31 8e c3 33 16 09 2f 64 25 3e | a6 c6 20 61 98 58 6e 84 71 eb 8d 13 fb 3b 98 77 | 09 7d 15 43 68 3c f7 07 2a 98 2c 95 97 78 0a 34 | b9 6a b6 08 29 00 00 24 04 5b 12 9b fc d7 31 c0 | 7b 49 97 4c 74 b8 c1 57 64 a0 d4 c0 72 78 5a 2e | 50 43 d4 47 be bf 97 d1 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 18 4f 9d c4 c9 64 02 fa | 0b fc 56 ca 01 0d e6 34 98 48 56 47 00 00 00 1c | 00 00 40 05 18 40 c9 a4 29 af af b9 2f 4d 1f 6e | b6 d6 a1 d8 b3 b6 05 07 | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x5641ad93c5a8 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5641ad93a768 | event_schedule: new EVENT_SO_DISCARD-pe@0x5641ad93a768 | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1 | libevent_malloc: new ptr-libevent@0x5641ad93d578 size 128 | resume sending helper answer for #1 suppresed complete_v2_state_transition() | #1 spent 0.363 milliseconds in resume sending helper answer | stop processing: state #1 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f49fc002888 | spent 0.00237 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 220 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 70 ac f5 20 7c 57 94 c5 77 4b ce 33 42 5c fd 0d | 35 1b 0f f7 10 a5 89 0f 1f 2d e4 97 b1 ca a3 4f | 94 25 4b 85 8f ff 59 36 17 ad 82 ec 2e 55 a9 32 | b2 7b 2d ee 01 8e 11 52 31 86 ef f8 cf cb 6e b4 | 16 b3 cc 97 a7 ef bb d6 18 dc 4a 8b 8f b4 a8 96 | 85 ab aa 01 10 0a 78 74 ac 1d c3 24 c1 7b ba 1a | 18 a2 16 d7 a4 96 e4 a0 21 35 42 5d 04 7f 2e 95 | 36 49 e6 86 95 e2 4b 77 bb 8a 76 a4 98 e3 45 76 | 53 c4 29 07 40 1c 92 60 28 fe 9d 42 2a d4 9d e2 | ba 2c 54 64 ff 63 8e 22 5f 47 79 e4 19 a6 7d a9 | ab fb c6 e5 87 07 68 0c e4 02 24 73 e5 72 2c 08 | 0f 44 e2 8e 3b 51 5e 15 44 97 b6 22 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 7a e4 6e e4 f2 25 1d 04 | responder cookie: | d9 00 2b 22 79 6a 05 0a | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 220 (0xdc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) | start processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 192 (0xc0) | processing payload: ISAKMP_NEXT_v2SK (len=188) | Message ID: start-responder #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 | #1 in state PARENT_R1: received v2I1, sent v2R1 | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request (no SKEYSEED) | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f49fc003a28: transferring ownership from state #1 to helper IKEv2 DH | adding ikev2_inI2outR2 KE work-order 2 for state #1 | state #1 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x5641ad93d578 | free_event_entry: release EVENT_SO_DISCARD-pe@0x5641ad93a768 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5641ad93a768 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x7f49fc002888 size 128 | #1 spent 0.0257 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | crypto helper 1 resuming | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND | suspending state #1 and saving MD | #1 is busy; has a suspended MD | crypto helper 1 starting work-order 2 for state #1 | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) | "east" #1 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | crypto helper 1 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 | peer's g: 18 1c 86 dc 75 25 e0 69 3b 21 99 4f b4 7e e7 cb | peer's g: 80 98 55 00 1f d7 28 21 3f e8 85 47 60 ee de 0b | stop processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | peer's g: 99 a4 41 9b 7d a4 c3 89 ac 42 b2 76 30 d9 22 c3 | #1 spent 0.155 milliseconds in ikev2_process_packet() | peer's g: b6 b3 75 af 99 f1 85 f8 8c e9 e4 f6 09 4e e5 e3 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | peer's g: 3a 85 f4 f7 c6 a0 d1 bd ac f7 5e e1 5d 89 87 73 | peer's g: c2 53 6f b3 92 51 5c 57 1e f2 b3 c1 a3 43 fe bb | peer's g: 5d 28 9e 19 7d 41 86 0a 89 ca bc 6c 36 c1 94 6e | peer's g: 88 62 d6 2d ea f8 cb 1a da 19 02 ba 62 f9 97 ea | peer's g: cf 89 50 4d 83 48 f3 4e 93 66 77 25 b1 17 29 8f | peer's g: fb d6 f5 cb fd 59 62 a1 c8 a4 8b 4a 15 96 a1 35 | peer's g: af 45 0e bc 81 53 26 f9 ce f6 77 28 57 a6 df 5e | peer's g: ae 69 4c d5 c7 18 48 79 d8 51 90 3c e7 fa 0d f2 | peer's g: cb 31 e8 6d b6 79 7c ba fe ea 99 3e 89 3e f7 46 | peer's g: 85 39 f2 29 fb 5f 4d e6 8a d1 58 48 de cc 11 02 | processing: STOP state #0 (in process_md() at demux.c:382) | peer's g: ed 8b b1 9d ab 3d aa d3 50 06 da cd 87 ef 4b 43 | peer's g: 06 ed a1 a4 d9 42 43 3c 71 e6 84 c9 ba d7 5c 83 | processing: STOP connection NULL (in process_md() at demux.c:383) | Started DH shared-secret computation in NSS: | spent 0.202 milliseconds in comm_handle_cb() reading and processing packet | new : g_ir-key@0x5641ad926530 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f49fc003a28: computed shared DH secret key@0x5641ad926530 | dh-shared : g^ir-key@0x5641ad926530 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f49f4001f18 (length 64) | 3a 07 3c c2 6a 9c d3 17 d9 c8 ba 09 34 16 3d a5 | c7 b7 80 9a 7d 44 84 29 28 03 47 a4 54 bd aa 69 | 04 5b 12 9b fc d7 31 c0 7b 49 97 4c 74 b8 c1 57 | 64 a0 d4 c0 72 78 5a 2e 50 43 d4 47 be bf 97 d1 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a056d06e0 | result: Ni | Nr-key@0x5641ad923020 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x5641ad923020 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a056d06c8 | result: Ni | Nr-key@0x5641ad924ad0 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x5641ad923020 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f49f4002fa0 from Ni | Nr-key@0x5641ad924ad0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f49f4002fa0 from Ni | Nr-key@0x5641ad924ad0 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x5641ad924ad0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f49f4003a78 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x5641ad926530 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x5641ad926530 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x5641ad926530 | nss hmac digest hack: symkey-key@0x5641ad926530 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)-1398808382: ec 9f e8 1e 87 fa cd 11 14 27 21 e2 49 cb 24 a1 0b a4 95 97 4f 65 4c aa 4c 4a 95 c0 c1 a6 5a fe 7a f3 82 42 71 a6 a0 8c 72 3d aa b8 d8 5d e5 4c 6c 11 5f 07 37 e1 ef a4 33 03 43 f5 bc 27 d5 ee 82 33 80 6c e1 6a 27 5a 1d e0 c6 8b 75 35 51 e3 86 89 06 fd f1 f3 db f3 c9 0d a0 70 c8 12 ed bd ce b4 cf 1d 83 df 51 9d ae f4 9c c4 ad f9 48 91 01 87 d6 d0 a1 c7 74 b3 2b 60 98 a0 d2 ed 80 47 05 78 3a ba de 76 19 05 2b cf 9c f7 46 cc 8a 91 da 72 e3 26 5b 4b 1f 73 ba e2 ed d3 76 5f c1 43 0e eb 9b 8c b7 67 91 83 6d 5d 7e 4f 34 6a c5 76 bd d4 1f 35 c9 49 fb 55 43 42 b1 3d 87 60 df aa ab 64 01 82 7f 55 5b bd c3 1f 6a 01 49 12 2d a9 fc 8e 2c 36 5f 38 15 85 a5 5e 59 d7 7f 01 d7 4a e6 9f 76 32 96 95 68 d3 33 98 01 5f e4 f8 13 3f 19 9b ed be 65 b8 15 40 07 87 70 08 40 13 0e 74 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 256 bytes at 0x7f49f4003fa8 | unwrapped: 44 c9 bc ef a7 f2 6c 15 7e e9 f6 4d 0b d4 db 62 | unwrapped: bc ba 97 56 db f0 b2 cc 6a 3e 2c 66 d4 cf 52 1a | unwrapped: e5 69 96 dd dc fa 3d ab d0 3d d0 04 d0 3c 6c 0a | unwrapped: 5a 82 e1 97 f2 0a b9 6c a9 66 67 4a 53 dc 3f d1 | unwrapped: d2 1e 62 5e 6c d0 64 20 05 ca 20 db 3b b3 14 68 | unwrapped: 58 b1 39 5d 47 d5 f2 32 41 08 96 20 00 4e df 16 | unwrapped: 60 cb d7 cf 9a 8c f2 d3 96 11 a5 f8 49 9a 96 68 | unwrapped: 0f c5 58 a3 40 eb 08 f1 aa 88 87 09 52 ae bf 26 | unwrapped: b9 bd 22 dc 6e ad bf 3c 18 93 12 a0 d9 97 1a 36 | unwrapped: 50 5c de fc 30 25 98 10 94 a7 64 e6 3f be 31 bd | unwrapped: 9a 40 6f 51 77 04 4e 6e 09 d9 c2 c4 50 f3 5d 9e | unwrapped: 2f 64 9b 65 eb 80 3f 7c 94 58 68 de 1b cb 1c 82 | unwrapped: 33 8d 3c c6 ae c0 d4 7d 34 0f 1a 8e a5 7d a4 18 | unwrapped: ed a2 fb d4 80 a5 80 f3 d0 d3 b3 e9 21 c1 4d 30 | unwrapped: c2 21 ff 9b 80 07 f6 47 ad b1 93 e8 e7 57 c5 17 | unwrapped: 34 b0 99 96 2b 39 43 b0 a3 d4 96 da 48 ce f4 29 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a056d0700 | result: final-key@0x5641ad923020 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad923020 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a056d06e8 | result: final-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad923020 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x5641ad924ad0 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a056d0670 | result: data=Ni-key@0x5641ad895ec0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x5641ad895ec0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a056d0658 | result: data=Ni-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x5641ad895ec0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad923020 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f4a056d0660 | result: data+=Nr-key@0x5641ad895ec0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5641ad923020 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad895ec0 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f4a056d0660 | result: data+=SPIi-key@0x5641ad923020 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5641ad895ec0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad923020 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f4a056d0660 | result: data+=SPIr-key@0x5641ad895ec0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5641ad923020 | prf+0 PRF sha init key-key@0x5641ad924ad0 (size 20) | prf+0: key-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a056d0588 | result: clone-key@0x5641ad923020 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f49f4002fa0 from key-key@0x5641ad923020 | prf+0 prf: begin sha with context 0x7f49f4002fa0 from key-key@0x5641ad923020 | prf+0: release clone-key@0x5641ad923020 | prf+0 PRF sha crypt-prf@0x7f49f4002f78 | prf+0 PRF sha update seed-key@0x5641ad895ec0 (size 80) | prf+0: seed-key@0x5641ad895ec0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad895ec0 | nss hmac digest hack: symkey-key@0x5641ad895ec0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: fc c6 07 2d 22 d6 75 32 e1 db a1 0c 04 e9 d7 5a b6 b7 85 b1 e7 33 48 10 2e cc 40 22 ad 3e f1 90 4f 9d ef 9e 84 ec 69 ea 34 4e f7 5c cf 63 14 12 ac da 01 23 7b 6b b9 21 bc 93 19 f8 a1 97 5c 55 33 f5 c5 c3 f5 3f cf e1 44 33 1c e3 7f b7 e3 b2 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49f40069d8 | unwrapped: 3a 07 3c c2 6a 9c d3 17 d9 c8 ba 09 34 16 3d a5 | unwrapped: c7 b7 80 9a 7d 44 84 29 28 03 47 a4 54 bd aa 69 | unwrapped: 04 5b 12 9b fc d7 31 c0 7b 49 97 4c 74 b8 c1 57 | unwrapped: 64 a0 d4 c0 72 78 5a 2e 50 43 d4 47 be bf 97 d1 | unwrapped: 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a056d0590 | result: final-key@0x5641ad926910 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad926910 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a056d0578 | result: final-key@0x5641ad923020 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad926910 | prf+0 PRF sha final-key@0x5641ad923020 (size 20) | prf+0: key-key@0x5641ad923020 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x5641ad923020 | prf+N PRF sha init key-key@0x5641ad924ad0 (size 20) | prf+N: key-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a056d0588 | result: clone-key@0x5641ad926910 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49f4002fa0 from key-key@0x5641ad926910 | prf+N prf: begin sha with context 0x7f49f4002fa0 from key-key@0x5641ad926910 | prf+N: release clone-key@0x5641ad926910 | prf+N PRF sha crypt-prf@0x7f49f40030d8 | prf+N PRF sha update old_t-key@0x5641ad923020 (size 20) | prf+N: old_t-key@0x5641ad923020 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad923020 | nss hmac digest hack: symkey-key@0x5641ad923020 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: fc ea b1 c3 f6 9d 3a 6a 49 42 90 b6 22 d8 03 8c f6 62 5c b0 aa 46 75 ee ca 0b 80 db 2f 25 ca a6 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49f4002f28 | unwrapped: 20 ca 9e 11 1a 1a c0 43 47 84 25 bd 78 11 2a f9 | unwrapped: c1 ed 28 ba 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad895ec0 (size 80) | prf+N: seed-key@0x5641ad895ec0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad895ec0 | nss hmac digest hack: symkey-key@0x5641ad895ec0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: fc c6 07 2d 22 d6 75 32 e1 db a1 0c 04 e9 d7 5a b6 b7 85 b1 e7 33 48 10 2e cc 40 22 ad 3e f1 90 4f 9d ef 9e 84 ec 69 ea 34 4e f7 5c cf 63 14 12 ac da 01 23 7b 6b b9 21 bc 93 19 f8 a1 97 5c 55 33 f5 c5 c3 f5 3f cf e1 44 33 1c e3 7f b7 e3 b2 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49f4006958 | unwrapped: 3a 07 3c c2 6a 9c d3 17 d9 c8 ba 09 34 16 3d a5 | unwrapped: c7 b7 80 9a 7d 44 84 29 28 03 47 a4 54 bd aa 69 | unwrapped: 04 5b 12 9b fc d7 31 c0 7b 49 97 4c 74 b8 c1 57 | unwrapped: 64 a0 d4 c0 72 78 5a 2e 50 43 d4 47 be bf 97 d1 | unwrapped: 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a056d0590 | result: final-key@0x5641ad89c080 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad89c080 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a056d0578 | result: final-key@0x5641ad926910 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad89c080 | prf+N PRF sha final-key@0x5641ad926910 (size 20) | prf+N: key-key@0x5641ad926910 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad923020 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a056d0608 | result: result-key@0x5641ad89c080 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5641ad923020 | prfplus: release old_t[N]-key@0x5641ad923020 | prf+N PRF sha init key-key@0x5641ad924ad0 (size 20) | prf+N: key-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a056d0588 | result: clone-key@0x5641ad923020 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49f4002fa0 from key-key@0x5641ad923020 | prf+N prf: begin sha with context 0x7f49f4002fa0 from key-key@0x5641ad923020 | prf+N: release clone-key@0x5641ad923020 | prf+N PRF sha crypt-prf@0x7f49f4002f78 | prf+N PRF sha update old_t-key@0x5641ad926910 (size 20) | prf+N: old_t-key@0x5641ad926910 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad926910 | nss hmac digest hack: symkey-key@0x5641ad926910 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 55 77 7e 14 95 87 07 18 d5 50 6f 19 1d 94 e4 e3 92 07 31 2a 69 fc e9 bf 03 51 3e 0e 84 b1 f5 c3 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49f4003a78 | unwrapped: 3f 57 4f b4 b2 31 d1 c0 a6 d5 ac b8 ab e2 c0 2a | unwrapped: a1 eb 05 4c 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad895ec0 (size 80) | prf+N: seed-key@0x5641ad895ec0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad895ec0 | nss hmac digest hack: symkey-key@0x5641ad895ec0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: fc c6 07 2d 22 d6 75 32 e1 db a1 0c 04 e9 d7 5a b6 b7 85 b1 e7 33 48 10 2e cc 40 22 ad 3e f1 90 4f 9d ef 9e 84 ec 69 ea 34 4e f7 5c cf 63 14 12 ac da 01 23 7b 6b b9 21 bc 93 19 f8 a1 97 5c 55 33 f5 c5 c3 f5 3f cf e1 44 33 1c e3 7f b7 e3 b2 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49f40069d8 | unwrapped: 3a 07 3c c2 6a 9c d3 17 d9 c8 ba 09 34 16 3d a5 | unwrapped: c7 b7 80 9a 7d 44 84 29 28 03 47 a4 54 bd aa 69 | unwrapped: 04 5b 12 9b fc d7 31 c0 7b 49 97 4c 74 b8 c1 57 | unwrapped: 64 a0 d4 c0 72 78 5a 2e 50 43 d4 47 be bf 97 d1 | unwrapped: 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a056d0590 | result: final-key@0x7f49f4006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49f4006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a056d0578 | result: final-key@0x5641ad923020 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f49f4006bb0 | prf+N PRF sha final-key@0x5641ad923020 (size 20) | prf+N: key-key@0x5641ad923020 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89c080 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a056d0608 | result: result-key@0x7f49f4006bb0 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5641ad89c080 | prfplus: release old_t[N]-key@0x5641ad926910 | prf+N PRF sha init key-key@0x5641ad924ad0 (size 20) | prf+N: key-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a056d0588 | result: clone-key@0x5641ad926910 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49f4002fa0 from key-key@0x5641ad926910 | prf+N prf: begin sha with context 0x7f49f4002fa0 from key-key@0x5641ad926910 | prf+N: release clone-key@0x5641ad926910 | prf+N PRF sha crypt-prf@0x7f49f4002f28 | prf+N PRF sha update old_t-key@0x5641ad923020 (size 20) | prf+N: old_t-key@0x5641ad923020 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad923020 | nss hmac digest hack: symkey-key@0x5641ad923020 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 0f e9 99 7f 07 e0 a0 fd 60 16 51 13 3c 5a 2c 4d 96 6f aa 20 72 8c af b5 0d 66 20 7c 7b 47 50 81 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49f400a408 | unwrapped: 95 87 45 1c 46 29 c3 82 9e b9 4d 29 84 f2 09 41 | unwrapped: 54 a5 06 ba 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad895ec0 (size 80) | prf+N: seed-key@0x5641ad895ec0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad895ec0 | nss hmac digest hack: symkey-key@0x5641ad895ec0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: fc c6 07 2d 22 d6 75 32 e1 db a1 0c 04 e9 d7 5a b6 b7 85 b1 e7 33 48 10 2e cc 40 22 ad 3e f1 90 4f 9d ef 9e 84 ec 69 ea 34 4e f7 5c cf 63 14 12 ac da 01 23 7b 6b b9 21 bc 93 19 f8 a1 97 5c 55 33 f5 c5 c3 f5 3f cf e1 44 33 1c e3 7f b7 e3 b2 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49f4006958 | unwrapped: 3a 07 3c c2 6a 9c d3 17 d9 c8 ba 09 34 16 3d a5 | unwrapped: c7 b7 80 9a 7d 44 84 29 28 03 47 a4 54 bd aa 69 | unwrapped: 04 5b 12 9b fc d7 31 c0 7b 49 97 4c 74 b8 c1 57 | unwrapped: 64 a0 d4 c0 72 78 5a 2e 50 43 d4 47 be bf 97 d1 | unwrapped: 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a056d0590 | result: final-key@0x5641ad89c080 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad89c080 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a056d0578 | result: final-key@0x5641ad926910 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad89c080 | prf+N PRF sha final-key@0x5641ad926910 (size 20) | prf+N: key-key@0x5641ad926910 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f49f4006bb0 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a056d0608 | result: result-key@0x5641ad89c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f49f4006bb0 | prfplus: release old_t[N]-key@0x5641ad923020 | prf+N PRF sha init key-key@0x5641ad924ad0 (size 20) | prf+N: key-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a056d0588 | result: clone-key@0x5641ad923020 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49f4002fa0 from key-key@0x5641ad923020 | prf+N prf: begin sha with context 0x7f49f4002fa0 from key-key@0x5641ad923020 | prf+N: release clone-key@0x5641ad923020 | prf+N PRF sha crypt-prf@0x7f49f40030d8 | prf+N PRF sha update old_t-key@0x5641ad926910 (size 20) | prf+N: old_t-key@0x5641ad926910 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad926910 | nss hmac digest hack: symkey-key@0x5641ad926910 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: e5 f0 a8 10 e1 16 5c 1a 25 6a 0d 9c 1c 66 2c 23 d9 3d f2 73 0b 59 3d 7b 15 53 ff 68 2e 53 8c aa | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49f4003a78 | unwrapped: 07 fb 22 75 8e 80 30 cf 25 bf ef 24 26 ee 87 77 | unwrapped: 68 d0 c6 d5 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad895ec0 (size 80) | prf+N: seed-key@0x5641ad895ec0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad895ec0 | nss hmac digest hack: symkey-key@0x5641ad895ec0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: fc c6 07 2d 22 d6 75 32 e1 db a1 0c 04 e9 d7 5a b6 b7 85 b1 e7 33 48 10 2e cc 40 22 ad 3e f1 90 4f 9d ef 9e 84 ec 69 ea 34 4e f7 5c cf 63 14 12 ac da 01 23 7b 6b b9 21 bc 93 19 f8 a1 97 5c 55 33 f5 c5 c3 f5 3f cf e1 44 33 1c e3 7f b7 e3 b2 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49f40069d8 | unwrapped: 3a 07 3c c2 6a 9c d3 17 d9 c8 ba 09 34 16 3d a5 | unwrapped: c7 b7 80 9a 7d 44 84 29 28 03 47 a4 54 bd aa 69 | unwrapped: 04 5b 12 9b fc d7 31 c0 7b 49 97 4c 74 b8 c1 57 | unwrapped: 64 a0 d4 c0 72 78 5a 2e 50 43 d4 47 be bf 97 d1 | unwrapped: 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a056d0590 | result: final-key@0x7f49f4006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49f4006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a056d0578 | result: final-key@0x5641ad923020 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f49f4006bb0 | prf+N PRF sha final-key@0x5641ad923020 (size 20) | prf+N: key-key@0x5641ad923020 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a056d0608 | result: result-key@0x7f49f4006bb0 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5641ad89c080 | prfplus: release old_t[N]-key@0x5641ad926910 | prf+N PRF sha init key-key@0x5641ad924ad0 (size 20) | prf+N: key-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a056d0588 | result: clone-key@0x5641ad926910 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49f400a070 from key-key@0x5641ad926910 | prf+N prf: begin sha with context 0x7f49f400a070 from key-key@0x5641ad926910 | prf+N: release clone-key@0x5641ad926910 | prf+N PRF sha crypt-prf@0x7f49f4002f78 | prf+N PRF sha update old_t-key@0x5641ad923020 (size 20) | prf+N: old_t-key@0x5641ad923020 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad923020 | nss hmac digest hack: symkey-key@0x5641ad923020 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 49 3b f5 ed f5 9d ee 47 03 0b 08 1e 3d 7c 99 c8 20 5e 56 7a 16 8f 98 60 6f dc 06 dc b6 e7 31 63 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49f4002f28 | unwrapped: 9d 98 c2 ef 12 16 cf fe 0f 03 55 df 1b 54 03 c2 | unwrapped: 0b c8 6b e3 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad895ec0 (size 80) | prf+N: seed-key@0x5641ad895ec0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad895ec0 | nss hmac digest hack: symkey-key@0x5641ad895ec0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: fc c6 07 2d 22 d6 75 32 e1 db a1 0c 04 e9 d7 5a b6 b7 85 b1 e7 33 48 10 2e cc 40 22 ad 3e f1 90 4f 9d ef 9e 84 ec 69 ea 34 4e f7 5c cf 63 14 12 ac da 01 23 7b 6b b9 21 bc 93 19 f8 a1 97 5c 55 33 f5 c5 c3 f5 3f cf e1 44 33 1c e3 7f b7 e3 b2 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49f4006958 | unwrapped: 3a 07 3c c2 6a 9c d3 17 d9 c8 ba 09 34 16 3d a5 | unwrapped: c7 b7 80 9a 7d 44 84 29 28 03 47 a4 54 bd aa 69 | unwrapped: 04 5b 12 9b fc d7 31 c0 7b 49 97 4c 74 b8 c1 57 | unwrapped: 64 a0 d4 c0 72 78 5a 2e 50 43 d4 47 be bf 97 d1 | unwrapped: 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a056d0590 | result: final-key@0x5641ad89c080 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad89c080 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a056d0578 | result: final-key@0x5641ad926910 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad89c080 | prf+N PRF sha final-key@0x5641ad926910 (size 20) | prf+N: key-key@0x5641ad926910 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f49f4006bb0 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a056d0608 | result: result-key@0x5641ad89c080 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f49f4006bb0 | prfplus: release old_t[N]-key@0x5641ad923020 | prf+N PRF sha init key-key@0x5641ad924ad0 (size 20) | prf+N: key-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a056d0588 | result: clone-key@0x5641ad923020 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49f4002fa0 from key-key@0x5641ad923020 | prf+N prf: begin sha with context 0x7f49f4002fa0 from key-key@0x5641ad923020 | prf+N: release clone-key@0x5641ad923020 | prf+N PRF sha crypt-prf@0x7f49f40030d8 | prf+N PRF sha update old_t-key@0x5641ad926910 (size 20) | prf+N: old_t-key@0x5641ad926910 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad926910 | nss hmac digest hack: symkey-key@0x5641ad926910 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 85 85 fe ea b6 ab bd 36 96 d8 fd c7 ee 72 46 83 7a 14 6a 75 60 f3 09 ec 77 bc 04 80 f9 a3 82 ae | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49f4003a78 | unwrapped: a0 63 35 5f 11 a9 0b c7 88 cc 51 46 63 07 3f 65 | unwrapped: b9 67 cb d5 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad895ec0 (size 80) | prf+N: seed-key@0x5641ad895ec0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad895ec0 | nss hmac digest hack: symkey-key@0x5641ad895ec0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: fc c6 07 2d 22 d6 75 32 e1 db a1 0c 04 e9 d7 5a b6 b7 85 b1 e7 33 48 10 2e cc 40 22 ad 3e f1 90 4f 9d ef 9e 84 ec 69 ea 34 4e f7 5c cf 63 14 12 ac da 01 23 7b 6b b9 21 bc 93 19 f8 a1 97 5c 55 33 f5 c5 c3 f5 3f cf e1 44 33 1c e3 7f b7 e3 b2 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49f400aa08 | unwrapped: 3a 07 3c c2 6a 9c d3 17 d9 c8 ba 09 34 16 3d a5 | unwrapped: c7 b7 80 9a 7d 44 84 29 28 03 47 a4 54 bd aa 69 | unwrapped: 04 5b 12 9b fc d7 31 c0 7b 49 97 4c 74 b8 c1 57 | unwrapped: 64 a0 d4 c0 72 78 5a 2e 50 43 d4 47 be bf 97 d1 | unwrapped: 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a056d0590 | result: final-key@0x7f49f4006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49f4006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a056d0578 | result: final-key@0x5641ad923020 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f49f4006bb0 | prf+N PRF sha final-key@0x5641ad923020 (size 20) | prf+N: key-key@0x5641ad923020 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89c080 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a056d0608 | result: result-key@0x7f49f4006bb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5641ad89c080 | prfplus: release old_t[N]-key@0x5641ad926910 | prfplus: release old_t[final]-key@0x5641ad923020 | ike_sa_keymat: release data-key@0x5641ad895ec0 | calc_skeyseed_v2: release skeyseed_k-key@0x5641ad924ad0 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49f4006bb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a056d07a8 | result: result-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49f4006bb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a056d07a8 | result: result-key@0x5641ad895ec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49f4006bb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a056d07a8 | result: result-key@0x5641ad923020 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f49f4006bb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a056d07b8 | result: SK_ei_k-key@0x5641ad926910 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f49f4006bb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a056d07b8 | result: SK_er_k-key@0x5641ad89c080 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49f4006bb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a056d07b8 | result: result-key@0x7f49f400a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x7f49f400a0e0 | chunk_SK_pi: symkey-key@0x7f49f400a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: b4 27 5d 9a b1 ae 38 f7 64 a8 e4 96 96 76 df 24 9b 42 49 cf ab 78 46 9e 2a d9 68 cb c6 16 0a 09 | chunk_SK_pi: release slot-key-key@0x5641ad91fd40 | chunk_SK_pi extracted len 32 bytes at 0x7f49f4002f78 | unwrapped: 1b 54 03 c2 0b c8 6b e3 a0 63 35 5f 11 a9 0b c7 | unwrapped: 88 cc 51 46 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49f4006bb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a056d07b8 | result: result-key@0x7f49f400d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x7f49f400d840 | chunk_SK_pr: symkey-key@0x7f49f400d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: 79 7a d9 af 02 3c fd 27 85 f9 2e 0d bd 50 a8 29 df 94 e8 a2 70 3e 8f 7b 58 cc e6 cc 91 24 04 56 | chunk_SK_pr: release slot-key-key@0x5641ad91fd40 | chunk_SK_pr extracted len 32 bytes at 0x7f49f4003a78 | unwrapped: 63 07 3f 65 b9 67 cb d5 7e 5d 19 2e 02 37 3e ee | unwrapped: 32 9b a8 d1 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x7f49f4006bb0 | calc_skeyseed_v2 pointers: shared-key@0x5641ad926530, SK_d-key@0x5641ad924ad0, SK_ai-key@0x5641ad895ec0, SK_ar-key@0x5641ad923020, SK_ei-key@0x5641ad926910, SK_er-key@0x5641ad89c080, SK_pi-key@0x7f49f400a0e0, SK_pr-key@0x7f49f400d840 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | 1b 54 03 c2 0b c8 6b e3 a0 63 35 5f 11 a9 0b c7 | 88 cc 51 46 | calc_skeyseed_v2 SK_pr | 63 07 3f 65 b9 67 cb d5 7e 5d 19 2e 02 37 3e ee | 32 9b a8 d1 | crypto helper 1 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 time elapsed 0.001965 seconds | (#1) spent 1.94 milliseconds in crypto helper computing work-order 2: ikev2_inI2outR2 KE (pcr) | crypto helper 1 sending results from work-order 2 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7f49f4005088 size 128 | crypto helper 1 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 2 | calling continuation function 0x5641ac982b50 | ikev2_parent_inI2outR2_continue for #1: calculating g^{xy}, sending R2 | DH secret MODP2048@0x7f49fc003a28: transferring ownership from helper IKEv2 DH to state #1 | finish_dh_v2: release st_shared_nss-key@NULL | #1 in state PARENT_R1: received v2I1, sent v2R1 | hmac PRF sha init symkey-key@0x5641ad895ec0 (size 20) | hmac: symkey-key@0x5641ad895ec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad895ec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b1ab8 | result: clone-key@0x7f49f4006bb0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49fc002b50 from symkey-key@0x7f49f4006bb0 | hmac prf: begin sha with context 0x7f49fc002b50 from symkey-key@0x7f49f4006bb0 | hmac: release clone-key@0x7f49f4006bb0 | hmac PRF sha crypt-prf@0x5641ad93d628 | hmac PRF sha update data-bytes@0x5641ad89a5d8 (length 208) | 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 70 ac f5 20 7c 57 94 c5 77 4b ce 33 42 5c fd 0d | 35 1b 0f f7 10 a5 89 0f 1f 2d e4 97 b1 ca a3 4f | 94 25 4b 85 8f ff 59 36 17 ad 82 ec 2e 55 a9 32 | b2 7b 2d ee 01 8e 11 52 31 86 ef f8 cf cb 6e b4 | 16 b3 cc 97 a7 ef bb d6 18 dc 4a 8b 8f b4 a8 96 | 85 ab aa 01 10 0a 78 74 ac 1d c3 24 c1 7b ba 1a | 18 a2 16 d7 a4 96 e4 a0 21 35 42 5d 04 7f 2e 95 | 36 49 e6 86 95 e2 4b 77 bb 8a 76 a4 98 e3 45 76 | 53 c4 29 07 40 1c 92 60 28 fe 9d 42 2a d4 9d e2 | ba 2c 54 64 ff 63 8e 22 5f 47 79 e4 19 a6 7d a9 | ab fb c6 e5 87 07 68 0c e4 02 24 73 e5 72 2c 08 | hmac PRF sha final-bytes@0x7fff837b1c80 (length 20) | 0f 44 e2 8e 3b 51 5e 15 44 97 b6 22 71 70 50 e3 | 7b cd 27 cf | data for hmac: 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | data for hmac: 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | data for hmac: 70 ac f5 20 7c 57 94 c5 77 4b ce 33 42 5c fd 0d | data for hmac: 35 1b 0f f7 10 a5 89 0f 1f 2d e4 97 b1 ca a3 4f | data for hmac: 94 25 4b 85 8f ff 59 36 17 ad 82 ec 2e 55 a9 32 | data for hmac: b2 7b 2d ee 01 8e 11 52 31 86 ef f8 cf cb 6e b4 | data for hmac: 16 b3 cc 97 a7 ef bb d6 18 dc 4a 8b 8f b4 a8 96 | data for hmac: 85 ab aa 01 10 0a 78 74 ac 1d c3 24 c1 7b ba 1a | data for hmac: 18 a2 16 d7 a4 96 e4 a0 21 35 42 5d 04 7f 2e 95 | data for hmac: 36 49 e6 86 95 e2 4b 77 bb 8a 76 a4 98 e3 45 76 | data for hmac: 53 c4 29 07 40 1c 92 60 28 fe 9d 42 2a d4 9d e2 | data for hmac: ba 2c 54 64 ff 63 8e 22 5f 47 79 e4 19 a6 7d a9 | data for hmac: ab fb c6 e5 87 07 68 0c e4 02 24 73 e5 72 2c 08 | calculated auth: 0f 44 e2 8e 3b 51 5e 15 44 97 b6 22 | provided auth: 0f 44 e2 8e 3b 51 5e 15 44 97 b6 22 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 70 ac f5 20 7c 57 94 c5 77 4b ce 33 42 5c fd 0d | payload before decryption: | 35 1b 0f f7 10 a5 89 0f 1f 2d e4 97 b1 ca a3 4f | 94 25 4b 85 8f ff 59 36 17 ad 82 ec 2e 55 a9 32 | b2 7b 2d ee 01 8e 11 52 31 86 ef f8 cf cb 6e b4 | 16 b3 cc 97 a7 ef bb d6 18 dc 4a 8b 8f b4 a8 96 | 85 ab aa 01 10 0a 78 74 ac 1d c3 24 c1 7b ba 1a | 18 a2 16 d7 a4 96 e4 a0 21 35 42 5d 04 7f 2e 95 | 36 49 e6 86 95 e2 4b 77 bb 8a 76 a4 98 e3 45 76 | 53 c4 29 07 40 1c 92 60 28 fe 9d 42 2a d4 9d e2 | ba 2c 54 64 ff 63 8e 22 5f 47 79 e4 19 a6 7d a9 | ab fb c6 e5 87 07 68 0c e4 02 24 73 e5 72 2c 08 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | 6f e0 77 8a c8 0f 6f 52 7f 7c 91 0d 65 68 9f 0a | ae 39 1e cf 2c 00 00 2c 00 00 00 28 01 03 04 03 | fc 43 8d 24 03 00 00 0c 01 00 00 0c 80 0e 00 80 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | stripping 16 octets as pad | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) | **parse IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDi (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Responder: process IKE_AUTH request | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request "east" #1: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | received IDr payload - extracting our alleged ID | refine_host_connection for IKEv2: starting with "east" | match_id a=@west | b=@west | results matched | refine_host_connection: checking "east" against "east", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) | Warning: not switching back to template of current instance | Peer expects us to be @east (ID_FQDN) according to its IDr payload | This connection's local id is @east (ID_FQDN) | refine_host_connection: checked east against east, now for see if best | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x5641ad891c48 (line=1) | concluding with best_match=014 best=0x5641ad891c48 (lineno=1) | returning because exact peer id match | offered CA: '%none' "east" #1: IKEv2 mode peer ID is ID_FQDN: '@west' | hmac PRF sha init symkey-key@0x7f49f400a0e0 (size 20) | hmac: symkey-key@0x7f49f400a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49f400a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b1538 | result: clone-key@0x7f49f4006bb0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49fc002b50 from symkey-key@0x7f49f4006bb0 | hmac prf: begin sha with context 0x7f49fc002b50 from symkey-key@0x7f49f4006bb0 | hmac: release clone-key@0x7f49f4006bb0 | hmac PRF sha crypt-prf@0x5641ad93c4a8 | idhash verify I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x5641ad89a60c (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7fff837b16e0 (length 20) | 58 57 f3 92 2f 57 f6 7f 6e 7a 94 63 b2 1b e1 4f | 3c e6 ee dc | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x5641ad891c48 (line=1) | concluding with best_match=014 best=0x5641ad891c48 (lineno=1) | inputs to hash1 (first packet) | 7a e4 6e e4 f2 25 1d 04 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 18 1c 86 dc 75 25 e0 69 3b 21 99 4f | b4 7e e7 cb 80 98 55 00 1f d7 28 21 3f e8 85 47 | 60 ee de 0b 99 a4 41 9b 7d a4 c3 89 ac 42 b2 76 | 30 d9 22 c3 b6 b3 75 af 99 f1 85 f8 8c e9 e4 f6 | 09 4e e5 e3 3a 85 f4 f7 c6 a0 d1 bd ac f7 5e e1 | 5d 89 87 73 c2 53 6f b3 92 51 5c 57 1e f2 b3 c1 | a3 43 fe bb 5d 28 9e 19 7d 41 86 0a 89 ca bc 6c | 36 c1 94 6e 88 62 d6 2d ea f8 cb 1a da 19 02 ba | 62 f9 97 ea cf 89 50 4d 83 48 f3 4e 93 66 77 25 | b1 17 29 8f fb d6 f5 cb fd 59 62 a1 c8 a4 8b 4a | 15 96 a1 35 af 45 0e bc 81 53 26 f9 ce f6 77 28 | 57 a6 df 5e ae 69 4c d5 c7 18 48 79 d8 51 90 3c | e7 fa 0d f2 cb 31 e8 6d b6 79 7c ba fe ea 99 3e | 89 3e f7 46 85 39 f2 29 fb 5f 4d e6 8a d1 58 48 | de cc 11 02 ed 8b b1 9d ab 3d aa d3 50 06 da cd | 87 ef 4b 43 06 ed a1 a4 d9 42 43 3c 71 e6 84 c9 | ba d7 5c 83 29 00 00 24 3a 07 3c c2 6a 9c d3 17 | d9 c8 ba 09 34 16 3d a5 c7 b7 80 9a 7d 44 84 29 | 28 03 47 a4 54 bd aa 69 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 a0 7e 6c d2 97 f4 e4 ea | a0 a0 91 8d 69 6a b0 2f 45 96 9e 0e 00 00 00 1c | 00 00 40 05 ca 66 fd 2d f0 2d 36 04 e9 a2 5c 99 | 4d 23 22 c8 e1 0a 18 d3 | verify: initiator inputs to hash2 (responder nonce) | 04 5b 12 9b fc d7 31 c0 7b 49 97 4c 74 b8 c1 57 | 64 a0 d4 c0 72 78 5a 2e 50 43 d4 47 be bf 97 d1 | idhash 58 57 f3 92 2f 57 f6 7f 6e 7a 94 63 b2 1b e1 4f | idhash 3c e6 ee dc | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x5641ad91fc98 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b1330 | result: shared secret-key@0x5641ad9373d0 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x5641ad9373d0 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b1318 | result: shared secret-key@0x7f49f4006bb0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x5641ad9373d0 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f49fc002b50 from shared secret-key@0x7f49f4006bb0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f49fc002b50 from shared secret-key@0x7f49f4006bb0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f49f4006bb0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x5641ad93d628 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x5641aca154d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b1350 | result: final-key@0x5641ad9373d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b1338 | result: final-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad9373d0 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f49f4006bb0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f49f4006bb0 (size 20) | = prf(, ): -key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b1348 | result: clone-key@0x5641ad9373d0 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f49fc002b50 from -key@0x5641ad9373d0 | = prf(, ) prf: begin sha with context 0x7f49fc002b50 from -key@0x5641ad9373d0 | = prf(, ): release clone-key@0x5641ad9373d0 | = prf(, ) PRF sha crypt-prf@0x5641ad93c4a8 | = prf(, ) PRF sha update first-packet-bytes@0x5641ad93d268 (length 440) | 7a e4 6e e4 f2 25 1d 04 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 18 1c 86 dc 75 25 e0 69 3b 21 99 4f | b4 7e e7 cb 80 98 55 00 1f d7 28 21 3f e8 85 47 | 60 ee de 0b 99 a4 41 9b 7d a4 c3 89 ac 42 b2 76 | 30 d9 22 c3 b6 b3 75 af 99 f1 85 f8 8c e9 e4 f6 | 09 4e e5 e3 3a 85 f4 f7 c6 a0 d1 bd ac f7 5e e1 | 5d 89 87 73 c2 53 6f b3 92 51 5c 57 1e f2 b3 c1 | a3 43 fe bb 5d 28 9e 19 7d 41 86 0a 89 ca bc 6c | 36 c1 94 6e 88 62 d6 2d ea f8 cb 1a da 19 02 ba | 62 f9 97 ea cf 89 50 4d 83 48 f3 4e 93 66 77 25 | b1 17 29 8f fb d6 f5 cb fd 59 62 a1 c8 a4 8b 4a | 15 96 a1 35 af 45 0e bc 81 53 26 f9 ce f6 77 28 | 57 a6 df 5e ae 69 4c d5 c7 18 48 79 d8 51 90 3c | e7 fa 0d f2 cb 31 e8 6d b6 79 7c ba fe ea 99 3e | 89 3e f7 46 85 39 f2 29 fb 5f 4d e6 8a d1 58 48 | de cc 11 02 ed 8b b1 9d ab 3d aa d3 50 06 da cd | 87 ef 4b 43 06 ed a1 a4 d9 42 43 3c 71 e6 84 c9 | ba d7 5c 83 29 00 00 24 3a 07 3c c2 6a 9c d3 17 | d9 c8 ba 09 34 16 3d a5 c7 b7 80 9a 7d 44 84 29 | 28 03 47 a4 54 bd aa 69 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 a0 7e 6c d2 97 f4 e4 ea | a0 a0 91 8d 69 6a b0 2f 45 96 9e 0e 00 00 00 1c | 00 00 40 05 ca 66 fd 2d f0 2d 36 04 e9 a2 5c 99 | 4d 23 22 c8 e1 0a 18 d3 | = prf(, ) PRF sha update nonce-bytes@0x7f49fc001278 (length 32) | 04 5b 12 9b fc d7 31 c0 7b 49 97 4c 74 b8 c1 57 | 64 a0 d4 c0 72 78 5a 2e 50 43 d4 47 be bf 97 d1 | = prf(, ) PRF sha update hash-bytes@0x7fff837b16e0 (length 20) | 58 57 f3 92 2f 57 f6 7f 6e 7a 94 63 b2 1b e1 4f | 3c e6 ee dc | = prf(, ) PRF sha final-chunk@0x5641ad93de88 (length 20) | 6f e0 77 8a c8 0f 6f 52 7f 7c 91 0d 65 68 9f 0a | ae 39 1e cf | psk_auth: release prf-psk-key@0x7f49f4006bb0 | Received PSK auth octets | 6f e0 77 8a c8 0f 6f 52 7f 7c 91 0d 65 68 9f 0a | ae 39 1e cf | Calculated PSK auth octets | 6f e0 77 8a c8 0f 6f 52 7f 7c 91 0d 65 68 9f 0a | ae 39 1e cf "east" #1: Authenticated using authby=secret | parent state #1: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) | #1 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f49fc002888 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5641ad93a768 | event_schedule: new EVENT_SA_REKEY-pe@0x5641ad93a768 | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #1 | libevent_malloc: new ptr-libevent@0x5641ad93d578 size 128 | pstats #1 ikev2.ike established | **emit ISAKMP Message: | initiator cookie: | 7a e4 6e e4 f2 25 1d 04 | responder cookie: | d9 00 2b 22 79 6a 05 0a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | hmac PRF sha init symkey-key@0x7f49f400d840 (size 20) | hmac: symkey-key@0x7f49f400d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49f400d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0eb8 | result: clone-key@0x7f49f4006bb0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49fc002b50 from symkey-key@0x7f49f4006bb0 | hmac prf: begin sha with context 0x7f49fc002b50 from symkey-key@0x7f49f4006bb0 | hmac: release clone-key@0x7f49f4006bb0 | hmac PRF sha crypt-prf@0x5641ad93c4a8 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload | my identity 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | idhash calc R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x5641aca808f4 (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7fff837b11b0 (length 20) | fb 86 ef 59 65 61 f6 b5 ad a7 2a d0 e5 49 1a 22 | d4 07 0a bc | assembled IDr payload | CHILD SA proposals received | going to assemble AUTH payload | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x5641ad891c48 (line=1) | concluding with best_match=014 best=0x5641ad891c48 (lineno=1) | inputs to hash1 (first packet) | 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 b9 3b 0d 6f 2c 02 5c e2 2e 62 89 76 | 9b 10 d3 b9 5d 95 29 7b b4 3d 98 d4 e1 68 36 57 | f1 3a 39 b8 f2 f3 29 ec 08 36 79 28 62 56 c6 fd | 76 14 9b 52 84 73 03 c1 bf 47 b9 49 78 32 1e 3e | 4f aa 16 9c dd c8 d5 70 55 ec 83 91 2c 7e 8f 3f | 5f 15 f7 94 3d 12 86 78 b2 00 f5 bb 87 96 9d 4e | 40 ef aa e6 31 1e e2 ea 6e 16 0b c1 75 ea 26 fd | 59 3c 0e c1 89 9f 34 8d c8 c7 6c 32 43 77 01 07 | f0 8f 27 cd 7b bc 4c 06 46 09 49 12 cb f9 71 f1 | 89 2c 2b 60 9e 95 ff 83 3e 2c c0 0f 18 51 1a 6d | 51 29 dc f1 7e 87 61 ba 52 ed 72 94 21 9b c9 5d | 66 99 c8 b5 43 73 02 e5 c1 18 20 b4 b0 b8 b7 56 | 80 07 78 0d ac 19 dd 7c b5 d3 9a 4e f6 61 27 ab | c4 aa ea ec 5d 94 31 8e c3 33 16 09 2f 64 25 3e | a6 c6 20 61 98 58 6e 84 71 eb 8d 13 fb 3b 98 77 | 09 7d 15 43 68 3c f7 07 2a 98 2c 95 97 78 0a 34 | b9 6a b6 08 29 00 00 24 04 5b 12 9b fc d7 31 c0 | 7b 49 97 4c 74 b8 c1 57 64 a0 d4 c0 72 78 5a 2e | 50 43 d4 47 be bf 97 d1 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 18 4f 9d c4 c9 64 02 fa | 0b fc 56 ca 01 0d e6 34 98 48 56 47 00 00 00 1c | 00 00 40 05 18 40 c9 a4 29 af af b9 2f 4d 1f 6e | b6 d6 a1 d8 b3 b6 05 07 | create: responder inputs to hash2 (initiator nonce) | 3a 07 3c c2 6a 9c d3 17 d9 c8 ba 09 34 16 3d a5 | c7 b7 80 9a 7d 44 84 29 28 03 47 a4 54 bd aa 69 | idhash fb 86 ef 59 65 61 f6 b5 ad a7 2a d0 e5 49 1a 22 | idhash d4 07 0a bc | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x5641ad91fc98 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0ca0 | result: shared secret-key@0x5641ad9373d0 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x5641ad9373d0 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c88 | result: shared secret-key@0x7f49f4006bb0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x5641ad9373d0 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f49fc002b50 from shared secret-key@0x7f49f4006bb0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f49fc002b50 from shared secret-key@0x7f49f4006bb0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f49f4006bb0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x5641ad93de88 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x5641aca154d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0cc0 | result: final-key@0x5641ad9373d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0ca8 | result: final-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad9373d0 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f49f4006bb0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f49f4006bb0 (size 20) | = prf(, ): -key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0cb8 | result: clone-key@0x5641ad9373d0 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f49fc002b50 from -key@0x5641ad9373d0 | = prf(, ) prf: begin sha with context 0x7f49fc002b50 from -key@0x5641ad9373d0 | = prf(, ): release clone-key@0x5641ad9373d0 | = prf(, ) PRF sha crypt-prf@0x5641ad93c4a8 | = prf(, ) PRF sha update first-packet-bytes@0x5641ad93d868 (length 440) | 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 b9 3b 0d 6f 2c 02 5c e2 2e 62 89 76 | 9b 10 d3 b9 5d 95 29 7b b4 3d 98 d4 e1 68 36 57 | f1 3a 39 b8 f2 f3 29 ec 08 36 79 28 62 56 c6 fd | 76 14 9b 52 84 73 03 c1 bf 47 b9 49 78 32 1e 3e | 4f aa 16 9c dd c8 d5 70 55 ec 83 91 2c 7e 8f 3f | 5f 15 f7 94 3d 12 86 78 b2 00 f5 bb 87 96 9d 4e | 40 ef aa e6 31 1e e2 ea 6e 16 0b c1 75 ea 26 fd | 59 3c 0e c1 89 9f 34 8d c8 c7 6c 32 43 77 01 07 | f0 8f 27 cd 7b bc 4c 06 46 09 49 12 cb f9 71 f1 | 89 2c 2b 60 9e 95 ff 83 3e 2c c0 0f 18 51 1a 6d | 51 29 dc f1 7e 87 61 ba 52 ed 72 94 21 9b c9 5d | 66 99 c8 b5 43 73 02 e5 c1 18 20 b4 b0 b8 b7 56 | 80 07 78 0d ac 19 dd 7c b5 d3 9a 4e f6 61 27 ab | c4 aa ea ec 5d 94 31 8e c3 33 16 09 2f 64 25 3e | a6 c6 20 61 98 58 6e 84 71 eb 8d 13 fb 3b 98 77 | 09 7d 15 43 68 3c f7 07 2a 98 2c 95 97 78 0a 34 | b9 6a b6 08 29 00 00 24 04 5b 12 9b fc d7 31 c0 | 7b 49 97 4c 74 b8 c1 57 64 a0 d4 c0 72 78 5a 2e | 50 43 d4 47 be bf 97 d1 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 18 4f 9d c4 c9 64 02 fa | 0b fc 56 ca 01 0d e6 34 98 48 56 47 00 00 00 1c | 00 00 40 05 18 40 c9 a4 29 af af b9 2f 4d 1f 6e | b6 d6 a1 d8 b3 b6 05 07 | = prf(, ) PRF sha update nonce-bytes@0x5641ad939208 (length 32) | 3a 07 3c c2 6a 9c d3 17 d9 c8 ba 09 34 16 3d a5 | c7 b7 80 9a 7d 44 84 29 28 03 47 a4 54 bd aa 69 | = prf(, ) PRF sha update hash-bytes@0x7fff837b11b0 (length 20) | fb 86 ef 59 65 61 f6 b5 ad a7 2a d0 e5 49 1a 22 | d4 07 0a bc | = prf(, ) PRF sha final-chunk@0x5641ad93d628 (length 20) | a0 a4 28 74 c9 3c ff 47 8e be 5a e9 e5 7a c2 9b | d3 f0 05 76 | psk_auth: release prf-psk-key@0x7f49f4006bb0 | PSK auth octets a0 a4 28 74 c9 3c ff 47 8e be 5a e9 e5 7a c2 9b | PSK auth octets d3 f0 05 76 | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth a0 a4 28 74 c9 3c ff 47 8e be 5a e9 e5 7a c2 9b | PSK auth d3 f0 05 76 | emitting length of IKEv2 Authentication Payload: 28 | creating state object #2 at 0x5641ad93ded8 | State DB: adding IKEv2 state #2 in UNDEFINED | pstats #2 ikev2.child started | duplicating state object #1 "east" as #2 for IPSEC SA | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x5641ad924ad0 | duplicate_state: reference st_skey_ai_nss-key@0x5641ad895ec0 | duplicate_state: reference st_skey_ar_nss-key@0x5641ad923020 | duplicate_state: reference st_skey_ei_nss-key@0x5641ad926910 | duplicate_state: reference st_skey_er_nss-key@0x5641ad89c080 | duplicate_state: reference st_skey_pi_nss-key@0x7f49f400a0e0 | duplicate_state: reference st_skey_pr_nss-key@0x7f49f400d840 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #1.#2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 | Message ID: switch-to #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 | Child SA TS Request has ike->sa == md->st; so using parent connection | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | looking for best SPD in current connection | evaluating our conn="east" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found better spd route for TSi[0],TSr[0] | looking for better host pair | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | checking hostpair 192.0.2.0/24 -> 192.0.1.0/24 is found | investigating connection "east" as a better match | match_id a=@west | b=@west | results matched | evaluating our conn="east" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | did not find a better connection using host pair | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | constructing ESP/AH proposals with all DH removed for east (IKE_AUTH responder matching remote ESP/AH proposals) | converting proposal AES_CBC_128-HMAC_SHA1_96-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | converting proposal 3DES_CBC-HMAC_SHA1_96-MODP2048 to ikev2 ... | omitting IKEv2 PROTO_v2_ESP 3des_cbc ENCRYPT transform key-length | ... ikev2_proposal: 2:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED "east": constructed local ESP/AH proposals for east (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED 2:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 0 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 1 transforms | local proposal 2 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI fc 43 8d 24 | Comparing remote proposal 1 containing 3 transforms against local proposal [1..2] of 2 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | *****parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 1 "east" #1: proposal 1:ESP:SPI=fc438d24;ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=fc438d24;ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | netlink_get_spi: allocated 0x1e6aea36 for esp.0@192.1.2.23 | Emitting ikev2_proposal ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 1e 6a ea 36 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 01 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 02 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | integ=sha: .key_size=20 encrypt=aes: .key_size=16 .salt_size=0 keymat_len=36 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0d30 | result: data=Ni-key@0x5641ad9373d0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x5641ad9373d0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0d18 | result: data=Ni-key@0x7f49f4006bb0 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x5641ad9373d0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f49f4006bb0 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff837b0d20 | result: data+=Nr-key@0x5641ad9373d0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f49f4006bb0 | prf+0 PRF sha init key-key@0x5641ad924ad0 (size 20) | prf+0: key-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c48 | result: clone-key@0x7f49f4006bb0 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f49fc002b50 from key-key@0x7f49f4006bb0 | prf+0 prf: begin sha with context 0x7f49fc002b50 from key-key@0x7f49f4006bb0 | prf+0: release clone-key@0x7f49f4006bb0 | prf+0 PRF sha crypt-prf@0x5641ad93f8b8 | prf+0 PRF sha update seed-key@0x5641ad9373d0 (size 64) | prf+0: seed-key@0x5641ad9373d0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5641ad9373d0 | nss hmac digest hack: symkey-key@0x5641ad9373d0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1398713859: fc c6 07 2d 22 d6 75 32 e1 db a1 0c 04 e9 d7 5a b6 b7 85 b1 e7 33 48 10 2e cc 40 22 ad 3e f1 90 4f 9d ef 9e 84 ec 69 ea 34 4e f7 5c cf 63 14 12 ac da 01 23 7b 6b b9 21 bc 93 19 f8 a1 97 5c 55 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 64 bytes at 0x5641ad9410e8 | unwrapped: 3a 07 3c c2 6a 9c d3 17 d9 c8 ba 09 34 16 3d a5 | unwrapped: c7 b7 80 9a 7d 44 84 29 28 03 47 a4 54 bd aa 69 | unwrapped: 04 5b 12 9b fc d7 31 c0 7b 49 97 4c 74 b8 c1 57 | unwrapped: 64 a0 d4 c0 72 78 5a 2e 50 43 d4 47 be bf 97 d1 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0c50 | result: final-key@0x5641ad93dd30 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad93dd30 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c38 | result: final-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad93dd30 | prf+0 PRF sha final-key@0x7f49f4006bb0 (size 20) | prf+0: key-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x7f49f4006bb0 | prf+N PRF sha init key-key@0x5641ad924ad0 (size 20) | prf+N: key-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c48 | result: clone-key@0x5641ad93dd30 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49fc002b50 from key-key@0x5641ad93dd30 | prf+N prf: begin sha with context 0x7f49fc002b50 from key-key@0x5641ad93dd30 | prf+N: release clone-key@0x5641ad93dd30 | prf+N PRF sha crypt-prf@0x5641ad93de08 | prf+N PRF sha update old_t-key@0x7f49f4006bb0 (size 20) | prf+N: old_t-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f49f4006bb0 | nss hmac digest hack: symkey-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: a5 d0 5d fb ff c9 9e c9 c4 3e 20 82 ed 58 e9 98 cd df 59 24 e5 cf 23 00 74 e3 f1 1d 1e f7 3f b6 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x5641ad940ff8 | unwrapped: 4f 63 16 3d 05 d6 65 35 1b 61 6f 13 5d 3b dc 2f | unwrapped: 40 c7 ee 02 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad9373d0 (size 64) | prf+N: seed-key@0x5641ad9373d0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5641ad9373d0 | nss hmac digest hack: symkey-key@0x5641ad9373d0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1398713859: fc c6 07 2d 22 d6 75 32 e1 db a1 0c 04 e9 d7 5a b6 b7 85 b1 e7 33 48 10 2e cc 40 22 ad 3e f1 90 4f 9d ef 9e 84 ec 69 ea 34 4e f7 5c cf 63 14 12 ac da 01 23 7b 6b b9 21 bc 93 19 f8 a1 97 5c 55 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 64 bytes at 0x5641ad93d458 | unwrapped: 3a 07 3c c2 6a 9c d3 17 d9 c8 ba 09 34 16 3d a5 | unwrapped: c7 b7 80 9a 7d 44 84 29 28 03 47 a4 54 bd aa 69 | unwrapped: 04 5b 12 9b fc d7 31 c0 7b 49 97 4c 74 b8 c1 57 | unwrapped: 64 a0 d4 c0 72 78 5a 2e 50 43 d4 47 be bf 97 d1 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0c50 | result: final-key@0x5641ad93f770 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad93f770 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c38 | result: final-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad93f770 | prf+N PRF sha final-key@0x5641ad93dd30 (size 20) | prf+N: key-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff837b0cc8 | result: result-key@0x5641ad93f770 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f49f4006bb0 | prfplus: release old_t[N]-key@0x7f49f4006bb0 | prf+N PRF sha init key-key@0x5641ad924ad0 (size 20) | prf+N: key-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c48 | result: clone-key@0x7f49f4006bb0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49fc002b50 from key-key@0x7f49f4006bb0 | prf+N prf: begin sha with context 0x7f49fc002b50 from key-key@0x7f49f4006bb0 | prf+N: release clone-key@0x7f49f4006bb0 | prf+N PRF sha crypt-prf@0x5641ad93f8b8 | prf+N PRF sha update old_t-key@0x5641ad93dd30 (size 20) | prf+N: old_t-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad93dd30 | nss hmac digest hack: symkey-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 75 9c 3c 53 f9 cf 34 29 d5 61 4c 90 ba 21 ab fd ef 1b 67 f3 0c b3 7f bb 4a 5b 8e e5 3e 2f 04 a5 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x5641ad93f908 | unwrapped: b7 23 16 1b c7 0e fc 59 da 86 e4 4f 8e f7 f5 68 | unwrapped: 7e 7b 60 99 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad9373d0 (size 64) | prf+N: seed-key@0x5641ad9373d0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5641ad9373d0 | nss hmac digest hack: symkey-key@0x5641ad9373d0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1398713859: fc c6 07 2d 22 d6 75 32 e1 db a1 0c 04 e9 d7 5a b6 b7 85 b1 e7 33 48 10 2e cc 40 22 ad 3e f1 90 4f 9d ef 9e 84 ec 69 ea 34 4e f7 5c cf 63 14 12 ac da 01 23 7b 6b b9 21 bc 93 19 f8 a1 97 5c 55 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 64 bytes at 0x5641ad9410e8 | unwrapped: 3a 07 3c c2 6a 9c d3 17 d9 c8 ba 09 34 16 3d a5 | unwrapped: c7 b7 80 9a 7d 44 84 29 28 03 47 a4 54 bd aa 69 | unwrapped: 04 5b 12 9b fc d7 31 c0 7b 49 97 4c 74 b8 c1 57 | unwrapped: 64 a0 d4 c0 72 78 5a 2e 50 43 d4 47 be bf 97 d1 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0c50 | result: final-key@0x5641ad93f800 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad93f800 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c38 | result: final-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad93f800 | prf+N PRF sha final-key@0x7f49f4006bb0 (size 20) | prf+N: key-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad93f770 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff837b0cc8 | result: result-key@0x5641ad93f800 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5641ad93f770 | prfplus: release old_t[N]-key@0x5641ad93dd30 | prf+N PRF sha init key-key@0x5641ad924ad0 (size 20) | prf+N: key-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c48 | result: clone-key@0x5641ad93dd30 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49fc002b50 from key-key@0x5641ad93dd30 | prf+N prf: begin sha with context 0x7f49fc002b50 from key-key@0x5641ad93dd30 | prf+N: release clone-key@0x5641ad93dd30 | prf+N PRF sha crypt-prf@0x5641ad940ff8 | prf+N PRF sha update old_t-key@0x7f49f4006bb0 (size 20) | prf+N: old_t-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f49f4006bb0 | nss hmac digest hack: symkey-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 8a aa 4e 74 d5 d4 73 62 57 af 81 28 14 01 31 19 08 20 6a 80 5d fb 12 2f d9 a9 d3 46 de 85 72 86 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x5641ad942cd8 | unwrapped: dd af de 86 ae 3c a6 d5 05 50 01 17 70 44 ed 14 | unwrapped: cd 15 15 a1 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad9373d0 (size 64) | prf+N: seed-key@0x5641ad9373d0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5641ad9373d0 | nss hmac digest hack: symkey-key@0x5641ad9373d0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1398713859: fc c6 07 2d 22 d6 75 32 e1 db a1 0c 04 e9 d7 5a b6 b7 85 b1 e7 33 48 10 2e cc 40 22 ad 3e f1 90 4f 9d ef 9e 84 ec 69 ea 34 4e f7 5c cf 63 14 12 ac da 01 23 7b 6b b9 21 bc 93 19 f8 a1 97 5c 55 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 64 bytes at 0x5641ad93d458 | unwrapped: 3a 07 3c c2 6a 9c d3 17 d9 c8 ba 09 34 16 3d a5 | unwrapped: c7 b7 80 9a 7d 44 84 29 28 03 47 a4 54 bd aa 69 | unwrapped: 04 5b 12 9b fc d7 31 c0 7b 49 97 4c 74 b8 c1 57 | unwrapped: 64 a0 d4 c0 72 78 5a 2e 50 43 d4 47 be bf 97 d1 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0c50 | result: final-key@0x5641ad93f770 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad93f770 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c38 | result: final-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad93f770 | prf+N PRF sha final-key@0x5641ad93dd30 (size 20) | prf+N: key-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad93f800 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff837b0cc8 | result: result-key@0x5641ad93f770 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5641ad93f800 | prfplus: release old_t[N]-key@0x7f49f4006bb0 | prfplus: release old_t[final]-key@0x5641ad93dd30 | child_sa_keymat: release data-key@0x5641ad9373d0 | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x5641ad93f770 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0da8 | result: result-key@0x5641ad9373d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 36 bytes of key@0x5641ad9373d0 | initiator to responder keys: symkey-key@0x5641ad9373d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x5641ad91fd40 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)543307296: a5 d0 5d fb ff c9 9e c9 c4 3e 20 82 ed 58 e9 98 e3 2a 22 c4 78 d5 a7 61 cd e6 d4 72 16 09 61 dd d4 f3 33 fd 95 47 63 9d 22 f4 02 d5 ec 92 7c 54 | initiator to responder keys: release slot-key-key@0x5641ad91fd40 | initiator to responder keys extracted len 48 bytes at 0x5641ad942c68 | unwrapped: 4f 63 16 3d 05 d6 65 35 1b 61 6f 13 5d 3b dc 2f | unwrapped: 40 c7 ee 02 b7 23 16 1b c7 0e fc 59 da 86 e4 4f | unwrapped: 8e f7 f5 68 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x5641ad9373d0 | key-offset: 36, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x5641ad93f770 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0da8 | result: result-key@0x5641ad9373d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 36 bytes of key@0x5641ad9373d0 | responder to initiator keys:: symkey-key@0x5641ad9373d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x5641ad91fd40 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)543307296: 69 84 dc ec 26 c2 c6 1a c0 d6 73 bc 44 30 22 7f 8b b5 20 6e 62 f0 5f 92 4b 9c 49 3b 45 ed a1 b8 70 97 fd 3e d7 72 ca 64 32 7d 1a 91 b5 01 9b 32 | responder to initiator keys:: release slot-key-key@0x5641ad91fd40 | responder to initiator keys: extracted len 48 bytes at 0x5641ad942b78 | unwrapped: 7e 7b 60 99 dd af de 86 ae 3c a6 d5 05 50 01 17 | unwrapped: 70 44 ed 14 cd 15 15 a1 d5 16 da c6 4a 09 c9 ed | unwrapped: a9 e7 2e 47 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x5641ad9373d0 | ikev2_derive_child_keys: release keymat-key@0x5641ad93f770 | FOR_EACH_CONNECTION_... in ISAKMP_SA_established | #1 spent 1.98 milliseconds | install_ipsec_sa() for #2: inbound and outbound | could_route called for east (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" unrouted: NULL; eroute owner: NULL | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.fc438d24@192.1.2.45 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.1e6aea36@192.1.2.23 included non-error error | priority calculation of connection "east" is 0xfe7e7 | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #2: unrouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" unrouted: NULL; eroute owner: NULL | route_and_eroute with c: east (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 | priority calculation of connection "east" is 0xfe7e7 | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xfc438d24 SPI_OUT=0x1e6 | popen cmd is 1020 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFA: | cmd( 80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' : | cmd( 160):PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_M: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1638: | cmd( 320):8' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_: | cmd( 400):CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK=': | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKE: | cmd( 640):V2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO: | cmd( 720):_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_IN: | cmd( 800):FO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_: | cmd( 880):CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=: | cmd( 960):'no' SPI_IN=0xfc438d24 SPI_OUT=0x1e6aea36 ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | running updown command "ipsec _updown" for verb prepare | command executing prepare-client | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xfc438d24 SPI | popen cmd is 1025 chars long | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_IN: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@e: | cmd( 160):ast' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLI: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: | cmd( 320):'16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_: | cmd( 400):PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_M: | cmd( 480):ASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='': | cmd( 560): PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PF: | cmd( 640):S+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' : | cmd( 720):PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_D: | cmd( 800):NS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' P: | cmd( 880):LUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SH: | cmd( 960):ARED='no' SPI_IN=0xfc438d24 SPI_OUT=0x1e6aea36 ipsec _updown 2>&1: | running updown command "ipsec _updown" for verb route | command executing route-client | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xfc438d24 SPI_OUT | popen cmd is 1023 chars long | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTE: | cmd( 80):RFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@eas: | cmd( 160):t' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIEN: | cmd( 240):T_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1: | cmd( 320):6388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PE: | cmd( 400):ER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MAS: | cmd( 480):K='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' P: | cmd( 560):LUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+: | cmd( 640):IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PL: | cmd( 720):UTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS: | cmd( 800):_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLU: | cmd( 880):TO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR: | cmd( 960):ED='no' SPI_IN=0xfc438d24 SPI_OUT=0x1e6aea36 ipsec _updown 2>&1: | route_and_eroute: instance "east", setting eroute_owner {spd=0x5641ad9383e8,sr=0x5641ad9383e8} to #2 (was #0) (newest_ipsec_sa=#0) | #1 spent 1.67 milliseconds in install_ipsec_sa() | ISAKMP_v2_IKE_AUTH: instance east[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 | adding 12 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 176 | emitting length of ISAKMP Message: 204 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 61 bb d1 4e 3a 5e 32 f3 1c a0 85 8a d5 94 fd 3c | data before encryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 a0 a4 28 74 c9 3c ff 47 8e be 5a e9 | e5 7a c2 9b d3 f0 05 76 2c 00 00 2c 00 00 00 28 | 01 03 04 03 1e 6a ea 36 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 03 00 00 02 00 00 00 08 | 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 01 00 c0 00 01 ff 00 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 | c0 00 02 ff 00 01 02 03 04 05 06 07 08 09 0a 0b | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 42 8b 7e e8 2d b3 1e e7 3f f4 a2 41 2e 00 25 1f | 48 da 8e f8 f8 fc 16 58 db 1b e2 c5 e9 ea 4f 31 | d8 50 de dc 4e b4 d5 36 a9 0b 4b 3f 14 cf 00 8b | 87 ef 97 ee bf cc cf a0 d0 fa fe ac 11 a1 aa cd | ce 50 d4 2a de b6 24 41 7b 57 6d 3c 96 77 ba 27 | 1e 5b d5 6a 48 b1 db 78 62 8e 24 50 9d 91 2a 6c | e3 7e 2d fb 60 f0 d4 30 1e bc 2b 8c 58 60 af 95 | b3 4c ce c0 2c cd aa 1f 13 b8 19 32 da dc 08 94 | 2e 8d 28 d7 14 f7 0b 43 e3 2e 40 a7 62 2f cf ea | hmac PRF sha init symkey-key@0x5641ad923020 (size 20) | hmac: symkey-key@0x5641ad923020 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad923020 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0dc8 | result: clone-key@0x5641ad93f770 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49fc002b50 from symkey-key@0x5641ad93f770 | hmac prf: begin sha with context 0x7f49fc002b50 from symkey-key@0x5641ad93f770 | hmac: release clone-key@0x5641ad93f770 | hmac PRF sha crypt-prf@0x5641ad93f8b8 | hmac PRF sha update data-bytes@0x5641aca808c0 (length 192) | 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | 61 bb d1 4e 3a 5e 32 f3 1c a0 85 8a d5 94 fd 3c | 42 8b 7e e8 2d b3 1e e7 3f f4 a2 41 2e 00 25 1f | 48 da 8e f8 f8 fc 16 58 db 1b e2 c5 e9 ea 4f 31 | d8 50 de dc 4e b4 d5 36 a9 0b 4b 3f 14 cf 00 8b | 87 ef 97 ee bf cc cf a0 d0 fa fe ac 11 a1 aa cd | ce 50 d4 2a de b6 24 41 7b 57 6d 3c 96 77 ba 27 | 1e 5b d5 6a 48 b1 db 78 62 8e 24 50 9d 91 2a 6c | e3 7e 2d fb 60 f0 d4 30 1e bc 2b 8c 58 60 af 95 | b3 4c ce c0 2c cd aa 1f 13 b8 19 32 da dc 08 94 | 2e 8d 28 d7 14 f7 0b 43 e3 2e 40 a7 62 2f cf ea | hmac PRF sha final-bytes@0x5641aca80980 (length 20) | 7c 40 18 03 5f 64 94 39 6e c2 de d3 d6 c5 12 af | 30 04 78 fa | data being hmac: 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | data being hmac: 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | data being hmac: 61 bb d1 4e 3a 5e 32 f3 1c a0 85 8a d5 94 fd 3c | data being hmac: 42 8b 7e e8 2d b3 1e e7 3f f4 a2 41 2e 00 25 1f | data being hmac: 48 da 8e f8 f8 fc 16 58 db 1b e2 c5 e9 ea 4f 31 | data being hmac: d8 50 de dc 4e b4 d5 36 a9 0b 4b 3f 14 cf 00 8b | data being hmac: 87 ef 97 ee bf cc cf a0 d0 fa fe ac 11 a1 aa cd | data being hmac: ce 50 d4 2a de b6 24 41 7b 57 6d 3c 96 77 ba 27 | data being hmac: 1e 5b d5 6a 48 b1 db 78 62 8e 24 50 9d 91 2a 6c | data being hmac: e3 7e 2d fb 60 f0 d4 30 1e bc 2b 8c 58 60 af 95 | data being hmac: b3 4c ce c0 2c cd aa 1f 13 b8 19 32 da dc 08 94 | data being hmac: 2e 8d 28 d7 14 f7 0b 43 e3 2e 40 a7 62 2f cf ea | out calculated auth: | 7c 40 18 03 5f 64 94 39 6e c2 de d3 | ikev2_parent_inI2outR2_continue_tail returned STF_OK | #1 spent 3.86 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() | suspend processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | start processing: state #2 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #2 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R | child state #2: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) | Message ID: updating counters for #2 to 1 after switching state | Message ID: recv #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 | Message ID: sent #1.#2 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 | pstats #2 ikev2.child established "east" #2: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0] | NAT-T: encaps is 'auto' "east" #2: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0xfc438d24 <0x1e6aea36 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 204 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | 61 bb d1 4e 3a 5e 32 f3 1c a0 85 8a d5 94 fd 3c | 42 8b 7e e8 2d b3 1e e7 3f f4 a2 41 2e 00 25 1f | 48 da 8e f8 f8 fc 16 58 db 1b e2 c5 e9 ea 4f 31 | d8 50 de dc 4e b4 d5 36 a9 0b 4b 3f 14 cf 00 8b | 87 ef 97 ee bf cc cf a0 d0 fa fe ac 11 a1 aa cd | ce 50 d4 2a de b6 24 41 7b 57 6d 3c 96 77 ba 27 | 1e 5b d5 6a 48 b1 db 78 62 8e 24 50 9d 91 2a 6c | e3 7e 2d fb 60 f0 d4 30 1e bc 2b 8c 58 60 af 95 | b3 4c ce c0 2c cd aa 1f 13 b8 19 32 da dc 08 94 | 2e 8d 28 d7 14 f7 0b 43 e3 2e 40 a7 62 2f cf ea | 7c 40 18 03 5f 64 94 39 6e c2 de d3 | releasing whack for #2 (sock=fd@-1) | releasing whack and unpending for parent #1 | unpending state #1 connection "east" | #2 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x7f49fc002b78 | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #2 | libevent_malloc: new ptr-libevent@0x5641ad93dc08 size 128 | resume sending helper answer for #1 suppresed complete_v2_state_transition() | #1 spent 4.31 milliseconds in resume sending helper answer | stop processing: state #2 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f49f4005088 | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00502 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00311 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00305 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00242 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | 2c 56 c2 b5 2e a4 8e 9a 0c 8e 20 32 d6 d9 97 f0 | be 2d 66 71 33 9b 99 5a 56 2f 3d 60 a7 6a e3 6c | 7f c7 5e 44 09 05 af 32 fa 37 80 44 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 7a e4 6e e4 f2 25 1d 04 | responder cookie: | d9 00 2b 22 79 6a 05 0a | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa) | start processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SK (len=44) | Message ID: start-responder #1 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 | #1 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x5641ad895ec0 (size 20) | hmac: symkey-key@0x5641ad895ec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad895ec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b19f8 | result: clone-key@0x5641ad93f770 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x5641ad93d430 from symkey-key@0x5641ad93f770 | hmac prf: begin sha with context 0x5641ad93d430 from symkey-key@0x5641ad93f770 | hmac: release clone-key@0x5641ad93f770 | hmac PRF sha crypt-prf@0x5641ad93dd08 | hmac PRF sha update data-bytes@0x5641ad891898 (length 64) | 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | 2c 56 c2 b5 2e a4 8e 9a 0c 8e 20 32 d6 d9 97 f0 | be 2d 66 71 33 9b 99 5a 56 2f 3d 60 a7 6a e3 6c | hmac PRF sha final-bytes@0x7fff837b1bc0 (length 20) | 7f c7 5e 44 09 05 af 32 fa 37 80 44 a2 ec 75 ae | 21 52 74 8e | data for hmac: 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | data for hmac: 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | data for hmac: 2c 56 c2 b5 2e a4 8e 9a 0c 8e 20 32 d6 d9 97 f0 | data for hmac: be 2d 66 71 33 9b 99 5a 56 2f 3d 60 a7 6a e3 6c | calculated auth: 7f c7 5e 44 09 05 af 32 fa 37 80 44 | provided auth: 7f c7 5e 44 09 05 af 32 fa 37 80 44 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 2c 56 c2 b5 2e a4 8e 9a 0c 8e 20 32 d6 d9 97 f0 | payload before decryption: | be 2d 66 71 33 9b 99 5a 56 2f 3d 60 a7 6a e3 6c | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 00 00 00 0c 03 04 00 01 fc 43 8d 24 00 01 02 03 | stripping 4 octets as pad | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 12 (0xc) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | processing payload: ISAKMP_NEXT_v2D (len=4) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | 7a e4 6e e4 f2 25 1d 04 | responder cookie: | d9 00 2b 22 79 6a 05 0a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | parsing 4 raw bytes of IKEv2 Delete Payload into SPI | SPI fc 43 8d 24 | delete PROTO_v2_ESP SA(0xfc438d24) | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_R | State DB: found IKEv2 state #2 in V2_IPSEC_R (find_v2_child_sa_by_outbound_spi) | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0xfc438d24) "east" #1: received Delete SA payload: delete IPsec State #2 now | pstats #2 ikev2.child deleted completed | suspend processing: state #1 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) | start processing: state #2 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #2: deleting other state #2 (STATE_V2_IPSEC_R) aged 0.095s and NOT sending notification | child state #2: V2_IPSEC_R(established CHILD SA) => delete | get_sa_info esp.fc438d24@192.1.2.45 | get_sa_info esp.1e6aea36@192.1.2.23 "east" #2: ESP traffic information: in=84B out=84B | child state #2: V2_IPSEC_R(established CHILD SA) => CHILDSA_DEL(informational) | state #2 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x5641ad93dc08 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f49fc002b78 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844012' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xfc438d24 | popen cmd is 1031 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east: | cmd( 160):' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='1566844012' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUN: | cmd( 640):NEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMA: | cmd( 720):NENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_: | cmd( 800):PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER: | cmd( 880):='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' : | cmd( 960):VTI_SHARED='no' SPI_IN=0xfc438d24 SPI_OUT=0x1e6aea36 ipsec _updown 2>&1: | shunt_eroute() called for connection 'east' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "east" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.fc438d24@192.1.2.45 | netlink response for Del SA esp.fc438d24@192.1.2.45 included non-error error | priority calculation of connection "east" is 0xfe7e7 | delete inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) | raw_eroute result=success | delete esp.1e6aea36@192.1.2.23 | netlink response for Del SA esp.1e6aea36@192.1.2.23 included non-error error | in connection_discard for connection east | State DB: deleting IKEv2 state #2 in CHILDSA_DEL | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #2 from 192.1.2.45:500 (in delete_state() at state.c:1143) | resume processing: state #1 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x5641ad924ad0 | delete_state: release st->st_skey_ai_nss-key@0x5641ad895ec0 | delete_state: release st->st_skey_ar_nss-key@0x5641ad923020 | delete_state: release st->st_skey_ei_nss-key@0x5641ad926910 | delete_state: release st->st_skey_er_nss-key@0x5641ad89c080 | delete_state: release st->st_skey_pi_nss-key@0x7f49f400a0e0 | delete_state: release st->st_skey_pr_nss-key@0x7f49f400d840 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload | local SPIs 1e 6a ea 36 | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 4a 8a 72 e7 54 77 c5 40 74 3c da 41 d8 aa 35 fb | data before encryption: | 00 00 00 0c 03 04 00 01 1e 6a ea 36 00 01 02 03 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 65 fd 1e d1 f6 0c a2 6d 49 56 b7 9c 1a 98 a2 cb | hmac PRF sha init symkey-key@0x5641ad923020 (size 20) | hmac: symkey-key@0x5641ad923020 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad923020 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b15a8 | result: clone-key@0x5641ad93f770 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x5641ad942c40 from symkey-key@0x5641ad93f770 | hmac prf: begin sha with context 0x5641ad942c40 from symkey-key@0x5641ad93f770 | hmac: release clone-key@0x5641ad93f770 | hmac PRF sha crypt-prf@0x5641ad93f8b8 | hmac PRF sha update data-bytes@0x5641aca808c0 (length 64) | 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | 4a 8a 72 e7 54 77 c5 40 74 3c da 41 d8 aa 35 fb | 65 fd 1e d1 f6 0c a2 6d 49 56 b7 9c 1a 98 a2 cb | hmac PRF sha final-bytes@0x5641aca80900 (length 20) | ab 25 82 43 24 79 66 16 0b 1e 14 9c df 8b 9a 75 | 4e f2 d6 14 | data being hmac: 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | data being hmac: 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | data being hmac: 4a 8a 72 e7 54 77 c5 40 74 3c da 41 d8 aa 35 fb | data being hmac: 65 fd 1e d1 f6 0c a2 6d 49 56 b7 9c 1a 98 a2 cb | out calculated auth: | ab 25 82 43 24 79 66 16 0b 1e 14 9c | sending 76 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | 4a 8a 72 e7 54 77 c5 40 74 3c da 41 d8 aa 35 fb | 65 fd 1e d1 f6 0c a2 6d 49 56 b7 9c 1a 98 a2 cb | ab 25 82 43 24 79 66 16 0b 1e 14 9c | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2 | Message ID: sent #1 response 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1->2 responder.recv=1 wip.initiator=-1 wip.responder=2 | #1 spent 0.924 milliseconds in processing: R2: process INFORMATIONAL Request in ikev2_process_state_packet() | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #1 complete_v2_state_transition() PARENT_R2->PARENT_R2 with status STF_OK | Message ID: updating counters for #1 to 2 after switching state | Message ID: recv #1 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=1->2 wip.initiator=-1 wip.responder=2->-1 | Message ID: #1 skipping update_send as nothing to send; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1 "east" #1: STATE_PARENT_R2: received v2I2, PARENT SA established | stop processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #1 spent 1.14 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.15 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00482 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00298 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | 3e ce 86 de e3 59 21 1a 56 d6 6c 1a 20 bc eb 01 | c4 d0 c6 3e 7b 31 8c 89 37 0f fa 85 a2 a4 67 13 | a8 9e 94 6d 36 eb 39 9b 88 55 37 2c | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 7a e4 6e e4 f2 25 1d 04 | responder cookie: | d9 00 2b 22 79 6a 05 0a | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa) | start processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #1 st.st_msgid_lastrecv 2 md.hdr.isa_msgid 00000003 | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SK (len=44) | Message ID: start-responder #1 request 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1->3 | #1 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x5641ad895ec0 (size 20) | hmac: symkey-key@0x5641ad895ec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad895ec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b19f8 | result: clone-key@0x5641ad93f770 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x5641ad942c40 from symkey-key@0x5641ad93f770 | hmac prf: begin sha with context 0x5641ad942c40 from symkey-key@0x5641ad93f770 | hmac: release clone-key@0x5641ad93f770 | hmac PRF sha crypt-prf@0x5641ad93dd08 | hmac PRF sha update data-bytes@0x5641ad891898 (length 64) | 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | 3e ce 86 de e3 59 21 1a 56 d6 6c 1a 20 bc eb 01 | c4 d0 c6 3e 7b 31 8c 89 37 0f fa 85 a2 a4 67 13 | hmac PRF sha final-bytes@0x7fff837b1bc0 (length 20) | a8 9e 94 6d 36 eb 39 9b 88 55 37 2c d8 38 a4 32 | c5 bb d9 c5 | data for hmac: 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | data for hmac: 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | data for hmac: 3e ce 86 de e3 59 21 1a 56 d6 6c 1a 20 bc eb 01 | data for hmac: c4 d0 c6 3e 7b 31 8c 89 37 0f fa 85 a2 a4 67 13 | calculated auth: a8 9e 94 6d 36 eb 39 9b 88 55 37 2c | provided auth: a8 9e 94 6d 36 eb 39 9b 88 55 37 2c | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 3e ce 86 de e3 59 21 1a 56 d6 6c 1a 20 bc eb 01 | payload before decryption: | c4 d0 c6 3e 7b 31 8c 89 37 0f fa 85 a2 a4 67 13 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | stripping 8 octets as pad | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | processing payload: ISAKMP_NEXT_v2D (len=0) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | 7a e4 6e e4 f2 25 1d 04 | responder cookie: | d9 00 2b 22 79 6a 05 0a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | adding 16 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0e repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0f repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | af 11 f3 d8 61 9e a3 d0 14 bf bb 7a e0 78 7a 3f | data before encryption: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 43 86 3c 3d c6 29 65 f9 a9 26 38 ba fb b9 77 57 | hmac PRF sha init symkey-key@0x5641ad923020 (size 20) | hmac: symkey-key@0x5641ad923020 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad923020 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b15a8 | result: clone-key@0x5641ad93f770 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x5641ad942c40 from symkey-key@0x5641ad93f770 | hmac prf: begin sha with context 0x5641ad942c40 from symkey-key@0x5641ad93f770 | hmac: release clone-key@0x5641ad93f770 | hmac PRF sha crypt-prf@0x5641ad93f8b8 | hmac PRF sha update data-bytes@0x5641aca808c0 (length 64) | 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | af 11 f3 d8 61 9e a3 d0 14 bf bb 7a e0 78 7a 3f | 43 86 3c 3d c6 29 65 f9 a9 26 38 ba fb b9 77 57 | hmac PRF sha final-bytes@0x5641aca80900 (length 20) | 34 10 2d 47 a3 53 a3 4f ef 15 b1 b8 11 40 6e 73 | 7f e3 a9 1e | data being hmac: 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | data being hmac: 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | data being hmac: af 11 f3 d8 61 9e a3 d0 14 bf bb 7a e0 78 7a 3f | data being hmac: 43 86 3c 3d c6 29 65 f9 a9 26 38 ba fb b9 77 57 | out calculated auth: | 34 10 2d 47 a3 53 a3 4f ef 15 b1 b8 | sending 76 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | af 11 f3 d8 61 9e a3 d0 14 bf bb 7a e0 78 7a 3f | 43 86 3c 3d c6 29 65 f9 a9 26 38 ba fb b9 77 57 | 34 10 2d 47 a3 53 a3 4f ef 15 b1 b8 | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=3 | Message ID: sent #1 response 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2->3 responder.recv=2 wip.initiator=-1 wip.responder=3 | State DB: IKEv2 state not found (delete_my_family) | parent state #1: PARENT_R2(established IKE SA) => IKESA_DEL(established IKE SA) | pstats #1 ikev2.ike deleted completed | #1 spent 9.39 milliseconds in total | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #1: deleting state (STATE_IKESA_DEL) aged 0.113s and NOT sending notification | parent state #1: IKESA_DEL(established IKE SA) => delete | state #1 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x5641ad93d578 | free_event_entry: release EVENT_SA_REKEY-pe@0x5641ad93a768 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #1 in IKESA_DEL | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f49fc003a28: destroyed | stop processing: state #1 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x5641ad926530 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x5641ad924ad0 | delete_state: release st->st_skey_ai_nss-key@0x5641ad895ec0 | delete_state: release st->st_skey_ar_nss-key@0x5641ad923020 | delete_state: release st->st_skey_ei_nss-key@0x5641ad926910 | delete_state: release st->st_skey_er_nss-key@0x5641ad89c080 | delete_state: release st->st_skey_pi_nss-key@0x7f49f400a0e0 | delete_state: release st->st_skey_pr_nss-key@0x7f49f400d840 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | in statetime_stop() and could not find #1 | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3379) | #0 complete_v2_state_transition() md.from_state=PARENT_R2 md.svm.state[from]=PARENT_R2 UNDEFINED->PARENT_R2 with status STF_OK | STF_OK but no state object remains | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #1 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.633 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00254 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 82 28 3e ad e8 c3 cf fc 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 64 5a 91 34 27 0d 26 53 cb f0 fa 8e | d7 6e 11 c0 ad af 22 c2 b2 8c 2c 16 eb 37 62 d0 | 62 89 c1 bc 9d a3 ef 7b a0 23 30 17 51 08 8f db | 32 d9 d0 62 ff 67 e2 6f 42 79 08 a7 d6 e9 0d 38 | 89 57 fc 65 15 53 9d 8f ed 44 11 d8 b4 83 29 8d | 83 69 7a c9 d4 4f 18 9a b2 0c cf 23 f2 31 1e 0e | 00 48 60 53 17 fe 2f 94 9e f1 ae 27 fa 1f 1f 14 | 2f 1b c6 c3 c1 37 33 19 3d 5d 3f b8 ae cc 29 32 | fc 16 cf 1a 77 60 15 48 0a 1e 8c 2f 5e 87 d2 ad | 2a 14 fe 19 e9 ff c8 e7 6a 8f f3 0f 24 42 ff 50 | 9c 8b fb 08 e1 4b 60 74 a9 77 d9 12 8e bd e9 ee | 7a cb 21 58 ed 0e 19 25 dd de 2c 5c 43 17 c0 57 | 2c 4e 01 dd 44 9f f3 ce 21 24 06 d5 99 8e bc 82 | 0e 54 a0 45 8d 26 27 e6 95 c1 db 38 7c 63 ab b1 | e2 4f 45 ef c1 f1 57 a6 a2 c7 ac d7 88 88 94 18 | 24 35 2a 18 95 07 3a 49 2f 84 42 7f ea 0f 9a 37 | 52 7d 8f c8 29 00 00 24 81 51 26 a2 56 b8 2f a3 | ce 8f f7 ed b4 70 a4 d6 13 6e 98 a0 1e 2c e2 14 | bc b1 2a c4 17 d3 82 05 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 e3 ab 2b 67 ca 42 39 5e | d9 b8 2f 5d 45 c9 57 7c 3c 30 eb 47 00 00 00 1c | 00 00 40 05 1f a0 f3 4e fa e4 4b c4 99 b6 cb 89 | 5a 50 26 78 0a 97 a7 20 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 82 28 3e ad e8 c3 cf fc | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x5641ad939378 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x5641aca74700 (length 32) | 64 59 39 7d cd b9 28 1d f1 c8 1c 37 a1 76 10 ce | 60 62 36 da 0f 08 a7 5a 08 fd 21 a0 d8 62 36 c1 | IKE SPIr hash sha2_256 digest counter-bytes@0x5641aca746e0 (length 4) | 02 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff837b2220 (length 32) | 79 f1 d1 dd f0 a7 da 83 1a 20 42 4d ad 7f 98 82 | 9a 2e 6d a3 c7 a2 56 dd fa 9b e2 d1 99 db 5f 8a | creating state object #3 at 0x5641ad93ab38 | State DB: adding IKEv2 state #3 in UNDEFINED | pstats #3 ikev2.ike started | Message ID: init #3: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #3: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #3; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #3 connection "east" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #3 connection "east" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) | #3 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #3 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #3 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #3 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #3 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 0 (0x0) | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: PRF+INTEG+DH; unmatched: ENCR | remote proposal 1 does not match; unmatched remote transforms: ENCR "east" #3: no local proposal matches remote proposals 1:IKE:ENCR=AES_CBC;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "east" #3: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification NO_PROPOSAL_CHOSEN | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | 82 28 3e ad e8 c3 cf fc | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | 82 28 3e ad e8 c3 cf fc 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | #3 spent 0.129 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #3 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #3 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #3 has no whack fd | pstats #3 ikev2.ike deleted other | [RE]START processing: state #3 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #3: deleting state (STATE_PARENT_R0) aged 0.000s and NOT sending notification | parent state #3: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #3 in PARENT_R0 | parent state #3: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #3 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #3 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.488 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00264 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 03 43 05 7a 31 c6 33 e9 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 9c a6 dd 9e c8 95 98 dc 1c 6a 80 4a | fd 4a 55 b8 3a bc d8 4d 4d 48 13 80 9b b4 02 b1 | 68 95 64 26 75 92 fa 3e 3a c9 4b b0 9a 77 49 2a | 9e 66 f4 9b 2f 39 2d 2c 16 3a 88 84 74 d1 31 41 | db 0a c9 61 67 95 31 be 32 9a 88 12 bf 7d e2 ab | 09 a0 c6 08 9f b9 9f 4a 4c 69 ca b2 91 22 ba ef | 2d cf 6a 99 78 64 7b ba 31 dd 00 e4 73 58 23 02 | cc 63 f0 71 14 a2 2e 41 06 2f 39 e6 47 3e 94 ec | a7 36 92 ef 51 b8 d8 12 8a 24 db bf e3 35 2f 79 | bb 9a 0e b3 dd 48 e2 e3 8c 34 a6 13 9f 85 fe a8 | 2b d6 0d c5 2d 1d a7 b2 9f 56 04 16 33 42 6d ad | b1 41 b2 d5 84 86 33 c5 3f 4a 47 4c 34 7c 2b 04 | 72 fb 83 0c f1 4d 68 34 34 ab 97 b0 cb 90 9f 8a | bd 40 e2 8a 07 02 a3 bf 7c 9d b9 79 a4 7e e7 19 | 56 97 7e a3 e3 0e da 44 39 c9 77 bc b7 a1 e8 3a | e7 5e 0d 81 ae 17 d6 e2 a7 ca 5f 70 c5 06 14 e5 | 63 01 56 1c 29 00 00 24 08 86 d4 5d c3 57 77 6d | 33 69 89 67 2f 87 00 0c 2c 23 cd 62 e7 3e ad 2f | 2f 86 e4 21 76 31 07 a6 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 69 5a 9d 9e 4c 35 b6 47 | 1e 52 bd 10 06 2f b9 7e de 7d 0b ed 00 00 00 1c | 00 00 40 05 79 5e 49 5c 9b 6d bd 4d 3b d5 a7 a1 | 4d d6 f4 8c 82 98 ec 4f | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 03 43 05 7a 31 c6 33 e9 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x5641ad939378 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x5641aca74700 (length 32) | 64 59 39 7d cd b9 28 1d f1 c8 1c 37 a1 76 10 ce | 60 62 36 da 0f 08 a7 5a 08 fd 21 a0 d8 62 36 c1 | IKE SPIr hash sha2_256 digest counter-bytes@0x5641aca746e0 (length 4) | 03 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff837b2220 (length 32) | 9b 97 39 04 70 40 c0 25 68 35 0b 64 7e 90 5d 40 | 6b d1 23 06 cd a5 ef 40 2a a6 27 a9 97 78 b0 b6 | creating state object #4 at 0x5641ad93ab38 | State DB: adding IKEv2 state #4 in UNDEFINED | pstats #4 ikev2.ike started | Message ID: init #4: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #4: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #4; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #4 connection "east" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #4 connection "east" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) | #4 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #4 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #4 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #4 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #4 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 0 (0x0) | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: PRF+INTEG+DH; unmatched: ENCR | remote proposal 1 does not match; unmatched remote transforms: ENCR "east" #4: no local proposal matches remote proposals 1:IKE:ENCR=AES_CBC;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "east" #4: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification NO_PROPOSAL_CHOSEN | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | 03 43 05 7a 31 c6 33 e9 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | 03 43 05 7a 31 c6 33 e9 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | #4 spent 0.201 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #4 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #4 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #4 has no whack fd | pstats #4 ikev2.ike deleted other | [RE]START processing: state #4 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #4: deleting state (STATE_PARENT_R0) aged 0.000s and NOT sending notification | parent state #4: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #4 in PARENT_R0 | parent state #4: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #4 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #4 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.674 milliseconds in comm_handle_cb() reading and processing packet | spent 0.0037 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 26 fd 91 00 6e 77 b5 b1 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 76 25 40 60 88 f0 91 4a 25 73 cf 71 | 42 3d 73 01 73 5d 31 8e 30 3d 99 e6 3f 06 ac c2 | 24 de a3 0b 4c 6c 05 61 3a b7 0a 27 8b d7 75 f2 | a7 a1 64 fa 2a 65 e3 a3 ef da 3e 80 fe 85 53 b5 | af eb bb 4f 41 66 77 26 3f 5d 7f 1b 7b 36 28 fe | 25 73 f2 c2 52 ea a5 d6 66 05 87 d9 0a 1c c8 3d | 47 ae 33 78 3e 14 a6 ed a8 1d 52 26 cd 5b a0 02 | 89 bc fb 14 e1 08 ec 82 ac 14 b7 e4 92 83 83 6f | 6e 2a 18 9a 40 25 fd 0f 5b 16 1e 57 e9 59 17 80 | 7d 2b 12 65 27 9e bc 56 15 62 0d 2a 4e 89 f6 8d | 11 43 c7 fa ed 55 72 49 54 6a 5c c0 0e 5d d7 38 | b3 b7 8c df c4 90 5b cf 5c 40 42 28 22 5f 6d 18 | b3 93 b0 ee 4a cd 42 f4 ee 0f 83 7e 93 b5 11 83 | 6d e0 9c 22 9b ad a2 54 33 7b 6c e8 98 e5 28 b9 | 25 6f cc ac 74 11 86 c2 53 ab 8a 19 ce 40 92 bc | 7f bc 42 37 8c 7b 4a 28 59 4a 12 12 bc 42 a6 e1 | c5 0c 75 c0 29 00 00 24 56 45 09 29 a3 ec b6 99 | 2e ae d5 79 53 4a 0c 25 6f f7 0b 53 ad c4 ce c5 | f5 f9 8b d9 b1 ad 5a 15 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 45 a7 e4 78 31 16 fa fe | 01 bd e3 af 4d 54 92 4f f0 57 65 c9 00 00 00 1c | 00 00 40 05 5c 18 0e 7e 7d d0 ec 68 7f 98 d2 e1 | 4a 4d bf 5f e4 2b e9 1a | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 26 fd 91 00 6e 77 b5 b1 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x5641ad939378 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x5641aca74700 (length 32) | 64 59 39 7d cd b9 28 1d f1 c8 1c 37 a1 76 10 ce | 60 62 36 da 0f 08 a7 5a 08 fd 21 a0 d8 62 36 c1 | IKE SPIr hash sha2_256 digest counter-bytes@0x5641aca746e0 (length 4) | 04 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff837b2220 (length 32) | 21 84 58 56 c8 5b a4 f1 5d 3b 02 d1 a0 f6 48 d6 | 0c 8f c8 3e 9b 5f 27 ec 70 68 23 20 ea 93 4e 56 | creating state object #5 at 0x5641ad93ab38 | State DB: adding IKEv2 state #5 in UNDEFINED | pstats #5 ikev2.ike started | Message ID: init #5: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #5: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #5; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #5 connection "east" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #5 connection "east" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) | #5 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #5 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #5 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #5 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #5 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 "east" #5: proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | DH public value received: | 76 25 40 60 88 f0 91 4a 25 73 cf 71 42 3d 73 01 | 73 5d 31 8e 30 3d 99 e6 3f 06 ac c2 24 de a3 0b | 4c 6c 05 61 3a b7 0a 27 8b d7 75 f2 a7 a1 64 fa | 2a 65 e3 a3 ef da 3e 80 fe 85 53 b5 af eb bb 4f | 41 66 77 26 3f 5d 7f 1b 7b 36 28 fe 25 73 f2 c2 | 52 ea a5 d6 66 05 87 d9 0a 1c c8 3d 47 ae 33 78 | 3e 14 a6 ed a8 1d 52 26 cd 5b a0 02 89 bc fb 14 | e1 08 ec 82 ac 14 b7 e4 92 83 83 6f 6e 2a 18 9a | 40 25 fd 0f 5b 16 1e 57 e9 59 17 80 7d 2b 12 65 | 27 9e bc 56 15 62 0d 2a 4e 89 f6 8d 11 43 c7 fa | ed 55 72 49 54 6a 5c c0 0e 5d d7 38 b3 b7 8c df | c4 90 5b cf 5c 40 42 28 22 5f 6d 18 b3 93 b0 ee | 4a cd 42 f4 ee 0f 83 7e 93 b5 11 83 6d e0 9c 22 | 9b ad a2 54 33 7b 6c e8 98 e5 28 b9 25 6f cc ac | 74 11 86 c2 53 ab 8a 19 ce 40 92 bc 7f bc 42 37 | 8c 7b 4a 28 59 4a 12 12 bc 42 a6 e1 c5 0c 75 c0 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff837b1c20 (length 8) | 26 fd 91 00 6e 77 b5 b1 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff837b1c28 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff837b1bb4 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff837b1ba6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff837b1c30 (length 20) | 5c 18 0e 7e 7d d0 ec 68 7f 98 d2 e1 4a 4d bf 5f | e4 2b e9 1a | natd_hash: hasher=0x5641aca57800(20) | natd_hash: icookie= 26 fd 91 00 6e 77 b5 b1 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 5c 18 0e 7e 7d d0 ec 68 7f 98 d2 e1 4a 4d bf 5f | natd_hash: hash= e4 2b e9 1a | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff837b1c20 (length 8) | 26 fd 91 00 6e 77 b5 b1 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff837b1c28 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff837b1bb4 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff837b1ba6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff837b1c50 (length 20) | 45 a7 e4 78 31 16 fa fe 01 bd e3 af 4d 54 92 4f | f0 57 65 c9 | natd_hash: hasher=0x5641aca57800(20) | natd_hash: icookie= 26 fd 91 00 6e 77 b5 b1 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 45 a7 e4 78 31 16 fa fe 01 bd e3 af 4d 54 92 4f | natd_hash: hash= f0 57 65 c9 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 | adding ikev2_inI1outR1 KE work-order 3 for state #5 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5641ad93a768 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 | libevent_malloc: new ptr-libevent@0x7f49f4005088 size 128 | #5 spent 0.301 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #5 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | crypto helper 3 resuming | crypto helper 3 starting work-order 3 for state #5 | crypto helper 3 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 3 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f49f8003a28: created | NSS: Local DH MODP2048 secret (pointer): 0x7f49f8003a28 | NSS: Public DH wire value: | a7 c3 4b 5e cf 59 0f d4 54 4d 31 1e db 41 7b 06 | 85 78 e0 f6 eb 96 b8 92 8d 7e a3 d2 d3 a6 5c 5c | 32 c0 19 bf 12 7f 14 15 e6 dc 4a 4e 72 de e1 1c | 45 e2 f8 c7 6d 87 28 a8 5e cb 24 08 68 56 0f 84 | 8d f1 0c ce dd b7 3f 95 0c 51 96 ae 06 45 2a 11 | 6f dd 8a f9 8a 67 a9 00 25 b9 00 03 ba c7 a9 55 | e8 39 f9 78 59 b1 d5 09 76 64 9c 39 61 d5 62 74 | 15 38 53 ae b4 63 7a 95 ab 50 58 9b f9 de 7c 82 | 5b 3d d9 9a a0 6e 4a e1 1d dd 6b 12 14 2c c6 33 | 18 8b 50 88 d3 10 5f df e2 b6 93 cf 33 14 1e 1d | 09 c3 15 36 fa c3 05 c1 a9 09 9d 2c ae c2 4b 64 | 08 67 10 92 5a dd 26 87 2f 22 86 bc 30 67 fa 8d | 91 92 a1 a3 65 af 5e 72 6d 6a 59 c9 59 8e e7 c6 | d7 71 15 3e b7 2e 8c 25 8f 61 c5 5e eb b9 76 ce | 8e 0e d9 09 8d 42 78 d3 5b 8e ac 4c cd 48 c2 0d | 2a 95 fd 58 3e 44 ae fc 23 ab 8e af 0b fa 0c 6c | Generated nonce: 8d 5a 72 e2 b7 f4 83 ec 25 06 0c 51 30 66 64 f6 | Generated nonce: 98 0f 71 31 55 8b 3e 11 2b ef 04 ec a4 c2 0f 26 | crypto helper 3 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 3 time elapsed 0.001075 seconds | (#5) spent 1.08 milliseconds in crypto helper computing work-order 3: ikev2_inI1outR1 KE (pcr) | crypto helper 3 sending results from work-order 3 for state #5 to event queue | scheduling resume sending helper answer for #5 | libevent_malloc: new ptr-libevent@0x7f49f8002888 size 128 | crypto helper 3 waiting (nothing to do) | #5 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND | suspending state #5 and saving MD | #5 is busy; has a suspended MD | [RE]START processing: state #5 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) | "east" #5 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | stop processing: state #5 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #5 spent 0.697 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.709 milliseconds in comm_handle_cb() reading and processing packet | processing resume sending helper answer for #5 | start processing: state #5 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 3 | calling continuation function 0x5641ac982b50 | ikev2_parent_inI1outR1_continue for #5: calculated ke+nonce, sending R1 | **emit ISAKMP Message: | initiator cookie: | 26 fd 91 00 6e 77 b5 b1 | responder cookie: | 21 84 58 56 c8 5b a4 f1 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Emitting ikev2_proposal ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f49f8003a28: transferring ownership from helper KE to state #5 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x a7 c3 4b 5e cf 59 0f d4 54 4d 31 1e db 41 7b 06 | ikev2 g^x 85 78 e0 f6 eb 96 b8 92 8d 7e a3 d2 d3 a6 5c 5c | ikev2 g^x 32 c0 19 bf 12 7f 14 15 e6 dc 4a 4e 72 de e1 1c | ikev2 g^x 45 e2 f8 c7 6d 87 28 a8 5e cb 24 08 68 56 0f 84 | ikev2 g^x 8d f1 0c ce dd b7 3f 95 0c 51 96 ae 06 45 2a 11 | ikev2 g^x 6f dd 8a f9 8a 67 a9 00 25 b9 00 03 ba c7 a9 55 | ikev2 g^x e8 39 f9 78 59 b1 d5 09 76 64 9c 39 61 d5 62 74 | ikev2 g^x 15 38 53 ae b4 63 7a 95 ab 50 58 9b f9 de 7c 82 | ikev2 g^x 5b 3d d9 9a a0 6e 4a e1 1d dd 6b 12 14 2c c6 33 | ikev2 g^x 18 8b 50 88 d3 10 5f df e2 b6 93 cf 33 14 1e 1d | ikev2 g^x 09 c3 15 36 fa c3 05 c1 a9 09 9d 2c ae c2 4b 64 | ikev2 g^x 08 67 10 92 5a dd 26 87 2f 22 86 bc 30 67 fa 8d | ikev2 g^x 91 92 a1 a3 65 af 5e 72 6d 6a 59 c9 59 8e e7 c6 | ikev2 g^x d7 71 15 3e b7 2e 8c 25 8f 61 c5 5e eb b9 76 ce | ikev2 g^x 8e 0e d9 09 8d 42 78 d3 5b 8e ac 4c cd 48 c2 0d | ikev2 g^x 2a 95 fd 58 3e 44 ae fc 23 ab 8e af 0b fa 0c 6c | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 8d 5a 72 e2 b7 f4 83 ec 25 06 0c 51 30 66 64 f6 | IKEv2 nonce 98 0f 71 31 55 8b 3e 11 2b ef 04 ec a4 c2 0f 26 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff837b2160 (length 8) | 26 fd 91 00 6e 77 b5 b1 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff837b2168 (length 8) | 21 84 58 56 c8 5b a4 f1 | NATD hash sha digest IP addr-bytes@0x7fff837b2094 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff837b2086 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff837b2110 (length 20) | 8b 4d 51 cd 49 d8 d4 bd e2 ec cd 5b 65 a4 b1 9d | f8 81 a5 0f | natd_hash: hasher=0x5641aca57800(20) | natd_hash: icookie= 26 fd 91 00 6e 77 b5 b1 | natd_hash: rcookie= 21 84 58 56 c8 5b a4 f1 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 8b 4d 51 cd 49 d8 d4 bd e2 ec cd 5b 65 a4 b1 9d | natd_hash: hash= f8 81 a5 0f | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 8b 4d 51 cd 49 d8 d4 bd e2 ec cd 5b 65 a4 b1 9d | Notify data f8 81 a5 0f | emitting length of IKEv2 Notify Payload: 28 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff837b2160 (length 8) | 26 fd 91 00 6e 77 b5 b1 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff837b2168 (length 8) | 21 84 58 56 c8 5b a4 f1 | NATD hash sha digest IP addr-bytes@0x7fff837b2094 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff837b2086 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff837b2110 (length 20) | 6b 3a 6e 4f ad db ef 57 0b 07 89 fc 76 30 00 24 | 42 09 04 41 | natd_hash: hasher=0x5641aca57800(20) | natd_hash: icookie= 26 fd 91 00 6e 77 b5 b1 | natd_hash: rcookie= 21 84 58 56 c8 5b a4 f1 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 6b 3a 6e 4f ad db ef 57 0b 07 89 fc 76 30 00 24 | natd_hash: hash= 42 09 04 41 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 6b 3a 6e 4f ad db ef 57 0b 07 89 fc 76 30 00 24 | Notify data 42 09 04 41 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | [RE]START processing: state #5 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #5 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 | parent state #5: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) | Message ID: updating counters for #5 to 0 after switching state | Message ID: recv #5 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 | Message ID: sent #5 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 "east" #5: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 440 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #5) | 26 fd 91 00 6e 77 b5 b1 21 84 58 56 c8 5b a4 f1 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 a7 c3 4b 5e cf 59 0f d4 54 4d 31 1e | db 41 7b 06 85 78 e0 f6 eb 96 b8 92 8d 7e a3 d2 | d3 a6 5c 5c 32 c0 19 bf 12 7f 14 15 e6 dc 4a 4e | 72 de e1 1c 45 e2 f8 c7 6d 87 28 a8 5e cb 24 08 | 68 56 0f 84 8d f1 0c ce dd b7 3f 95 0c 51 96 ae | 06 45 2a 11 6f dd 8a f9 8a 67 a9 00 25 b9 00 03 | ba c7 a9 55 e8 39 f9 78 59 b1 d5 09 76 64 9c 39 | 61 d5 62 74 15 38 53 ae b4 63 7a 95 ab 50 58 9b | f9 de 7c 82 5b 3d d9 9a a0 6e 4a e1 1d dd 6b 12 | 14 2c c6 33 18 8b 50 88 d3 10 5f df e2 b6 93 cf | 33 14 1e 1d 09 c3 15 36 fa c3 05 c1 a9 09 9d 2c | ae c2 4b 64 08 67 10 92 5a dd 26 87 2f 22 86 bc | 30 67 fa 8d 91 92 a1 a3 65 af 5e 72 6d 6a 59 c9 | 59 8e e7 c6 d7 71 15 3e b7 2e 8c 25 8f 61 c5 5e | eb b9 76 ce 8e 0e d9 09 8d 42 78 d3 5b 8e ac 4c | cd 48 c2 0d 2a 95 fd 58 3e 44 ae fc 23 ab 8e af | 0b fa 0c 6c 29 00 00 24 8d 5a 72 e2 b7 f4 83 ec | 25 06 0c 51 30 66 64 f6 98 0f 71 31 55 8b 3e 11 | 2b ef 04 ec a4 c2 0f 26 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 8b 4d 51 cd 49 d8 d4 bd | e2 ec cd 5b 65 a4 b1 9d f8 81 a5 0f 00 00 00 1c | 00 00 40 05 6b 3a 6e 4f ad db ef 57 0b 07 89 fc | 76 30 00 24 42 09 04 41 | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f49f4005088 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5641ad93a768 | event_schedule: new EVENT_SO_DISCARD-pe@0x5641ad93a768 | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #5 | libevent_malloc: new ptr-libevent@0x5641ad93dc08 size 128 | resume sending helper answer for #5 suppresed complete_v2_state_transition() | #5 spent 0.48 milliseconds in resume sending helper answer | stop processing: state #5 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f49f8002888 | spent 0.00277 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 220 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 26 fd 91 00 6e 77 b5 b1 21 84 58 56 c8 5b a4 f1 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 1c 2b 25 01 e4 9d b9 e7 62 6b 86 f7 3e 67 4b 6b | 60 58 a2 0f b9 f7 71 e9 5d 1e b9 10 dc 0a 5d 73 | ae 39 85 0f e1 a8 09 0d 1b 8d 2d 74 8d 61 44 c8 | 70 e6 b8 46 c2 87 69 0e 8e ba e7 29 0a 6b 8b b3 | 7b 05 3c 68 fb ad 01 d9 e0 e0 30 70 92 63 05 1c | 69 93 6b 53 ae c1 66 3c ee ec 28 06 4a 46 5d 94 | b7 9e 16 64 f3 c3 1f 6a 46 ad 7c 62 80 80 f3 a0 | 5c ab db 6c 4f 7a 36 40 23 a5 8e 36 3b 1a d2 ed | 1a e3 d6 ad 42 61 be dc 14 d9 0f df 9d 1a b7 a2 | 74 fe 64 c0 41 b5 6d 1f ab 69 28 6e ed 2a 0f 26 | 1c f7 d3 92 aa 7c a2 7d d5 41 20 b0 54 8d c3 b3 | 71 5b 21 f1 7b 3f 93 cf f6 28 a7 38 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 26 fd 91 00 6e 77 b5 b1 | responder cookie: | 21 84 58 56 c8 5b a4 f1 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 220 (0xdc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request | State DB: found IKEv2 state #5 in PARENT_R1 (find_v2_ike_sa) | start processing: state #5 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #5 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #5 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 | Message ID: #5 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 192 (0xc0) | processing payload: ISAKMP_NEXT_v2SK (len=188) | Message ID: start-responder #5 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 | #5 in state PARENT_R1: received v2I1, sent v2R1 | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request (no SKEYSEED) | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f49f8003a28: transferring ownership from state #5 to helper IKEv2 DH | adding ikev2_inI2outR2 KE work-order 4 for state #5 | state #5 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x5641ad93dc08 | free_event_entry: release EVENT_SO_DISCARD-pe@0x5641ad93a768 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5641ad93a768 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 | libevent_malloc: new ptr-libevent@0x7f49f8002888 size 128 | #5 spent 0.0351 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() | [RE]START processing: state #5 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | crypto helper 4 resuming | #5 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND | suspending state #5 and saving MD | #5 is busy; has a suspended MD | crypto helper 4 starting work-order 4 for state #5 | [RE]START processing: state #5 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) | "east" #5 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | crypto helper 4 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 4 | stop processing: state #5 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | peer's g: 76 25 40 60 88 f0 91 4a 25 73 cf 71 42 3d 73 01 | peer's g: 73 5d 31 8e 30 3d 99 e6 3f 06 ac c2 24 de a3 0b | peer's g: 4c 6c 05 61 3a b7 0a 27 8b d7 75 f2 a7 a1 64 fa | #5 spent 0.193 milliseconds in ikev2_process_packet() | peer's g: 2a 65 e3 a3 ef da 3e 80 fe 85 53 b5 af eb bb 4f | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | peer's g: 41 66 77 26 3f 5d 7f 1b 7b 36 28 fe 25 73 f2 c2 | peer's g: 52 ea a5 d6 66 05 87 d9 0a 1c c8 3d 47 ae 33 78 | peer's g: 3e 14 a6 ed a8 1d 52 26 cd 5b a0 02 89 bc fb 14 | peer's g: e1 08 ec 82 ac 14 b7 e4 92 83 83 6f 6e 2a 18 9a | peer's g: 40 25 fd 0f 5b 16 1e 57 e9 59 17 80 7d 2b 12 65 | peer's g: 27 9e bc 56 15 62 0d 2a 4e 89 f6 8d 11 43 c7 fa | peer's g: ed 55 72 49 54 6a 5c c0 0e 5d d7 38 b3 b7 8c df | peer's g: c4 90 5b cf 5c 40 42 28 22 5f 6d 18 b3 93 b0 ee | peer's g: 4a cd 42 f4 ee 0f 83 7e 93 b5 11 83 6d e0 9c 22 | peer's g: 9b ad a2 54 33 7b 6c e8 98 e5 28 b9 25 6f cc ac | peer's g: 74 11 86 c2 53 ab 8a 19 ce 40 92 bc 7f bc 42 37 | peer's g: 8c 7b 4a 28 59 4a 12 12 bc 42 a6 e1 c5 0c 75 c0 | processing: STOP state #0 (in process_md() at demux.c:382) | Started DH shared-secret computation in NSS: | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.256 milliseconds in comm_handle_cb() reading and processing packet | new : g_ir-key@0x7f49f400d840 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f49f8003a28: computed shared DH secret key@0x7f49f400d840 | dh-shared : g^ir-key@0x7f49f400d840 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f49ec001f18 (length 64) | 56 45 09 29 a3 ec b6 99 2e ae d5 79 53 4a 0c 25 | 6f f7 0b 53 ad c4 ce c5 f5 f9 8b d9 b1 ad 5a 15 | 8d 5a 72 e2 b7 f4 83 ec 25 06 0c 51 30 66 64 f6 | 98 0f 71 31 55 8b 3e 11 2b ef 04 ec a4 c2 0f 26 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a03ecd6e0 | result: Ni | Nr-key@0x5641ad89c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x5641ad89c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a03ecd6c8 | result: Ni | Nr-key@0x7f49f400a0e0 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x5641ad89c080 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f49ec002fa0 from Ni | Nr-key@0x7f49f400a0e0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f49ec002fa0 from Ni | Nr-key@0x7f49f400a0e0 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x7f49f400a0e0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f49ec003a78 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x7f49f400d840 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x7f49f400d840 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x7f49f400d840 | nss hmac digest hack: symkey-key@0x7f49f400d840 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)-1398808382: 77 d2 aa 01 ac 19 b5 df 13 48 20 e3 b5 89 c8 f5 db c5 aa c8 e3 24 51 97 7a d8 81 db 9e 3d ed 7e 95 3c 87 c0 3b f1 5b 7d 0d fa 39 13 b8 a3 12 d5 ba 19 67 03 8f 2b 75 15 1d f6 66 24 5b 80 7f fd bc de 15 91 74 50 65 f6 26 0d ba 46 e3 dd d3 8b ea 9d 00 59 62 d9 b1 96 a2 29 5d 9a 8c 31 99 95 b2 6d 5c 94 9c 55 2f 80 eb 0d 3f 8f 81 12 81 ac 42 26 72 48 91 32 1c f1 80 99 cb 30 72 3f 67 5f 96 f0 66 8b f1 0a 96 47 f6 0d 9f 17 a9 36 b6 ea 4a 44 ab 35 e5 d3 62 79 ec a7 00 4e 6c f5 64 0b 90 49 ff 06 2e 89 2d 54 4e 2b ab b0 ad 6b 31 f1 c4 c9 f5 f1 8b 20 95 42 34 a1 e7 a8 cb 3d 1b 58 5f 0a a6 52 4a 48 0f 3f 93 37 7e 34 57 33 38 e6 a0 18 b2 ce 2c f3 6f 4f b0 73 5b 6b 92 a2 31 4d f2 5c dd 3f f3 15 55 6d cd db b7 0f f2 d6 05 56 76 54 2f 37 92 fb c7 68 4e 83 7d be c9 9b 26 ae | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 256 bytes at 0x7f49ec003fa8 | unwrapped: 99 6c bc c5 ec 62 d8 9e 38 70 d4 55 86 36 8f fb | unwrapped: 7b 49 a3 5e 9b 22 64 41 75 6b 47 37 f1 4c 94 b6 | unwrapped: ad ec 00 cf 2d 39 5b 7a e5 85 9f 8d 2f 4b 9a 76 | unwrapped: ea ea 0a 4a 33 09 ee dd 71 88 e3 59 dd 9f cb 0a | unwrapped: 20 39 b7 a4 37 b3 26 52 04 a8 ec 95 76 51 5b 8c | unwrapped: 3f f9 cd 11 ea ad 8a cc de 1c a3 c9 5f 7b e6 12 | unwrapped: c7 28 1d 49 76 f7 3d f0 0f ce dd 7d a5 a3 84 97 | unwrapped: 1f 15 eb 69 0c 07 4a 1f 63 18 22 3b 4c 6c 4f cb | unwrapped: 04 90 25 ee 3a 24 60 c2 60 54 42 4d 85 96 8e 1c | unwrapped: 0e 58 ef 05 a5 22 5c 4f ba 30 be fd 9e fb 40 2f | unwrapped: 69 d4 b5 45 31 7e 0e bb 0b 32 a9 24 3a 4e 65 c2 | unwrapped: 4d ab a1 26 33 e0 d5 d7 ac 93 ca 3b d7 6e e7 ec | unwrapped: 42 af eb c3 fe f6 f3 3b f2 71 f0 fc 3a 68 16 58 | unwrapped: d5 21 dd 49 20 dc af bb 28 cd 13 be 35 76 2b 1b | unwrapped: a5 17 1d a3 d4 55 d0 e3 8b 09 0e 91 a0 02 a3 b8 | unwrapped: 16 33 ed 8f 09 be 20 28 6c cb ab 14 57 6a f1 63 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a03ecd700 | result: final-key@0x5641ad89c080 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad89c080 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a03ecd6e8 | result: final-key@0x7f49f400a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad89c080 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x7f49f400a0e0 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x7f49f400a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a03ecd670 | result: data=Ni-key@0x5641ad926910 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x5641ad926910 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a03ecd658 | result: data=Ni-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x5641ad926910 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f4a03ecd660 | result: data+=Nr-key@0x5641ad926910 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5641ad89c080 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad926910 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f4a03ecd660 | result: data+=SPIi-key@0x5641ad89c080 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5641ad926910 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89c080 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f4a03ecd660 | result: data+=SPIr-key@0x5641ad926910 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5641ad89c080 | prf+0 PRF sha init key-key@0x7f49f400a0e0 (size 20) | prf+0: key-key@0x7f49f400a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49f400a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a03ecd588 | result: clone-key@0x5641ad89c080 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f49ec002fa0 from key-key@0x5641ad89c080 | prf+0 prf: begin sha with context 0x7f49ec002fa0 from key-key@0x5641ad89c080 | prf+0: release clone-key@0x5641ad89c080 | prf+0 PRF sha crypt-prf@0x7f49ec002f78 | prf+0 PRF sha update seed-key@0x5641ad926910 (size 80) | prf+0: seed-key@0x5641ad926910 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad926910 | nss hmac digest hack: symkey-key@0x5641ad926910 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: d8 2d ed cf 11 c0 86 cb 88 62 de 70 29 3e b6 92 f0 81 90 ae ee e2 21 20 f3 a7 2e 4f 0f 37 e2 7f b9 89 b4 5a 27 94 f3 e7 f1 20 7b 5a 0c 4d 7c 62 72 95 84 87 1d 85 e7 62 64 79 2c 6e c5 59 4f 3d 65 f6 e3 85 ba 40 c6 7c 0c 49 07 85 a7 80 3e 3e | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49ec005338 | unwrapped: 56 45 09 29 a3 ec b6 99 2e ae d5 79 53 4a 0c 25 | unwrapped: 6f f7 0b 53 ad c4 ce c5 f5 f9 8b d9 b1 ad 5a 15 | unwrapped: 8d 5a 72 e2 b7 f4 83 ec 25 06 0c 51 30 66 64 f6 | unwrapped: 98 0f 71 31 55 8b 3e 11 2b ef 04 ec a4 c2 0f 26 | unwrapped: 26 fd 91 00 6e 77 b5 b1 21 84 58 56 c8 5b a4 f1 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a03ecd590 | result: final-key@0x5641ad923020 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad923020 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a03ecd578 | result: final-key@0x5641ad89c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad923020 | prf+0 PRF sha final-key@0x5641ad89c080 (size 20) | prf+0: key-key@0x5641ad89c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x5641ad89c080 | prf+N PRF sha init key-key@0x7f49f400a0e0 (size 20) | prf+N: key-key@0x7f49f400a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49f400a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a03ecd588 | result: clone-key@0x5641ad923020 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49ec002fa0 from key-key@0x5641ad923020 | prf+N prf: begin sha with context 0x7f49ec002fa0 from key-key@0x5641ad923020 | prf+N: release clone-key@0x5641ad923020 | prf+N PRF sha crypt-prf@0x7f49ec0030d8 | prf+N PRF sha update old_t-key@0x5641ad89c080 (size 20) | prf+N: old_t-key@0x5641ad89c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad89c080 | nss hmac digest hack: symkey-key@0x5641ad89c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 1d be 62 c8 a9 c3 aa f6 05 be 08 5c 7f b3 cf 4c 5e 1d 57 68 e4 7d 35 3c b4 9b 9f 21 f1 76 72 80 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49ec002f28 | unwrapped: 64 f3 53 dc 3a 24 53 b8 3d a4 0f 03 e7 04 7c 63 | unwrapped: 1d 34 27 c6 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad926910 (size 80) | prf+N: seed-key@0x5641ad926910 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad926910 | nss hmac digest hack: symkey-key@0x5641ad926910 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: d8 2d ed cf 11 c0 86 cb 88 62 de 70 29 3e b6 92 f0 81 90 ae ee e2 21 20 f3 a7 2e 4f 0f 37 e2 7f b9 89 b4 5a 27 94 f3 e7 f1 20 7b 5a 0c 4d 7c 62 72 95 84 87 1d 85 e7 62 64 79 2c 6e c5 59 4f 3d 65 f6 e3 85 ba 40 c6 7c 0c 49 07 85 a7 80 3e 3e | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49ec0052b8 | unwrapped: 56 45 09 29 a3 ec b6 99 2e ae d5 79 53 4a 0c 25 | unwrapped: 6f f7 0b 53 ad c4 ce c5 f5 f9 8b d9 b1 ad 5a 15 | unwrapped: 8d 5a 72 e2 b7 f4 83 ec 25 06 0c 51 30 66 64 f6 | unwrapped: 98 0f 71 31 55 8b 3e 11 2b ef 04 ec a4 c2 0f 26 | unwrapped: 26 fd 91 00 6e 77 b5 b1 21 84 58 56 c8 5b a4 f1 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a03ecd590 | result: final-key@0x5641ad895ec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad895ec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a03ecd578 | result: final-key@0x5641ad923020 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad895ec0 | prf+N PRF sha final-key@0x5641ad923020 (size 20) | prf+N: key-key@0x5641ad923020 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a03ecd608 | result: result-key@0x5641ad895ec0 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5641ad89c080 | prfplus: release old_t[N]-key@0x5641ad89c080 | prf+N PRF sha init key-key@0x7f49f400a0e0 (size 20) | prf+N: key-key@0x7f49f400a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49f400a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a03ecd588 | result: clone-key@0x5641ad89c080 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49ec002fa0 from key-key@0x5641ad89c080 | prf+N prf: begin sha with context 0x7f49ec002fa0 from key-key@0x5641ad89c080 | prf+N: release clone-key@0x5641ad89c080 | prf+N PRF sha crypt-prf@0x7f49ec002f78 | prf+N PRF sha update old_t-key@0x5641ad923020 (size 20) | prf+N: old_t-key@0x5641ad923020 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad923020 | nss hmac digest hack: symkey-key@0x5641ad923020 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: ac d0 a6 42 8f 70 c3 5e 11 3b bd f8 d9 b1 2d 1c e3 98 18 4e 63 8f 75 d3 3f 76 5e 73 29 ef da 7d | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49ec003a78 | unwrapped: ca d1 2d dc 30 51 a9 b7 19 e4 18 47 8e 04 76 b7 | unwrapped: e4 2c df 4b 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad926910 (size 80) | prf+N: seed-key@0x5641ad926910 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad926910 | nss hmac digest hack: symkey-key@0x5641ad926910 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: d8 2d ed cf 11 c0 86 cb 88 62 de 70 29 3e b6 92 f0 81 90 ae ee e2 21 20 f3 a7 2e 4f 0f 37 e2 7f b9 89 b4 5a 27 94 f3 e7 f1 20 7b 5a 0c 4d 7c 62 72 95 84 87 1d 85 e7 62 64 79 2c 6e c5 59 4f 3d 65 f6 e3 85 ba 40 c6 7c 0c 49 07 85 a7 80 3e 3e | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49ec005338 | unwrapped: 56 45 09 29 a3 ec b6 99 2e ae d5 79 53 4a 0c 25 | unwrapped: 6f f7 0b 53 ad c4 ce c5 f5 f9 8b d9 b1 ad 5a 15 | unwrapped: 8d 5a 72 e2 b7 f4 83 ec 25 06 0c 51 30 66 64 f6 | unwrapped: 98 0f 71 31 55 8b 3e 11 2b ef 04 ec a4 c2 0f 26 | unwrapped: 26 fd 91 00 6e 77 b5 b1 21 84 58 56 c8 5b a4 f1 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a03ecd590 | result: final-key@0x5641ad924ad0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad924ad0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a03ecd578 | result: final-key@0x5641ad89c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad924ad0 | prf+N PRF sha final-key@0x5641ad89c080 (size 20) | prf+N: key-key@0x5641ad89c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad895ec0 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a03ecd608 | result: result-key@0x5641ad924ad0 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5641ad895ec0 | prfplus: release old_t[N]-key@0x5641ad923020 | prf+N PRF sha init key-key@0x7f49f400a0e0 (size 20) | prf+N: key-key@0x7f49f400a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49f400a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a03ecd588 | result: clone-key@0x5641ad923020 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49ec002fa0 from key-key@0x5641ad923020 | prf+N prf: begin sha with context 0x7f49ec002fa0 from key-key@0x5641ad923020 | prf+N: release clone-key@0x5641ad923020 | prf+N PRF sha crypt-prf@0x7f49ec002f28 | prf+N PRF sha update old_t-key@0x5641ad89c080 (size 20) | prf+N: old_t-key@0x5641ad89c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad89c080 | nss hmac digest hack: symkey-key@0x5641ad89c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 93 f1 5c 02 ad 4d 0a 45 65 d0 8a e4 91 f2 02 6d b6 5a 56 bf 0a 16 dc e0 84 1f a8 1b db ba 8e 48 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49ec005e88 | unwrapped: 66 ec 52 e2 70 79 fe 8d a9 60 ee 53 c9 b4 84 32 | unwrapped: 06 f3 53 ac 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad926910 (size 80) | prf+N: seed-key@0x5641ad926910 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad926910 | nss hmac digest hack: symkey-key@0x5641ad926910 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: d8 2d ed cf 11 c0 86 cb 88 62 de 70 29 3e b6 92 f0 81 90 ae ee e2 21 20 f3 a7 2e 4f 0f 37 e2 7f b9 89 b4 5a 27 94 f3 e7 f1 20 7b 5a 0c 4d 7c 62 72 95 84 87 1d 85 e7 62 64 79 2c 6e c5 59 4f 3d 65 f6 e3 85 ba 40 c6 7c 0c 49 07 85 a7 80 3e 3e | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49ec0052b8 | unwrapped: 56 45 09 29 a3 ec b6 99 2e ae d5 79 53 4a 0c 25 | unwrapped: 6f f7 0b 53 ad c4 ce c5 f5 f9 8b d9 b1 ad 5a 15 | unwrapped: 8d 5a 72 e2 b7 f4 83 ec 25 06 0c 51 30 66 64 f6 | unwrapped: 98 0f 71 31 55 8b 3e 11 2b ef 04 ec a4 c2 0f 26 | unwrapped: 26 fd 91 00 6e 77 b5 b1 21 84 58 56 c8 5b a4 f1 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a03ecd590 | result: final-key@0x5641ad895ec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad895ec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a03ecd578 | result: final-key@0x5641ad923020 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad895ec0 | prf+N PRF sha final-key@0x5641ad923020 (size 20) | prf+N: key-key@0x5641ad923020 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad924ad0 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a03ecd608 | result: result-key@0x5641ad895ec0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5641ad924ad0 | prfplus: release old_t[N]-key@0x5641ad89c080 | prf+N PRF sha init key-key@0x7f49f400a0e0 (size 20) | prf+N: key-key@0x7f49f400a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49f400a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a03ecd588 | result: clone-key@0x5641ad89c080 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49ec002fa0 from key-key@0x5641ad89c080 | prf+N prf: begin sha with context 0x7f49ec002fa0 from key-key@0x5641ad89c080 | prf+N: release clone-key@0x5641ad89c080 | prf+N PRF sha crypt-prf@0x7f49ec0030d8 | prf+N PRF sha update old_t-key@0x5641ad923020 (size 20) | prf+N: old_t-key@0x5641ad923020 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad923020 | nss hmac digest hack: symkey-key@0x5641ad923020 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: d6 78 2c ed db fd c3 bc a7 99 5b eb 5d d3 12 bc e1 1a a6 e9 f4 29 35 a2 63 5e 36 9d fc d0 08 3f | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49ec003a78 | unwrapped: 3e f1 a5 e7 63 f5 a4 f3 1b 63 b7 bf 82 b9 9a ab | unwrapped: 66 1b 56 f3 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad926910 (size 80) | prf+N: seed-key@0x5641ad926910 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad926910 | nss hmac digest hack: symkey-key@0x5641ad926910 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: d8 2d ed cf 11 c0 86 cb 88 62 de 70 29 3e b6 92 f0 81 90 ae ee e2 21 20 f3 a7 2e 4f 0f 37 e2 7f b9 89 b4 5a 27 94 f3 e7 f1 20 7b 5a 0c 4d 7c 62 72 95 84 87 1d 85 e7 62 64 79 2c 6e c5 59 4f 3d 65 f6 e3 85 ba 40 c6 7c 0c 49 07 85 a7 80 3e 3e | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49ec005338 | unwrapped: 56 45 09 29 a3 ec b6 99 2e ae d5 79 53 4a 0c 25 | unwrapped: 6f f7 0b 53 ad c4 ce c5 f5 f9 8b d9 b1 ad 5a 15 | unwrapped: 8d 5a 72 e2 b7 f4 83 ec 25 06 0c 51 30 66 64 f6 | unwrapped: 98 0f 71 31 55 8b 3e 11 2b ef 04 ec a4 c2 0f 26 | unwrapped: 26 fd 91 00 6e 77 b5 b1 21 84 58 56 c8 5b a4 f1 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a03ecd590 | result: final-key@0x5641ad924ad0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad924ad0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a03ecd578 | result: final-key@0x5641ad89c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad924ad0 | prf+N PRF sha final-key@0x5641ad89c080 (size 20) | prf+N: key-key@0x5641ad89c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad895ec0 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a03ecd608 | result: result-key@0x5641ad924ad0 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5641ad895ec0 | prfplus: release old_t[N]-key@0x5641ad923020 | prf+N PRF sha init key-key@0x7f49f400a0e0 (size 20) | prf+N: key-key@0x7f49f400a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49f400a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a03ecd588 | result: clone-key@0x5641ad923020 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49ec005510 from key-key@0x5641ad923020 | prf+N prf: begin sha with context 0x7f49ec005510 from key-key@0x5641ad923020 | prf+N: release clone-key@0x5641ad923020 | prf+N PRF sha crypt-prf@0x7f49ec002f78 | prf+N PRF sha update old_t-key@0x5641ad89c080 (size 20) | prf+N: old_t-key@0x5641ad89c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad89c080 | nss hmac digest hack: symkey-key@0x5641ad89c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 2a 39 93 0d e2 7d 7b 6a 2a 8b 23 5b cd 0f f5 a2 33 df 92 d6 49 0d 32 a9 a5 00 1f c1 8a 0f 61 f5 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49ec002f28 | unwrapped: d6 ee 1e 68 9c d7 41 b6 29 e7 f4 08 19 e8 15 40 | unwrapped: ed ea 36 3d 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad926910 (size 80) | prf+N: seed-key@0x5641ad926910 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad926910 | nss hmac digest hack: symkey-key@0x5641ad926910 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: d8 2d ed cf 11 c0 86 cb 88 62 de 70 29 3e b6 92 f0 81 90 ae ee e2 21 20 f3 a7 2e 4f 0f 37 e2 7f b9 89 b4 5a 27 94 f3 e7 f1 20 7b 5a 0c 4d 7c 62 72 95 84 87 1d 85 e7 62 64 79 2c 6e c5 59 4f 3d 65 f6 e3 85 ba 40 c6 7c 0c 49 07 85 a7 80 3e 3e | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49ec0052b8 | unwrapped: 56 45 09 29 a3 ec b6 99 2e ae d5 79 53 4a 0c 25 | unwrapped: 6f f7 0b 53 ad c4 ce c5 f5 f9 8b d9 b1 ad 5a 15 | unwrapped: 8d 5a 72 e2 b7 f4 83 ec 25 06 0c 51 30 66 64 f6 | unwrapped: 98 0f 71 31 55 8b 3e 11 2b ef 04 ec a4 c2 0f 26 | unwrapped: 26 fd 91 00 6e 77 b5 b1 21 84 58 56 c8 5b a4 f1 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a03ecd590 | result: final-key@0x5641ad895ec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad895ec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a03ecd578 | result: final-key@0x5641ad923020 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad895ec0 | prf+N PRF sha final-key@0x5641ad923020 (size 20) | prf+N: key-key@0x5641ad923020 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad924ad0 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a03ecd608 | result: result-key@0x5641ad895ec0 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5641ad924ad0 | prfplus: release old_t[N]-key@0x5641ad89c080 | prf+N PRF sha init key-key@0x7f49f400a0e0 (size 20) | prf+N: key-key@0x7f49f400a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49f400a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a03ecd588 | result: clone-key@0x5641ad89c080 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49ec002fa0 from key-key@0x5641ad89c080 | prf+N prf: begin sha with context 0x7f49ec002fa0 from key-key@0x5641ad89c080 | prf+N: release clone-key@0x5641ad89c080 | prf+N PRF sha crypt-prf@0x7f49ec0030d8 | prf+N PRF sha update old_t-key@0x5641ad923020 (size 20) | prf+N: old_t-key@0x5641ad923020 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad923020 | nss hmac digest hack: symkey-key@0x5641ad923020 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: a9 79 ee c2 2b 24 7d dc f7 0f b7 11 e9 7f da 57 0d 80 a7 c7 0d 99 21 9e ae 10 c8 25 1a a8 02 54 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49ec003a78 | unwrapped: ae 16 96 ab b7 f4 0f f0 29 a3 3a ec b7 48 34 2a | unwrapped: ef 5b 26 45 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad926910 (size 80) | prf+N: seed-key@0x5641ad926910 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad926910 | nss hmac digest hack: symkey-key@0x5641ad926910 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: d8 2d ed cf 11 c0 86 cb 88 62 de 70 29 3e b6 92 f0 81 90 ae ee e2 21 20 f3 a7 2e 4f 0f 37 e2 7f b9 89 b4 5a 27 94 f3 e7 f1 20 7b 5a 0c 4d 7c 62 72 95 84 87 1d 85 e7 62 64 79 2c 6e c5 59 4f 3d 65 f6 e3 85 ba 40 c6 7c 0c 49 07 85 a7 80 3e 3e | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49ec0064e8 | unwrapped: 56 45 09 29 a3 ec b6 99 2e ae d5 79 53 4a 0c 25 | unwrapped: 6f f7 0b 53 ad c4 ce c5 f5 f9 8b d9 b1 ad 5a 15 | unwrapped: 8d 5a 72 e2 b7 f4 83 ec 25 06 0c 51 30 66 64 f6 | unwrapped: 98 0f 71 31 55 8b 3e 11 2b ef 04 ec a4 c2 0f 26 | unwrapped: 26 fd 91 00 6e 77 b5 b1 21 84 58 56 c8 5b a4 f1 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a03ecd590 | result: final-key@0x5641ad924ad0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad924ad0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a03ecd578 | result: final-key@0x5641ad89c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad924ad0 | prf+N PRF sha final-key@0x5641ad89c080 (size 20) | prf+N: key-key@0x5641ad89c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad895ec0 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a03ecd608 | result: result-key@0x5641ad924ad0 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5641ad895ec0 | prfplus: release old_t[N]-key@0x5641ad923020 | prfplus: release old_t[final]-key@0x5641ad89c080 | ike_sa_keymat: release data-key@0x5641ad926910 | calc_skeyseed_v2: release skeyseed_k-key@0x7f49f400a0e0 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad924ad0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a03ecd7a8 | result: result-key@0x7f49f400a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad924ad0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a03ecd7a8 | result: result-key@0x5641ad926910 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad924ad0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a03ecd7a8 | result: result-key@0x5641ad89c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x5641ad924ad0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a03ecd7b8 | result: SK_ei_k-key@0x5641ad923020 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x5641ad924ad0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a03ecd7b8 | result: SK_er_k-key@0x5641ad895ec0 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad924ad0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a03ecd7b8 | result: result-key@0x5641ad926530 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x5641ad926530 | chunk_SK_pi: symkey-key@0x5641ad926530 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: 35 10 92 04 a0 06 d6 42 5e 71 2f 9b 3c 4c 5d 94 4e b7 f4 e6 80 30 df cc 0f f5 a7 1a 91 2f 1c 23 | chunk_SK_pi: release slot-key-key@0x5641ad91fd40 | chunk_SK_pi extracted len 32 bytes at 0x7f49ec002f78 | unwrapped: 19 e8 15 40 ed ea 36 3d ae 16 96 ab b7 f4 0f f0 | unwrapped: 29 a3 3a ec 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad924ad0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a03ecd7b8 | result: result-key@0x5641ad93f770 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x5641ad93f770 | chunk_SK_pr: symkey-key@0x5641ad93f770 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: b5 30 47 7b 72 11 3b dd 95 3d 78 21 c3 b6 38 ed 8e c3 e5 a6 19 4e aa d3 e0 41 0e d6 da 31 09 8f | chunk_SK_pr: release slot-key-key@0x5641ad91fd40 | chunk_SK_pr extracted len 32 bytes at 0x7f49ec003a78 | unwrapped: b7 48 34 2a ef 5b 26 45 59 5e 7c 45 97 2c 8e 73 | unwrapped: 92 73 54 17 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x5641ad924ad0 | calc_skeyseed_v2 pointers: shared-key@0x7f49f400d840, SK_d-key@0x7f49f400a0e0, SK_ai-key@0x5641ad926910, SK_ar-key@0x5641ad89c080, SK_ei-key@0x5641ad923020, SK_er-key@0x5641ad895ec0, SK_pi-key@0x5641ad926530, SK_pr-key@0x5641ad93f770 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | 19 e8 15 40 ed ea 36 3d ae 16 96 ab b7 f4 0f f0 | 29 a3 3a ec | calc_skeyseed_v2 SK_pr | b7 48 34 2a ef 5b 26 45 59 5e 7c 45 97 2c 8e 73 | 92 73 54 17 | crypto helper 4 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 4 time elapsed 0.003127 seconds | (#5) spent 3.09 milliseconds in crypto helper computing work-order 4: ikev2_inI2outR2 KE (pcr) | crypto helper 4 sending results from work-order 4 for state #5 to event queue | scheduling resume sending helper answer for #5 | libevent_malloc: new ptr-libevent@0x7f49ec005088 size 128 | crypto helper 4 waiting (nothing to do) | processing resume sending helper answer for #5 | start processing: state #5 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 4 replies to request ID 4 | calling continuation function 0x5641ac982b50 | ikev2_parent_inI2outR2_continue for #5: calculating g^{xy}, sending R2 | DH secret MODP2048@0x7f49f8003a28: transferring ownership from helper IKEv2 DH to state #5 | finish_dh_v2: release st_shared_nss-key@NULL | #5 in state PARENT_R1: received v2I1, sent v2R1 | hmac PRF sha init symkey-key@0x5641ad926910 (size 20) | hmac: symkey-key@0x5641ad926910 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad926910 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b1ab8 | result: clone-key@0x5641ad924ad0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49f8002b50 from symkey-key@0x5641ad924ad0 | hmac prf: begin sha with context 0x7f49f8002b50 from symkey-key@0x5641ad924ad0 | hmac: release clone-key@0x5641ad924ad0 | hmac PRF sha crypt-prf@0x5641ad93de08 | hmac PRF sha update data-bytes@0x7f49f4000b48 (length 208) | 26 fd 91 00 6e 77 b5 b1 21 84 58 56 c8 5b a4 f1 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 1c 2b 25 01 e4 9d b9 e7 62 6b 86 f7 3e 67 4b 6b | 60 58 a2 0f b9 f7 71 e9 5d 1e b9 10 dc 0a 5d 73 | ae 39 85 0f e1 a8 09 0d 1b 8d 2d 74 8d 61 44 c8 | 70 e6 b8 46 c2 87 69 0e 8e ba e7 29 0a 6b 8b b3 | 7b 05 3c 68 fb ad 01 d9 e0 e0 30 70 92 63 05 1c | 69 93 6b 53 ae c1 66 3c ee ec 28 06 4a 46 5d 94 | b7 9e 16 64 f3 c3 1f 6a 46 ad 7c 62 80 80 f3 a0 | 5c ab db 6c 4f 7a 36 40 23 a5 8e 36 3b 1a d2 ed | 1a e3 d6 ad 42 61 be dc 14 d9 0f df 9d 1a b7 a2 | 74 fe 64 c0 41 b5 6d 1f ab 69 28 6e ed 2a 0f 26 | 1c f7 d3 92 aa 7c a2 7d d5 41 20 b0 54 8d c3 b3 | hmac PRF sha final-bytes@0x7fff837b1c80 (length 20) | 71 5b 21 f1 7b 3f 93 cf f6 28 a7 38 17 76 4d 14 | e7 36 8e 5a | data for hmac: 26 fd 91 00 6e 77 b5 b1 21 84 58 56 c8 5b a4 f1 | data for hmac: 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | data for hmac: 1c 2b 25 01 e4 9d b9 e7 62 6b 86 f7 3e 67 4b 6b | data for hmac: 60 58 a2 0f b9 f7 71 e9 5d 1e b9 10 dc 0a 5d 73 | data for hmac: ae 39 85 0f e1 a8 09 0d 1b 8d 2d 74 8d 61 44 c8 | data for hmac: 70 e6 b8 46 c2 87 69 0e 8e ba e7 29 0a 6b 8b b3 | data for hmac: 7b 05 3c 68 fb ad 01 d9 e0 e0 30 70 92 63 05 1c | data for hmac: 69 93 6b 53 ae c1 66 3c ee ec 28 06 4a 46 5d 94 | data for hmac: b7 9e 16 64 f3 c3 1f 6a 46 ad 7c 62 80 80 f3 a0 | data for hmac: 5c ab db 6c 4f 7a 36 40 23 a5 8e 36 3b 1a d2 ed | data for hmac: 1a e3 d6 ad 42 61 be dc 14 d9 0f df 9d 1a b7 a2 | data for hmac: 74 fe 64 c0 41 b5 6d 1f ab 69 28 6e ed 2a 0f 26 | data for hmac: 1c f7 d3 92 aa 7c a2 7d d5 41 20 b0 54 8d c3 b3 | calculated auth: 71 5b 21 f1 7b 3f 93 cf f6 28 a7 38 | provided auth: 71 5b 21 f1 7b 3f 93 cf f6 28 a7 38 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 1c 2b 25 01 e4 9d b9 e7 62 6b 86 f7 3e 67 4b 6b | payload before decryption: | 60 58 a2 0f b9 f7 71 e9 5d 1e b9 10 dc 0a 5d 73 | ae 39 85 0f e1 a8 09 0d 1b 8d 2d 74 8d 61 44 c8 | 70 e6 b8 46 c2 87 69 0e 8e ba e7 29 0a 6b 8b b3 | 7b 05 3c 68 fb ad 01 d9 e0 e0 30 70 92 63 05 1c | 69 93 6b 53 ae c1 66 3c ee ec 28 06 4a 46 5d 94 | b7 9e 16 64 f3 c3 1f 6a 46 ad 7c 62 80 80 f3 a0 | 5c ab db 6c 4f 7a 36 40 23 a5 8e 36 3b 1a d2 ed | 1a e3 d6 ad 42 61 be dc 14 d9 0f df 9d 1a b7 a2 | 74 fe 64 c0 41 b5 6d 1f ab 69 28 6e ed 2a 0f 26 | 1c f7 d3 92 aa 7c a2 7d d5 41 20 b0 54 8d c3 b3 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | 46 93 8c 97 fa fb 71 7e da aa 54 22 a3 25 2b d6 | 91 fc da 0d 2c 00 00 2c 00 00 00 28 01 03 04 03 | 11 cf 21 24 03 00 00 0c 01 00 00 0c 80 0e 00 00 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | stripping 16 octets as pad | #5 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) | **parse IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDi (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Responder: process IKE_AUTH request | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request "east" #5: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} | #5 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | received IDr payload - extracting our alleged ID | refine_host_connection for IKEv2: starting with "east" | match_id a=@west | b=@west | results matched | refine_host_connection: checking "east" against "east", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) | Warning: not switching back to template of current instance | Peer expects us to be @east (ID_FQDN) according to its IDr payload | This connection's local id is @east (ID_FQDN) | refine_host_connection: checked east against east, now for see if best | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x5641ad891c48 (line=1) | concluding with best_match=014 best=0x5641ad891c48 (lineno=1) | returning because exact peer id match | offered CA: '%none' "east" #5: IKEv2 mode peer ID is ID_FQDN: '@west' | hmac PRF sha init symkey-key@0x5641ad926530 (size 20) | hmac: symkey-key@0x5641ad926530 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad926530 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b1538 | result: clone-key@0x5641ad924ad0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49f8002b50 from symkey-key@0x5641ad924ad0 | hmac prf: begin sha with context 0x7f49f8002b50 from symkey-key@0x5641ad924ad0 | hmac: release clone-key@0x5641ad924ad0 | hmac PRF sha crypt-prf@0x5641ad93f8b8 | idhash verify I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x7f49f4000b7c (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7fff837b16e0 (length 20) | f3 6e 06 b6 0f 7b eb f4 07 e5 10 b7 2a aa 4a 14 | ea 05 40 50 | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x5641ad891c48 (line=1) | concluding with best_match=014 best=0x5641ad891c48 (lineno=1) | inputs to hash1 (first packet) | 26 fd 91 00 6e 77 b5 b1 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 76 25 40 60 88 f0 91 4a 25 73 cf 71 | 42 3d 73 01 73 5d 31 8e 30 3d 99 e6 3f 06 ac c2 | 24 de a3 0b 4c 6c 05 61 3a b7 0a 27 8b d7 75 f2 | a7 a1 64 fa 2a 65 e3 a3 ef da 3e 80 fe 85 53 b5 | af eb bb 4f 41 66 77 26 3f 5d 7f 1b 7b 36 28 fe | 25 73 f2 c2 52 ea a5 d6 66 05 87 d9 0a 1c c8 3d | 47 ae 33 78 3e 14 a6 ed a8 1d 52 26 cd 5b a0 02 | 89 bc fb 14 e1 08 ec 82 ac 14 b7 e4 92 83 83 6f | 6e 2a 18 9a 40 25 fd 0f 5b 16 1e 57 e9 59 17 80 | 7d 2b 12 65 27 9e bc 56 15 62 0d 2a 4e 89 f6 8d | 11 43 c7 fa ed 55 72 49 54 6a 5c c0 0e 5d d7 38 | b3 b7 8c df c4 90 5b cf 5c 40 42 28 22 5f 6d 18 | b3 93 b0 ee 4a cd 42 f4 ee 0f 83 7e 93 b5 11 83 | 6d e0 9c 22 9b ad a2 54 33 7b 6c e8 98 e5 28 b9 | 25 6f cc ac 74 11 86 c2 53 ab 8a 19 ce 40 92 bc | 7f bc 42 37 8c 7b 4a 28 59 4a 12 12 bc 42 a6 e1 | c5 0c 75 c0 29 00 00 24 56 45 09 29 a3 ec b6 99 | 2e ae d5 79 53 4a 0c 25 6f f7 0b 53 ad c4 ce c5 | f5 f9 8b d9 b1 ad 5a 15 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 45 a7 e4 78 31 16 fa fe | 01 bd e3 af 4d 54 92 4f f0 57 65 c9 00 00 00 1c | 00 00 40 05 5c 18 0e 7e 7d d0 ec 68 7f 98 d2 e1 | 4a 4d bf 5f e4 2b e9 1a | verify: initiator inputs to hash2 (responder nonce) | 8d 5a 72 e2 b7 f4 83 ec 25 06 0c 51 30 66 64 f6 | 98 0f 71 31 55 8b 3e 11 2b ef 04 ec a4 c2 0f 26 | idhash f3 6e 06 b6 0f 7b eb f4 07 e5 10 b7 2a aa 4a 14 | idhash ea 05 40 50 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x5641ad91fc98 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b1330 | result: shared secret-key@0x5641ad9373d0 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x5641ad9373d0 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b1318 | result: shared secret-key@0x5641ad924ad0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x5641ad9373d0 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f49f8002b50 from shared secret-key@0x5641ad924ad0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f49f8002b50 from shared secret-key@0x5641ad924ad0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x5641ad924ad0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x5641ad93de08 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x5641aca154d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b1350 | result: final-key@0x5641ad9373d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b1338 | result: final-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad9373d0 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x5641ad924ad0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x5641ad924ad0 (size 20) | = prf(, ): -key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b1348 | result: clone-key@0x5641ad9373d0 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f49f8002b50 from -key@0x5641ad9373d0 | = prf(, ) prf: begin sha with context 0x7f49f8002b50 from -key@0x5641ad9373d0 | = prf(, ): release clone-key@0x5641ad9373d0 | = prf(, ) PRF sha crypt-prf@0x5641ad93f8b8 | = prf(, ) PRF sha update first-packet-bytes@0x5641ad93d868 (length 440) | 26 fd 91 00 6e 77 b5 b1 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 76 25 40 60 88 f0 91 4a 25 73 cf 71 | 42 3d 73 01 73 5d 31 8e 30 3d 99 e6 3f 06 ac c2 | 24 de a3 0b 4c 6c 05 61 3a b7 0a 27 8b d7 75 f2 | a7 a1 64 fa 2a 65 e3 a3 ef da 3e 80 fe 85 53 b5 | af eb bb 4f 41 66 77 26 3f 5d 7f 1b 7b 36 28 fe | 25 73 f2 c2 52 ea a5 d6 66 05 87 d9 0a 1c c8 3d | 47 ae 33 78 3e 14 a6 ed a8 1d 52 26 cd 5b a0 02 | 89 bc fb 14 e1 08 ec 82 ac 14 b7 e4 92 83 83 6f | 6e 2a 18 9a 40 25 fd 0f 5b 16 1e 57 e9 59 17 80 | 7d 2b 12 65 27 9e bc 56 15 62 0d 2a 4e 89 f6 8d | 11 43 c7 fa ed 55 72 49 54 6a 5c c0 0e 5d d7 38 | b3 b7 8c df c4 90 5b cf 5c 40 42 28 22 5f 6d 18 | b3 93 b0 ee 4a cd 42 f4 ee 0f 83 7e 93 b5 11 83 | 6d e0 9c 22 9b ad a2 54 33 7b 6c e8 98 e5 28 b9 | 25 6f cc ac 74 11 86 c2 53 ab 8a 19 ce 40 92 bc | 7f bc 42 37 8c 7b 4a 28 59 4a 12 12 bc 42 a6 e1 | c5 0c 75 c0 29 00 00 24 56 45 09 29 a3 ec b6 99 | 2e ae d5 79 53 4a 0c 25 6f f7 0b 53 ad c4 ce c5 | f5 f9 8b d9 b1 ad 5a 15 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 45 a7 e4 78 31 16 fa fe | 01 bd e3 af 4d 54 92 4f f0 57 65 c9 00 00 00 1c | 00 00 40 05 5c 18 0e 7e 7d d0 ec 68 7f 98 d2 e1 | 4a 4d bf 5f e4 2b e9 1a | = prf(, ) PRF sha update nonce-bytes@0x7f49f8001278 (length 32) | 8d 5a 72 e2 b7 f4 83 ec 25 06 0c 51 30 66 64 f6 | 98 0f 71 31 55 8b 3e 11 2b ef 04 ec a4 c2 0f 26 | = prf(, ) PRF sha update hash-bytes@0x7fff837b16e0 (length 20) | f3 6e 06 b6 0f 7b eb f4 07 e5 10 b7 2a aa 4a 14 | ea 05 40 50 | = prf(, ) PRF sha final-chunk@0x5641ad940ff8 (length 20) | 46 93 8c 97 fa fb 71 7e da aa 54 22 a3 25 2b d6 | 91 fc da 0d | psk_auth: release prf-psk-key@0x5641ad924ad0 | Received PSK auth octets | 46 93 8c 97 fa fb 71 7e da aa 54 22 a3 25 2b d6 | 91 fc da 0d | Calculated PSK auth octets | 46 93 8c 97 fa fb 71 7e da aa 54 22 a3 25 2b d6 | 91 fc da 0d "east" #5: Authenticated using authby=secret | parent state #5: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) | #5 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f49f8002888 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5641ad93a768 | event_schedule: new EVENT_SA_REKEY-pe@0x5641ad93a768 | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #5 | libevent_malloc: new ptr-libevent@0x5641ad93dc08 size 128 | pstats #5 ikev2.ike established | **emit ISAKMP Message: | initiator cookie: | 26 fd 91 00 6e 77 b5 b1 | responder cookie: | 21 84 58 56 c8 5b a4 f1 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | hmac PRF sha init symkey-key@0x5641ad93f770 (size 20) | hmac: symkey-key@0x5641ad93f770 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad93f770 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0eb8 | result: clone-key@0x5641ad924ad0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49f8002b50 from symkey-key@0x5641ad924ad0 | hmac prf: begin sha with context 0x7f49f8002b50 from symkey-key@0x5641ad924ad0 | hmac: release clone-key@0x5641ad924ad0 | hmac PRF sha crypt-prf@0x5641ad93f8b8 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload | my identity 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | idhash calc R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x5641aca808f4 (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7fff837b11b0 (length 20) | 64 4d 42 aa 43 ca 70 59 eb 9e 30 81 4e 23 31 71 | ba 59 da 31 | assembled IDr payload | CHILD SA proposals received | going to assemble AUTH payload | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x5641ad891c48 (line=1) | concluding with best_match=014 best=0x5641ad891c48 (lineno=1) | inputs to hash1 (first packet) | 26 fd 91 00 6e 77 b5 b1 21 84 58 56 c8 5b a4 f1 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 a7 c3 4b 5e cf 59 0f d4 54 4d 31 1e | db 41 7b 06 85 78 e0 f6 eb 96 b8 92 8d 7e a3 d2 | d3 a6 5c 5c 32 c0 19 bf 12 7f 14 15 e6 dc 4a 4e | 72 de e1 1c 45 e2 f8 c7 6d 87 28 a8 5e cb 24 08 | 68 56 0f 84 8d f1 0c ce dd b7 3f 95 0c 51 96 ae | 06 45 2a 11 6f dd 8a f9 8a 67 a9 00 25 b9 00 03 | ba c7 a9 55 e8 39 f9 78 59 b1 d5 09 76 64 9c 39 | 61 d5 62 74 15 38 53 ae b4 63 7a 95 ab 50 58 9b | f9 de 7c 82 5b 3d d9 9a a0 6e 4a e1 1d dd 6b 12 | 14 2c c6 33 18 8b 50 88 d3 10 5f df e2 b6 93 cf | 33 14 1e 1d 09 c3 15 36 fa c3 05 c1 a9 09 9d 2c | ae c2 4b 64 08 67 10 92 5a dd 26 87 2f 22 86 bc | 30 67 fa 8d 91 92 a1 a3 65 af 5e 72 6d 6a 59 c9 | 59 8e e7 c6 d7 71 15 3e b7 2e 8c 25 8f 61 c5 5e | eb b9 76 ce 8e 0e d9 09 8d 42 78 d3 5b 8e ac 4c | cd 48 c2 0d 2a 95 fd 58 3e 44 ae fc 23 ab 8e af | 0b fa 0c 6c 29 00 00 24 8d 5a 72 e2 b7 f4 83 ec | 25 06 0c 51 30 66 64 f6 98 0f 71 31 55 8b 3e 11 | 2b ef 04 ec a4 c2 0f 26 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 8b 4d 51 cd 49 d8 d4 bd | e2 ec cd 5b 65 a4 b1 9d f8 81 a5 0f 00 00 00 1c | 00 00 40 05 6b 3a 6e 4f ad db ef 57 0b 07 89 fc | 76 30 00 24 42 09 04 41 | create: responder inputs to hash2 (initiator nonce) | 56 45 09 29 a3 ec b6 99 2e ae d5 79 53 4a 0c 25 | 6f f7 0b 53 ad c4 ce c5 f5 f9 8b d9 b1 ad 5a 15 | idhash 64 4d 42 aa 43 ca 70 59 eb 9e 30 81 4e 23 31 71 | idhash ba 59 da 31 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x5641ad91fc98 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0ca0 | result: shared secret-key@0x5641ad9373d0 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x5641ad9373d0 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c88 | result: shared secret-key@0x5641ad924ad0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x5641ad9373d0 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f49f8002b50 from shared secret-key@0x5641ad924ad0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f49f8002b50 from shared secret-key@0x5641ad924ad0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x5641ad924ad0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x5641ad940ff8 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x5641aca154d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0cc0 | result: final-key@0x5641ad9373d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0ca8 | result: final-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad9373d0 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x5641ad924ad0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x5641ad924ad0 (size 20) | = prf(, ): -key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0cb8 | result: clone-key@0x5641ad9373d0 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f49f8002b50 from -key@0x5641ad9373d0 | = prf(, ) prf: begin sha with context 0x7f49f8002b50 from -key@0x5641ad9373d0 | = prf(, ): release clone-key@0x5641ad9373d0 | = prf(, ) PRF sha crypt-prf@0x5641ad93f8b8 | = prf(, ) PRF sha update first-packet-bytes@0x5641ad939018 (length 440) | 26 fd 91 00 6e 77 b5 b1 21 84 58 56 c8 5b a4 f1 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 a7 c3 4b 5e cf 59 0f d4 54 4d 31 1e | db 41 7b 06 85 78 e0 f6 eb 96 b8 92 8d 7e a3 d2 | d3 a6 5c 5c 32 c0 19 bf 12 7f 14 15 e6 dc 4a 4e | 72 de e1 1c 45 e2 f8 c7 6d 87 28 a8 5e cb 24 08 | 68 56 0f 84 8d f1 0c ce dd b7 3f 95 0c 51 96 ae | 06 45 2a 11 6f dd 8a f9 8a 67 a9 00 25 b9 00 03 | ba c7 a9 55 e8 39 f9 78 59 b1 d5 09 76 64 9c 39 | 61 d5 62 74 15 38 53 ae b4 63 7a 95 ab 50 58 9b | f9 de 7c 82 5b 3d d9 9a a0 6e 4a e1 1d dd 6b 12 | 14 2c c6 33 18 8b 50 88 d3 10 5f df e2 b6 93 cf | 33 14 1e 1d 09 c3 15 36 fa c3 05 c1 a9 09 9d 2c | ae c2 4b 64 08 67 10 92 5a dd 26 87 2f 22 86 bc | 30 67 fa 8d 91 92 a1 a3 65 af 5e 72 6d 6a 59 c9 | 59 8e e7 c6 d7 71 15 3e b7 2e 8c 25 8f 61 c5 5e | eb b9 76 ce 8e 0e d9 09 8d 42 78 d3 5b 8e ac 4c | cd 48 c2 0d 2a 95 fd 58 3e 44 ae fc 23 ab 8e af | 0b fa 0c 6c 29 00 00 24 8d 5a 72 e2 b7 f4 83 ec | 25 06 0c 51 30 66 64 f6 98 0f 71 31 55 8b 3e 11 | 2b ef 04 ec a4 c2 0f 26 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 8b 4d 51 cd 49 d8 d4 bd | e2 ec cd 5b 65 a4 b1 9d f8 81 a5 0f 00 00 00 1c | 00 00 40 05 6b 3a 6e 4f ad db ef 57 0b 07 89 fc | 76 30 00 24 42 09 04 41 | = prf(, ) PRF sha update nonce-bytes@0x5641ad93dd08 (length 32) | 56 45 09 29 a3 ec b6 99 2e ae d5 79 53 4a 0c 25 | 6f f7 0b 53 ad c4 ce c5 f5 f9 8b d9 b1 ad 5a 15 | = prf(, ) PRF sha update hash-bytes@0x7fff837b11b0 (length 20) | 64 4d 42 aa 43 ca 70 59 eb 9e 30 81 4e 23 31 71 | ba 59 da 31 | = prf(, ) PRF sha final-chunk@0x5641ad93de08 (length 20) | 17 95 97 f8 da 0b 2a 34 53 38 a6 a3 59 34 c2 f3 | b7 d6 a1 f6 | psk_auth: release prf-psk-key@0x5641ad924ad0 | PSK auth octets 17 95 97 f8 da 0b 2a 34 53 38 a6 a3 59 34 c2 f3 | PSK auth octets b7 d6 a1 f6 | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth 17 95 97 f8 da 0b 2a 34 53 38 a6 a3 59 34 c2 f3 | PSK auth b7 d6 a1 f6 | emitting length of IKEv2 Authentication Payload: 28 | creating state object #6 at 0x5641ad93ded8 | State DB: adding IKEv2 state #6 in UNDEFINED | pstats #6 ikev2.child started | duplicating state object #5 "east" as #6 for IPSEC SA | #6 setting local endpoint to 192.1.2.23:500 from #5.st_localport (in duplicate_state() at state.c:1484) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x7f49f400a0e0 | duplicate_state: reference st_skey_ai_nss-key@0x5641ad926910 | duplicate_state: reference st_skey_ar_nss-key@0x5641ad89c080 | duplicate_state: reference st_skey_ei_nss-key@0x5641ad923020 | duplicate_state: reference st_skey_er_nss-key@0x5641ad895ec0 | duplicate_state: reference st_skey_pi_nss-key@0x5641ad926530 | duplicate_state: reference st_skey_pr_nss-key@0x5641ad93f770 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #5.#6; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #5 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 | Message ID: switch-to #5.#6 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 | Child SA TS Request has ike->sa == md->st; so using parent connection | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | looking for best SPD in current connection | evaluating our conn="east" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found better spd route for TSi[0],TSr[0] | looking for better host pair | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | checking hostpair 192.0.2.0/24 -> 192.0.1.0/24 is found | investigating connection "east" as a better match | match_id a=@west | b=@west | results matched | evaluating our conn="east" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | did not find a better connection using host pair | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | using existing local ESP/AH proposals for east (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED 2:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 0 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 1 transforms | local proposal 2 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI 11 cf 21 24 | Comparing remote proposal 1 containing 3 transforms against local proposal [1..2] of 2 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | *****parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 0 (0x0) | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: INTEG+ESN; unmatched: ENCR | remote proposal 1 does not match; unmatched remote transforms: ENCR "east" #5: no local proposal matches remote proposals 1:ESP:ENCR=AES_CBC;INTEG=HMAC_SHA1_96;ESN=DISABLED "east" #5: IKE_AUTH responder matching remote ESP/AH proposals failed, responder SA processing returned STF_FAIL+v2N_NO_PROPOSAL_CHOSEN | ikev2_child_sa_respond returned STF_FAIL+v2N_NO_PROPOSAL_CHOSEN | ikev2_parent_inI2outR2_continue_tail returned STF_FAIL+v2N_NO_PROPOSAL_CHOSEN | #5 spent 1.38 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() | suspend processing: state #5 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | start processing: state #6 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #6 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_FAIL+v2N_NO_PROPOSAL_CHOSEN | sending a notification reply "east" #6: responding to IKE_AUTH message (ID 1) from 192.1.2.45:500 with encrypted notification NO_PROPOSAL_CHOSEN | Opening output PBS encrypted notification | **emit ISAKMP Message: | initiator cookie: | 26 fd 91 00 6e 77 b5 b1 | responder cookie: | 21 84 58 56 c8 5b a4 f1 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'encrypted notification' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | Adding a v2N Payload | ****emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'encrypted notification' | emitting length of IKEv2 Notify Payload: 8 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | b5 e3 e7 fe 0b d1 3c 5a 43 99 f8 e8 e0 55 3c 53 | data before encryption: | 00 00 00 08 00 00 00 0e 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 82 3a b7 2f 29 80 1d 82 4b de 47 1b 3d f3 53 2e | hmac PRF sha init symkey-key@0x5641ad89c080 (size 20) | hmac: symkey-key@0x5641ad89c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad89c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0f98 | result: clone-key@0x5641ad924ad0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49f8002b50 from symkey-key@0x5641ad924ad0 | hmac prf: begin sha with context 0x7f49f8002b50 from symkey-key@0x5641ad924ad0 | hmac: release clone-key@0x5641ad924ad0 | hmac PRF sha crypt-prf@0x5641ad93f908 | hmac PRF sha update data-bytes@0x7fff837b13c0 (length 64) | 26 fd 91 00 6e 77 b5 b1 21 84 58 56 c8 5b a4 f1 | 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | b5 e3 e7 fe 0b d1 3c 5a 43 99 f8 e8 e0 55 3c 53 | 82 3a b7 2f 29 80 1d 82 4b de 47 1b 3d f3 53 2e | hmac PRF sha final-bytes@0x7fff837b1400 (length 20) | 10 0b 30 1e bb f6 84 97 da 03 b6 e8 31 14 ee b3 | 3d ea a2 57 | data being hmac: 26 fd 91 00 6e 77 b5 b1 21 84 58 56 c8 5b a4 f1 | data being hmac: 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | data being hmac: b5 e3 e7 fe 0b d1 3c 5a 43 99 f8 e8 e0 55 3c 53 | data being hmac: 82 3a b7 2f 29 80 1d 82 4b de 47 1b 3d f3 53 2e | out calculated auth: | 10 0b 30 1e bb f6 84 97 da 03 b6 e8 | sending 76 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #5) | 26 fd 91 00 6e 77 b5 b1 21 84 58 56 c8 5b a4 f1 | 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | b5 e3 e7 fe 0b d1 3c 5a 43 99 f8 e8 e0 55 3c 53 | 82 3a b7 2f 29 80 1d 82 4b de 47 1b 3d f3 53 2e | 10 0b 30 1e bb f6 84 97 da 03 b6 e8 | forcing #6 to a discard event | event_schedule: new EVENT_SO_DISCARD-pe@0x7f49f8002b78 | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #6 | libevent_malloc: new ptr-libevent@0x5641ad93d578 size 128 | state transition function for STATE_UNDEFINED failed: v2N_NO_PROPOSAL_CHOSEN | resume sending helper answer for #5 suppresed complete_v2_state_transition() | #5 spent 1.95 milliseconds in resume sending helper answer | stop processing: state #6 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f49ec005088 | spent 0.00313 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 444 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | bb df d5 b9 5d 96 13 d2 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 bc 22 00 00 34 | 00 00 00 30 01 01 00 04 03 00 00 10 01 00 00 0c | 80 0e 00 80 80 0e 00 80 03 00 00 08 02 00 00 02 | 03 00 00 08 03 00 00 02 00 00 00 08 04 00 00 0e | 28 00 01 08 00 0e 00 00 fd 47 99 1a d7 91 0c f2 | 7d 9a 26 9e 9b fa 6f 30 a1 19 e8 ab b6 c4 a3 39 | 15 d1 32 45 a6 a4 cd 11 3c b9 89 a2 2f da e3 ce | be 2c 5d d0 cc 7e 9f 2c e9 8d a2 6a 40 71 c8 ad | c5 10 97 e3 94 d4 4d 0c 9f 33 5b 79 2b 33 6a 74 | 47 30 8b f3 0f 63 18 7c 72 ad 8d cd 7d a9 93 7f | 2c 80 ef 27 ab a4 50 da 47 ff 59 7e 8d 01 ef 45 | a9 60 c9 f5 91 14 bb df 71 c0 f0 c3 02 93 a3 23 | 47 56 8d 91 dc 22 3d 81 90 41 b2 5e 67 6f 4b a5 | 8d cc 2d b7 9b 9a a1 56 fa d6 6f 01 f2 d6 15 e2 | 8d c6 9c a6 21 f9 e9 3c a8 da f3 f2 19 ec a2 8d | 0f 6b 75 9c 38 6c 0e a8 15 83 e5 7c 23 6b 53 85 | 4e 8e 22 0c 6f 9e 31 df 96 f1 8d 04 3d 32 45 07 | 86 ba 43 cd 36 29 78 3d dd be 87 bb 13 d3 48 bf | c6 db dc 85 61 46 23 c7 7d 21 6b 2a 42 97 7d 63 | 83 23 08 83 53 0f a0 99 52 79 5a 36 35 e9 ca e7 | 88 08 93 b3 61 bc 67 60 29 00 00 24 92 ef 82 bd | 0c d7 8f 7c 41 43 4e d9 41 6a 23 fe e0 f2 06 cc | a6 d8 8f eb 1e 37 f7 23 bd 87 4c 4f 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 ff 1c d9 29 | 3e 89 4d 45 e0 6c 20 72 6b 9a 2e cb 83 65 87 8a | 00 00 00 1c 00 00 40 05 fc 3e 35 bb a6 99 ca f9 | 7e 1a 28 5d 52 fc 92 7d 0a 8a 60 e2 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | bb df d5 b9 5d 96 13 d2 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 444 (0x1bc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 52 (0x34) | processing payload: ISAKMP_NEXT_v2SA (len=48) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x5641ad939378 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x5641aca74700 (length 32) | 64 59 39 7d cd b9 28 1d f1 c8 1c 37 a1 76 10 ce | 60 62 36 da 0f 08 a7 5a 08 fd 21 a0 d8 62 36 c1 | IKE SPIr hash sha2_256 digest counter-bytes@0x5641aca746e0 (length 4) | 05 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff837b2220 (length 32) | d3 db 59 3f cd 74 e9 39 05 af 58 64 c1 06 77 9e | e3 c2 04 e1 1c b2 30 81 5c f8 97 48 83 cc 38 62 | creating state object #7 at 0x5641ad93c5a8 | State DB: adding IKEv2 state #7 in UNDEFINED | pstats #7 ikev2.ike started | Message ID: init #7: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #7: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #7; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #7 connection "east" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #7 connection "east" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) | #7 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #7 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #7 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #7 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #7 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 48 (0x30) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 16 (0x10) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 "east" #7: proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | DH public value received: | fd 47 99 1a d7 91 0c f2 7d 9a 26 9e 9b fa 6f 30 | a1 19 e8 ab b6 c4 a3 39 15 d1 32 45 a6 a4 cd 11 | 3c b9 89 a2 2f da e3 ce be 2c 5d d0 cc 7e 9f 2c | e9 8d a2 6a 40 71 c8 ad c5 10 97 e3 94 d4 4d 0c | 9f 33 5b 79 2b 33 6a 74 47 30 8b f3 0f 63 18 7c | 72 ad 8d cd 7d a9 93 7f 2c 80 ef 27 ab a4 50 da | 47 ff 59 7e 8d 01 ef 45 a9 60 c9 f5 91 14 bb df | 71 c0 f0 c3 02 93 a3 23 47 56 8d 91 dc 22 3d 81 | 90 41 b2 5e 67 6f 4b a5 8d cc 2d b7 9b 9a a1 56 | fa d6 6f 01 f2 d6 15 e2 8d c6 9c a6 21 f9 e9 3c | a8 da f3 f2 19 ec a2 8d 0f 6b 75 9c 38 6c 0e a8 | 15 83 e5 7c 23 6b 53 85 4e 8e 22 0c 6f 9e 31 df | 96 f1 8d 04 3d 32 45 07 86 ba 43 cd 36 29 78 3d | dd be 87 bb 13 d3 48 bf c6 db dc 85 61 46 23 c7 | 7d 21 6b 2a 42 97 7d 63 83 23 08 83 53 0f a0 99 | 52 79 5a 36 35 e9 ca e7 88 08 93 b3 61 bc 67 60 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff837b1c20 (length 8) | bb df d5 b9 5d 96 13 d2 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff837b1c28 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff837b1bb4 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff837b1ba6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff837b1c30 (length 20) | fc 3e 35 bb a6 99 ca f9 7e 1a 28 5d 52 fc 92 7d | 0a 8a 60 e2 | natd_hash: hasher=0x5641aca57800(20) | natd_hash: icookie= bb df d5 b9 5d 96 13 d2 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= fc 3e 35 bb a6 99 ca f9 7e 1a 28 5d 52 fc 92 7d | natd_hash: hash= 0a 8a 60 e2 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff837b1c20 (length 8) | bb df d5 b9 5d 96 13 d2 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff837b1c28 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff837b1bb4 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff837b1ba6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff837b1c50 (length 20) | ff 1c d9 29 3e 89 4d 45 e0 6c 20 72 6b 9a 2e cb | 83 65 87 8a | natd_hash: hasher=0x5641aca57800(20) | natd_hash: icookie= bb df d5 b9 5d 96 13 d2 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= ff 1c d9 29 3e 89 4d 45 e0 6c 20 72 6b 9a 2e cb | natd_hash: hash= 83 65 87 8a | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 | adding ikev2_inI1outR1 KE work-order 5 for state #7 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5641ad942c68 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #7 | libevent_malloc: new ptr-libevent@0x7f49ec005088 size 128 | crypto helper 5 resuming | crypto helper 5 starting work-order 5 for state #7 | crypto helper 5 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 5 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f49f0003a28: created | NSS: Local DH MODP2048 secret (pointer): 0x7f49f0003a28 | NSS: Public DH wire value: | 6e 43 2b ae 1a 0e f4 a7 5e 7e e3 29 ca a8 1f 3f | 96 9d c3 fd 27 2c 02 66 51 d5 e3 69 d7 1e 3e 39 | 7d 66 cc f5 1f 1e 47 72 20 b9 0f 61 c9 7d e5 b5 | bb 53 2d 25 21 86 f2 3c 5a 72 c5 18 e0 32 8c e4 | 8b 72 3d a8 24 16 6a b0 15 2c b4 34 2a ef d1 85 | f2 9f 46 8b bc b1 28 b6 f5 47 b9 35 6d 29 b0 22 | 88 42 63 14 c0 f1 53 28 7a de 84 f6 bf 78 53 e6 | d6 f0 d1 a6 41 fc e4 4b 7c 56 8d a1 c1 f3 0c ee | 84 e6 ec 21 0b 98 66 4a ea ef 87 e0 e6 8a 94 7f | 72 62 cd 27 48 78 e4 ca 12 91 62 2b 3b 5b 27 fc | c2 f0 dc 1b 57 61 89 80 97 86 c6 60 61 bc cf aa | 42 2d 0a 85 9a 15 78 4f 4b cf 78 53 12 0b c7 c6 | 3e 51 75 be a1 f7 04 eb 27 9f a0 ad 96 6c 3b 63 | e5 15 b7 e9 6e 2d 9c 5f 90 94 57 7a ca 1e 8b a4 | 3a 54 6c 5f 95 07 83 fc cb 16 dd 63 36 fa 0d 45 | 67 c0 fc 51 6f a5 54 68 d1 13 e9 de 10 d5 a3 fd | Generated nonce: f8 e5 a8 5a 64 ce df e7 5b 55 db dc eb ce 00 21 | Generated nonce: 58 d7 46 86 ab 5b 18 06 89 53 bc bf ea a5 8e 9e | crypto helper 5 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 5 time elapsed 0.000978 seconds | (#7) spent 0.978 milliseconds in crypto helper computing work-order 5: ikev2_inI1outR1 KE (pcr) | crypto helper 5 sending results from work-order 5 for state #7 to event queue | scheduling resume sending helper answer for #7 | libevent_malloc: new ptr-libevent@0x7f49f0002888 size 128 | libevent_realloc: release ptr-libevent@0x5641ad91a2b8 | libevent_realloc: new ptr-libevent@0x7f49f00027d8 size 128 | crypto helper 5 waiting (nothing to do) | #7 spent 0.26 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #7 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND | suspending state #7 and saving MD | #7 is busy; has a suspended MD | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) | "east" #7 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | stop processing: state #7 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #7 spent 0.524 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.535 milliseconds in comm_handle_cb() reading and processing packet | processing resume sending helper answer for #7 | start processing: state #7 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 5 replies to request ID 5 | calling continuation function 0x5641ac982b50 | ikev2_parent_inI1outR1_continue for #7: calculated ke+nonce, sending R1 | **emit ISAKMP Message: | initiator cookie: | bb df d5 b9 5d 96 13 d2 | responder cookie: | d3 db 59 3f cd 74 e9 39 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Emitting ikev2_proposal ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f49f0003a28: transferring ownership from helper KE to state #7 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 6e 43 2b ae 1a 0e f4 a7 5e 7e e3 29 ca a8 1f 3f | ikev2 g^x 96 9d c3 fd 27 2c 02 66 51 d5 e3 69 d7 1e 3e 39 | ikev2 g^x 7d 66 cc f5 1f 1e 47 72 20 b9 0f 61 c9 7d e5 b5 | ikev2 g^x bb 53 2d 25 21 86 f2 3c 5a 72 c5 18 e0 32 8c e4 | ikev2 g^x 8b 72 3d a8 24 16 6a b0 15 2c b4 34 2a ef d1 85 | ikev2 g^x f2 9f 46 8b bc b1 28 b6 f5 47 b9 35 6d 29 b0 22 | ikev2 g^x 88 42 63 14 c0 f1 53 28 7a de 84 f6 bf 78 53 e6 | ikev2 g^x d6 f0 d1 a6 41 fc e4 4b 7c 56 8d a1 c1 f3 0c ee | ikev2 g^x 84 e6 ec 21 0b 98 66 4a ea ef 87 e0 e6 8a 94 7f | ikev2 g^x 72 62 cd 27 48 78 e4 ca 12 91 62 2b 3b 5b 27 fc | ikev2 g^x c2 f0 dc 1b 57 61 89 80 97 86 c6 60 61 bc cf aa | ikev2 g^x 42 2d 0a 85 9a 15 78 4f 4b cf 78 53 12 0b c7 c6 | ikev2 g^x 3e 51 75 be a1 f7 04 eb 27 9f a0 ad 96 6c 3b 63 | ikev2 g^x e5 15 b7 e9 6e 2d 9c 5f 90 94 57 7a ca 1e 8b a4 | ikev2 g^x 3a 54 6c 5f 95 07 83 fc cb 16 dd 63 36 fa 0d 45 | ikev2 g^x 67 c0 fc 51 6f a5 54 68 d1 13 e9 de 10 d5 a3 fd | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce f8 e5 a8 5a 64 ce df e7 5b 55 db dc eb ce 00 21 | IKEv2 nonce 58 d7 46 86 ab 5b 18 06 89 53 bc bf ea a5 8e 9e | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff837b2160 (length 8) | bb df d5 b9 5d 96 13 d2 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff837b2168 (length 8) | d3 db 59 3f cd 74 e9 39 | NATD hash sha digest IP addr-bytes@0x7fff837b2094 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff837b2086 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff837b2110 (length 20) | b5 7a 3e 8e 7b 38 0a 5c 97 d5 2c 94 46 65 11 8b | 94 b1 83 0e | natd_hash: hasher=0x5641aca57800(20) | natd_hash: icookie= bb df d5 b9 5d 96 13 d2 | natd_hash: rcookie= d3 db 59 3f cd 74 e9 39 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= b5 7a 3e 8e 7b 38 0a 5c 97 d5 2c 94 46 65 11 8b | natd_hash: hash= 94 b1 83 0e | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data b5 7a 3e 8e 7b 38 0a 5c 97 d5 2c 94 46 65 11 8b | Notify data 94 b1 83 0e | emitting length of IKEv2 Notify Payload: 28 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff837b2160 (length 8) | bb df d5 b9 5d 96 13 d2 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff837b2168 (length 8) | d3 db 59 3f cd 74 e9 39 | NATD hash sha digest IP addr-bytes@0x7fff837b2094 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff837b2086 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff837b2110 (length 20) | 0a e1 9b ab 31 3b 40 52 ee 6a 13 ae 19 97 d4 38 | a8 1d 3f 84 | natd_hash: hasher=0x5641aca57800(20) | natd_hash: icookie= bb df d5 b9 5d 96 13 d2 | natd_hash: rcookie= d3 db 59 3f cd 74 e9 39 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 0a e1 9b ab 31 3b 40 52 ee 6a 13 ae 19 97 d4 38 | natd_hash: hash= a8 1d 3f 84 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 0a e1 9b ab 31 3b 40 52 ee 6a 13 ae 19 97 d4 38 | Notify data a8 1d 3f 84 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #7 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 | parent state #7: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) | Message ID: updating counters for #7 to 0 after switching state | Message ID: recv #7 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 | Message ID: sent #7 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 "east" #7: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 440 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #7) | bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 6e 43 2b ae 1a 0e f4 a7 5e 7e e3 29 | ca a8 1f 3f 96 9d c3 fd 27 2c 02 66 51 d5 e3 69 | d7 1e 3e 39 7d 66 cc f5 1f 1e 47 72 20 b9 0f 61 | c9 7d e5 b5 bb 53 2d 25 21 86 f2 3c 5a 72 c5 18 | e0 32 8c e4 8b 72 3d a8 24 16 6a b0 15 2c b4 34 | 2a ef d1 85 f2 9f 46 8b bc b1 28 b6 f5 47 b9 35 | 6d 29 b0 22 88 42 63 14 c0 f1 53 28 7a de 84 f6 | bf 78 53 e6 d6 f0 d1 a6 41 fc e4 4b 7c 56 8d a1 | c1 f3 0c ee 84 e6 ec 21 0b 98 66 4a ea ef 87 e0 | e6 8a 94 7f 72 62 cd 27 48 78 e4 ca 12 91 62 2b | 3b 5b 27 fc c2 f0 dc 1b 57 61 89 80 97 86 c6 60 | 61 bc cf aa 42 2d 0a 85 9a 15 78 4f 4b cf 78 53 | 12 0b c7 c6 3e 51 75 be a1 f7 04 eb 27 9f a0 ad | 96 6c 3b 63 e5 15 b7 e9 6e 2d 9c 5f 90 94 57 7a | ca 1e 8b a4 3a 54 6c 5f 95 07 83 fc cb 16 dd 63 | 36 fa 0d 45 67 c0 fc 51 6f a5 54 68 d1 13 e9 de | 10 d5 a3 fd 29 00 00 24 f8 e5 a8 5a 64 ce df e7 | 5b 55 db dc eb ce 00 21 58 d7 46 86 ab 5b 18 06 | 89 53 bc bf ea a5 8e 9e 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 b5 7a 3e 8e 7b 38 0a 5c | 97 d5 2c 94 46 65 11 8b 94 b1 83 0e 00 00 00 1c | 00 00 40 05 0a e1 9b ab 31 3b 40 52 ee 6a 13 ae | 19 97 d4 38 a8 1d 3f 84 | state #7 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f49ec005088 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5641ad942c68 | event_schedule: new EVENT_SO_DISCARD-pe@0x5641ad942c68 | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #7 | libevent_malloc: new ptr-libevent@0x5641ad93d098 size 128 | resume sending helper answer for #7 suppresed complete_v2_state_transition() | #7 spent 0.333 milliseconds in resume sending helper answer | stop processing: state #7 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f49f0002888 | spent 0.00326 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 220 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 94 e4 3b 63 bb 02 21 84 99 17 f0 e5 cc f2 d3 11 | c5 a3 29 e3 5a 03 6e f0 81 4d dd 32 c9 6d d0 21 | 97 1d b4 16 b5 5b f7 1c 59 87 c2 34 97 9a 8f 72 | 67 ae b2 af 3d bc 17 84 a7 54 88 b6 ed d0 15 09 | e7 56 d6 38 92 3e 9e 63 29 1f 14 8b bd c2 76 d7 | 5c 60 6f 30 e0 19 3d 8d f7 30 6b 24 a4 db 42 99 | d4 d5 7e 4a 0f f9 6c 90 da 23 1c 6c 78 d6 ac 78 | 98 dc 7e 57 03 21 6c 72 9b a5 2e b2 60 d9 09 d2 | 1c e9 8a 7f 91 77 73 56 01 98 28 c0 36 e1 46 59 | f4 ba d7 5b 3c 58 01 fe cf 54 59 d2 d2 8b 71 8f | d4 6b 15 ed 09 9b c5 1a e2 5f 81 00 8a d4 91 f7 | 19 10 3e c2 2a 23 38 e1 3b 7c a6 88 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | bb df d5 b9 5d 96 13 d2 | responder cookie: | d3 db 59 3f cd 74 e9 39 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 220 (0xdc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request | State DB: found IKEv2 state #7 in PARENT_R1 (find_v2_ike_sa) | start processing: state #7 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #7 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 | Message ID: #7 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 192 (0xc0) | processing payload: ISAKMP_NEXT_v2SK (len=188) | Message ID: start-responder #7 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 | #7 in state PARENT_R1: received v2I1, sent v2R1 | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request (no SKEYSEED) | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f49f0003a28: transferring ownership from state #7 to helper IKEv2 DH | adding ikev2_inI2outR2 KE work-order 6 for state #7 | state #7 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x5641ad93d098 | free_event_entry: release EVENT_SO_DISCARD-pe@0x5641ad942c68 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5641ad942c68 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #7 | libevent_malloc: new ptr-libevent@0x7f49f0002888 size 128 | crypto helper 2 resuming | crypto helper 2 starting work-order 6 for state #7 | crypto helper 2 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 6 | peer's g: fd 47 99 1a d7 91 0c f2 7d 9a 26 9e 9b fa 6f 30 | peer's g: a1 19 e8 ab b6 c4 a3 39 15 d1 32 45 a6 a4 cd 11 | peer's g: 3c b9 89 a2 2f da e3 ce be 2c 5d d0 cc 7e 9f 2c | peer's g: e9 8d a2 6a 40 71 c8 ad c5 10 97 e3 94 d4 4d 0c | peer's g: 9f 33 5b 79 2b 33 6a 74 47 30 8b f3 0f 63 18 7c | peer's g: 72 ad 8d cd 7d a9 93 7f 2c 80 ef 27 ab a4 50 da | peer's g: 47 ff 59 7e 8d 01 ef 45 a9 60 c9 f5 91 14 bb df | peer's g: 71 c0 f0 c3 02 93 a3 23 47 56 8d 91 dc 22 3d 81 | peer's g: 90 41 b2 5e 67 6f 4b a5 8d cc 2d b7 9b 9a a1 56 | peer's g: fa d6 6f 01 f2 d6 15 e2 8d c6 9c a6 21 f9 e9 3c | peer's g: a8 da f3 f2 19 ec a2 8d 0f 6b 75 9c 38 6c 0e a8 | peer's g: 15 83 e5 7c 23 6b 53 85 4e 8e 22 0c 6f 9e 31 df | peer's g: 96 f1 8d 04 3d 32 45 07 86 ba 43 cd 36 29 78 3d | peer's g: dd be 87 bb 13 d3 48 bf c6 db dc 85 61 46 23 c7 | peer's g: 7d 21 6b 2a 42 97 7d 63 83 23 08 83 53 0f a0 99 | peer's g: 52 79 5a 36 35 e9 ca e7 88 08 93 b3 61 bc 67 60 | Started DH shared-secret computation in NSS: | new : g_ir-key@0x5641ad924ad0 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f49f0003a28: computed shared DH secret key@0x5641ad924ad0 | dh-shared : g^ir-key@0x5641ad924ad0 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f49e4001f18 (length 64) | 92 ef 82 bd 0c d7 8f 7c 41 43 4e d9 41 6a 23 fe | e0 f2 06 cc a6 d8 8f eb 1e 37 f7 23 bd 87 4c 4f | f8 e5 a8 5a 64 ce df e7 5b 55 db dc eb ce 00 21 | 58 d7 46 86 ab 5b 18 06 89 53 bc bf ea a5 8e 9e | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a04ecf6e0 | result: Ni | Nr-key@0x5641ad93dd30 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x5641ad93dd30 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a04ecf6c8 | result: Ni | Nr-key@0x5641ad9373d0 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x5641ad93dd30 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f49e4002fa0 from Ni | Nr-key@0x5641ad9373d0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f49e4002fa0 from Ni | Nr-key@0x5641ad9373d0 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x5641ad9373d0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f49e4003a78 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x5641ad924ad0 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x5641ad924ad0 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x5641ad924ad0 | nss hmac digest hack: symkey-key@0x5641ad924ad0 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)-1398808382: 82 47 8f 77 44 49 fd 70 e2 ac b4 27 04 f3 5a 5f 8c 1d 3d 4b 52 39 bc b3 f7 63 61 7f e3 25 40 73 f1 87 70 33 4f 9e f4 74 30 0d 6f ed 7e f7 45 f0 30 44 37 f1 c8 24 75 7a be 00 9a 52 bf e7 40 b6 a8 2b 2e a6 28 b2 c4 8f 78 a2 59 c4 a7 8f e3 8b 68 41 28 e7 4c 1a 82 0d 4b 31 da 89 a0 24 4a f9 61 53 94 89 bc b5 ed 7c dc 8a c5 79 ba d4 22 7e d7 9d cf 71 de b6 2c de 6d bb 04 78 5d b0 3c 8c ec 07 df 1f c2 8e 84 b8 af 8d 7b 2b d9 70 09 4a 2b 1e 25 04 19 ab 5b 3f 44 57 a4 e5 18 87 83 e9 14 9e 1b e4 64 0c 0d 18 ee 8b 98 fc 9c dc 0d 49 e6 da 88 0b bb da 75 73 25 d4 e6 03 87 cf 09 67 ac 66 13 41 aa e8 0f c8 b1 1c fe 1d 53 4a b9 c3 81 4a 43 f6 c5 8a ba 8c 7c be ae 37 6e 8f ed 4f 93 10 27 25 e3 67 2f 6a ea 4d d3 32 2a 3c 9e 84 3b 05 7a 30 f7 a3 a6 2d c4 1e 09 5f 8d e4 9f 33 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 256 bytes at 0x7f49e4003fa8 | unwrapped: 5f f1 d9 03 4d 9b 0a 99 2a 8f f8 56 08 a3 df 0c | unwrapped: 82 19 e8 07 09 f0 4f 3f 0d 99 62 77 35 64 44 35 | unwrapped: 69 59 80 ca b7 70 91 ab 18 eb 3f 7d e8 0c 4e 4e | unwrapped: 8e 88 8f d4 2e 63 ac b7 04 d4 67 c9 d4 50 ae bd | unwrapped: 3c df 42 1f 0b 78 1f 1e 8b a5 88 bb 49 5d 18 2e | unwrapped: 32 2f d0 e0 8b 4d 5e 23 7d 35 bf 13 84 9f 91 57 | unwrapped: 71 bb 18 8f 7a ba c5 f9 1d 12 40 9d f6 47 d2 69 | unwrapped: 06 68 de 4f 69 a0 05 4f a6 ce 23 8f c7 1d 96 13 | unwrapped: 91 99 ea 41 2a 0c a9 82 fc d2 20 ba de 21 97 11 | unwrapped: 29 4d e1 b8 0c ba 82 a0 ee c1 9c 22 ff 65 d2 c1 | unwrapped: 40 84 23 1d de 9a 66 03 a2 aa a6 4c 97 cf 01 05 | unwrapped: f4 3a 84 60 c6 94 74 90 b5 a1 a0 f5 01 15 d5 f7 | unwrapped: 34 69 80 fc bc c1 b9 66 ab 33 0b ec 13 7e 1b 55 | unwrapped: 11 98 8b a5 82 f8 9f 34 a7 1f 2f 64 0c 56 e3 14 | unwrapped: ce db 04 68 98 25 8a f7 fb fa 72 71 8b 52 c8 3a | unwrapped: 78 d2 14 63 9c bb 67 72 25 21 41 48 ad 38 90 45 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a04ecf700 | result: final-key@0x5641ad93dd30 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad93dd30 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a04ecf6e8 | result: final-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad93dd30 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x5641ad9373d0 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a04ecf670 | result: data=Ni-key@0x7f49f4006bb0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x7f49f4006bb0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a04ecf658 | result: data=Ni-key@0x5641ad93dd30 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x7f49f4006bb0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad93dd30 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f4a04ecf660 | result: data+=Nr-key@0x7f49f4006bb0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5641ad93dd30 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f49f4006bb0 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f4a04ecf660 | result: data+=SPIi-key@0x5641ad93dd30 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f49f4006bb0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad93dd30 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f4a04ecf660 | result: data+=SPIr-key@0x7f49f4006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5641ad93dd30 | prf+0 PRF sha init key-key@0x5641ad9373d0 (size 20) | prf+0: key-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a04ecf588 | result: clone-key@0x5641ad93dd30 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f49e4002fa0 from key-key@0x5641ad93dd30 | prf+0 prf: begin sha with context 0x7f49e4002fa0 from key-key@0x5641ad93dd30 | prf+0: release clone-key@0x5641ad93dd30 | prf+0 PRF sha crypt-prf@0x7f49e4002f78 | prf+0 PRF sha update seed-key@0x7f49f4006bb0 (size 80) | prf+0: seed-key@0x7f49f4006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7f49f4006bb0 | nss hmac digest hack: symkey-key@0x7f49f4006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: a9 3b e4 27 89 c6 16 58 eb b5 c3 e5 1b 6a 6b 48 a0 5a 9c d3 10 02 3d 43 ff ca 1a 4b 87 f1 6b 54 2a ae 17 e7 29 96 66 d5 e4 aa 49 0f f1 34 2f c6 c1 bc dc 1a d4 32 7d b7 e8 a9 da f8 94 97 f1 58 1e 47 1f a1 c4 05 1a 52 34 12 36 00 74 7e 87 c4 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49e4008078 | unwrapped: 92 ef 82 bd 0c d7 8f 7c 41 43 4e d9 41 6a 23 fe | unwrapped: e0 f2 06 cc a6 d8 8f eb 1e 37 f7 23 bd 87 4c 4f | unwrapped: f8 e5 a8 5a 64 ce df e7 5b 55 db dc eb ce 00 21 | unwrapped: 58 d7 46 86 ab 5b 18 06 89 53 bc bf ea a5 8e 9e | unwrapped: bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a04ecf590 | result: final-key@0x5641ad93f800 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad93f800 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a04ecf578 | result: final-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad93f800 | prf+0 PRF sha final-key@0x5641ad93dd30 (size 20) | prf+0: key-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x5641ad93dd30 | prf+N PRF sha init key-key@0x5641ad9373d0 (size 20) | prf+N: key-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a04ecf588 | result: clone-key@0x5641ad93f800 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49e4002fa0 from key-key@0x5641ad93f800 | prf+N prf: begin sha with context 0x7f49e4002fa0 from key-key@0x5641ad93f800 | prf+N: release clone-key@0x5641ad93f800 | prf+N PRF sha crypt-prf@0x7f49e40030d8 | prf+N PRF sha update old_t-key@0x5641ad93dd30 (size 20) | prf+N: old_t-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad93dd30 | nss hmac digest hack: symkey-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 7d 62 ce 0e b3 a5 7b 66 e5 94 f6 95 a9 df 09 e3 31 d8 ec 98 ea 10 62 5e e7 2d 06 0b de 9b 1b 26 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49e4002f28 | unwrapped: 06 c7 92 6e 12 a6 ac c5 df da 77 0a a7 cd ef ea | unwrapped: 1a c0 18 db 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f49f4006bb0 (size 80) | prf+N: seed-key@0x7f49f4006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7f49f4006bb0 | nss hmac digest hack: symkey-key@0x7f49f4006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: a9 3b e4 27 89 c6 16 58 eb b5 c3 e5 1b 6a 6b 48 a0 5a 9c d3 10 02 3d 43 ff ca 1a 4b 87 f1 6b 54 2a ae 17 e7 29 96 66 d5 e4 aa 49 0f f1 34 2f c6 c1 bc dc 1a d4 32 7d b7 e8 a9 da f8 94 97 f1 58 1e 47 1f a1 c4 05 1a 52 34 12 36 00 74 7e 87 c4 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49e4007ff8 | unwrapped: 92 ef 82 bd 0c d7 8f 7c 41 43 4e d9 41 6a 23 fe | unwrapped: e0 f2 06 cc a6 d8 8f eb 1e 37 f7 23 bd 87 4c 4f | unwrapped: f8 e5 a8 5a 64 ce df e7 5b 55 db dc eb ce 00 21 | unwrapped: 58 d7 46 86 ab 5b 18 06 89 53 bc bf ea a5 8e 9e | unwrapped: bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a04ecf590 | result: final-key@0x7f49e4006650 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49e4006650 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a04ecf578 | result: final-key@0x5641ad93f800 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f49e4006650 | prf+N PRF sha final-key@0x5641ad93f800 (size 20) | prf+N: key-key@0x5641ad93f800 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a04ecf608 | result: result-key@0x7f49e4006650 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5641ad93dd30 | prfplus: release old_t[N]-key@0x5641ad93dd30 | prf+N PRF sha init key-key@0x5641ad9373d0 (size 20) | prf+N: key-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a04ecf588 | result: clone-key@0x5641ad93dd30 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49e4002fa0 from key-key@0x5641ad93dd30 | prf+N prf: begin sha with context 0x7f49e4002fa0 from key-key@0x5641ad93dd30 | prf+N: release clone-key@0x5641ad93dd30 | prf+N PRF sha crypt-prf@0x7f49e4002f78 | prf+N PRF sha update old_t-key@0x5641ad93f800 (size 20) | prf+N: old_t-key@0x5641ad93f800 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad93f800 | nss hmac digest hack: symkey-key@0x5641ad93f800 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 06 be 04 bd 31 6d 48 45 e7 6b c4 22 2e 37 92 d7 91 90 94 d7 94 66 98 24 82 4a 41 d6 31 e7 c2 48 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49e4003a78 | unwrapped: 37 0a d1 85 1e d0 bf 54 8b 00 d8 33 4d ee 8b 74 | unwrapped: 3e 21 19 3e 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f49f4006bb0 (size 80) | prf+N: seed-key@0x7f49f4006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7f49f4006bb0 | nss hmac digest hack: symkey-key@0x7f49f4006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: a9 3b e4 27 89 c6 16 58 eb b5 c3 e5 1b 6a 6b 48 a0 5a 9c d3 10 02 3d 43 ff ca 1a 4b 87 f1 6b 54 2a ae 17 e7 29 96 66 d5 e4 aa 49 0f f1 34 2f c6 c1 bc dc 1a d4 32 7d b7 e8 a9 da f8 94 97 f1 58 1e 47 1f a1 c4 05 1a 52 34 12 36 00 74 7e 87 c4 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49e4008078 | unwrapped: 92 ef 82 bd 0c d7 8f 7c 41 43 4e d9 41 6a 23 fe | unwrapped: e0 f2 06 cc a6 d8 8f eb 1e 37 f7 23 bd 87 4c 4f | unwrapped: f8 e5 a8 5a 64 ce df e7 5b 55 db dc eb ce 00 21 | unwrapped: 58 d7 46 86 ab 5b 18 06 89 53 bc bf ea a5 8e 9e | unwrapped: bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a04ecf590 | result: final-key@0x7f49e400a000 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49e400a000 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a04ecf578 | result: final-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f49e400a000 | prf+N PRF sha final-key@0x5641ad93dd30 (size 20) | prf+N: key-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f49e4006650 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a04ecf608 | result: result-key@0x7f49e400a000 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f49e4006650 | prfplus: release old_t[N]-key@0x5641ad93f800 | prf+N PRF sha init key-key@0x5641ad9373d0 (size 20) | prf+N: key-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a04ecf588 | result: clone-key@0x5641ad93f800 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49e4002fa0 from key-key@0x5641ad93f800 | prf+N prf: begin sha with context 0x7f49e4002fa0 from key-key@0x5641ad93f800 | prf+N: release clone-key@0x5641ad93f800 | prf+N PRF sha crypt-prf@0x7f49e4002f28 | prf+N PRF sha update old_t-key@0x5641ad93dd30 (size 20) | prf+N: old_t-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad93dd30 | nss hmac digest hack: symkey-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 5c e8 2e ad 0f 0b 44 b0 9e 7d cf f1 10 d3 90 af 58 fe c3 cf 6a ec 18 8d 33 12 bc f3 07 a5 88 11 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49e400bca8 | unwrapped: b2 7c c8 59 51 6a c9 42 c8 68 4d 46 0b 0c a1 c2 | unwrapped: 24 bf b4 18 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f49f4006bb0 (size 80) | prf+N: seed-key@0x7f49f4006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7f49f4006bb0 | nss hmac digest hack: symkey-key@0x7f49f4006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: a9 3b e4 27 89 c6 16 58 eb b5 c3 e5 1b 6a 6b 48 a0 5a 9c d3 10 02 3d 43 ff ca 1a 4b 87 f1 6b 54 2a ae 17 e7 29 96 66 d5 e4 aa 49 0f f1 34 2f c6 c1 bc dc 1a d4 32 7d b7 e8 a9 da f8 94 97 f1 58 1e 47 1f a1 c4 05 1a 52 34 12 36 00 74 7e 87 c4 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49e4007ff8 | unwrapped: 92 ef 82 bd 0c d7 8f 7c 41 43 4e d9 41 6a 23 fe | unwrapped: e0 f2 06 cc a6 d8 8f eb 1e 37 f7 23 bd 87 4c 4f | unwrapped: f8 e5 a8 5a 64 ce df e7 5b 55 db dc eb ce 00 21 | unwrapped: 58 d7 46 86 ab 5b 18 06 89 53 bc bf ea a5 8e 9e | unwrapped: bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a04ecf590 | result: final-key@0x7f49e4006650 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49e4006650 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a04ecf578 | result: final-key@0x5641ad93f800 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f49e4006650 | prf+N PRF sha final-key@0x5641ad93f800 (size 20) | prf+N: key-key@0x5641ad93f800 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f49e400a000 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a04ecf608 | result: result-key@0x7f49e4006650 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f49e400a000 | prfplus: release old_t[N]-key@0x5641ad93dd30 | prf+N PRF sha init key-key@0x5641ad9373d0 (size 20) | prf+N: key-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a04ecf588 | result: clone-key@0x5641ad93dd30 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49e4002fa0 from key-key@0x5641ad93dd30 | prf+N prf: begin sha with context 0x7f49e4002fa0 from key-key@0x5641ad93dd30 | prf+N: release clone-key@0x5641ad93dd30 | prf+N PRF sha crypt-prf@0x7f49e40030d8 | prf+N PRF sha update old_t-key@0x5641ad93f800 (size 20) | prf+N: old_t-key@0x5641ad93f800 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad93f800 | nss hmac digest hack: symkey-key@0x5641ad93f800 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 3d 72 92 22 ce 02 69 d3 7b ef 46 87 bf 48 6b 1e 94 11 ac 52 45 24 f9 3a 2b d7 72 9d 6f 90 67 ec | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49e4003a78 | unwrapped: 60 7b b4 97 b8 44 1c 10 76 5f 5c ce e4 66 a5 e5 | unwrapped: 86 7a 4a 82 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f49f4006bb0 (size 80) | prf+N: seed-key@0x7f49f4006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7f49f4006bb0 | nss hmac digest hack: symkey-key@0x7f49f4006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: a9 3b e4 27 89 c6 16 58 eb b5 c3 e5 1b 6a 6b 48 a0 5a 9c d3 10 02 3d 43 ff ca 1a 4b 87 f1 6b 54 2a ae 17 e7 29 96 66 d5 e4 aa 49 0f f1 34 2f c6 c1 bc dc 1a d4 32 7d b7 e8 a9 da f8 94 97 f1 58 1e 47 1f a1 c4 05 1a 52 34 12 36 00 74 7e 87 c4 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49e4008078 | unwrapped: 92 ef 82 bd 0c d7 8f 7c 41 43 4e d9 41 6a 23 fe | unwrapped: e0 f2 06 cc a6 d8 8f eb 1e 37 f7 23 bd 87 4c 4f | unwrapped: f8 e5 a8 5a 64 ce df e7 5b 55 db dc eb ce 00 21 | unwrapped: 58 d7 46 86 ab 5b 18 06 89 53 bc bf ea a5 8e 9e | unwrapped: bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a04ecf590 | result: final-key@0x7f49e400a000 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49e400a000 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a04ecf578 | result: final-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f49e400a000 | prf+N PRF sha final-key@0x5641ad93dd30 (size 20) | prf+N: key-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f49e4006650 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a04ecf608 | result: result-key@0x7f49e400a000 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f49e4006650 | prfplus: release old_t[N]-key@0x5641ad93f800 | prf+N PRF sha init key-key@0x5641ad9373d0 (size 20) | prf+N: key-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a04ecf588 | result: clone-key@0x5641ad93f800 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49e400b910 from key-key@0x5641ad93f800 | prf+N prf: begin sha with context 0x7f49e400b910 from key-key@0x5641ad93f800 | prf+N: release clone-key@0x5641ad93f800 | prf+N PRF sha crypt-prf@0x7f49e4002f78 | prf+N PRF sha update old_t-key@0x5641ad93dd30 (size 20) | prf+N: old_t-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad93dd30 | nss hmac digest hack: symkey-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: e5 42 63 cd ea 60 73 31 6f 2b db 7b 76 55 50 47 63 1d fe f4 8f bd 38 43 61 34 aa a4 f9 20 f7 95 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49e4002f28 | unwrapped: 74 49 eb ef 0c 0e 12 66 8a 2c 62 3a 10 88 dd dd | unwrapped: fa 3f 4d fc 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f49f4006bb0 (size 80) | prf+N: seed-key@0x7f49f4006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7f49f4006bb0 | nss hmac digest hack: symkey-key@0x7f49f4006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: a9 3b e4 27 89 c6 16 58 eb b5 c3 e5 1b 6a 6b 48 a0 5a 9c d3 10 02 3d 43 ff ca 1a 4b 87 f1 6b 54 2a ae 17 e7 29 96 66 d5 e4 aa 49 0f f1 34 2f c6 c1 bc dc 1a d4 32 7d b7 e8 a9 da f8 94 97 f1 58 1e 47 1f a1 c4 05 1a 52 34 12 36 00 74 7e 87 c4 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49e4007ff8 | unwrapped: 92 ef 82 bd 0c d7 8f 7c 41 43 4e d9 41 6a 23 fe | unwrapped: e0 f2 06 cc a6 d8 8f eb 1e 37 f7 23 bd 87 4c 4f | unwrapped: f8 e5 a8 5a 64 ce df e7 5b 55 db dc eb ce 00 21 | unwrapped: 58 d7 46 86 ab 5b 18 06 89 53 bc bf ea a5 8e 9e | unwrapped: bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a04ecf590 | result: final-key@0x7f49e4006650 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49e4006650 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a04ecf578 | result: final-key@0x5641ad93f800 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f49e4006650 | prf+N PRF sha final-key@0x5641ad93f800 (size 20) | prf+N: key-key@0x5641ad93f800 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f49e400a000 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a04ecf608 | result: result-key@0x7f49e4006650 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f49e400a000 | prfplus: release old_t[N]-key@0x5641ad93dd30 | prf+N PRF sha init key-key@0x5641ad9373d0 (size 20) | prf+N: key-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a04ecf588 | result: clone-key@0x5641ad93dd30 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49e4002fa0 from key-key@0x5641ad93dd30 | prf+N prf: begin sha with context 0x7f49e4002fa0 from key-key@0x5641ad93dd30 | prf+N: release clone-key@0x5641ad93dd30 | prf+N PRF sha crypt-prf@0x7f49e40030d8 | prf+N PRF sha update old_t-key@0x5641ad93f800 (size 20) | prf+N: old_t-key@0x5641ad93f800 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad93f800 | nss hmac digest hack: symkey-key@0x5641ad93f800 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: fa d4 a8 26 35 54 ae 57 90 d4 64 0d c2 b8 28 75 06 ba 22 b9 cb 0c 51 4b 7c ae 96 f7 df 8c 9f 9e | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49e4003a78 | unwrapped: c2 2b ef 31 ad 02 cd 2e 62 33 55 ce 9c 3c e2 e5 | unwrapped: 6d 65 24 e2 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f49f4006bb0 (size 80) | prf+N: seed-key@0x7f49f4006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7f49f4006bb0 | nss hmac digest hack: symkey-key@0x7f49f4006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: a9 3b e4 27 89 c6 16 58 eb b5 c3 e5 1b 6a 6b 48 a0 5a 9c d3 10 02 3d 43 ff ca 1a 4b 87 f1 6b 54 2a ae 17 e7 29 96 66 d5 e4 aa 49 0f f1 34 2f c6 c1 bc dc 1a d4 32 7d b7 e8 a9 da f8 94 97 f1 58 1e 47 1f a1 c4 05 1a 52 34 12 36 00 74 7e 87 c4 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49e400c2a8 | unwrapped: 92 ef 82 bd 0c d7 8f 7c 41 43 4e d9 41 6a 23 fe | unwrapped: e0 f2 06 cc a6 d8 8f eb 1e 37 f7 23 bd 87 4c 4f | unwrapped: f8 e5 a8 5a 64 ce df e7 5b 55 db dc eb ce 00 21 | unwrapped: 58 d7 46 86 ab 5b 18 06 89 53 bc bf ea a5 8e 9e | unwrapped: bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a04ecf590 | result: final-key@0x7f49e400a000 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49e400a000 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a04ecf578 | result: final-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f49e400a000 | prf+N PRF sha final-key@0x5641ad93dd30 (size 20) | prf+N: key-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f49e4006650 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a04ecf608 | result: result-key@0x7f49e400a000 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f49e4006650 | prfplus: release old_t[N]-key@0x5641ad93f800 | prfplus: release old_t[final]-key@0x5641ad93dd30 | ike_sa_keymat: release data-key@0x7f49f4006bb0 | calc_skeyseed_v2: release skeyseed_k-key@0x5641ad9373d0 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49e400a000 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a04ecf7a8 | result: result-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49e400a000 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a04ecf7a8 | result: result-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49e400a000 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a04ecf7a8 | result: result-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f49e400a000 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a04ecf7b8 | result: SK_ei_k-key@0x5641ad93f800 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f49e400a000 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a04ecf7b8 | result: SK_er_k-key@0x7f49e4006650 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49e400a000 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a04ecf7b8 | result: result-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x7f49e400b980 | chunk_SK_pi: symkey-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: c7 ea 4c bb 31 96 43 db 09 e0 1e 28 be 65 26 8c 37 9c 86 70 f2 7e c1 c6 bd 2d 3b ba 75 13 32 45 | chunk_SK_pi: release slot-key-key@0x5641ad91fd40 | chunk_SK_pi extracted len 32 bytes at 0x7f49e4002f78 | unwrapped: 10 88 dd dd fa 3f 4d fc c2 2b ef 31 ad 02 cd 2e | unwrapped: 62 33 55 ce 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49e400a000 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a04ecf7b8 | result: result-key@0x7f49e400f0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x7f49e400f0e0 | chunk_SK_pr: symkey-key@0x7f49e400f0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: 6b 2b 02 42 5e 7b 75 06 b7 df 93 7a 97 9e 44 5f 1c 8a fc 01 d3 89 ba 6c 34 f8 2b de a4 b8 bd 62 | chunk_SK_pr: release slot-key-key@0x5641ad91fd40 | chunk_SK_pr extracted len 32 bytes at 0x7f49e4003a78 | unwrapped: 9c 3c e2 e5 6d 65 24 e2 c4 4a 48 2c dd 13 79 2a | unwrapped: bb 64 ea 9c 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x7f49e400a000 | calc_skeyseed_v2 pointers: shared-key@0x5641ad924ad0, SK_d-key@0x5641ad9373d0, SK_ai-key@0x7f49f4006bb0, SK_ar-key@0x5641ad93dd30, SK_ei-key@0x5641ad93f800, SK_er-key@0x7f49e4006650, SK_pi-key@0x7f49e400b980, SK_pr-key@0x7f49e400f0e0 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | 10 88 dd dd fa 3f 4d fc c2 2b ef 31 ad 02 cd 2e | 62 33 55 ce | calc_skeyseed_v2 SK_pr | 9c 3c e2 e5 6d 65 24 e2 c4 4a 48 2c dd 13 79 2a | bb 64 ea 9c | crypto helper 2 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 6 time elapsed 0.003096 seconds | (#7) spent 3.07 milliseconds in crypto helper computing work-order 6: ikev2_inI2outR2 KE (pcr) | crypto helper 2 sending results from work-order 6 for state #7 to event queue | scheduling resume sending helper answer for #7 | libevent_malloc: new ptr-libevent@0x7f49e4005088 size 128 | crypto helper 2 waiting (nothing to do) | #7 spent 0.045 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #7 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND | suspending state #7 and saving MD | #7 is busy; has a suspended MD | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) | "east" #7 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | stop processing: state #7 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #7 spent 0.184 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.195 milliseconds in comm_handle_cb() reading and processing packet | processing resume sending helper answer for #7 | start processing: state #7 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 2 replies to request ID 6 | calling continuation function 0x5641ac982b50 | ikev2_parent_inI2outR2_continue for #7: calculating g^{xy}, sending R2 | DH secret MODP2048@0x7f49f0003a28: transferring ownership from helper IKEv2 DH to state #7 | finish_dh_v2: release st_shared_nss-key@NULL | #7 in state PARENT_R1: received v2I1, sent v2R1 | hmac PRF sha init symkey-key@0x7f49f4006bb0 (size 20) | hmac: symkey-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b1ab8 | result: clone-key@0x7f49e400a000 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49f0002b50 from symkey-key@0x7f49e400a000 | hmac prf: begin sha with context 0x7f49f0002b50 from symkey-key@0x7f49e400a000 | hmac: release clone-key@0x7f49e400a000 | hmac PRF sha crypt-prf@0x5641ad942cd8 | hmac PRF sha update data-bytes@0x7f49f4000b48 (length 208) | bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 94 e4 3b 63 bb 02 21 84 99 17 f0 e5 cc f2 d3 11 | c5 a3 29 e3 5a 03 6e f0 81 4d dd 32 c9 6d d0 21 | 97 1d b4 16 b5 5b f7 1c 59 87 c2 34 97 9a 8f 72 | 67 ae b2 af 3d bc 17 84 a7 54 88 b6 ed d0 15 09 | e7 56 d6 38 92 3e 9e 63 29 1f 14 8b bd c2 76 d7 | 5c 60 6f 30 e0 19 3d 8d f7 30 6b 24 a4 db 42 99 | d4 d5 7e 4a 0f f9 6c 90 da 23 1c 6c 78 d6 ac 78 | 98 dc 7e 57 03 21 6c 72 9b a5 2e b2 60 d9 09 d2 | 1c e9 8a 7f 91 77 73 56 01 98 28 c0 36 e1 46 59 | f4 ba d7 5b 3c 58 01 fe cf 54 59 d2 d2 8b 71 8f | d4 6b 15 ed 09 9b c5 1a e2 5f 81 00 8a d4 91 f7 | hmac PRF sha final-bytes@0x7fff837b1c80 (length 20) | 19 10 3e c2 2a 23 38 e1 3b 7c a6 88 99 e3 24 40 | b8 b1 55 15 | data for hmac: bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | data for hmac: 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | data for hmac: 94 e4 3b 63 bb 02 21 84 99 17 f0 e5 cc f2 d3 11 | data for hmac: c5 a3 29 e3 5a 03 6e f0 81 4d dd 32 c9 6d d0 21 | data for hmac: 97 1d b4 16 b5 5b f7 1c 59 87 c2 34 97 9a 8f 72 | data for hmac: 67 ae b2 af 3d bc 17 84 a7 54 88 b6 ed d0 15 09 | data for hmac: e7 56 d6 38 92 3e 9e 63 29 1f 14 8b bd c2 76 d7 | data for hmac: 5c 60 6f 30 e0 19 3d 8d f7 30 6b 24 a4 db 42 99 | data for hmac: d4 d5 7e 4a 0f f9 6c 90 da 23 1c 6c 78 d6 ac 78 | data for hmac: 98 dc 7e 57 03 21 6c 72 9b a5 2e b2 60 d9 09 d2 | data for hmac: 1c e9 8a 7f 91 77 73 56 01 98 28 c0 36 e1 46 59 | data for hmac: f4 ba d7 5b 3c 58 01 fe cf 54 59 d2 d2 8b 71 8f | data for hmac: d4 6b 15 ed 09 9b c5 1a e2 5f 81 00 8a d4 91 f7 | calculated auth: 19 10 3e c2 2a 23 38 e1 3b 7c a6 88 | provided auth: 19 10 3e c2 2a 23 38 e1 3b 7c a6 88 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 94 e4 3b 63 bb 02 21 84 99 17 f0 e5 cc f2 d3 11 | payload before decryption: | c5 a3 29 e3 5a 03 6e f0 81 4d dd 32 c9 6d d0 21 | 97 1d b4 16 b5 5b f7 1c 59 87 c2 34 97 9a 8f 72 | 67 ae b2 af 3d bc 17 84 a7 54 88 b6 ed d0 15 09 | e7 56 d6 38 92 3e 9e 63 29 1f 14 8b bd c2 76 d7 | 5c 60 6f 30 e0 19 3d 8d f7 30 6b 24 a4 db 42 99 | d4 d5 7e 4a 0f f9 6c 90 da 23 1c 6c 78 d6 ac 78 | 98 dc 7e 57 03 21 6c 72 9b a5 2e b2 60 d9 09 d2 | 1c e9 8a 7f 91 77 73 56 01 98 28 c0 36 e1 46 59 | f4 ba d7 5b 3c 58 01 fe cf 54 59 d2 d2 8b 71 8f | d4 6b 15 ed 09 9b c5 1a e2 5f 81 00 8a d4 91 f7 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | 68 64 db 17 75 e4 75 92 a1 43 20 be ab 12 11 b1 | 3c 44 c1 d7 2c 00 00 2c 00 00 00 28 01 03 04 03 | 82 39 f7 88 03 00 00 0c 01 00 00 0c 80 0e 00 80 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | stripping 16 octets as pad | #7 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) | **parse IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDi (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Responder: process IKE_AUTH request | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request "east" #7: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} | #7 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | received IDr payload - extracting our alleged ID | refine_host_connection for IKEv2: starting with "east" | match_id a=@west | b=@west | results matched | refine_host_connection: checking "east" against "east", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) | Warning: not switching back to template of current instance | Peer expects us to be @east (ID_FQDN) according to its IDr payload | This connection's local id is @east (ID_FQDN) | refine_host_connection: checked east against east, now for see if best | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x5641ad891c48 (line=1) | concluding with best_match=014 best=0x5641ad891c48 (lineno=1) | returning because exact peer id match | offered CA: '%none' "east" #7: IKEv2 mode peer ID is ID_FQDN: '@west' | hmac PRF sha init symkey-key@0x7f49e400b980 (size 20) | hmac: symkey-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b1538 | result: clone-key@0x7f49e400a000 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49f0002b50 from symkey-key@0x7f49e400a000 | hmac prf: begin sha with context 0x7f49f0002b50 from symkey-key@0x7f49e400a000 | hmac: release clone-key@0x7f49e400a000 | hmac PRF sha crypt-prf@0x5641ad93f908 | idhash verify I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x7f49f4000b7c (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7fff837b16e0 (length 20) | 2e 01 f3 b0 c4 06 ee e7 eb 46 b6 78 ae 71 0f 15 | 95 98 4e 31 | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x5641ad891c48 (line=1) | concluding with best_match=014 best=0x5641ad891c48 (lineno=1) | inputs to hash1 (first packet) | bb df d5 b9 5d 96 13 d2 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 bc 22 00 00 34 | 00 00 00 30 01 01 00 04 03 00 00 10 01 00 00 0c | 80 0e 00 80 80 0e 00 80 03 00 00 08 02 00 00 02 | 03 00 00 08 03 00 00 02 00 00 00 08 04 00 00 0e | 28 00 01 08 00 0e 00 00 fd 47 99 1a d7 91 0c f2 | 7d 9a 26 9e 9b fa 6f 30 a1 19 e8 ab b6 c4 a3 39 | 15 d1 32 45 a6 a4 cd 11 3c b9 89 a2 2f da e3 ce | be 2c 5d d0 cc 7e 9f 2c e9 8d a2 6a 40 71 c8 ad | c5 10 97 e3 94 d4 4d 0c 9f 33 5b 79 2b 33 6a 74 | 47 30 8b f3 0f 63 18 7c 72 ad 8d cd 7d a9 93 7f | 2c 80 ef 27 ab a4 50 da 47 ff 59 7e 8d 01 ef 45 | a9 60 c9 f5 91 14 bb df 71 c0 f0 c3 02 93 a3 23 | 47 56 8d 91 dc 22 3d 81 90 41 b2 5e 67 6f 4b a5 | 8d cc 2d b7 9b 9a a1 56 fa d6 6f 01 f2 d6 15 e2 | 8d c6 9c a6 21 f9 e9 3c a8 da f3 f2 19 ec a2 8d | 0f 6b 75 9c 38 6c 0e a8 15 83 e5 7c 23 6b 53 85 | 4e 8e 22 0c 6f 9e 31 df 96 f1 8d 04 3d 32 45 07 | 86 ba 43 cd 36 29 78 3d dd be 87 bb 13 d3 48 bf | c6 db dc 85 61 46 23 c7 7d 21 6b 2a 42 97 7d 63 | 83 23 08 83 53 0f a0 99 52 79 5a 36 35 e9 ca e7 | 88 08 93 b3 61 bc 67 60 29 00 00 24 92 ef 82 bd | 0c d7 8f 7c 41 43 4e d9 41 6a 23 fe e0 f2 06 cc | a6 d8 8f eb 1e 37 f7 23 bd 87 4c 4f 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 ff 1c d9 29 | 3e 89 4d 45 e0 6c 20 72 6b 9a 2e cb 83 65 87 8a | 00 00 00 1c 00 00 40 05 fc 3e 35 bb a6 99 ca f9 | 7e 1a 28 5d 52 fc 92 7d 0a 8a 60 e2 | verify: initiator inputs to hash2 (responder nonce) | f8 e5 a8 5a 64 ce df e7 5b 55 db dc eb ce 00 21 | 58 d7 46 86 ab 5b 18 06 89 53 bc bf ea a5 8e 9e | idhash 2e 01 f3 b0 c4 06 ee e7 eb 46 b6 78 ae 71 0f 15 | idhash 95 98 4e 31 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x5641ad91fc98 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b1330 | result: shared secret-key@0x5641ad93d070 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x5641ad93d070 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b1318 | result: shared secret-key@0x7f49e400a000 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x5641ad93d070 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f49f0002b50 from shared secret-key@0x7f49e400a000 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f49f0002b50 from shared secret-key@0x7f49e400a000 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f49e400a000 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x5641ad942cd8 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x5641aca154d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b1350 | result: final-key@0x5641ad93d070 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad93d070 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b1338 | result: final-key@0x7f49e400a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad93d070 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f49e400a000 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f49e400a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f49e400a000 (size 20) | = prf(, ): -key@0x7f49e400a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49e400a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b1348 | result: clone-key@0x5641ad93d070 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f49f0002b50 from -key@0x5641ad93d070 | = prf(, ) prf: begin sha with context 0x7f49f0002b50 from -key@0x5641ad93d070 | = prf(, ): release clone-key@0x5641ad93d070 | = prf(, ) PRF sha crypt-prf@0x5641ad93f908 | = prf(, ) PRF sha update first-packet-bytes@0x5641ad9453a8 (length 444) | bb df d5 b9 5d 96 13 d2 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 bc 22 00 00 34 | 00 00 00 30 01 01 00 04 03 00 00 10 01 00 00 0c | 80 0e 00 80 80 0e 00 80 03 00 00 08 02 00 00 02 | 03 00 00 08 03 00 00 02 00 00 00 08 04 00 00 0e | 28 00 01 08 00 0e 00 00 fd 47 99 1a d7 91 0c f2 | 7d 9a 26 9e 9b fa 6f 30 a1 19 e8 ab b6 c4 a3 39 | 15 d1 32 45 a6 a4 cd 11 3c b9 89 a2 2f da e3 ce | be 2c 5d d0 cc 7e 9f 2c e9 8d a2 6a 40 71 c8 ad | c5 10 97 e3 94 d4 4d 0c 9f 33 5b 79 2b 33 6a 74 | 47 30 8b f3 0f 63 18 7c 72 ad 8d cd 7d a9 93 7f | 2c 80 ef 27 ab a4 50 da 47 ff 59 7e 8d 01 ef 45 | a9 60 c9 f5 91 14 bb df 71 c0 f0 c3 02 93 a3 23 | 47 56 8d 91 dc 22 3d 81 90 41 b2 5e 67 6f 4b a5 | 8d cc 2d b7 9b 9a a1 56 fa d6 6f 01 f2 d6 15 e2 | 8d c6 9c a6 21 f9 e9 3c a8 da f3 f2 19 ec a2 8d | 0f 6b 75 9c 38 6c 0e a8 15 83 e5 7c 23 6b 53 85 | 4e 8e 22 0c 6f 9e 31 df 96 f1 8d 04 3d 32 45 07 | 86 ba 43 cd 36 29 78 3d dd be 87 bb 13 d3 48 bf | c6 db dc 85 61 46 23 c7 7d 21 6b 2a 42 97 7d 63 | 83 23 08 83 53 0f a0 99 52 79 5a 36 35 e9 ca e7 | 88 08 93 b3 61 bc 67 60 29 00 00 24 92 ef 82 bd | 0c d7 8f 7c 41 43 4e d9 41 6a 23 fe e0 f2 06 cc | a6 d8 8f eb 1e 37 f7 23 bd 87 4c 4f 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 ff 1c d9 29 | 3e 89 4d 45 e0 6c 20 72 6b 9a 2e cb 83 65 87 8a | 00 00 00 1c 00 00 40 05 fc 3e 35 bb a6 99 ca f9 | 7e 1a 28 5d 52 fc 92 7d 0a 8a 60 e2 | = prf(, ) PRF sha update nonce-bytes@0x7f49f0001278 (length 32) | f8 e5 a8 5a 64 ce df e7 5b 55 db dc eb ce 00 21 | 58 d7 46 86 ab 5b 18 06 89 53 bc bf ea a5 8e 9e | = prf(, ) PRF sha update hash-bytes@0x7fff837b16e0 (length 20) | 2e 01 f3 b0 c4 06 ee e7 eb 46 b6 78 ae 71 0f 15 | 95 98 4e 31 | = prf(, ) PRF sha final-chunk@0x5641ad9413c8 (length 20) | 68 64 db 17 75 e4 75 92 a1 43 20 be ab 12 11 b1 | 3c 44 c1 d7 | psk_auth: release prf-psk-key@0x7f49e400a000 | Received PSK auth octets | 68 64 db 17 75 e4 75 92 a1 43 20 be ab 12 11 b1 | 3c 44 c1 d7 | Calculated PSK auth octets | 68 64 db 17 75 e4 75 92 a1 43 20 be ab 12 11 b1 | 3c 44 c1 d7 "east" #7: Authenticated using authby=secret | parent state #7: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) | #7 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) | state #7 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f49f0002888 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5641ad942c68 | event_schedule: new EVENT_SA_REKEY-pe@0x5641ad942c68 | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #7 | libevent_malloc: new ptr-libevent@0x5641ad945978 size 128 | pstats #7 ikev2.ike established | **emit ISAKMP Message: | initiator cookie: | bb df d5 b9 5d 96 13 d2 | responder cookie: | d3 db 59 3f cd 74 e9 39 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | hmac PRF sha init symkey-key@0x7f49e400f0e0 (size 20) | hmac: symkey-key@0x7f49e400f0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49e400f0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0eb8 | result: clone-key@0x7f49e400a000 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49f0002b50 from symkey-key@0x7f49e400a000 | hmac prf: begin sha with context 0x7f49f0002b50 from symkey-key@0x7f49e400a000 | hmac: release clone-key@0x7f49e400a000 | hmac PRF sha crypt-prf@0x5641ad93f908 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload | my identity 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | idhash calc R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x5641aca808f4 (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7fff837b11b0 (length 20) | 85 9f 47 49 44 57 bc e0 86 2f 84 b2 5f d4 0b 0f | 79 57 f7 5f | assembled IDr payload | CHILD SA proposals received | going to assemble AUTH payload | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x5641ad891c48 (line=1) | concluding with best_match=014 best=0x5641ad891c48 (lineno=1) | inputs to hash1 (first packet) | bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 6e 43 2b ae 1a 0e f4 a7 5e 7e e3 29 | ca a8 1f 3f 96 9d c3 fd 27 2c 02 66 51 d5 e3 69 | d7 1e 3e 39 7d 66 cc f5 1f 1e 47 72 20 b9 0f 61 | c9 7d e5 b5 bb 53 2d 25 21 86 f2 3c 5a 72 c5 18 | e0 32 8c e4 8b 72 3d a8 24 16 6a b0 15 2c b4 34 | 2a ef d1 85 f2 9f 46 8b bc b1 28 b6 f5 47 b9 35 | 6d 29 b0 22 88 42 63 14 c0 f1 53 28 7a de 84 f6 | bf 78 53 e6 d6 f0 d1 a6 41 fc e4 4b 7c 56 8d a1 | c1 f3 0c ee 84 e6 ec 21 0b 98 66 4a ea ef 87 e0 | e6 8a 94 7f 72 62 cd 27 48 78 e4 ca 12 91 62 2b | 3b 5b 27 fc c2 f0 dc 1b 57 61 89 80 97 86 c6 60 | 61 bc cf aa 42 2d 0a 85 9a 15 78 4f 4b cf 78 53 | 12 0b c7 c6 3e 51 75 be a1 f7 04 eb 27 9f a0 ad | 96 6c 3b 63 e5 15 b7 e9 6e 2d 9c 5f 90 94 57 7a | ca 1e 8b a4 3a 54 6c 5f 95 07 83 fc cb 16 dd 63 | 36 fa 0d 45 67 c0 fc 51 6f a5 54 68 d1 13 e9 de | 10 d5 a3 fd 29 00 00 24 f8 e5 a8 5a 64 ce df e7 | 5b 55 db dc eb ce 00 21 58 d7 46 86 ab 5b 18 06 | 89 53 bc bf ea a5 8e 9e 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 b5 7a 3e 8e 7b 38 0a 5c | 97 d5 2c 94 46 65 11 8b 94 b1 83 0e 00 00 00 1c | 00 00 40 05 0a e1 9b ab 31 3b 40 52 ee 6a 13 ae | 19 97 d4 38 a8 1d 3f 84 | create: responder inputs to hash2 (initiator nonce) | 92 ef 82 bd 0c d7 8f 7c 41 43 4e d9 41 6a 23 fe | e0 f2 06 cc a6 d8 8f eb 1e 37 f7 23 bd 87 4c 4f | idhash 85 9f 47 49 44 57 bc e0 86 2f 84 b2 5f d4 0b 0f | idhash 79 57 f7 5f | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x5641ad91fc98 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0ca0 | result: shared secret-key@0x5641ad93d070 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x5641ad93d070 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c88 | result: shared secret-key@0x7f49e400a000 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x5641ad93d070 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f49f0002b50 from shared secret-key@0x7f49e400a000 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f49f0002b50 from shared secret-key@0x7f49e400a000 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f49e400a000 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x5641ad9413c8 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x5641aca154d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0cc0 | result: final-key@0x5641ad93d070 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad93d070 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0ca8 | result: final-key@0x7f49e400a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad93d070 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f49e400a000 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f49e400a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f49e400a000 (size 20) | = prf(, ): -key@0x7f49e400a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49e400a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0cb8 | result: clone-key@0x5641ad93d070 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f49f0002b50 from -key@0x5641ad93d070 | = prf(, ) prf: begin sha with context 0x7f49f0002b50 from -key@0x5641ad93d070 | = prf(, ): release clone-key@0x5641ad93d070 | = prf(, ) PRF sha crypt-prf@0x5641ad93f908 | = prf(, ) PRF sha update first-packet-bytes@0x5641ad945788 (length 440) | bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 6e 43 2b ae 1a 0e f4 a7 5e 7e e3 29 | ca a8 1f 3f 96 9d c3 fd 27 2c 02 66 51 d5 e3 69 | d7 1e 3e 39 7d 66 cc f5 1f 1e 47 72 20 b9 0f 61 | c9 7d e5 b5 bb 53 2d 25 21 86 f2 3c 5a 72 c5 18 | e0 32 8c e4 8b 72 3d a8 24 16 6a b0 15 2c b4 34 | 2a ef d1 85 f2 9f 46 8b bc b1 28 b6 f5 47 b9 35 | 6d 29 b0 22 88 42 63 14 c0 f1 53 28 7a de 84 f6 | bf 78 53 e6 d6 f0 d1 a6 41 fc e4 4b 7c 56 8d a1 | c1 f3 0c ee 84 e6 ec 21 0b 98 66 4a ea ef 87 e0 | e6 8a 94 7f 72 62 cd 27 48 78 e4 ca 12 91 62 2b | 3b 5b 27 fc c2 f0 dc 1b 57 61 89 80 97 86 c6 60 | 61 bc cf aa 42 2d 0a 85 9a 15 78 4f 4b cf 78 53 | 12 0b c7 c6 3e 51 75 be a1 f7 04 eb 27 9f a0 ad | 96 6c 3b 63 e5 15 b7 e9 6e 2d 9c 5f 90 94 57 7a | ca 1e 8b a4 3a 54 6c 5f 95 07 83 fc cb 16 dd 63 | 36 fa 0d 45 67 c0 fc 51 6f a5 54 68 d1 13 e9 de | 10 d5 a3 fd 29 00 00 24 f8 e5 a8 5a 64 ce df e7 | 5b 55 db dc eb ce 00 21 58 d7 46 86 ab 5b 18 06 | 89 53 bc bf ea a5 8e 9e 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 b5 7a 3e 8e 7b 38 0a 5c | 97 d5 2c 94 46 65 11 8b 94 b1 83 0e 00 00 00 1c | 00 00 40 05 0a e1 9b ab 31 3b 40 52 ee 6a 13 ae | 19 97 d4 38 a8 1d 3f 84 | = prf(, ) PRF sha update nonce-bytes@0x5641ad940ff8 (length 32) | 92 ef 82 bd 0c d7 8f 7c 41 43 4e d9 41 6a 23 fe | e0 f2 06 cc a6 d8 8f eb 1e 37 f7 23 bd 87 4c 4f | = prf(, ) PRF sha update hash-bytes@0x7fff837b11b0 (length 20) | 85 9f 47 49 44 57 bc e0 86 2f 84 b2 5f d4 0b 0f | 79 57 f7 5f | = prf(, ) PRF sha final-chunk@0x5641ad942cd8 (length 20) | 3e c3 6a 70 a0 cc 19 22 5c 00 40 e6 dc be 43 58 | b5 ac ca 3a | psk_auth: release prf-psk-key@0x7f49e400a000 | PSK auth octets 3e c3 6a 70 a0 cc 19 22 5c 00 40 e6 dc be 43 58 | PSK auth octets b5 ac ca 3a | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth 3e c3 6a 70 a0 cc 19 22 5c 00 40 e6 dc be 43 58 | PSK auth b5 ac ca 3a | emitting length of IKEv2 Authentication Payload: 28 | creating state object #8 at 0x5641ad945b88 | State DB: adding IKEv2 state #8 in UNDEFINED | pstats #8 ikev2.child started | duplicating state object #7 "east" as #8 for IPSEC SA | #8 setting local endpoint to 192.1.2.23:500 from #7.st_localport (in duplicate_state() at state.c:1484) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x5641ad9373d0 | duplicate_state: reference st_skey_ai_nss-key@0x7f49f4006bb0 | duplicate_state: reference st_skey_ar_nss-key@0x5641ad93dd30 | duplicate_state: reference st_skey_ei_nss-key@0x5641ad93f800 | duplicate_state: reference st_skey_er_nss-key@0x7f49e4006650 | duplicate_state: reference st_skey_pi_nss-key@0x7f49e400b980 | duplicate_state: reference st_skey_pr_nss-key@0x7f49e400f0e0 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #7.#8; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #7 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 | Message ID: switch-to #7.#8 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 | Child SA TS Request has ike->sa == md->st; so using parent connection | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | looking for best SPD in current connection | evaluating our conn="east" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found better spd route for TSi[0],TSr[0] | looking for better host pair | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | checking hostpair 192.0.2.0/24 -> 192.0.1.0/24 is found | investigating connection "east" as a better match | match_id a=@west | b=@west | results matched | evaluating our conn="east" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | did not find a better connection using host pair | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | using existing local ESP/AH proposals for east (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED 2:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 0 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 1 transforms | local proposal 2 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI 82 39 f7 88 | Comparing remote proposal 1 containing 3 transforms against local proposal [1..2] of 2 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | *****parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 1 "east" #7: proposal 1:ESP:SPI=8239f788;ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=8239f788;ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | netlink_get_spi: allocated 0x528fb4c1 for esp.0@192.1.2.23 | Emitting ikev2_proposal ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 52 8f b4 c1 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 01 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 02 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | integ=sha: .key_size=20 encrypt=aes: .key_size=16 .salt_size=0 keymat_len=36 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0d30 | result: data=Ni-key@0x5641ad93d070 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x5641ad93d070 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0d18 | result: data=Ni-key@0x7f49e400a000 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x5641ad93d070 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f49e400a000 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff837b0d20 | result: data+=Nr-key@0x5641ad93d070 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f49e400a000 | prf+0 PRF sha init key-key@0x5641ad9373d0 (size 20) | prf+0: key-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c48 | result: clone-key@0x7f49e400a000 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f49f0002b50 from key-key@0x7f49e400a000 | prf+0 prf: begin sha with context 0x7f49f0002b50 from key-key@0x7f49e400a000 | prf+0: release clone-key@0x7f49e400a000 | prf+0 PRF sha crypt-prf@0x5641ad93d628 | prf+0 PRF sha update seed-key@0x5641ad93d070 (size 64) | prf+0: seed-key@0x5641ad93d070 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5641ad93d070 | nss hmac digest hack: symkey-key@0x5641ad93d070 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1398713859: a9 3b e4 27 89 c6 16 58 eb b5 c3 e5 1b 6a 6b 48 a0 5a 9c d3 10 02 3d 43 ff ca 1a 4b 87 f1 6b 54 2a ae 17 e7 29 96 66 d5 e4 aa 49 0f f1 34 2f c6 c1 bc dc 1a d4 32 7d b7 e8 a9 da f8 94 97 f1 58 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 64 bytes at 0x5641ad93d458 | unwrapped: 92 ef 82 bd 0c d7 8f 7c 41 43 4e d9 41 6a 23 fe | unwrapped: e0 f2 06 cc a6 d8 8f eb 1e 37 f7 23 bd 87 4c 4f | unwrapped: f8 e5 a8 5a 64 ce df e7 5b 55 db dc eb ce 00 21 | unwrapped: 58 d7 46 86 ab 5b 18 06 89 53 bc bf ea a5 8e 9e | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0c50 | result: final-key@0x5641ad9469b0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad9469b0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c38 | result: final-key@0x7f49e400a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad9469b0 | prf+0 PRF sha final-key@0x7f49e400a000 (size 20) | prf+0: key-key@0x7f49e400a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x7f49e400a000 | prf+N PRF sha init key-key@0x5641ad9373d0 (size 20) | prf+N: key-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c48 | result: clone-key@0x5641ad9469b0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49f0002b50 from key-key@0x5641ad9469b0 | prf+N prf: begin sha with context 0x7f49f0002b50 from key-key@0x5641ad9469b0 | prf+N: release clone-key@0x5641ad9469b0 | prf+N PRF sha crypt-prf@0x5641ad93d128 | prf+N PRF sha update old_t-key@0x7f49e400a000 (size 20) | prf+N: old_t-key@0x7f49e400a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f49e400a000 | nss hmac digest hack: symkey-key@0x7f49e400a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 2d dc d0 24 8e 8d 9f 47 f6 7c e6 42 b4 f0 7c 74 5d f9 61 98 24 08 8f 2c a6 e4 c7 ff bb 56 76 0d | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x5641ad93c4a8 | unwrapped: a1 94 da ca ec c1 1b 0e bd 05 67 73 65 82 55 f1 | unwrapped: b5 ab 77 c8 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad93d070 (size 64) | prf+N: seed-key@0x5641ad93d070 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5641ad93d070 | nss hmac digest hack: symkey-key@0x5641ad93d070 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1398713859: a9 3b e4 27 89 c6 16 58 eb b5 c3 e5 1b 6a 6b 48 a0 5a 9c d3 10 02 3d 43 ff ca 1a 4b 87 f1 6b 54 2a ae 17 e7 29 96 66 d5 e4 aa 49 0f f1 34 2f c6 c1 bc dc 1a d4 32 7d b7 e8 a9 da f8 94 97 f1 58 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 64 bytes at 0x7f49fc002b78 | unwrapped: 92 ef 82 bd 0c d7 8f 7c 41 43 4e d9 41 6a 23 fe | unwrapped: e0 f2 06 cc a6 d8 8f eb 1e 37 f7 23 bd 87 4c 4f | unwrapped: f8 e5 a8 5a 64 ce df e7 5b 55 db dc eb ce 00 21 | unwrapped: 58 d7 46 86 ab 5b 18 06 89 53 bc bf ea a5 8e 9e | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0c50 | result: final-key@0x5641ad946af0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad946af0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c38 | result: final-key@0x5641ad9469b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad946af0 | prf+N PRF sha final-key@0x5641ad9469b0 (size 20) | prf+N: key-key@0x5641ad9469b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f49e400a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff837b0cc8 | result: result-key@0x5641ad946af0 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f49e400a000 | prfplus: release old_t[N]-key@0x7f49e400a000 | prf+N PRF sha init key-key@0x5641ad9373d0 (size 20) | prf+N: key-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c48 | result: clone-key@0x7f49e400a000 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49f0002b50 from key-key@0x7f49e400a000 | prf+N prf: begin sha with context 0x7f49f0002b50 from key-key@0x7f49e400a000 | prf+N: release clone-key@0x7f49e400a000 | prf+N PRF sha crypt-prf@0x5641ad93d628 | prf+N PRF sha update old_t-key@0x5641ad9469b0 (size 20) | prf+N: old_t-key@0x5641ad9469b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad9469b0 | nss hmac digest hack: symkey-key@0x5641ad9469b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: c6 f9 d7 7a 0a 90 71 d3 4b c6 b0 af 9f 47 47 4d 51 29 e9 89 c9 51 7f 9e 3b 99 3b 57 03 ed d2 73 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x5641ad93dcb8 | unwrapped: f2 be af 9c f4 60 75 08 f2 b5 32 77 db 9a 9c 84 | unwrapped: 91 df 49 b5 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad93d070 (size 64) | prf+N: seed-key@0x5641ad93d070 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5641ad93d070 | nss hmac digest hack: symkey-key@0x5641ad93d070 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1398713859: a9 3b e4 27 89 c6 16 58 eb b5 c3 e5 1b 6a 6b 48 a0 5a 9c d3 10 02 3d 43 ff ca 1a 4b 87 f1 6b 54 2a ae 17 e7 29 96 66 d5 e4 aa 49 0f f1 34 2f c6 c1 bc dc 1a d4 32 7d b7 e8 a9 da f8 94 97 f1 58 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 64 bytes at 0x5641ad93d458 | unwrapped: 92 ef 82 bd 0c d7 8f 7c 41 43 4e d9 41 6a 23 fe | unwrapped: e0 f2 06 cc a6 d8 8f eb 1e 37 f7 23 bd 87 4c 4f | unwrapped: f8 e5 a8 5a 64 ce df e7 5b 55 db dc eb ce 00 21 | unwrapped: 58 d7 46 86 ab 5b 18 06 89 53 bc bf ea a5 8e 9e | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0c50 | result: final-key@0x5641ad949c80 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad949c80 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c38 | result: final-key@0x7f49e400a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad949c80 | prf+N PRF sha final-key@0x7f49e400a000 (size 20) | prf+N: key-key@0x7f49e400a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad946af0 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff837b0cc8 | result: result-key@0x5641ad949c80 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5641ad946af0 | prfplus: release old_t[N]-key@0x5641ad9469b0 | prf+N PRF sha init key-key@0x5641ad9373d0 (size 20) | prf+N: key-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c48 | result: clone-key@0x5641ad9469b0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49f0002b50 from key-key@0x5641ad9469b0 | prf+N prf: begin sha with context 0x7f49f0002b50 from key-key@0x5641ad9469b0 | prf+N: release clone-key@0x5641ad9469b0 | prf+N PRF sha crypt-prf@0x5641ad93c4a8 | prf+N PRF sha update old_t-key@0x7f49e400a000 (size 20) | prf+N: old_t-key@0x7f49e400a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f49e400a000 | nss hmac digest hack: symkey-key@0x7f49e400a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: eb f0 ef 60 6f ec 0f c4 77 bb ca ef 65 ba 47 d7 e3 fd f3 5f b1 2d 86 f4 29 2c 70 46 c0 de a1 33 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x5641ad949d38 | unwrapped: 57 0c 27 51 e8 33 5c 27 c7 88 b9 fc 19 df 1e 19 | unwrapped: 27 cd ed 44 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad93d070 (size 64) | prf+N: seed-key@0x5641ad93d070 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5641ad93d070 | nss hmac digest hack: symkey-key@0x5641ad93d070 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1398713859: a9 3b e4 27 89 c6 16 58 eb b5 c3 e5 1b 6a 6b 48 a0 5a 9c d3 10 02 3d 43 ff ca 1a 4b 87 f1 6b 54 2a ae 17 e7 29 96 66 d5 e4 aa 49 0f f1 34 2f c6 c1 bc dc 1a d4 32 7d b7 e8 a9 da f8 94 97 f1 58 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 64 bytes at 0x7f49fc002b78 | unwrapped: 92 ef 82 bd 0c d7 8f 7c 41 43 4e d9 41 6a 23 fe | unwrapped: e0 f2 06 cc a6 d8 8f eb 1e 37 f7 23 bd 87 4c 4f | unwrapped: f8 e5 a8 5a 64 ce df e7 5b 55 db dc eb ce 00 21 | unwrapped: 58 d7 46 86 ab 5b 18 06 89 53 bc bf ea a5 8e 9e | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0c50 | result: final-key@0x5641ad946af0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad946af0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c38 | result: final-key@0x5641ad9469b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad946af0 | prf+N PRF sha final-key@0x5641ad9469b0 (size 20) | prf+N: key-key@0x5641ad9469b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad949c80 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff837b0cc8 | result: result-key@0x5641ad946af0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5641ad949c80 | prfplus: release old_t[N]-key@0x7f49e400a000 | prfplus: release old_t[final]-key@0x5641ad9469b0 | child_sa_keymat: release data-key@0x5641ad93d070 | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x5641ad946af0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0da8 | result: result-key@0x5641ad93d070 (36-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 36 bytes of key@0x5641ad93d070 | initiator to responder keys: symkey-key@0x5641ad93d070 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x5641ad91fd40 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)540160800: 2d dc d0 24 8e 8d 9f 47 f6 7c e6 42 b4 f0 7c 74 00 a8 65 58 99 c1 26 62 57 5c 2a 1e f1 1a 2d 71 d4 f2 56 d9 8f 84 8c b2 e8 ff 37 3d f7 1f ed 23 | initiator to responder keys: release slot-key-key@0x5641ad91fd40 | initiator to responder keys extracted len 48 bytes at 0x5641ad944488 | unwrapped: a1 94 da ca ec c1 1b 0e bd 05 67 73 65 82 55 f1 | unwrapped: b5 ab 77 c8 f2 be af 9c f4 60 75 08 f2 b5 32 77 | unwrapped: db 9a 9c 84 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x5641ad93d070 | key-offset: 36, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x5641ad946af0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0da8 | result: result-key@0x5641ad93d070 (36-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 36 bytes of key@0x5641ad93d070 | responder to initiator keys:: symkey-key@0x5641ad93d070 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x5641ad91fd40 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)540160800: b9 cd 89 1c 50 73 c2 72 c6 b8 0c b1 52 0c d0 b3 45 4c 89 e5 d4 99 4c 0f 66 19 7f 65 8e ad 45 25 0e a6 c8 bd 7a 2b 16 ee fa 4c 22 ec 70 77 00 16 | responder to initiator keys:: release slot-key-key@0x5641ad91fd40 | responder to initiator keys: extracted len 48 bytes at 0x5641ad9444e8 | unwrapped: 91 df 49 b5 57 0c 27 51 e8 33 5c 27 c7 88 b9 fc | unwrapped: 19 df 1e 19 27 cd ed 44 6c 46 e2 b8 f7 ee 38 03 | unwrapped: 27 da 08 35 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x5641ad93d070 | ikev2_derive_child_keys: release keymat-key@0x5641ad946af0 | FOR_EACH_CONNECTION_... in ISAKMP_SA_established | #7 spent 2.28 milliseconds | install_ipsec_sa() for #8: inbound and outbound | could_route called for east (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" prospective erouted: self; eroute owner: self | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.8239f788@192.1.2.45 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.528fb4c1@192.1.2.23 included non-error error | priority calculation of connection "east" is 0xfe7e7 | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #8: prospective erouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" prospective erouted: self; eroute owner: self | route_and_eroute with c: east (next: none) ero:east esr:{(nil)} ro:east rosr:{(nil)} and state: #8 | priority calculation of connection "east" is 0xfe7e7 | eroute_connection replace eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45>tun.0@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x8239f788 SPI_OUT=0x528 | popen cmd is 1020 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFA: | cmd( 80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' : | cmd( 160):PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_M: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1638: | cmd( 320):8' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_: | cmd( 400):CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK=': | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKE: | cmd( 640):V2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO: | cmd( 720):_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_IN: | cmd( 800):FO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_: | cmd( 880):CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=: | cmd( 960):'no' SPI_IN=0x8239f788 SPI_OUT=0x528fb4c1 ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | route_and_eroute: instance "east", setting eroute_owner {spd=0x5641ad9383e8,sr=0x5641ad9383e8} to #8 (was #0) (newest_ipsec_sa=#0) | #7 spent 0.713 milliseconds in install_ipsec_sa() | ISAKMP_v2_IKE_AUTH: instance east[0], setting IKEv2 newest_ipsec_sa to #8 (was #0) (spd.eroute=#8) cloned from #7 | adding 12 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 176 | emitting length of ISAKMP Message: 204 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 05 b6 e3 0f 98 a3 2f 02 e2 f0 d6 db d9 1b 1c 24 | data before encryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 3e c3 6a 70 a0 cc 19 22 5c 00 40 e6 | dc be 43 58 b5 ac ca 3a 2c 00 00 2c 00 00 00 28 | 01 03 04 03 52 8f b4 c1 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 03 00 00 02 00 00 00 08 | 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 01 00 c0 00 01 ff 00 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 | c0 00 02 ff 00 01 02 03 04 05 06 07 08 09 0a 0b | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 9e ae 58 40 95 fc e2 22 3c b2 9d f1 4d 63 44 a8 | 82 10 d0 93 78 23 5d 0f 04 67 3a 68 04 9b 24 95 | 77 38 45 58 ac aa 10 e2 63 b2 ed c4 a4 74 13 c8 | 6c 3d 17 06 16 d0 53 a8 ce 78 87 04 c3 5a 4d 2c | 63 31 aa d8 b1 17 af e6 e6 e8 a6 32 88 cd 5f 1d | ff 02 0c 76 1b 02 f9 0b 01 4f fe cd e2 fb d9 c1 | 0b 79 62 e0 ae a6 b2 e3 99 5e f5 26 6d 47 62 48 | 63 75 b1 00 f6 9c 22 20 4f 86 bd 1a ff ac 1d e6 | 54 2a 98 a4 65 e6 6e 54 cb cd 25 9a 15 54 20 38 | hmac PRF sha init symkey-key@0x5641ad93dd30 (size 20) | hmac: symkey-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0dc8 | result: clone-key@0x5641ad946af0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49f0002b50 from symkey-key@0x5641ad946af0 | hmac prf: begin sha with context 0x7f49f0002b50 from symkey-key@0x5641ad946af0 | hmac: release clone-key@0x5641ad946af0 | hmac PRF sha crypt-prf@0x5641ad93d628 | hmac PRF sha update data-bytes@0x5641aca808c0 (length 192) | bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | 05 b6 e3 0f 98 a3 2f 02 e2 f0 d6 db d9 1b 1c 24 | 9e ae 58 40 95 fc e2 22 3c b2 9d f1 4d 63 44 a8 | 82 10 d0 93 78 23 5d 0f 04 67 3a 68 04 9b 24 95 | 77 38 45 58 ac aa 10 e2 63 b2 ed c4 a4 74 13 c8 | 6c 3d 17 06 16 d0 53 a8 ce 78 87 04 c3 5a 4d 2c | 63 31 aa d8 b1 17 af e6 e6 e8 a6 32 88 cd 5f 1d | ff 02 0c 76 1b 02 f9 0b 01 4f fe cd e2 fb d9 c1 | 0b 79 62 e0 ae a6 b2 e3 99 5e f5 26 6d 47 62 48 | 63 75 b1 00 f6 9c 22 20 4f 86 bd 1a ff ac 1d e6 | 54 2a 98 a4 65 e6 6e 54 cb cd 25 9a 15 54 20 38 | hmac PRF sha final-bytes@0x5641aca80980 (length 20) | 1d a0 7b 8d a4 82 3f 2a 88 1c f4 24 9b 13 f7 a2 | 54 e3 e9 89 | data being hmac: bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | data being hmac: 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | data being hmac: 05 b6 e3 0f 98 a3 2f 02 e2 f0 d6 db d9 1b 1c 24 | data being hmac: 9e ae 58 40 95 fc e2 22 3c b2 9d f1 4d 63 44 a8 | data being hmac: 82 10 d0 93 78 23 5d 0f 04 67 3a 68 04 9b 24 95 | data being hmac: 77 38 45 58 ac aa 10 e2 63 b2 ed c4 a4 74 13 c8 | data being hmac: 6c 3d 17 06 16 d0 53 a8 ce 78 87 04 c3 5a 4d 2c | data being hmac: 63 31 aa d8 b1 17 af e6 e6 e8 a6 32 88 cd 5f 1d | data being hmac: ff 02 0c 76 1b 02 f9 0b 01 4f fe cd e2 fb d9 c1 | data being hmac: 0b 79 62 e0 ae a6 b2 e3 99 5e f5 26 6d 47 62 48 | data being hmac: 63 75 b1 00 f6 9c 22 20 4f 86 bd 1a ff ac 1d e6 | data being hmac: 54 2a 98 a4 65 e6 6e 54 cb cd 25 9a 15 54 20 38 | out calculated auth: | 1d a0 7b 8d a4 82 3f 2a 88 1c f4 24 | ikev2_parent_inI2outR2_continue_tail returned STF_OK | #7 spent 3.25 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() | suspend processing: state #7 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | start processing: state #8 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #8 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R | child state #8: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) | Message ID: updating counters for #8 to 1 after switching state | Message ID: recv #7.#8 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 | Message ID: sent #7.#8 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 | pstats #8 ikev2.child established "east" #8: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0] | NAT-T: encaps is 'auto' "east" #8: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0x8239f788 <0x528fb4c1 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 204 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #7) | bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | 05 b6 e3 0f 98 a3 2f 02 e2 f0 d6 db d9 1b 1c 24 | 9e ae 58 40 95 fc e2 22 3c b2 9d f1 4d 63 44 a8 | 82 10 d0 93 78 23 5d 0f 04 67 3a 68 04 9b 24 95 | 77 38 45 58 ac aa 10 e2 63 b2 ed c4 a4 74 13 c8 | 6c 3d 17 06 16 d0 53 a8 ce 78 87 04 c3 5a 4d 2c | 63 31 aa d8 b1 17 af e6 e6 e8 a6 32 88 cd 5f 1d | ff 02 0c 76 1b 02 f9 0b 01 4f fe cd e2 fb d9 c1 | 0b 79 62 e0 ae a6 b2 e3 99 5e f5 26 6d 47 62 48 | 63 75 b1 00 f6 9c 22 20 4f 86 bd 1a ff ac 1d e6 | 54 2a 98 a4 65 e6 6e 54 cb cd 25 9a 15 54 20 38 | 1d a0 7b 8d a4 82 3f 2a 88 1c f4 24 | releasing whack for #8 (sock=fd@-1) | releasing whack and unpending for parent #7 | unpending state #7 connection "east" | #8 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x7f49f0002b78 | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #8 | libevent_malloc: new ptr-libevent@0x5641ad945ad8 size 128 | resume sending helper answer for #7 suppresed complete_v2_state_transition() | #7 spent 3.67 milliseconds in resume sending helper answer | stop processing: state #8 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f49e4005088 | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00511 milliseconds in signal handler PLUTO_SIGCHLD | spent 0 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | 58 67 96 fe f8 c9 d5 bc b5 1e f1 15 22 f6 e3 5c | 3e 63 17 e0 31 55 2b 0d 45 c9 f5 eb c9 2c 23 75 | 2d fb c1 79 b5 47 9b 19 2b 97 8d b0 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | bb df d5 b9 5d 96 13 d2 | responder cookie: | d3 db 59 3f cd 74 e9 39 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #7 in PARENT_R2 (find_v2_ike_sa) | start processing: state #7 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #7 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 | Message ID: #7 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SK (len=44) | Message ID: start-responder #7 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 | #7 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x7f49f4006bb0 (size 20) | hmac: symkey-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b19f8 | result: clone-key@0x5641ad946af0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49fc002b50 from symkey-key@0x5641ad946af0 | hmac prf: begin sha with context 0x7f49fc002b50 from symkey-key@0x5641ad946af0 | hmac: release clone-key@0x5641ad946af0 | hmac PRF sha crypt-prf@0x5641ad942bd8 | hmac PRF sha update data-bytes@0x5641ad891898 (length 64) | bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | 58 67 96 fe f8 c9 d5 bc b5 1e f1 15 22 f6 e3 5c | 3e 63 17 e0 31 55 2b 0d 45 c9 f5 eb c9 2c 23 75 | hmac PRF sha final-bytes@0x7fff837b1bc0 (length 20) | 2d fb c1 79 b5 47 9b 19 2b 97 8d b0 45 ef 95 8f | f7 56 9a 7d | data for hmac: bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | data for hmac: 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | data for hmac: 58 67 96 fe f8 c9 d5 bc b5 1e f1 15 22 f6 e3 5c | data for hmac: 3e 63 17 e0 31 55 2b 0d 45 c9 f5 eb c9 2c 23 75 | calculated auth: 2d fb c1 79 b5 47 9b 19 2b 97 8d b0 | provided auth: 2d fb c1 79 b5 47 9b 19 2b 97 8d b0 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 58 67 96 fe f8 c9 d5 bc b5 1e f1 15 22 f6 e3 5c | payload before decryption: | 3e 63 17 e0 31 55 2b 0d 45 c9 f5 eb c9 2c 23 75 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 00 00 00 0c 03 04 00 01 82 39 f7 88 00 01 02 03 | stripping 4 octets as pad | #7 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 12 (0xc) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | processing payload: ISAKMP_NEXT_v2D (len=4) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | bb df d5 b9 5d 96 13 d2 | responder cookie: | d3 db 59 3f cd 74 e9 39 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | parsing 4 raw bytes of IKEv2 Delete Payload into SPI | SPI 82 39 f7 88 | delete PROTO_v2_ESP SA(0x8239f788) | v2 CHILD SA #8 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_R | State DB: found IKEv2 state #8 in V2_IPSEC_R (find_v2_child_sa_by_outbound_spi) | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x8239f788) "east" #7: received Delete SA payload: delete IPsec State #8 now | pstats #8 ikev2.child deleted completed | suspend processing: state #7 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) | start processing: state #8 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #8: deleting other state #8 (STATE_V2_IPSEC_R) aged 0.100s and NOT sending notification | child state #8: V2_IPSEC_R(established CHILD SA) => delete | get_sa_info esp.8239f788@192.1.2.45 | get_sa_info esp.528fb4c1@192.1.2.23 "east" #8: ESP traffic information: in=84B out=84B | child state #8: V2_IPSEC_R(established CHILD SA) => CHILDSA_DEL(informational) | state #8 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x5641ad945ad8 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f49f0002b78 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844014' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x8239f788 | popen cmd is 1031 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east: | cmd( 160):' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='1566844014' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUN: | cmd( 640):NEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMA: | cmd( 720):NENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_: | cmd( 800):PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER: | cmd( 880):='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' : | cmd( 960):VTI_SHARED='no' SPI_IN=0x8239f788 SPI_OUT=0x528fb4c1 ipsec _updown 2>&1: | shunt_eroute() called for connection 'east' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "east" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.8239f788@192.1.2.45 | netlink response for Del SA esp.8239f788@192.1.2.45 included non-error error | priority calculation of connection "east" is 0xfe7e7 | delete inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) | raw_eroute result=success | delete esp.528fb4c1@192.1.2.23 | netlink response for Del SA esp.528fb4c1@192.1.2.23 included non-error error | in connection_discard for connection east | State DB: deleting IKEv2 state #8 in CHILDSA_DEL | child state #8: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #8 from 192.1.2.45:500 (in delete_state() at state.c:1143) | resume processing: state #7 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x5641ad9373d0 | delete_state: release st->st_skey_ai_nss-key@0x7f49f4006bb0 | delete_state: release st->st_skey_ar_nss-key@0x5641ad93dd30 | delete_state: release st->st_skey_ei_nss-key@0x5641ad93f800 | delete_state: release st->st_skey_er_nss-key@0x7f49e4006650 | delete_state: release st->st_skey_pi_nss-key@0x7f49e400b980 | delete_state: release st->st_skey_pr_nss-key@0x7f49e400f0e0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload | local SPIs 52 8f b4 c1 | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | d2 3b 74 3b 07 05 4c f8 56 5d 4a 86 36 ac 2c 20 | data before encryption: | 00 00 00 0c 03 04 00 01 52 8f b4 c1 00 01 02 03 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 0c 35 e3 d0 91 4c d6 5a 20 92 ad e9 69 df 11 e9 | hmac PRF sha init symkey-key@0x5641ad93dd30 (size 20) | hmac: symkey-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b15a8 | result: clone-key@0x5641ad946af0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49f0002b50 from symkey-key@0x5641ad946af0 | hmac prf: begin sha with context 0x7f49f0002b50 from symkey-key@0x5641ad946af0 | hmac: release clone-key@0x5641ad946af0 | hmac PRF sha crypt-prf@0x5641ad93d628 | hmac PRF sha update data-bytes@0x5641aca808c0 (length 64) | bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | d2 3b 74 3b 07 05 4c f8 56 5d 4a 86 36 ac 2c 20 | 0c 35 e3 d0 91 4c d6 5a 20 92 ad e9 69 df 11 e9 | hmac PRF sha final-bytes@0x5641aca80900 (length 20) | 5f 0b e3 32 1c 6e 4b 18 9f 60 d9 47 15 17 f7 d3 | 6a 86 d5 40 | data being hmac: bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | data being hmac: 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | data being hmac: d2 3b 74 3b 07 05 4c f8 56 5d 4a 86 36 ac 2c 20 | data being hmac: 0c 35 e3 d0 91 4c d6 5a 20 92 ad e9 69 df 11 e9 | out calculated auth: | 5f 0b e3 32 1c 6e 4b 18 9f 60 d9 47 | sending 76 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #7) | bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | d2 3b 74 3b 07 05 4c f8 56 5d 4a 86 36 ac 2c 20 | 0c 35 e3 d0 91 4c d6 5a 20 92 ad e9 69 df 11 e9 | 5f 0b e3 32 1c 6e 4b 18 9f 60 d9 47 | Message ID: #7 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2 | Message ID: sent #7 response 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1->2 responder.recv=1 wip.initiator=-1 wip.responder=2 | #7 spent 1.16 milliseconds in processing: R2: process INFORMATIONAL Request in ikev2_process_state_packet() | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #7 complete_v2_state_transition() PARENT_R2->PARENT_R2 with status STF_OK | Message ID: updating counters for #7 to 2 after switching state | Message ID: recv #7 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=1->2 wip.initiator=-1 wip.responder=2->-1 | Message ID: #7 skipping update_send as nothing to send; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1 "east" #7: STATE_PARENT_R2: received v2I2, PARENT SA established | stop processing: state #7 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #7 spent 1.44 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.45 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00168 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | dc 66 37 fb 34 a3 fa 58 dd ea 0a e6 5c 22 ef 00 | 92 57 5b fb b1 86 43 05 bd b4 18 24 24 55 33 f6 | aa 64 d7 7f 06 f3 c1 48 10 0d 57 7f | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | bb df d5 b9 5d 96 13 d2 | responder cookie: | d3 db 59 3f cd 74 e9 39 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #7 in PARENT_R2 (find_v2_ike_sa) | start processing: state #7 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #7 st.st_msgid_lastrecv 2 md.hdr.isa_msgid 00000003 | Message ID: #7 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SK (len=44) | Message ID: start-responder #7 request 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1->3 | #7 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x7f49f4006bb0 (size 20) | hmac: symkey-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b19f8 | result: clone-key@0x5641ad946af0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49f0002b50 from symkey-key@0x5641ad946af0 | hmac prf: begin sha with context 0x7f49f0002b50 from symkey-key@0x5641ad946af0 | hmac: release clone-key@0x5641ad946af0 | hmac PRF sha crypt-prf@0x5641ad942bd8 | hmac PRF sha update data-bytes@0x5641ad891898 (length 64) | bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | dc 66 37 fb 34 a3 fa 58 dd ea 0a e6 5c 22 ef 00 | 92 57 5b fb b1 86 43 05 bd b4 18 24 24 55 33 f6 | hmac PRF sha final-bytes@0x7fff837b1bc0 (length 20) | aa 64 d7 7f 06 f3 c1 48 10 0d 57 7f 61 f5 c0 6c | 34 78 7d fb | data for hmac: bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | data for hmac: 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | data for hmac: dc 66 37 fb 34 a3 fa 58 dd ea 0a e6 5c 22 ef 00 | data for hmac: 92 57 5b fb b1 86 43 05 bd b4 18 24 24 55 33 f6 | calculated auth: aa 64 d7 7f 06 f3 c1 48 10 0d 57 7f | provided auth: aa 64 d7 7f 06 f3 c1 48 10 0d 57 7f | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | dc 66 37 fb 34 a3 fa 58 dd ea 0a e6 5c 22 ef 00 | payload before decryption: | 92 57 5b fb b1 86 43 05 bd b4 18 24 24 55 33 f6 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | stripping 8 octets as pad | #7 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | processing payload: ISAKMP_NEXT_v2D (len=0) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | bb df d5 b9 5d 96 13 d2 | responder cookie: | d3 db 59 3f cd 74 e9 39 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | adding 16 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0e repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0f repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | c4 6b 2f 7e 04 31 23 ef 77 77 93 df c7 26 63 d8 | data before encryption: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 33 8f 81 75 3b 8a 7b 89 e5 2b d7 ba da 26 25 97 | hmac PRF sha init symkey-key@0x5641ad93dd30 (size 20) | hmac: symkey-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b15a8 | result: clone-key@0x5641ad946af0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49f0002b50 from symkey-key@0x5641ad946af0 | hmac prf: begin sha with context 0x7f49f0002b50 from symkey-key@0x5641ad946af0 | hmac: release clone-key@0x5641ad946af0 | hmac PRF sha crypt-prf@0x5641ad93d628 | hmac PRF sha update data-bytes@0x5641aca808c0 (length 64) | bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | c4 6b 2f 7e 04 31 23 ef 77 77 93 df c7 26 63 d8 | 33 8f 81 75 3b 8a 7b 89 e5 2b d7 ba da 26 25 97 | hmac PRF sha final-bytes@0x5641aca80900 (length 20) | c5 e2 50 1a 5f b5 79 be 9a b4 90 14 a2 6c f2 3c | 38 98 7c 56 | data being hmac: bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | data being hmac: 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | data being hmac: c4 6b 2f 7e 04 31 23 ef 77 77 93 df c7 26 63 d8 | data being hmac: 33 8f 81 75 3b 8a 7b 89 e5 2b d7 ba da 26 25 97 | out calculated auth: | c5 e2 50 1a 5f b5 79 be 9a b4 90 14 | sending 76 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #7) | bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | c4 6b 2f 7e 04 31 23 ef 77 77 93 df c7 26 63 d8 | 33 8f 81 75 3b 8a 7b 89 e5 2b d7 ba da 26 25 97 | c5 e2 50 1a 5f b5 79 be 9a b4 90 14 | Message ID: #7 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=3 | Message ID: sent #7 response 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2->3 responder.recv=2 wip.initiator=-1 wip.responder=3 | State DB: IKEv2 state not found (delete_my_family) | parent state #7: PARENT_R2(established IKE SA) => IKESA_DEL(established IKE SA) | pstats #7 ikev2.ike deleted completed | #7 spent 10.2 milliseconds in total | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #7: deleting state (STATE_IKESA_DEL) aged 0.137s and NOT sending notification | parent state #7: IKESA_DEL(established IKE SA) => delete | state #7 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x5641ad945978 | free_event_entry: release EVENT_SA_REKEY-pe@0x5641ad942c68 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #7 in IKESA_DEL | parent state #7: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f49f0003a28: destroyed | stop processing: state #7 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x5641ad924ad0 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x5641ad9373d0 | delete_state: release st->st_skey_ai_nss-key@0x7f49f4006bb0 | delete_state: release st->st_skey_ar_nss-key@0x5641ad93dd30 | delete_state: release st->st_skey_ei_nss-key@0x5641ad93f800 | delete_state: release st->st_skey_er_nss-key@0x7f49e4006650 | delete_state: release st->st_skey_pi_nss-key@0x7f49e400b980 | delete_state: release st->st_skey_pr_nss-key@0x7f49e400f0e0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | in statetime_stop() and could not find #7 | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3379) | #0 complete_v2_state_transition() md.from_state=PARENT_R2 md.svm.state[from]=PARENT_R2 UNDEFINED->PARENT_R2 with status STF_OK | STF_OK but no state object remains | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #7 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.742 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00439 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00302 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 1f 76 f1 12 67 3d 5b b6 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 64 fb 47 d7 eb 66 1b 4e b4 87 87 6a | 6d c8 5a ec 78 7e 5a 84 9f 4f 22 80 85 8f f6 03 | 73 62 9d b0 5c 19 af 4f 59 8d fc 9f 2f 4a 24 10 | 9e a0 9a fd f1 f7 2c 14 00 de c3 f1 8e c7 76 5e | a8 d4 d1 32 27 52 85 ae 3a 89 06 22 a5 14 da 3d | ea d8 50 43 64 9a ef 46 7c c3 d4 85 3f da 0d d2 | 3b 1e 68 f3 9d 8d 46 f2 ed 26 87 12 e8 ff e2 d3 | 30 11 cd b0 8e ff 94 56 61 d8 83 6f 96 2c dd 32 | 9b a7 3e bf 77 4e 93 54 f7 6f cd 88 e6 19 03 b8 | f1 83 14 74 d4 fd 9e 63 b0 10 a0 48 aa 7e f2 dc | ad 01 4f d3 1c 7f 69 4f 2e 67 fc ee 97 d0 01 3c | dd 1b 16 ca b3 67 47 3a b8 e2 da d0 53 05 02 fa | 26 41 64 6f 75 61 0e c0 6d 11 84 e9 d9 10 af 89 | b7 58 59 1a cd 2e ae 43 b3 7d b8 1b c5 5b b1 d5 | ec 60 f7 fb 09 c1 72 c9 b9 6a e7 a7 42 9a 57 72 | a6 43 28 29 61 09 ab 67 97 6d 5b ce de 22 7f 71 | 94 5b d5 c7 29 00 00 24 28 81 cc fd 60 24 b7 fd | 84 09 7e 7e 5a aa 3e 9f 27 b0 18 b2 d4 c2 2f 4a | 84 47 64 62 2f d8 ab 5e 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 9b cb 45 8a 6c 49 68 78 | 2a 75 7d 47 e8 ee 9d d7 22 e2 bd f2 00 00 00 1c | 00 00 40 05 01 52 05 19 5d b8 48 51 74 60 9a 0c | a1 d2 24 20 65 2b f0 e2 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 1f 76 f1 12 67 3d 5b b6 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x5641ad939378 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x5641aca74700 (length 32) | 64 59 39 7d cd b9 28 1d f1 c8 1c 37 a1 76 10 ce | 60 62 36 da 0f 08 a7 5a 08 fd 21 a0 d8 62 36 c1 | IKE SPIr hash sha2_256 digest counter-bytes@0x5641aca746e0 (length 4) | 06 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff837b2220 (length 32) | cc 88 7d 43 5d b9 94 50 05 75 5b 11 38 63 fa 7f | 0e a4 cf 85 ef d8 15 0b 4f a3 24 81 97 71 e7 ae | creating state object #9 at 0x5641ad93c5a8 | State DB: adding IKEv2 state #9 in UNDEFINED | pstats #9 ikev2.ike started | Message ID: init #9: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #9: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #9; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #9 connection "east" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #9 connection "east" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) | #9 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #9 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #9 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #9 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #9 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 "east" #9: proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | DH public value received: | 64 fb 47 d7 eb 66 1b 4e b4 87 87 6a 6d c8 5a ec | 78 7e 5a 84 9f 4f 22 80 85 8f f6 03 73 62 9d b0 | 5c 19 af 4f 59 8d fc 9f 2f 4a 24 10 9e a0 9a fd | f1 f7 2c 14 00 de c3 f1 8e c7 76 5e a8 d4 d1 32 | 27 52 85 ae 3a 89 06 22 a5 14 da 3d ea d8 50 43 | 64 9a ef 46 7c c3 d4 85 3f da 0d d2 3b 1e 68 f3 | 9d 8d 46 f2 ed 26 87 12 e8 ff e2 d3 30 11 cd b0 | 8e ff 94 56 61 d8 83 6f 96 2c dd 32 9b a7 3e bf | 77 4e 93 54 f7 6f cd 88 e6 19 03 b8 f1 83 14 74 | d4 fd 9e 63 b0 10 a0 48 aa 7e f2 dc ad 01 4f d3 | 1c 7f 69 4f 2e 67 fc ee 97 d0 01 3c dd 1b 16 ca | b3 67 47 3a b8 e2 da d0 53 05 02 fa 26 41 64 6f | 75 61 0e c0 6d 11 84 e9 d9 10 af 89 b7 58 59 1a | cd 2e ae 43 b3 7d b8 1b c5 5b b1 d5 ec 60 f7 fb | 09 c1 72 c9 b9 6a e7 a7 42 9a 57 72 a6 43 28 29 | 61 09 ab 67 97 6d 5b ce de 22 7f 71 94 5b d5 c7 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff837b1c20 (length 8) | 1f 76 f1 12 67 3d 5b b6 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff837b1c28 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff837b1bb4 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff837b1ba6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff837b1c30 (length 20) | 01 52 05 19 5d b8 48 51 74 60 9a 0c a1 d2 24 20 | 65 2b f0 e2 | natd_hash: hasher=0x5641aca57800(20) | natd_hash: icookie= 1f 76 f1 12 67 3d 5b b6 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 01 52 05 19 5d b8 48 51 74 60 9a 0c a1 d2 24 20 | natd_hash: hash= 65 2b f0 e2 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff837b1c20 (length 8) | 1f 76 f1 12 67 3d 5b b6 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff837b1c28 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff837b1bb4 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff837b1ba6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff837b1c50 (length 20) | 9b cb 45 8a 6c 49 68 78 2a 75 7d 47 e8 ee 9d d7 | 22 e2 bd f2 | natd_hash: hasher=0x5641aca57800(20) | natd_hash: icookie= 1f 76 f1 12 67 3d 5b b6 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 9b cb 45 8a 6c 49 68 78 2a 75 7d 47 e8 ee 9d d7 | natd_hash: hash= 22 e2 bd f2 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 | adding ikev2_inI1outR1 KE work-order 7 for state #9 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5641ad942c68 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #9 | libevent_malloc: new ptr-libevent@0x7f49e4005088 size 128 | #9 spent 0.293 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | crypto helper 6 resuming | #9 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND | crypto helper 6 starting work-order 7 for state #9 | suspending state #9 and saving MD | #9 is busy; has a suspended MD | crypto helper 6 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 7 | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) | "east" #9 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | stop processing: state #9 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #9 spent 0.685 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | spent 0.697 milliseconds in comm_handle_cb() reading and processing packet | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f49e8003a28: created | NSS: Local DH MODP2048 secret (pointer): 0x7f49e8003a28 | NSS: Public DH wire value: | 19 16 37 c1 7e 96 ff f1 94 a6 52 0e 4d 86 ec ba | 53 6c aa 32 74 42 65 a8 df 3a 04 70 95 9b 16 a1 | 8d e7 87 31 82 e4 98 dc 81 06 fa 41 cd 8f 76 27 | 83 e7 04 6b c6 d7 a8 aa 4c 18 16 11 aa 05 db f1 | 74 f4 23 60 70 b1 30 57 3d 0e 57 5a 94 4c 79 0b | 86 d2 01 d6 2f fc 29 c4 26 36 60 52 0b 9a 43 27 | 33 75 f0 86 88 33 fa f8 14 b0 8c f0 51 ae b2 3d | b5 04 fc da ef 2f 39 bf 95 ef 22 62 0f d8 aa 62 | ea fa d1 1a 04 fa 91 66 a9 b4 9a 25 23 9d 3d 15 | e8 d0 21 0d 06 3a 46 5c 23 c5 a5 9a b0 66 07 f5 | 4d b3 4e e6 c0 85 ca 24 1f 2c 1d 55 a2 9b 17 87 | 84 76 89 2e 9c 96 87 e1 1e a6 65 6a 4b f1 a3 f9 | 45 9f 1a 54 28 09 f0 cf f9 91 68 71 25 3e 98 ed | 50 de e3 5d 9b 6e d4 5a c5 a1 61 2e 80 f1 3a 5e | 27 dc 64 6e 7b a1 25 ac c7 48 90 0f f4 07 d0 6b | ca 34 ba dc 21 ea 03 39 57 1e ed f8 82 3a 7c 72 | Generated nonce: c4 84 56 b4 8f 1b ac d3 dc 5d 36 f5 29 ba e0 0a | Generated nonce: 90 e4 f4 d5 6a 82 3a 95 e8 a9 f4 d0 34 06 b5 87 | crypto helper 6 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 7 time elapsed 0.000771 seconds | (#9) spent 0.745 milliseconds in crypto helper computing work-order 7: ikev2_inI1outR1 KE (pcr) | crypto helper 6 sending results from work-order 7 for state #9 to event queue | scheduling resume sending helper answer for #9 | libevent_malloc: new ptr-libevent@0x7f49e8002888 size 128 | crypto helper 6 waiting (nothing to do) | processing resume sending helper answer for #9 | start processing: state #9 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 6 replies to request ID 7 | calling continuation function 0x5641ac982b50 | ikev2_parent_inI1outR1_continue for #9: calculated ke+nonce, sending R1 | **emit ISAKMP Message: | initiator cookie: | 1f 76 f1 12 67 3d 5b b6 | responder cookie: | cc 88 7d 43 5d b9 94 50 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Emitting ikev2_proposal ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f49e8003a28: transferring ownership from helper KE to state #9 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 19 16 37 c1 7e 96 ff f1 94 a6 52 0e 4d 86 ec ba | ikev2 g^x 53 6c aa 32 74 42 65 a8 df 3a 04 70 95 9b 16 a1 | ikev2 g^x 8d e7 87 31 82 e4 98 dc 81 06 fa 41 cd 8f 76 27 | ikev2 g^x 83 e7 04 6b c6 d7 a8 aa 4c 18 16 11 aa 05 db f1 | ikev2 g^x 74 f4 23 60 70 b1 30 57 3d 0e 57 5a 94 4c 79 0b | ikev2 g^x 86 d2 01 d6 2f fc 29 c4 26 36 60 52 0b 9a 43 27 | ikev2 g^x 33 75 f0 86 88 33 fa f8 14 b0 8c f0 51 ae b2 3d | ikev2 g^x b5 04 fc da ef 2f 39 bf 95 ef 22 62 0f d8 aa 62 | ikev2 g^x ea fa d1 1a 04 fa 91 66 a9 b4 9a 25 23 9d 3d 15 | ikev2 g^x e8 d0 21 0d 06 3a 46 5c 23 c5 a5 9a b0 66 07 f5 | ikev2 g^x 4d b3 4e e6 c0 85 ca 24 1f 2c 1d 55 a2 9b 17 87 | ikev2 g^x 84 76 89 2e 9c 96 87 e1 1e a6 65 6a 4b f1 a3 f9 | ikev2 g^x 45 9f 1a 54 28 09 f0 cf f9 91 68 71 25 3e 98 ed | ikev2 g^x 50 de e3 5d 9b 6e d4 5a c5 a1 61 2e 80 f1 3a 5e | ikev2 g^x 27 dc 64 6e 7b a1 25 ac c7 48 90 0f f4 07 d0 6b | ikev2 g^x ca 34 ba dc 21 ea 03 39 57 1e ed f8 82 3a 7c 72 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce c4 84 56 b4 8f 1b ac d3 dc 5d 36 f5 29 ba e0 0a | IKEv2 nonce 90 e4 f4 d5 6a 82 3a 95 e8 a9 f4 d0 34 06 b5 87 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff837b2160 (length 8) | 1f 76 f1 12 67 3d 5b b6 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff837b2168 (length 8) | cc 88 7d 43 5d b9 94 50 | NATD hash sha digest IP addr-bytes@0x7fff837b2094 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff837b2086 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff837b2110 (length 20) | e2 b9 37 b4 5b c2 6b 2d d6 ab 4e 00 b0 02 bc 04 | 2a de c2 ee | natd_hash: hasher=0x5641aca57800(20) | natd_hash: icookie= 1f 76 f1 12 67 3d 5b b6 | natd_hash: rcookie= cc 88 7d 43 5d b9 94 50 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= e2 b9 37 b4 5b c2 6b 2d d6 ab 4e 00 b0 02 bc 04 | natd_hash: hash= 2a de c2 ee | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data e2 b9 37 b4 5b c2 6b 2d d6 ab 4e 00 b0 02 bc 04 | Notify data 2a de c2 ee | emitting length of IKEv2 Notify Payload: 28 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff837b2160 (length 8) | 1f 76 f1 12 67 3d 5b b6 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff837b2168 (length 8) | cc 88 7d 43 5d b9 94 50 | NATD hash sha digest IP addr-bytes@0x7fff837b2094 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff837b2086 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff837b2110 (length 20) | 10 a7 fb e4 8a bd 9c 1c c7 f9 6b 51 5a 4c 9a 6d | 84 41 76 bd | natd_hash: hasher=0x5641aca57800(20) | natd_hash: icookie= 1f 76 f1 12 67 3d 5b b6 | natd_hash: rcookie= cc 88 7d 43 5d b9 94 50 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 10 a7 fb e4 8a bd 9c 1c c7 f9 6b 51 5a 4c 9a 6d | natd_hash: hash= 84 41 76 bd | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 10 a7 fb e4 8a bd 9c 1c c7 f9 6b 51 5a 4c 9a 6d | Notify data 84 41 76 bd | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #9 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 | parent state #9: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) | Message ID: updating counters for #9 to 0 after switching state | Message ID: recv #9 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 | Message ID: sent #9 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 "east" #9: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 440 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #9) | 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 19 16 37 c1 7e 96 ff f1 94 a6 52 0e | 4d 86 ec ba 53 6c aa 32 74 42 65 a8 df 3a 04 70 | 95 9b 16 a1 8d e7 87 31 82 e4 98 dc 81 06 fa 41 | cd 8f 76 27 83 e7 04 6b c6 d7 a8 aa 4c 18 16 11 | aa 05 db f1 74 f4 23 60 70 b1 30 57 3d 0e 57 5a | 94 4c 79 0b 86 d2 01 d6 2f fc 29 c4 26 36 60 52 | 0b 9a 43 27 33 75 f0 86 88 33 fa f8 14 b0 8c f0 | 51 ae b2 3d b5 04 fc da ef 2f 39 bf 95 ef 22 62 | 0f d8 aa 62 ea fa d1 1a 04 fa 91 66 a9 b4 9a 25 | 23 9d 3d 15 e8 d0 21 0d 06 3a 46 5c 23 c5 a5 9a | b0 66 07 f5 4d b3 4e e6 c0 85 ca 24 1f 2c 1d 55 | a2 9b 17 87 84 76 89 2e 9c 96 87 e1 1e a6 65 6a | 4b f1 a3 f9 45 9f 1a 54 28 09 f0 cf f9 91 68 71 | 25 3e 98 ed 50 de e3 5d 9b 6e d4 5a c5 a1 61 2e | 80 f1 3a 5e 27 dc 64 6e 7b a1 25 ac c7 48 90 0f | f4 07 d0 6b ca 34 ba dc 21 ea 03 39 57 1e ed f8 | 82 3a 7c 72 29 00 00 24 c4 84 56 b4 8f 1b ac d3 | dc 5d 36 f5 29 ba e0 0a 90 e4 f4 d5 6a 82 3a 95 | e8 a9 f4 d0 34 06 b5 87 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 e2 b9 37 b4 5b c2 6b 2d | d6 ab 4e 00 b0 02 bc 04 2a de c2 ee 00 00 00 1c | 00 00 40 05 10 a7 fb e4 8a bd 9c 1c c7 f9 6b 51 | 5a 4c 9a 6d 84 41 76 bd | state #9 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f49e4005088 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5641ad942c68 | event_schedule: new EVENT_SO_DISCARD-pe@0x5641ad942c68 | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #9 | libevent_malloc: new ptr-libevent@0x5641ad945978 size 128 | resume sending helper answer for #9 suppresed complete_v2_state_transition() | #9 spent 0.488 milliseconds in resume sending helper answer | stop processing: state #9 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f49e8002888 | spent 0.00265 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 220 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 3f 8f aa a0 fc 8f 4d e7 19 20 50 6b 6a 2f cf 0e | dc 02 b3 b3 3f 32 52 1c 0e e6 a3 2d f8 3f 6a 0c | 0e 28 72 ea ea d5 95 69 c1 ef 57 c5 a5 e1 e6 59 | 9e 1b 41 9f 06 59 c2 e3 b0 7d 98 ef b4 cd 31 14 | 86 b9 7b 2a 57 20 d0 67 ab 2c fd 01 e8 60 7d 9b | 1d 66 09 d9 3e 93 ce f2 8c 38 f4 74 35 b3 24 6d | a6 f2 c8 19 e4 ab 25 7d 13 b3 49 f0 eb ce 39 ed | ff 54 11 c4 0c 25 1a 52 1a 9f 4c 7e f4 c1 14 5b | 61 16 7b 77 22 9f 1d 0e cc e6 ed cc 01 04 51 44 | d3 21 3c 7c 6f 4d 11 02 dd ee 3f 9d 8c 9e 7e 6a | 91 61 18 16 27 88 df 10 09 f0 2a 4f ef 4d 80 a5 | 6e 14 b3 b6 de 63 5e eb 49 9f 4c 30 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 1f 76 f1 12 67 3d 5b b6 | responder cookie: | cc 88 7d 43 5d b9 94 50 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 220 (0xdc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request | State DB: found IKEv2 state #9 in PARENT_R1 (find_v2_ike_sa) | start processing: state #9 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #9 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 | Message ID: #9 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 192 (0xc0) | processing payload: ISAKMP_NEXT_v2SK (len=188) | Message ID: start-responder #9 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 | #9 in state PARENT_R1: received v2I1, sent v2R1 | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request (no SKEYSEED) | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f49e8003a28: transferring ownership from state #9 to helper IKEv2 DH | adding ikev2_inI2outR2 KE work-order 8 for state #9 | state #9 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x5641ad945978 | free_event_entry: release EVENT_SO_DISCARD-pe@0x5641ad942c68 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5641ad942c68 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #9 | libevent_malloc: new ptr-libevent@0x7f49e8002888 size 128 | #9 spent 0.0354 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #9 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND | suspending state #9 and saving MD | #9 is busy; has a suspended MD | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) | "east" #9 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | stop processing: state #9 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | crypto helper 0 resuming | #9 spent 0.206 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | crypto helper 0 starting work-order 8 for state #9 | spent 0.227 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 0 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 8 | peer's g: 64 fb 47 d7 eb 66 1b 4e b4 87 87 6a 6d c8 5a ec | peer's g: 78 7e 5a 84 9f 4f 22 80 85 8f f6 03 73 62 9d b0 | peer's g: 5c 19 af 4f 59 8d fc 9f 2f 4a 24 10 9e a0 9a fd | peer's g: f1 f7 2c 14 00 de c3 f1 8e c7 76 5e a8 d4 d1 32 | peer's g: 27 52 85 ae 3a 89 06 22 a5 14 da 3d ea d8 50 43 | peer's g: 64 9a ef 46 7c c3 d4 85 3f da 0d d2 3b 1e 68 f3 | peer's g: 9d 8d 46 f2 ed 26 87 12 e8 ff e2 d3 30 11 cd b0 | peer's g: 8e ff 94 56 61 d8 83 6f 96 2c dd 32 9b a7 3e bf | peer's g: 77 4e 93 54 f7 6f cd 88 e6 19 03 b8 f1 83 14 74 | peer's g: d4 fd 9e 63 b0 10 a0 48 aa 7e f2 dc ad 01 4f d3 | peer's g: 1c 7f 69 4f 2e 67 fc ee 97 d0 01 3c dd 1b 16 ca | peer's g: b3 67 47 3a b8 e2 da d0 53 05 02 fa 26 41 64 6f | peer's g: 75 61 0e c0 6d 11 84 e9 d9 10 af 89 b7 58 59 1a | peer's g: cd 2e ae 43 b3 7d b8 1b c5 5b b1 d5 ec 60 f7 fb | peer's g: 09 c1 72 c9 b9 6a e7 a7 42 9a 57 72 a6 43 28 29 | peer's g: 61 09 ab 67 97 6d 5b ce de 22 7f 71 94 5b d5 c7 | Started DH shared-secret computation in NSS: | new : g_ir-key@0x7f49e400f0e0 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f49e8003a28: computed shared DH secret key@0x7f49e400f0e0 | dh-shared : g^ir-key@0x7f49e400f0e0 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f49fc003b28 (length 64) | 28 81 cc fd 60 24 b7 fd 84 09 7e 7e 5a aa 3e 9f | 27 b0 18 b2 d4 c2 2f 4a 84 47 64 62 2f d8 ab 5e | c4 84 56 b4 8f 1b ac d3 dc 5d 36 f5 29 ba e0 0a | 90 e4 f4 d5 6a 82 3a 95 e8 a9 f4 d0 34 06 b5 87 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a05ed16e0 | result: Ni | Nr-key@0x7f49e4006650 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x7f49e4006650 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a05ed16c8 | result: Ni | Nr-key@0x7f49e400b980 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x7f49e4006650 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f49fc001410 from Ni | Nr-key@0x7f49e400b980 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f49fc001410 from Ni | Nr-key@0x7f49e400b980 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x7f49e400b980 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f49fc001278 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x7f49e400f0e0 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x7f49e400f0e0 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x7f49e400f0e0 | nss hmac digest hack: symkey-key@0x7f49e400f0e0 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)-1398808382: 07 5d 26 02 24 c1 df 4b 48 22 1c 17 9c 97 09 03 50 4e cc 50 bf df a5 68 ec b7 b9 c2 b1 7d 26 aa 9e 9d 42 df 62 de fb ea b1 fc 97 f8 e0 20 66 b1 7d 27 38 ce ba 23 c9 1c 5b 30 f1 24 67 8b 1e 4d b8 7c 3a 82 05 2f 66 e9 32 39 11 4b 11 fd 30 66 f7 bf 70 4d a0 f0 4e 41 9b 3f 5c 8c aa a9 7c 42 2b 4a 68 bb 6f 16 dd f3 dc 64 83 40 ab 6e 78 6d 1d c9 2f 85 11 83 4c 17 1b 01 e3 a3 18 5d 79 e9 7d 3f 56 35 d1 65 33 ed 7d 5a d0 b7 09 26 9a 07 7f d8 77 d9 4c d5 0c b0 a8 8f 8e f8 a6 c0 39 37 2b 65 41 6b 0f eb b9 bb d8 a0 e6 38 87 96 e8 41 3a c1 55 39 bb 0d f4 55 fb 9f f2 96 33 fa cd ed cb b5 4c 77 5d aa 32 82 5e 45 4e a7 e8 1d f4 85 40 da 32 70 1c 0d b9 f2 74 b0 27 5c 47 95 a8 b3 21 90 8a c4 06 46 d9 d0 dd 74 d4 28 dc c9 6e 3f 63 ca dd 68 80 1b 1a 05 84 9b 26 b4 fe 4f 52 1a | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 256 bytes at 0x7f49fc0047c8 | unwrapped: 8a 1e d0 7c d3 1c 47 f2 b3 90 6e 6d 31 64 be 6e | unwrapped: f1 4c 2e ca 54 90 07 31 59 59 6e 87 c5 b7 dc 7b | unwrapped: 20 73 cb 87 c8 32 0c 3a 4c 86 bd 39 8f 3f 52 57 | unwrapped: 5e 96 a8 4f 44 5b 89 d1 63 8f e0 cf 83 41 08 7e | unwrapped: 14 42 e1 03 9a 1e 9e a6 33 b7 e1 05 26 aa f2 15 | unwrapped: 71 4d 5c b9 4e 35 a5 f5 2f b6 18 eb 01 a8 ba 4d | unwrapped: 00 72 15 63 37 2e 25 09 e3 b5 30 73 51 d5 2e c3 | unwrapped: 5e 1f 02 6f 54 d3 2c 5f 91 5d 98 a5 64 6b e3 36 | unwrapped: bc 5c 25 63 07 5a 6e d7 36 48 cc 65 f6 a7 74 67 | unwrapped: 5e 8c fd 38 a0 3f a7 9b 89 19 8a b8 ae e2 80 6b | unwrapped: f4 a7 49 b8 41 91 c6 a5 7d 70 31 3f 5b 19 ea f9 | unwrapped: c4 6a b7 1b bd b1 be 11 65 ce e0 21 b4 aa 49 f0 | unwrapped: 57 81 c3 ff b9 d4 fe f5 4c d5 2e f4 3f 59 5b ae | unwrapped: 89 86 ec 8f d3 c9 69 10 3b 68 0c 2e 21 da 35 15 | unwrapped: 19 3c 19 ce 0d 11 06 bd e0 7b 91 f8 2f f7 7e 57 | unwrapped: 5b 0f e6 01 90 01 c2 1c 5d 3d 9a f0 d6 9d 52 60 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a05ed1700 | result: final-key@0x7f49e4006650 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49e4006650 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a05ed16e8 | result: final-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f49e4006650 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x7f49e400b980 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a05ed1670 | result: data=Ni-key@0x5641ad93f800 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x5641ad93f800 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a05ed1658 | result: data=Ni-key@0x7f49e4006650 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x5641ad93f800 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f49e4006650 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f4a05ed1660 | result: data+=Nr-key@0x5641ad93f800 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f49e4006650 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad93f800 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f4a05ed1660 | result: data+=SPIi-key@0x7f49e4006650 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5641ad93f800 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f49e4006650 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f4a05ed1660 | result: data+=SPIr-key@0x5641ad93f800 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f49e4006650 | prf+0 PRF sha init key-key@0x7f49e400b980 (size 20) | prf+0: key-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a05ed1588 | result: clone-key@0x7f49e4006650 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f49fc001410 from key-key@0x7f49e4006650 | prf+0 prf: begin sha with context 0x7f49fc001410 from key-key@0x7f49e4006650 | prf+0: release clone-key@0x7f49e4006650 | prf+0 PRF sha crypt-prf@0x7f49fc002168 | prf+0 PRF sha update seed-key@0x5641ad93f800 (size 80) | prf+0: seed-key@0x5641ad93f800 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad93f800 | nss hmac digest hack: symkey-key@0x5641ad93f800 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: 33 c9 60 7f 7c de 7c 6b dd 65 7d 9b 0a b2 9c 3b e7 78 c4 93 9e 38 83 f6 ba fd 73 93 2a 5e 03 5b 4f f2 3d 81 33 30 46 2f be eb a2 58 0f 57 ef 70 1c 6f c3 44 bc 89 26 22 b7 a1 cf c1 40 78 b4 7a 2b d1 69 06 c9 f6 b3 55 c8 ec 6d 32 80 01 76 96 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49fc005938 | unwrapped: 28 81 cc fd 60 24 b7 fd 84 09 7e 7e 5a aa 3e 9f | unwrapped: 27 b0 18 b2 d4 c2 2f 4a 84 47 64 62 2f d8 ab 5e | unwrapped: c4 84 56 b4 8f 1b ac d3 dc 5d 36 f5 29 ba e0 0a | unwrapped: 90 e4 f4 d5 6a 82 3a 95 e8 a9 f4 d0 34 06 b5 87 | unwrapped: 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a05ed1590 | result: final-key@0x5641ad93dd30 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad93dd30 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a05ed1578 | result: final-key@0x7f49e4006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad93dd30 | prf+0 PRF sha final-key@0x7f49e4006650 (size 20) | prf+0: key-key@0x7f49e4006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x7f49e4006650 | prf+N PRF sha init key-key@0x7f49e400b980 (size 20) | prf+N: key-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a05ed1588 | result: clone-key@0x5641ad93dd30 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49fc001410 from key-key@0x5641ad93dd30 | prf+N prf: begin sha with context 0x7f49fc001410 from key-key@0x5641ad93dd30 | prf+N: release clone-key@0x5641ad93dd30 | prf+N PRF sha crypt-prf@0x7f49fc0048f8 | prf+N PRF sha update old_t-key@0x7f49e4006650 (size 20) | prf+N: old_t-key@0x7f49e4006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f49e4006650 | nss hmac digest hack: symkey-key@0x7f49e4006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 1d 46 62 53 6a 18 c3 1c 79 f0 d6 71 49 2e 1e 23 be df 64 da 8e 3f 01 2c 9e 26 a3 f5 c1 72 20 23 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49fc002b28 | unwrapped: 11 66 5e 5f 5e d1 6f 0b eb 34 e8 2b 50 62 a0 fa | unwrapped: e5 29 a4 8c 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad93f800 (size 80) | prf+N: seed-key@0x5641ad93f800 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad93f800 | nss hmac digest hack: symkey-key@0x5641ad93f800 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: 33 c9 60 7f 7c de 7c 6b dd 65 7d 9b 0a b2 9c 3b e7 78 c4 93 9e 38 83 f6 ba fd 73 93 2a 5e 03 5b 4f f2 3d 81 33 30 46 2f be eb a2 58 0f 57 ef 70 1c 6f c3 44 bc 89 26 22 b7 a1 cf c1 40 78 b4 7a 2b d1 69 06 c9 f6 b3 55 c8 ec 6d 32 80 01 76 96 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49fc0058b8 | unwrapped: 28 81 cc fd 60 24 b7 fd 84 09 7e 7e 5a aa 3e 9f | unwrapped: 27 b0 18 b2 d4 c2 2f 4a 84 47 64 62 2f d8 ab 5e | unwrapped: c4 84 56 b4 8f 1b ac d3 dc 5d 36 f5 29 ba e0 0a | unwrapped: 90 e4 f4 d5 6a 82 3a 95 e8 a9 f4 d0 34 06 b5 87 | unwrapped: 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a05ed1590 | result: final-key@0x7f49f4006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49f4006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a05ed1578 | result: final-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f49f4006bb0 | prf+N PRF sha final-key@0x5641ad93dd30 (size 20) | prf+N: key-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f49e4006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a05ed1608 | result: result-key@0x7f49f4006bb0 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f49e4006650 | prfplus: release old_t[N]-key@0x7f49e4006650 | prf+N PRF sha init key-key@0x7f49e400b980 (size 20) | prf+N: key-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a05ed1588 | result: clone-key@0x7f49e4006650 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49fc001410 from key-key@0x7f49e4006650 | prf+N prf: begin sha with context 0x7f49fc001410 from key-key@0x7f49e4006650 | prf+N: release clone-key@0x7f49e4006650 | prf+N PRF sha crypt-prf@0x7f49fc002168 | prf+N PRF sha update old_t-key@0x5641ad93dd30 (size 20) | prf+N: old_t-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad93dd30 | nss hmac digest hack: symkey-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 71 0a 55 97 b9 c3 5e 3f f0 06 3f 60 bd fe 13 3c 35 d2 98 df 69 31 8f ea 15 db dc 32 8e 51 82 46 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49fc001278 | unwrapped: 3e 78 29 a9 17 d5 b6 2e 18 a4 44 c8 7c 68 2d b9 | unwrapped: 2d 90 4e 8c 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad93f800 (size 80) | prf+N: seed-key@0x5641ad93f800 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad93f800 | nss hmac digest hack: symkey-key@0x5641ad93f800 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: 33 c9 60 7f 7c de 7c 6b dd 65 7d 9b 0a b2 9c 3b e7 78 c4 93 9e 38 83 f6 ba fd 73 93 2a 5e 03 5b 4f f2 3d 81 33 30 46 2f be eb a2 58 0f 57 ef 70 1c 6f c3 44 bc 89 26 22 b7 a1 cf c1 40 78 b4 7a 2b d1 69 06 c9 f6 b3 55 c8 ec 6d 32 80 01 76 96 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49fc005938 | unwrapped: 28 81 cc fd 60 24 b7 fd 84 09 7e 7e 5a aa 3e 9f | unwrapped: 27 b0 18 b2 d4 c2 2f 4a 84 47 64 62 2f d8 ab 5e | unwrapped: c4 84 56 b4 8f 1b ac d3 dc 5d 36 f5 29 ba e0 0a | unwrapped: 90 e4 f4 d5 6a 82 3a 95 e8 a9 f4 d0 34 06 b5 87 | unwrapped: 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a05ed1590 | result: final-key@0x5641ad9373d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a05ed1578 | result: final-key@0x7f49e4006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad9373d0 | prf+N PRF sha final-key@0x7f49e4006650 (size 20) | prf+N: key-key@0x7f49e4006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f49f4006bb0 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a05ed1608 | result: result-key@0x5641ad9373d0 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f49f4006bb0 | prfplus: release old_t[N]-key@0x5641ad93dd30 | prf+N PRF sha init key-key@0x7f49e400b980 (size 20) | prf+N: key-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a05ed1588 | result: clone-key@0x5641ad93dd30 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49fc001410 from key-key@0x5641ad93dd30 | prf+N prf: begin sha with context 0x7f49fc001410 from key-key@0x5641ad93dd30 | prf+N: release clone-key@0x5641ad93dd30 | prf+N PRF sha crypt-prf@0x7f49fc002b28 | prf+N PRF sha update old_t-key@0x7f49e4006650 (size 20) | prf+N: old_t-key@0x7f49e4006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f49e4006650 | nss hmac digest hack: symkey-key@0x7f49e4006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 86 e4 3a a4 45 b0 c7 8b b5 db 7c 86 cb 0b 13 ef 7a b8 9c f7 b3 ac 8b 81 29 7e 75 22 41 f6 d0 98 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49fc006338 | unwrapped: 76 7b bf e6 f7 43 4e d3 de 40 c8 15 10 ee 9a 3c | unwrapped: 63 ce 9c d0 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad93f800 (size 80) | prf+N: seed-key@0x5641ad93f800 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad93f800 | nss hmac digest hack: symkey-key@0x5641ad93f800 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: 33 c9 60 7f 7c de 7c 6b dd 65 7d 9b 0a b2 9c 3b e7 78 c4 93 9e 38 83 f6 ba fd 73 93 2a 5e 03 5b 4f f2 3d 81 33 30 46 2f be eb a2 58 0f 57 ef 70 1c 6f c3 44 bc 89 26 22 b7 a1 cf c1 40 78 b4 7a 2b d1 69 06 c9 f6 b3 55 c8 ec 6d 32 80 01 76 96 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49fc0058b8 | unwrapped: 28 81 cc fd 60 24 b7 fd 84 09 7e 7e 5a aa 3e 9f | unwrapped: 27 b0 18 b2 d4 c2 2f 4a 84 47 64 62 2f d8 ab 5e | unwrapped: c4 84 56 b4 8f 1b ac d3 dc 5d 36 f5 29 ba e0 0a | unwrapped: 90 e4 f4 d5 6a 82 3a 95 e8 a9 f4 d0 34 06 b5 87 | unwrapped: 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a05ed1590 | result: final-key@0x7f49f4006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49f4006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a05ed1578 | result: final-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f49f4006bb0 | prf+N PRF sha final-key@0x5641ad93dd30 (size 20) | prf+N: key-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad9373d0 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a05ed1608 | result: result-key@0x7f49f4006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5641ad9373d0 | prfplus: release old_t[N]-key@0x7f49e4006650 | prf+N PRF sha init key-key@0x7f49e400b980 (size 20) | prf+N: key-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a05ed1588 | result: clone-key@0x7f49e4006650 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49fc001410 from key-key@0x7f49e4006650 | prf+N prf: begin sha with context 0x7f49fc001410 from key-key@0x7f49e4006650 | prf+N: release clone-key@0x7f49e4006650 | prf+N PRF sha crypt-prf@0x7f49fc0048f8 | prf+N PRF sha update old_t-key@0x5641ad93dd30 (size 20) | prf+N: old_t-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad93dd30 | nss hmac digest hack: symkey-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: b1 dc b7 26 ed 30 72 b6 04 52 b6 1d f3 87 82 5b a3 cc 73 49 04 c3 4d be 90 98 cd 4d f3 eb 3e 05 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49fc001278 | unwrapped: d5 16 e2 7d 9a 23 f9 6e 3e 71 57 f1 38 ae 62 1f | unwrapped: b8 dc 61 9f 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad93f800 (size 80) | prf+N: seed-key@0x5641ad93f800 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad93f800 | nss hmac digest hack: symkey-key@0x5641ad93f800 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: 33 c9 60 7f 7c de 7c 6b dd 65 7d 9b 0a b2 9c 3b e7 78 c4 93 9e 38 83 f6 ba fd 73 93 2a 5e 03 5b 4f f2 3d 81 33 30 46 2f be eb a2 58 0f 57 ef 70 1c 6f c3 44 bc 89 26 22 b7 a1 cf c1 40 78 b4 7a 2b d1 69 06 c9 f6 b3 55 c8 ec 6d 32 80 01 76 96 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49fc005938 | unwrapped: 28 81 cc fd 60 24 b7 fd 84 09 7e 7e 5a aa 3e 9f | unwrapped: 27 b0 18 b2 d4 c2 2f 4a 84 47 64 62 2f d8 ab 5e | unwrapped: c4 84 56 b4 8f 1b ac d3 dc 5d 36 f5 29 ba e0 0a | unwrapped: 90 e4 f4 d5 6a 82 3a 95 e8 a9 f4 d0 34 06 b5 87 | unwrapped: 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a05ed1590 | result: final-key@0x5641ad9373d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a05ed1578 | result: final-key@0x7f49e4006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad9373d0 | prf+N PRF sha final-key@0x7f49e4006650 (size 20) | prf+N: key-key@0x7f49e4006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f49f4006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a05ed1608 | result: result-key@0x5641ad9373d0 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f49f4006bb0 | prfplus: release old_t[N]-key@0x5641ad93dd30 | prf+N PRF sha init key-key@0x7f49e400b980 (size 20) | prf+N: key-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a05ed1588 | result: clone-key@0x5641ad93dd30 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49fc005b10 from key-key@0x5641ad93dd30 | prf+N prf: begin sha with context 0x7f49fc005b10 from key-key@0x5641ad93dd30 | prf+N: release clone-key@0x5641ad93dd30 | prf+N PRF sha crypt-prf@0x7f49fc002168 | prf+N PRF sha update old_t-key@0x7f49e4006650 (size 20) | prf+N: old_t-key@0x7f49e4006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f49e4006650 | nss hmac digest hack: symkey-key@0x7f49e4006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 9a b6 a6 33 fd 22 ab 29 b2 f2 61 86 85 56 c0 67 cb 95 30 5b df 9f c2 2e 9f 8e cf f4 24 4d bf 40 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49fc002b28 | unwrapped: 96 7e ad bc 06 8e 16 3b c7 eb 18 57 a3 8c eb c1 | unwrapped: fa dd 22 30 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad93f800 (size 80) | prf+N: seed-key@0x5641ad93f800 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad93f800 | nss hmac digest hack: symkey-key@0x5641ad93f800 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: 33 c9 60 7f 7c de 7c 6b dd 65 7d 9b 0a b2 9c 3b e7 78 c4 93 9e 38 83 f6 ba fd 73 93 2a 5e 03 5b 4f f2 3d 81 33 30 46 2f be eb a2 58 0f 57 ef 70 1c 6f c3 44 bc 89 26 22 b7 a1 cf c1 40 78 b4 7a 2b d1 69 06 c9 f6 b3 55 c8 ec 6d 32 80 01 76 96 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49fc0058b8 | unwrapped: 28 81 cc fd 60 24 b7 fd 84 09 7e 7e 5a aa 3e 9f | unwrapped: 27 b0 18 b2 d4 c2 2f 4a 84 47 64 62 2f d8 ab 5e | unwrapped: c4 84 56 b4 8f 1b ac d3 dc 5d 36 f5 29 ba e0 0a | unwrapped: 90 e4 f4 d5 6a 82 3a 95 e8 a9 f4 d0 34 06 b5 87 | unwrapped: 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a05ed1590 | result: final-key@0x7f49f4006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49f4006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a05ed1578 | result: final-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f49f4006bb0 | prf+N PRF sha final-key@0x5641ad93dd30 (size 20) | prf+N: key-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad9373d0 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a05ed1608 | result: result-key@0x7f49f4006bb0 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5641ad9373d0 | prfplus: release old_t[N]-key@0x7f49e4006650 | prf+N PRF sha init key-key@0x7f49e400b980 (size 20) | prf+N: key-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a05ed1588 | result: clone-key@0x7f49e4006650 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49fc001410 from key-key@0x7f49e4006650 | prf+N prf: begin sha with context 0x7f49fc001410 from key-key@0x7f49e4006650 | prf+N: release clone-key@0x7f49e4006650 | prf+N PRF sha crypt-prf@0x7f49fc0048f8 | prf+N PRF sha update old_t-key@0x5641ad93dd30 (size 20) | prf+N: old_t-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad93dd30 | nss hmac digest hack: symkey-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 83 62 2c 34 64 42 0b ba d2 11 e2 b0 3b 50 74 fb 43 a6 e5 17 04 af e5 38 da 38 94 5a 68 74 65 32 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49fc001278 | unwrapped: 01 ed ea 67 63 e2 3a 32 ab c9 8a 1c 94 d3 dc e4 | unwrapped: 25 29 05 9b 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad93f800 (size 80) | prf+N: seed-key@0x5641ad93f800 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad93f800 | nss hmac digest hack: symkey-key@0x5641ad93f800 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: 33 c9 60 7f 7c de 7c 6b dd 65 7d 9b 0a b2 9c 3b e7 78 c4 93 9e 38 83 f6 ba fd 73 93 2a 5e 03 5b 4f f2 3d 81 33 30 46 2f be eb a2 58 0f 57 ef 70 1c 6f c3 44 bc 89 26 22 b7 a1 cf c1 40 78 b4 7a 2b d1 69 06 c9 f6 b3 55 c8 ec 6d 32 80 01 76 96 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49fc0068d8 | unwrapped: 28 81 cc fd 60 24 b7 fd 84 09 7e 7e 5a aa 3e 9f | unwrapped: 27 b0 18 b2 d4 c2 2f 4a 84 47 64 62 2f d8 ab 5e | unwrapped: c4 84 56 b4 8f 1b ac d3 dc 5d 36 f5 29 ba e0 0a | unwrapped: 90 e4 f4 d5 6a 82 3a 95 e8 a9 f4 d0 34 06 b5 87 | unwrapped: 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a05ed1590 | result: final-key@0x5641ad9373d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a05ed1578 | result: final-key@0x7f49e4006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad9373d0 | prf+N PRF sha final-key@0x7f49e4006650 (size 20) | prf+N: key-key@0x7f49e4006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f49f4006bb0 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a05ed1608 | result: result-key@0x5641ad9373d0 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f49f4006bb0 | prfplus: release old_t[N]-key@0x5641ad93dd30 | prfplus: release old_t[final]-key@0x7f49e4006650 | ike_sa_keymat: release data-key@0x5641ad93f800 | calc_skeyseed_v2: release skeyseed_k-key@0x7f49e400b980 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a05ed17a8 | result: result-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a05ed17a8 | result: result-key@0x5641ad93f800 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a05ed17a8 | result: result-key@0x7f49e4006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x5641ad9373d0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a05ed17b8 | result: SK_ei_k-key@0x5641ad93dd30 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x5641ad9373d0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a05ed17b8 | result: SK_er_k-key@0x7f49f4006bb0 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a05ed17b8 | result: result-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x5641ad924ad0 | chunk_SK_pi: symkey-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: 14 4c 6f 27 ec 97 32 29 dc 79 3f fc a4 5a 85 52 19 f4 ad 8e 1d 4d 04 e1 b2 74 d7 86 06 e5 57 93 | chunk_SK_pi: release slot-key-key@0x5641ad91fd40 | chunk_SK_pi extracted len 32 bytes at 0x7f49fc002168 | unwrapped: a3 8c eb c1 fa dd 22 30 01 ed ea 67 63 e2 3a 32 | unwrapped: ab c9 8a 1c 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a05ed17b8 | result: result-key@0x5641ad946af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x5641ad946af0 | chunk_SK_pr: symkey-key@0x5641ad946af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: ff fd 69 f9 0e 7d 9e c3 d6 83 eb d5 fd 7b 21 17 5a a9 46 26 0e 0c 55 88 c7 2f af 56 78 2c e0 60 | chunk_SK_pr: release slot-key-key@0x5641ad91fd40 | chunk_SK_pr extracted len 32 bytes at 0x7f49fc001278 | unwrapped: 94 d3 dc e4 25 29 05 9b db b2 67 a9 b8 d3 59 94 | unwrapped: 57 36 7d 9a 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x5641ad9373d0 | calc_skeyseed_v2 pointers: shared-key@0x7f49e400f0e0, SK_d-key@0x7f49e400b980, SK_ai-key@0x5641ad93f800, SK_ar-key@0x7f49e4006650, SK_ei-key@0x5641ad93dd30, SK_er-key@0x7f49f4006bb0, SK_pi-key@0x5641ad924ad0, SK_pr-key@0x5641ad946af0 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | a3 8c eb c1 fa dd 22 30 01 ed ea 67 63 e2 3a 32 | ab c9 8a 1c | calc_skeyseed_v2 SK_pr | 94 d3 dc e4 25 29 05 9b db b2 67 a9 b8 d3 59 94 | 57 36 7d 9a | crypto helper 0 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 8 time elapsed 0.002005 seconds | (#9) spent 1.99 milliseconds in crypto helper computing work-order 8: ikev2_inI2outR2 KE (pcr) | crypto helper 0 sending results from work-order 8 for state #9 to event queue | scheduling resume sending helper answer for #9 | libevent_malloc: new ptr-libevent@0x7f49fc0044f8 size 128 | crypto helper 0 waiting (nothing to do) | processing resume sending helper answer for #9 | start processing: state #9 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 8 | calling continuation function 0x5641ac982b50 | ikev2_parent_inI2outR2_continue for #9: calculating g^{xy}, sending R2 | DH secret MODP2048@0x7f49e8003a28: transferring ownership from helper IKEv2 DH to state #9 | finish_dh_v2: release st_shared_nss-key@NULL | #9 in state PARENT_R1: received v2I1, sent v2R1 | hmac PRF sha init symkey-key@0x5641ad93f800 (size 20) | hmac: symkey-key@0x5641ad93f800 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad93f800 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b1ab8 | result: clone-key@0x5641ad9373d0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49e8002b50 from symkey-key@0x5641ad9373d0 | hmac prf: begin sha with context 0x7f49e8002b50 from symkey-key@0x5641ad9373d0 | hmac: release clone-key@0x5641ad9373d0 | hmac PRF sha crypt-prf@0x5641ad93d128 | hmac PRF sha update data-bytes@0x7f49f4000b48 (length 208) | 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 3f 8f aa a0 fc 8f 4d e7 19 20 50 6b 6a 2f cf 0e | dc 02 b3 b3 3f 32 52 1c 0e e6 a3 2d f8 3f 6a 0c | 0e 28 72 ea ea d5 95 69 c1 ef 57 c5 a5 e1 e6 59 | 9e 1b 41 9f 06 59 c2 e3 b0 7d 98 ef b4 cd 31 14 | 86 b9 7b 2a 57 20 d0 67 ab 2c fd 01 e8 60 7d 9b | 1d 66 09 d9 3e 93 ce f2 8c 38 f4 74 35 b3 24 6d | a6 f2 c8 19 e4 ab 25 7d 13 b3 49 f0 eb ce 39 ed | ff 54 11 c4 0c 25 1a 52 1a 9f 4c 7e f4 c1 14 5b | 61 16 7b 77 22 9f 1d 0e cc e6 ed cc 01 04 51 44 | d3 21 3c 7c 6f 4d 11 02 dd ee 3f 9d 8c 9e 7e 6a | 91 61 18 16 27 88 df 10 09 f0 2a 4f ef 4d 80 a5 | hmac PRF sha final-bytes@0x7fff837b1c80 (length 20) | 6e 14 b3 b6 de 63 5e eb 49 9f 4c 30 7c 64 1f 6f | 4d 3e 80 10 | data for hmac: 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | data for hmac: 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | data for hmac: 3f 8f aa a0 fc 8f 4d e7 19 20 50 6b 6a 2f cf 0e | data for hmac: dc 02 b3 b3 3f 32 52 1c 0e e6 a3 2d f8 3f 6a 0c | data for hmac: 0e 28 72 ea ea d5 95 69 c1 ef 57 c5 a5 e1 e6 59 | data for hmac: 9e 1b 41 9f 06 59 c2 e3 b0 7d 98 ef b4 cd 31 14 | data for hmac: 86 b9 7b 2a 57 20 d0 67 ab 2c fd 01 e8 60 7d 9b | data for hmac: 1d 66 09 d9 3e 93 ce f2 8c 38 f4 74 35 b3 24 6d | data for hmac: a6 f2 c8 19 e4 ab 25 7d 13 b3 49 f0 eb ce 39 ed | data for hmac: ff 54 11 c4 0c 25 1a 52 1a 9f 4c 7e f4 c1 14 5b | data for hmac: 61 16 7b 77 22 9f 1d 0e cc e6 ed cc 01 04 51 44 | data for hmac: d3 21 3c 7c 6f 4d 11 02 dd ee 3f 9d 8c 9e 7e 6a | data for hmac: 91 61 18 16 27 88 df 10 09 f0 2a 4f ef 4d 80 a5 | calculated auth: 6e 14 b3 b6 de 63 5e eb 49 9f 4c 30 | provided auth: 6e 14 b3 b6 de 63 5e eb 49 9f 4c 30 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 3f 8f aa a0 fc 8f 4d e7 19 20 50 6b 6a 2f cf 0e | payload before decryption: | dc 02 b3 b3 3f 32 52 1c 0e e6 a3 2d f8 3f 6a 0c | 0e 28 72 ea ea d5 95 69 c1 ef 57 c5 a5 e1 e6 59 | 9e 1b 41 9f 06 59 c2 e3 b0 7d 98 ef b4 cd 31 14 | 86 b9 7b 2a 57 20 d0 67 ab 2c fd 01 e8 60 7d 9b | 1d 66 09 d9 3e 93 ce f2 8c 38 f4 74 35 b3 24 6d | a6 f2 c8 19 e4 ab 25 7d 13 b3 49 f0 eb ce 39 ed | ff 54 11 c4 0c 25 1a 52 1a 9f 4c 7e f4 c1 14 5b | 61 16 7b 77 22 9f 1d 0e cc e6 ed cc 01 04 51 44 | d3 21 3c 7c 6f 4d 11 02 dd ee 3f 9d 8c 9e 7e 6a | 91 61 18 16 27 88 df 10 09 f0 2a 4f ef 4d 80 a5 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | 0f ef 56 f0 67 53 69 6b 13 ae 92 66 83 c4 75 85 | 37 35 6f ce 2c 00 00 30 00 00 00 2c 01 03 04 03 | b9 2c ca 0f 03 00 00 10 01 00 00 0c 80 0e 00 80 | 80 0e 00 80 03 00 00 08 03 00 00 02 00 00 00 08 | 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 01 00 c0 00 01 ff 00 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 | c0 00 02 ff 00 01 02 03 04 05 06 07 08 09 0a 0b | stripping 12 octets as pad | #9 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) | **parse IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDi (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Responder: process IKE_AUTH request | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request "east" #9: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} | #9 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | received IDr payload - extracting our alleged ID | refine_host_connection for IKEv2: starting with "east" | match_id a=@west | b=@west | results matched | refine_host_connection: checking "east" against "east", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) | Warning: not switching back to template of current instance | Peer expects us to be @east (ID_FQDN) according to its IDr payload | This connection's local id is @east (ID_FQDN) | refine_host_connection: checked east against east, now for see if best | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x5641ad891c48 (line=1) | concluding with best_match=014 best=0x5641ad891c48 (lineno=1) | returning because exact peer id match | offered CA: '%none' "east" #9: IKEv2 mode peer ID is ID_FQDN: '@west' | hmac PRF sha init symkey-key@0x5641ad924ad0 (size 20) | hmac: symkey-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b1538 | result: clone-key@0x5641ad9373d0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49e8002b50 from symkey-key@0x5641ad9373d0 | hmac prf: begin sha with context 0x7f49e8002b50 from symkey-key@0x5641ad9373d0 | hmac: release clone-key@0x5641ad9373d0 | hmac PRF sha crypt-prf@0x5641ad93d628 | idhash verify I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x7f49f4000b7c (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7fff837b16e0 (length 20) | 08 7b bc 4b fb d3 4c fb 60 5b 55 50 90 21 2d e2 | e4 5e 71 5c | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x5641ad891c48 (line=1) | concluding with best_match=014 best=0x5641ad891c48 (lineno=1) | inputs to hash1 (first packet) | 1f 76 f1 12 67 3d 5b b6 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 64 fb 47 d7 eb 66 1b 4e b4 87 87 6a | 6d c8 5a ec 78 7e 5a 84 9f 4f 22 80 85 8f f6 03 | 73 62 9d b0 5c 19 af 4f 59 8d fc 9f 2f 4a 24 10 | 9e a0 9a fd f1 f7 2c 14 00 de c3 f1 8e c7 76 5e | a8 d4 d1 32 27 52 85 ae 3a 89 06 22 a5 14 da 3d | ea d8 50 43 64 9a ef 46 7c c3 d4 85 3f da 0d d2 | 3b 1e 68 f3 9d 8d 46 f2 ed 26 87 12 e8 ff e2 d3 | 30 11 cd b0 8e ff 94 56 61 d8 83 6f 96 2c dd 32 | 9b a7 3e bf 77 4e 93 54 f7 6f cd 88 e6 19 03 b8 | f1 83 14 74 d4 fd 9e 63 b0 10 a0 48 aa 7e f2 dc | ad 01 4f d3 1c 7f 69 4f 2e 67 fc ee 97 d0 01 3c | dd 1b 16 ca b3 67 47 3a b8 e2 da d0 53 05 02 fa | 26 41 64 6f 75 61 0e c0 6d 11 84 e9 d9 10 af 89 | b7 58 59 1a cd 2e ae 43 b3 7d b8 1b c5 5b b1 d5 | ec 60 f7 fb 09 c1 72 c9 b9 6a e7 a7 42 9a 57 72 | a6 43 28 29 61 09 ab 67 97 6d 5b ce de 22 7f 71 | 94 5b d5 c7 29 00 00 24 28 81 cc fd 60 24 b7 fd | 84 09 7e 7e 5a aa 3e 9f 27 b0 18 b2 d4 c2 2f 4a | 84 47 64 62 2f d8 ab 5e 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 9b cb 45 8a 6c 49 68 78 | 2a 75 7d 47 e8 ee 9d d7 22 e2 bd f2 00 00 00 1c | 00 00 40 05 01 52 05 19 5d b8 48 51 74 60 9a 0c | a1 d2 24 20 65 2b f0 e2 | verify: initiator inputs to hash2 (responder nonce) | c4 84 56 b4 8f 1b ac d3 dc 5d 36 f5 29 ba e0 0a | 90 e4 f4 d5 6a 82 3a 95 e8 a9 f4 d0 34 06 b5 87 | idhash 08 7b bc 4b fb d3 4c fb 60 5b 55 50 90 21 2d e2 | idhash e4 5e 71 5c | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x5641ad91fc98 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b1330 | result: shared secret-key@0x5641ad93d070 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x5641ad93d070 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b1318 | result: shared secret-key@0x5641ad9373d0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x5641ad93d070 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f49e8002b50 from shared secret-key@0x5641ad9373d0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f49e8002b50 from shared secret-key@0x5641ad9373d0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x5641ad9373d0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x5641ad93d128 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x5641aca154d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b1350 | result: final-key@0x5641ad93d070 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad93d070 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b1338 | result: final-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad93d070 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x5641ad9373d0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x5641ad9373d0 (size 20) | = prf(, ): -key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b1348 | result: clone-key@0x5641ad93d070 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f49e8002b50 from -key@0x5641ad93d070 | = prf(, ) prf: begin sha with context 0x7f49e8002b50 from -key@0x5641ad93d070 | = prf(, ): release clone-key@0x5641ad93d070 | = prf(, ) PRF sha crypt-prf@0x5641ad93d628 | = prf(, ) PRF sha update first-packet-bytes@0x5641ad945788 (length 440) | 1f 76 f1 12 67 3d 5b b6 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 64 fb 47 d7 eb 66 1b 4e b4 87 87 6a | 6d c8 5a ec 78 7e 5a 84 9f 4f 22 80 85 8f f6 03 | 73 62 9d b0 5c 19 af 4f 59 8d fc 9f 2f 4a 24 10 | 9e a0 9a fd f1 f7 2c 14 00 de c3 f1 8e c7 76 5e | a8 d4 d1 32 27 52 85 ae 3a 89 06 22 a5 14 da 3d | ea d8 50 43 64 9a ef 46 7c c3 d4 85 3f da 0d d2 | 3b 1e 68 f3 9d 8d 46 f2 ed 26 87 12 e8 ff e2 d3 | 30 11 cd b0 8e ff 94 56 61 d8 83 6f 96 2c dd 32 | 9b a7 3e bf 77 4e 93 54 f7 6f cd 88 e6 19 03 b8 | f1 83 14 74 d4 fd 9e 63 b0 10 a0 48 aa 7e f2 dc | ad 01 4f d3 1c 7f 69 4f 2e 67 fc ee 97 d0 01 3c | dd 1b 16 ca b3 67 47 3a b8 e2 da d0 53 05 02 fa | 26 41 64 6f 75 61 0e c0 6d 11 84 e9 d9 10 af 89 | b7 58 59 1a cd 2e ae 43 b3 7d b8 1b c5 5b b1 d5 | ec 60 f7 fb 09 c1 72 c9 b9 6a e7 a7 42 9a 57 72 | a6 43 28 29 61 09 ab 67 97 6d 5b ce de 22 7f 71 | 94 5b d5 c7 29 00 00 24 28 81 cc fd 60 24 b7 fd | 84 09 7e 7e 5a aa 3e 9f 27 b0 18 b2 d4 c2 2f 4a | 84 47 64 62 2f d8 ab 5e 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 9b cb 45 8a 6c 49 68 78 | 2a 75 7d 47 e8 ee 9d d7 22 e2 bd f2 00 00 00 1c | 00 00 40 05 01 52 05 19 5d b8 48 51 74 60 9a 0c | a1 d2 24 20 65 2b f0 e2 | = prf(, ) PRF sha update nonce-bytes@0x7f49e8001278 (length 32) | c4 84 56 b4 8f 1b ac d3 dc 5d 36 f5 29 ba e0 0a | 90 e4 f4 d5 6a 82 3a 95 e8 a9 f4 d0 34 06 b5 87 | = prf(, ) PRF sha update hash-bytes@0x7fff837b16e0 (length 20) | 08 7b bc 4b fb d3 4c fb 60 5b 55 50 90 21 2d e2 | e4 5e 71 5c | = prf(, ) PRF sha final-chunk@0x5641ad93c4a8 (length 20) | 0f ef 56 f0 67 53 69 6b 13 ae 92 66 83 c4 75 85 | 37 35 6f ce | psk_auth: release prf-psk-key@0x5641ad9373d0 | Received PSK auth octets | 0f ef 56 f0 67 53 69 6b 13 ae 92 66 83 c4 75 85 | 37 35 6f ce | Calculated PSK auth octets | 0f ef 56 f0 67 53 69 6b 13 ae 92 66 83 c4 75 85 | 37 35 6f ce "east" #9: Authenticated using authby=secret | parent state #9: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) | #9 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) | state #9 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f49e8002888 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5641ad942c68 | event_schedule: new EVENT_SA_REKEY-pe@0x5641ad942c68 | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #9 | libevent_malloc: new ptr-libevent@0x5641ad945978 size 128 | pstats #9 ikev2.ike established | **emit ISAKMP Message: | initiator cookie: | 1f 76 f1 12 67 3d 5b b6 | responder cookie: | cc 88 7d 43 5d b9 94 50 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | hmac PRF sha init symkey-key@0x5641ad946af0 (size 20) | hmac: symkey-key@0x5641ad946af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad946af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0eb8 | result: clone-key@0x5641ad9373d0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49e8002b50 from symkey-key@0x5641ad9373d0 | hmac prf: begin sha with context 0x7f49e8002b50 from symkey-key@0x5641ad9373d0 | hmac: release clone-key@0x5641ad9373d0 | hmac PRF sha crypt-prf@0x5641ad93d628 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload | my identity 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | idhash calc R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x5641aca808f4 (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7fff837b11b0 (length 20) | 6f 73 ad 19 cf ac 0a 7a 73 3f 4c e4 ae 8a 13 30 | 84 8b 6e 81 | assembled IDr payload | CHILD SA proposals received | going to assemble AUTH payload | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x5641ad891c48 (line=1) | concluding with best_match=014 best=0x5641ad891c48 (lineno=1) | inputs to hash1 (first packet) | 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 19 16 37 c1 7e 96 ff f1 94 a6 52 0e | 4d 86 ec ba 53 6c aa 32 74 42 65 a8 df 3a 04 70 | 95 9b 16 a1 8d e7 87 31 82 e4 98 dc 81 06 fa 41 | cd 8f 76 27 83 e7 04 6b c6 d7 a8 aa 4c 18 16 11 | aa 05 db f1 74 f4 23 60 70 b1 30 57 3d 0e 57 5a | 94 4c 79 0b 86 d2 01 d6 2f fc 29 c4 26 36 60 52 | 0b 9a 43 27 33 75 f0 86 88 33 fa f8 14 b0 8c f0 | 51 ae b2 3d b5 04 fc da ef 2f 39 bf 95 ef 22 62 | 0f d8 aa 62 ea fa d1 1a 04 fa 91 66 a9 b4 9a 25 | 23 9d 3d 15 e8 d0 21 0d 06 3a 46 5c 23 c5 a5 9a | b0 66 07 f5 4d b3 4e e6 c0 85 ca 24 1f 2c 1d 55 | a2 9b 17 87 84 76 89 2e 9c 96 87 e1 1e a6 65 6a | 4b f1 a3 f9 45 9f 1a 54 28 09 f0 cf f9 91 68 71 | 25 3e 98 ed 50 de e3 5d 9b 6e d4 5a c5 a1 61 2e | 80 f1 3a 5e 27 dc 64 6e 7b a1 25 ac c7 48 90 0f | f4 07 d0 6b ca 34 ba dc 21 ea 03 39 57 1e ed f8 | 82 3a 7c 72 29 00 00 24 c4 84 56 b4 8f 1b ac d3 | dc 5d 36 f5 29 ba e0 0a 90 e4 f4 d5 6a 82 3a 95 | e8 a9 f4 d0 34 06 b5 87 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 e2 b9 37 b4 5b c2 6b 2d | d6 ab 4e 00 b0 02 bc 04 2a de c2 ee 00 00 00 1c | 00 00 40 05 10 a7 fb e4 8a bd 9c 1c c7 f9 6b 51 | 5a 4c 9a 6d 84 41 76 bd | create: responder inputs to hash2 (initiator nonce) | 28 81 cc fd 60 24 b7 fd 84 09 7e 7e 5a aa 3e 9f | 27 b0 18 b2 d4 c2 2f 4a 84 47 64 62 2f d8 ab 5e | idhash 6f 73 ad 19 cf ac 0a 7a 73 3f 4c e4 ae 8a 13 30 | idhash 84 8b 6e 81 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x5641ad91fc98 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0ca0 | result: shared secret-key@0x5641ad93d070 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x5641ad93d070 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c88 | result: shared secret-key@0x5641ad9373d0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x5641ad93d070 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f49e8002b50 from shared secret-key@0x5641ad9373d0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f49e8002b50 from shared secret-key@0x5641ad9373d0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x5641ad9373d0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x5641ad93c4a8 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x5641aca154d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0cc0 | result: final-key@0x5641ad93d070 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad93d070 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0ca8 | result: final-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad93d070 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x5641ad9373d0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x5641ad9373d0 (size 20) | = prf(, ): -key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0cb8 | result: clone-key@0x5641ad93d070 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f49e8002b50 from -key@0x5641ad93d070 | = prf(, ) prf: begin sha with context 0x7f49e8002b50 from -key@0x5641ad93d070 | = prf(, ): release clone-key@0x5641ad93d070 | = prf(, ) PRF sha crypt-prf@0x5641ad93d628 | = prf(, ) PRF sha update first-packet-bytes@0x5641ad93d268 (length 440) | 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 19 16 37 c1 7e 96 ff f1 94 a6 52 0e | 4d 86 ec ba 53 6c aa 32 74 42 65 a8 df 3a 04 70 | 95 9b 16 a1 8d e7 87 31 82 e4 98 dc 81 06 fa 41 | cd 8f 76 27 83 e7 04 6b c6 d7 a8 aa 4c 18 16 11 | aa 05 db f1 74 f4 23 60 70 b1 30 57 3d 0e 57 5a | 94 4c 79 0b 86 d2 01 d6 2f fc 29 c4 26 36 60 52 | 0b 9a 43 27 33 75 f0 86 88 33 fa f8 14 b0 8c f0 | 51 ae b2 3d b5 04 fc da ef 2f 39 bf 95 ef 22 62 | 0f d8 aa 62 ea fa d1 1a 04 fa 91 66 a9 b4 9a 25 | 23 9d 3d 15 e8 d0 21 0d 06 3a 46 5c 23 c5 a5 9a | b0 66 07 f5 4d b3 4e e6 c0 85 ca 24 1f 2c 1d 55 | a2 9b 17 87 84 76 89 2e 9c 96 87 e1 1e a6 65 6a | 4b f1 a3 f9 45 9f 1a 54 28 09 f0 cf f9 91 68 71 | 25 3e 98 ed 50 de e3 5d 9b 6e d4 5a c5 a1 61 2e | 80 f1 3a 5e 27 dc 64 6e 7b a1 25 ac c7 48 90 0f | f4 07 d0 6b ca 34 ba dc 21 ea 03 39 57 1e ed f8 | 82 3a 7c 72 29 00 00 24 c4 84 56 b4 8f 1b ac d3 | dc 5d 36 f5 29 ba e0 0a 90 e4 f4 d5 6a 82 3a 95 | e8 a9 f4 d0 34 06 b5 87 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 e2 b9 37 b4 5b c2 6b 2d | d6 ab 4e 00 b0 02 bc 04 2a de c2 ee 00 00 00 1c | 00 00 40 05 10 a7 fb e4 8a bd 9c 1c c7 f9 6b 51 | 5a 4c 9a 6d 84 41 76 bd | = prf(, ) PRF sha update nonce-bytes@0x5641ad942bd8 (length 32) | 28 81 cc fd 60 24 b7 fd 84 09 7e 7e 5a aa 3e 9f | 27 b0 18 b2 d4 c2 2f 4a 84 47 64 62 2f d8 ab 5e | = prf(, ) PRF sha update hash-bytes@0x7fff837b11b0 (length 20) | 6f 73 ad 19 cf ac 0a 7a 73 3f 4c e4 ae 8a 13 30 | 84 8b 6e 81 | = prf(, ) PRF sha final-chunk@0x5641ad93d128 (length 20) | 14 1c b5 c5 cb 5b 56 06 2b 89 9b 07 85 4a 0c 05 | a9 5b 5e 6f | psk_auth: release prf-psk-key@0x5641ad9373d0 | PSK auth octets 14 1c b5 c5 cb 5b 56 06 2b 89 9b 07 85 4a 0c 05 | PSK auth octets a9 5b 5e 6f | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth 14 1c b5 c5 cb 5b 56 06 2b 89 9b 07 85 4a 0c 05 | PSK auth a9 5b 5e 6f | emitting length of IKEv2 Authentication Payload: 28 | creating state object #10 at 0x5641ad945ad8 | State DB: adding IKEv2 state #10 in UNDEFINED | pstats #10 ikev2.child started | duplicating state object #9 "east" as #10 for IPSEC SA | #10 setting local endpoint to 192.1.2.23:500 from #9.st_localport (in duplicate_state() at state.c:1484) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x7f49e400b980 | duplicate_state: reference st_skey_ai_nss-key@0x5641ad93f800 | duplicate_state: reference st_skey_ar_nss-key@0x7f49e4006650 | duplicate_state: reference st_skey_ei_nss-key@0x5641ad93dd30 | duplicate_state: reference st_skey_er_nss-key@0x7f49f4006bb0 | duplicate_state: reference st_skey_pi_nss-key@0x5641ad924ad0 | duplicate_state: reference st_skey_pr_nss-key@0x5641ad946af0 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #9.#10; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #9 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 | Message ID: switch-to #9.#10 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 | Child SA TS Request has ike->sa == md->st; so using parent connection | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | looking for best SPD in current connection | evaluating our conn="east" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found better spd route for TSi[0],TSr[0] | looking for better host pair | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | checking hostpair 192.0.2.0/24 -> 192.0.1.0/24 is found | investigating connection "east" as a better match | match_id a=@west | b=@west | results matched | evaluating our conn="east" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | did not find a better connection using host pair | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | using existing local ESP/AH proposals for east (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED 2:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 0 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 1 transforms | local proposal 2 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI b9 2c ca 0f | Comparing remote proposal 1 containing 3 transforms against local proposal [1..2] of 2 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 16 (0x10) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | *****parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | *****parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 1 "east" #9: proposal 1:ESP:SPI=b92cca0f;ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=b92cca0f;ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | netlink_get_spi: allocated 0x22904547 for esp.0@192.1.2.23 | Emitting ikev2_proposal ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 22 90 45 47 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 01 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 02 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | integ=sha: .key_size=20 encrypt=aes: .key_size=16 .salt_size=0 keymat_len=36 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0d30 | result: data=Ni-key@0x5641ad93d070 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x5641ad93d070 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0d18 | result: data=Ni-key@0x5641ad9373d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x5641ad93d070 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad9373d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff837b0d20 | result: data+=Nr-key@0x5641ad93d070 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5641ad9373d0 | prf+0 PRF sha init key-key@0x7f49e400b980 (size 20) | prf+0: key-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c48 | result: clone-key@0x5641ad9373d0 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f49e8002b50 from key-key@0x5641ad9373d0 | prf+0 prf: begin sha with context 0x7f49e8002b50 from key-key@0x5641ad9373d0 | prf+0: release clone-key@0x5641ad9373d0 | prf+0 PRF sha crypt-prf@0x5641ad939208 | prf+0 PRF sha update seed-key@0x5641ad93d070 (size 64) | prf+0: seed-key@0x5641ad93d070 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5641ad93d070 | nss hmac digest hack: symkey-key@0x5641ad93d070 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1398713859: 33 c9 60 7f 7c de 7c 6b dd 65 7d 9b 0a b2 9c 3b e7 78 c4 93 9e 38 83 f6 ba fd 73 93 2a 5e 03 5b 4f f2 3d 81 33 30 46 2f be eb a2 58 0f 57 ef 70 1c 6f c3 44 bc 89 26 22 b7 a1 cf c1 40 78 b4 7a | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 64 bytes at 0x7f49fc002b78 | unwrapped: 28 81 cc fd 60 24 b7 fd 84 09 7e 7e 5a aa 3e 9f | unwrapped: 27 b0 18 b2 d4 c2 2f 4a 84 47 64 62 2f d8 ab 5e | unwrapped: c4 84 56 b4 8f 1b ac d3 dc 5d 36 f5 29 ba e0 0a | unwrapped: 90 e4 f4 d5 6a 82 3a 95 e8 a9 f4 d0 34 06 b5 87 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0c50 | result: final-key@0x5641ad9469b0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad9469b0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c38 | result: final-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad9469b0 | prf+0 PRF sha final-key@0x5641ad9373d0 (size 20) | prf+0: key-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x5641ad9373d0 | prf+N PRF sha init key-key@0x7f49e400b980 (size 20) | prf+N: key-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c48 | result: clone-key@0x5641ad9469b0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49e8002b50 from key-key@0x5641ad9469b0 | prf+N prf: begin sha with context 0x7f49e8002b50 from key-key@0x5641ad9469b0 | prf+N: release clone-key@0x5641ad9469b0 | prf+N PRF sha crypt-prf@0x5641ad949d38 | prf+N PRF sha update old_t-key@0x5641ad9373d0 (size 20) | prf+N: old_t-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad9373d0 | nss hmac digest hack: symkey-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: bf f3 fe d7 b8 6e 16 df 01 3e c0 37 75 fa 45 5e 16 7b 13 98 cf 6b 66 1a f6 c8 17 8c 17 2d f1 ef | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x5641ad942cd8 | unwrapped: d9 72 d4 b2 91 75 db 75 f3 2d e8 7f c7 41 01 5c | unwrapped: 85 ab 39 e9 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad93d070 (size 64) | prf+N: seed-key@0x5641ad93d070 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5641ad93d070 | nss hmac digest hack: symkey-key@0x5641ad93d070 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1398713859: 33 c9 60 7f 7c de 7c 6b dd 65 7d 9b 0a b2 9c 3b e7 78 c4 93 9e 38 83 f6 ba fd 73 93 2a 5e 03 5b 4f f2 3d 81 33 30 46 2f be eb a2 58 0f 57 ef 70 1c 6f c3 44 bc 89 26 22 b7 a1 cf c1 40 78 b4 7a | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 64 bytes at 0x7f49f0002b78 | unwrapped: 28 81 cc fd 60 24 b7 fd 84 09 7e 7e 5a aa 3e 9f | unwrapped: 27 b0 18 b2 d4 c2 2f 4a 84 47 64 62 2f d8 ab 5e | unwrapped: c4 84 56 b4 8f 1b ac d3 dc 5d 36 f5 29 ba e0 0a | unwrapped: 90 e4 f4 d5 6a 82 3a 95 e8 a9 f4 d0 34 06 b5 87 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0c50 | result: final-key@0x7f49e400a000 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49e400a000 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c38 | result: final-key@0x5641ad9469b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f49e400a000 | prf+N PRF sha final-key@0x5641ad9469b0 (size 20) | prf+N: key-key@0x5641ad9469b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff837b0cc8 | result: result-key@0x7f49e400a000 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5641ad9373d0 | prfplus: release old_t[N]-key@0x5641ad9373d0 | prf+N PRF sha init key-key@0x7f49e400b980 (size 20) | prf+N: key-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c48 | result: clone-key@0x5641ad9373d0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49e8002b50 from key-key@0x5641ad9373d0 | prf+N prf: begin sha with context 0x7f49e8002b50 from key-key@0x5641ad9373d0 | prf+N: release clone-key@0x5641ad9373d0 | prf+N PRF sha crypt-prf@0x5641ad939208 | prf+N PRF sha update old_t-key@0x5641ad9469b0 (size 20) | prf+N: old_t-key@0x5641ad9469b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad9469b0 | nss hmac digest hack: symkey-key@0x5641ad9469b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: e1 7d 17 44 36 40 09 e3 92 43 65 04 8b 02 ef 79 7d 8e fb 1c e1 05 6d 44 26 65 ce 4b 7e f1 3f 0e | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x5641ad9413c8 | unwrapped: f8 d5 8c 8c c4 b9 39 a1 f4 8e 6b 9f 77 89 1c 2f | unwrapped: 42 f5 ac 3d 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad93d070 (size 64) | prf+N: seed-key@0x5641ad93d070 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5641ad93d070 | nss hmac digest hack: symkey-key@0x5641ad93d070 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1398713859: 33 c9 60 7f 7c de 7c 6b dd 65 7d 9b 0a b2 9c 3b e7 78 c4 93 9e 38 83 f6 ba fd 73 93 2a 5e 03 5b 4f f2 3d 81 33 30 46 2f be eb a2 58 0f 57 ef 70 1c 6f c3 44 bc 89 26 22 b7 a1 cf c1 40 78 b4 7a | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 64 bytes at 0x7f49fc002b78 | unwrapped: 28 81 cc fd 60 24 b7 fd 84 09 7e 7e 5a aa 3e 9f | unwrapped: 27 b0 18 b2 d4 c2 2f 4a 84 47 64 62 2f d8 ab 5e | unwrapped: c4 84 56 b4 8f 1b ac d3 dc 5d 36 f5 29 ba e0 0a | unwrapped: 90 e4 f4 d5 6a 82 3a 95 e8 a9 f4 d0 34 06 b5 87 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0c50 | result: final-key@0x5641ad949c80 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad949c80 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c38 | result: final-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad949c80 | prf+N PRF sha final-key@0x5641ad9373d0 (size 20) | prf+N: key-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f49e400a000 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff837b0cc8 | result: result-key@0x5641ad949c80 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f49e400a000 | prfplus: release old_t[N]-key@0x5641ad9469b0 | prf+N PRF sha init key-key@0x7f49e400b980 (size 20) | prf+N: key-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c48 | result: clone-key@0x5641ad9469b0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49e8002b50 from key-key@0x5641ad9469b0 | prf+N prf: begin sha with context 0x7f49e8002b50 from key-key@0x5641ad9469b0 | prf+N: release clone-key@0x5641ad9469b0 | prf+N PRF sha crypt-prf@0x5641ad942cd8 | prf+N PRF sha update old_t-key@0x5641ad9373d0 (size 20) | prf+N: old_t-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad9373d0 | nss hmac digest hack: symkey-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: b1 94 1e 43 85 30 63 15 fa ad 57 72 42 ac 98 38 bf 75 88 d6 59 60 60 d2 0a 3b 76 97 e8 8f 7d dd | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x5641ad940ff8 | unwrapped: 37 3b 26 be 2c e7 f2 08 fb 09 ca c5 ac 2c bf be | unwrapped: fb 72 73 bf 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad93d070 (size 64) | prf+N: seed-key@0x5641ad93d070 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5641ad93d070 | nss hmac digest hack: symkey-key@0x5641ad93d070 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1398713859: 33 c9 60 7f 7c de 7c 6b dd 65 7d 9b 0a b2 9c 3b e7 78 c4 93 9e 38 83 f6 ba fd 73 93 2a 5e 03 5b 4f f2 3d 81 33 30 46 2f be eb a2 58 0f 57 ef 70 1c 6f c3 44 bc 89 26 22 b7 a1 cf c1 40 78 b4 7a | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 64 bytes at 0x7f49f0002b78 | unwrapped: 28 81 cc fd 60 24 b7 fd 84 09 7e 7e 5a aa 3e 9f | unwrapped: 27 b0 18 b2 d4 c2 2f 4a 84 47 64 62 2f d8 ab 5e | unwrapped: c4 84 56 b4 8f 1b ac d3 dc 5d 36 f5 29 ba e0 0a | unwrapped: 90 e4 f4 d5 6a 82 3a 95 e8 a9 f4 d0 34 06 b5 87 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0c50 | result: final-key@0x7f49e400a000 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49e400a000 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c38 | result: final-key@0x5641ad9469b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f49e400a000 | prf+N PRF sha final-key@0x5641ad9469b0 (size 20) | prf+N: key-key@0x5641ad9469b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad949c80 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff837b0cc8 | result: result-key@0x7f49e400a000 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5641ad949c80 | prfplus: release old_t[N]-key@0x5641ad9373d0 | prfplus: release old_t[final]-key@0x5641ad9469b0 | child_sa_keymat: release data-key@0x5641ad93d070 | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x7f49e400a000 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0da8 | result: result-key@0x5641ad93d070 (36-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 36 bytes of key@0x5641ad93d070 | initiator to responder keys: symkey-key@0x5641ad93d070 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x5641ad91fd40 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)540620832: bf f3 fe d7 b8 6e 16 df 01 3e c0 37 75 fa 45 5e 61 88 5e 41 28 91 5a a6 8c 05 10 da 69 ea d6 42 0b 52 5e ec aa bc 97 5c f2 f5 e4 57 30 7e c6 89 | initiator to responder keys: release slot-key-key@0x5641ad91fd40 | initiator to responder keys extracted len 48 bytes at 0x7f49ec002e68 | unwrapped: d9 72 d4 b2 91 75 db 75 f3 2d e8 7f c7 41 01 5c | unwrapped: 85 ab 39 e9 f8 d5 8c 8c c4 b9 39 a1 f4 8e 6b 9f | unwrapped: 77 89 1c 2f 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x5641ad93d070 | key-offset: 36, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x7f49e400a000 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0da8 | result: result-key@0x5641ad93d070 (36-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 36 bytes of key@0x5641ad93d070 | responder to initiator keys:: symkey-key@0x5641ad93d070 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x5641ad91fd40 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)540620832: a9 8b 70 a9 37 4d ec ab 51 2f c8 25 59 7a 14 8c 64 53 9a 5f f4 41 90 29 6a 3e 02 47 99 b6 a2 c3 78 7f c3 43 68 a2 c3 1b 7a 93 e3 08 91 a7 bf 79 | responder to initiator keys:: release slot-key-key@0x5641ad91fd40 | responder to initiator keys: extracted len 48 bytes at 0x5641ad942b78 | unwrapped: 42 f5 ac 3d 37 3b 26 be 2c e7 f2 08 fb 09 ca c5 | unwrapped: ac 2c bf be fb 72 73 bf 39 c3 34 3e be b4 2e 95 | unwrapped: c3 fd 1b 03 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x5641ad93d070 | ikev2_derive_child_keys: release keymat-key@0x7f49e400a000 | FOR_EACH_CONNECTION_... in ISAKMP_SA_established | #9 spent 2.5 milliseconds | install_ipsec_sa() for #10: inbound and outbound | could_route called for east (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" prospective erouted: self; eroute owner: self | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.b92cca0f@192.1.2.45 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.22904547@192.1.2.23 included non-error error | priority calculation of connection "east" is 0xfe7e7 | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #10: prospective erouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" prospective erouted: self; eroute owner: self | route_and_eroute with c: east (next: none) ero:east esr:{(nil)} ro:east rosr:{(nil)} and state: #10 | priority calculation of connection "east" is 0xfe7e7 | eroute_connection replace eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45>tun.0@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xb92cca0f SPI_OUT=0x229 | popen cmd is 1020 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFA: | cmd( 80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' : | cmd( 160):PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_M: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1638: | cmd( 320):8' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_: | cmd( 400):CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK=': | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKE: | cmd( 640):V2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO: | cmd( 720):_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_IN: | cmd( 800):FO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_: | cmd( 880):CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=: | cmd( 960):'no' SPI_IN=0xb92cca0f SPI_OUT=0x22904547 ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | route_and_eroute: instance "east", setting eroute_owner {spd=0x5641ad9383e8,sr=0x5641ad9383e8} to #10 (was #0) (newest_ipsec_sa=#0) | #9 spent 0.848 milliseconds in install_ipsec_sa() | ISAKMP_v2_IKE_AUTH: instance east[0], setting IKEv2 newest_ipsec_sa to #10 (was #0) (spd.eroute=#10) cloned from #9 | adding 12 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 176 | emitting length of ISAKMP Message: 204 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 9d 5d de 43 60 28 36 07 f3 da da f2 6e b6 24 4b | data before encryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 14 1c b5 c5 cb 5b 56 06 2b 89 9b 07 | 85 4a 0c 05 a9 5b 5e 6f 2c 00 00 2c 00 00 00 28 | 01 03 04 03 22 90 45 47 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 03 00 00 02 00 00 00 08 | 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 01 00 c0 00 01 ff 00 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 | c0 00 02 ff 00 01 02 03 04 05 06 07 08 09 0a 0b | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 80 b0 c6 f5 cf 86 de c2 15 c7 d5 d1 c9 23 88 7c | d3 fd d7 5e 83 ca 3d e1 86 83 cf b9 61 04 0a cd | 8e 50 ab d4 3e 80 4e 68 7c 51 64 06 2c ec 64 dc | c6 0f 1b 1b 54 6c 08 26 c6 63 99 b0 e7 f1 f2 d7 | d7 f4 4d b4 2f fb 50 76 50 7b 19 f1 96 4e 9f da | e4 56 87 d9 27 8a 9f 4e 89 7a 6f 27 c2 9a 98 3c | a0 2b 46 c4 53 cd c6 4c 3c ef e6 54 6f 9a 7d 0a | c0 e0 bd ff 62 8e 33 6d 7a 7e d1 6f ef 09 75 80 | 74 a9 3c b9 c5 1c c4 85 a2 44 36 e1 e4 33 5d aa | hmac PRF sha init symkey-key@0x7f49e4006650 (size 20) | hmac: symkey-key@0x7f49e4006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49e4006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0dc8 | result: clone-key@0x7f49e400a000 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49e8002b50 from symkey-key@0x7f49e400a000 | hmac prf: begin sha with context 0x7f49e8002b50 from symkey-key@0x7f49e400a000 | hmac: release clone-key@0x7f49e400a000 | hmac PRF sha crypt-prf@0x5641ad939208 | hmac PRF sha update data-bytes@0x5641aca808c0 (length 192) | 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | 9d 5d de 43 60 28 36 07 f3 da da f2 6e b6 24 4b | 80 b0 c6 f5 cf 86 de c2 15 c7 d5 d1 c9 23 88 7c | d3 fd d7 5e 83 ca 3d e1 86 83 cf b9 61 04 0a cd | 8e 50 ab d4 3e 80 4e 68 7c 51 64 06 2c ec 64 dc | c6 0f 1b 1b 54 6c 08 26 c6 63 99 b0 e7 f1 f2 d7 | d7 f4 4d b4 2f fb 50 76 50 7b 19 f1 96 4e 9f da | e4 56 87 d9 27 8a 9f 4e 89 7a 6f 27 c2 9a 98 3c | a0 2b 46 c4 53 cd c6 4c 3c ef e6 54 6f 9a 7d 0a | c0 e0 bd ff 62 8e 33 6d 7a 7e d1 6f ef 09 75 80 | 74 a9 3c b9 c5 1c c4 85 a2 44 36 e1 e4 33 5d aa | hmac PRF sha final-bytes@0x5641aca80980 (length 20) | a4 d4 5a 0a af 82 2d 31 b7 e3 9d cd 24 e4 33 6f | ad e3 15 4b | data being hmac: 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | data being hmac: 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | data being hmac: 9d 5d de 43 60 28 36 07 f3 da da f2 6e b6 24 4b | data being hmac: 80 b0 c6 f5 cf 86 de c2 15 c7 d5 d1 c9 23 88 7c | data being hmac: d3 fd d7 5e 83 ca 3d e1 86 83 cf b9 61 04 0a cd | data being hmac: 8e 50 ab d4 3e 80 4e 68 7c 51 64 06 2c ec 64 dc | data being hmac: c6 0f 1b 1b 54 6c 08 26 c6 63 99 b0 e7 f1 f2 d7 | data being hmac: d7 f4 4d b4 2f fb 50 76 50 7b 19 f1 96 4e 9f da | data being hmac: e4 56 87 d9 27 8a 9f 4e 89 7a 6f 27 c2 9a 98 3c | data being hmac: a0 2b 46 c4 53 cd c6 4c 3c ef e6 54 6f 9a 7d 0a | data being hmac: c0 e0 bd ff 62 8e 33 6d 7a 7e d1 6f ef 09 75 80 | data being hmac: 74 a9 3c b9 c5 1c c4 85 a2 44 36 e1 e4 33 5d aa | out calculated auth: | a4 d4 5a 0a af 82 2d 31 b7 e3 9d cd | ikev2_parent_inI2outR2_continue_tail returned STF_OK | #9 spent 3.55 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() | suspend processing: state #9 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | start processing: state #10 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #10 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R | child state #10: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) | Message ID: updating counters for #10 to 1 after switching state | Message ID: recv #9.#10 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 | Message ID: sent #9.#10 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 | pstats #10 ikev2.child established "east" #10: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0] | NAT-T: encaps is 'auto' "east" #10: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0xb92cca0f <0x22904547 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 204 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #9) | 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | 9d 5d de 43 60 28 36 07 f3 da da f2 6e b6 24 4b | 80 b0 c6 f5 cf 86 de c2 15 c7 d5 d1 c9 23 88 7c | d3 fd d7 5e 83 ca 3d e1 86 83 cf b9 61 04 0a cd | 8e 50 ab d4 3e 80 4e 68 7c 51 64 06 2c ec 64 dc | c6 0f 1b 1b 54 6c 08 26 c6 63 99 b0 e7 f1 f2 d7 | d7 f4 4d b4 2f fb 50 76 50 7b 19 f1 96 4e 9f da | e4 56 87 d9 27 8a 9f 4e 89 7a 6f 27 c2 9a 98 3c | a0 2b 46 c4 53 cd c6 4c 3c ef e6 54 6f 9a 7d 0a | c0 e0 bd ff 62 8e 33 6d 7a 7e d1 6f ef 09 75 80 | 74 a9 3c b9 c5 1c c4 85 a2 44 36 e1 e4 33 5d aa | a4 d4 5a 0a af 82 2d 31 b7 e3 9d cd | releasing whack for #10 (sock=fd@-1) | releasing whack and unpending for parent #9 | unpending state #9 connection "east" | #10 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x7f49e8002b78 | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #10 | libevent_malloc: new ptr-libevent@0x5641ad948448 size 128 | resume sending helper answer for #9 suppresed complete_v2_state_transition() | #9 spent 3.94 milliseconds in resume sending helper answer | stop processing: state #10 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f49fc0044f8 | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00437 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00371 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | f1 67 5c 89 92 13 5e 64 35 2b 6a 4d 88 98 f9 b8 | 1b 57 96 99 05 dd 5a 8e 13 ba 4b 28 f1 a0 eb 65 | 0e 07 92 2c e3 ee 37 5a 57 8a c3 28 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 1f 76 f1 12 67 3d 5b b6 | responder cookie: | cc 88 7d 43 5d b9 94 50 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #9 in PARENT_R2 (find_v2_ike_sa) | start processing: state #9 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #9 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 | Message ID: #9 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SK (len=44) | Message ID: start-responder #9 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 | #9 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x5641ad93f800 (size 20) | hmac: symkey-key@0x5641ad93f800 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad93f800 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b19f8 | result: clone-key@0x7f49e400a000 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49f0002b50 from symkey-key@0x7f49e400a000 | hmac prf: begin sha with context 0x7f49f0002b50 from symkey-key@0x7f49e400a000 | hmac: release clone-key@0x7f49e400a000 | hmac PRF sha crypt-prf@0x5641ad93dcb8 | hmac PRF sha update data-bytes@0x5641ad891898 (length 64) | 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | f1 67 5c 89 92 13 5e 64 35 2b 6a 4d 88 98 f9 b8 | 1b 57 96 99 05 dd 5a 8e 13 ba 4b 28 f1 a0 eb 65 | hmac PRF sha final-bytes@0x7fff837b1bc0 (length 20) | 0e 07 92 2c e3 ee 37 5a 57 8a c3 28 80 54 29 b0 | ae 62 26 29 | data for hmac: 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | data for hmac: 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | data for hmac: f1 67 5c 89 92 13 5e 64 35 2b 6a 4d 88 98 f9 b8 | data for hmac: 1b 57 96 99 05 dd 5a 8e 13 ba 4b 28 f1 a0 eb 65 | calculated auth: 0e 07 92 2c e3 ee 37 5a 57 8a c3 28 | provided auth: 0e 07 92 2c e3 ee 37 5a 57 8a c3 28 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | f1 67 5c 89 92 13 5e 64 35 2b 6a 4d 88 98 f9 b8 | payload before decryption: | 1b 57 96 99 05 dd 5a 8e 13 ba 4b 28 f1 a0 eb 65 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 00 00 00 0c 03 04 00 01 b9 2c ca 0f 00 01 02 03 | stripping 4 octets as pad | #9 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 12 (0xc) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | processing payload: ISAKMP_NEXT_v2D (len=4) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | 1f 76 f1 12 67 3d 5b b6 | responder cookie: | cc 88 7d 43 5d b9 94 50 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | parsing 4 raw bytes of IKEv2 Delete Payload into SPI | SPI b9 2c ca 0f | delete PROTO_v2_ESP SA(0xb92cca0f) | v2 CHILD SA #10 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_R | State DB: found IKEv2 state #10 in V2_IPSEC_R (find_v2_child_sa_by_outbound_spi) | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0xb92cca0f) "east" #9: received Delete SA payload: delete IPsec State #10 now | pstats #10 ikev2.child deleted completed | suspend processing: state #9 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) | start processing: state #10 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #10: deleting other state #10 (STATE_V2_IPSEC_R) aged 0.119s and NOT sending notification | child state #10: V2_IPSEC_R(established CHILD SA) => delete | get_sa_info esp.b92cca0f@192.1.2.45 | get_sa_info esp.22904547@192.1.2.23 "east" #10: ESP traffic information: in=84B out=84B | child state #10: V2_IPSEC_R(established CHILD SA) => CHILDSA_DEL(informational) | state #10 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x5641ad948448 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f49e8002b78 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844014' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xb92cca0f | popen cmd is 1031 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east: | cmd( 160):' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='1566844014' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUN: | cmd( 640):NEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMA: | cmd( 720):NENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_: | cmd( 800):PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER: | cmd( 880):='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' : | cmd( 960):VTI_SHARED='no' SPI_IN=0xb92cca0f SPI_OUT=0x22904547 ipsec _updown 2>&1: | shunt_eroute() called for connection 'east' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "east" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.b92cca0f@192.1.2.45 | netlink response for Del SA esp.b92cca0f@192.1.2.45 included non-error error | priority calculation of connection "east" is 0xfe7e7 | delete inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) | raw_eroute result=success | delete esp.22904547@192.1.2.23 | netlink response for Del SA esp.22904547@192.1.2.23 included non-error error | in connection_discard for connection east | State DB: deleting IKEv2 state #10 in CHILDSA_DEL | child state #10: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #10 from 192.1.2.45:500 (in delete_state() at state.c:1143) | resume processing: state #9 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f49e400b980 | delete_state: release st->st_skey_ai_nss-key@0x5641ad93f800 | delete_state: release st->st_skey_ar_nss-key@0x7f49e4006650 | delete_state: release st->st_skey_ei_nss-key@0x5641ad93dd30 | delete_state: release st->st_skey_er_nss-key@0x7f49f4006bb0 | delete_state: release st->st_skey_pi_nss-key@0x5641ad924ad0 | delete_state: release st->st_skey_pr_nss-key@0x5641ad946af0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload | local SPIs 22 90 45 47 | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | b3 48 df 14 4b 8c bc c5 f7 ab 5c 3c db 81 99 35 | data before encryption: | 00 00 00 0c 03 04 00 01 22 90 45 47 00 01 02 03 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 87 55 ca 21 bc 64 04 f0 9b 4b 1f 1d 1f ea 0c 1c | hmac PRF sha init symkey-key@0x7f49e4006650 (size 20) | hmac: symkey-key@0x7f49e4006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49e4006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b15a8 | result: clone-key@0x7f49e400a000 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49e8002b50 from symkey-key@0x7f49e400a000 | hmac prf: begin sha with context 0x7f49e8002b50 from symkey-key@0x7f49e400a000 | hmac: release clone-key@0x7f49e400a000 | hmac PRF sha crypt-prf@0x5641ad939208 | hmac PRF sha update data-bytes@0x5641aca808c0 (length 64) | 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | b3 48 df 14 4b 8c bc c5 f7 ab 5c 3c db 81 99 35 | 87 55 ca 21 bc 64 04 f0 9b 4b 1f 1d 1f ea 0c 1c | hmac PRF sha final-bytes@0x5641aca80900 (length 20) | 5a 63 d6 ae fb 6d de d7 7b 92 43 2c fd 0a 39 82 | 73 87 77 0a | data being hmac: 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | data being hmac: 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | data being hmac: b3 48 df 14 4b 8c bc c5 f7 ab 5c 3c db 81 99 35 | data being hmac: 87 55 ca 21 bc 64 04 f0 9b 4b 1f 1d 1f ea 0c 1c | out calculated auth: | 5a 63 d6 ae fb 6d de d7 7b 92 43 2c | sending 76 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #9) | 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | b3 48 df 14 4b 8c bc c5 f7 ab 5c 3c db 81 99 35 | 87 55 ca 21 bc 64 04 f0 9b 4b 1f 1d 1f ea 0c 1c | 5a 63 d6 ae fb 6d de d7 7b 92 43 2c | Message ID: #9 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2 | Message ID: sent #9 response 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1->2 responder.recv=1 wip.initiator=-1 wip.responder=2 | #9 spent 1.16 milliseconds in processing: R2: process INFORMATIONAL Request in ikev2_process_state_packet() | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #9 complete_v2_state_transition() PARENT_R2->PARENT_R2 with status STF_OK | Message ID: updating counters for #9 to 2 after switching state | Message ID: recv #9 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=1->2 wip.initiator=-1 wip.responder=2->-1 | Message ID: #9 skipping update_send as nothing to send; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1 "east" #9: STATE_PARENT_R2: received v2I2, PARENT SA established | stop processing: state #9 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #9 spent 1.47 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.48 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00413 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00279 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | d5 39 63 5d 85 d3 56 7d 09 ea 9f f3 82 f8 d1 31 | 01 85 e0 00 31 9a 1a a5 ac e1 9f e8 67 ed c9 24 | 39 0c 42 6c e1 42 91 6c 7f a1 a6 38 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 1f 76 f1 12 67 3d 5b b6 | responder cookie: | cc 88 7d 43 5d b9 94 50 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #9 in PARENT_R2 (find_v2_ike_sa) | start processing: state #9 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #9 st.st_msgid_lastrecv 2 md.hdr.isa_msgid 00000003 | Message ID: #9 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SK (len=44) | Message ID: start-responder #9 request 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1->3 | #9 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x5641ad93f800 (size 20) | hmac: symkey-key@0x5641ad93f800 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad93f800 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b19f8 | result: clone-key@0x7f49e400a000 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49e8002b50 from symkey-key@0x7f49e400a000 | hmac prf: begin sha with context 0x7f49e8002b50 from symkey-key@0x7f49e400a000 | hmac: release clone-key@0x7f49e400a000 | hmac PRF sha crypt-prf@0x5641ad93dcb8 | hmac PRF sha update data-bytes@0x5641ad891898 (length 64) | 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | d5 39 63 5d 85 d3 56 7d 09 ea 9f f3 82 f8 d1 31 | 01 85 e0 00 31 9a 1a a5 ac e1 9f e8 67 ed c9 24 | hmac PRF sha final-bytes@0x7fff837b1bc0 (length 20) | 39 0c 42 6c e1 42 91 6c 7f a1 a6 38 f1 fc 2d a2 | 33 c8 4a e2 | data for hmac: 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | data for hmac: 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | data for hmac: d5 39 63 5d 85 d3 56 7d 09 ea 9f f3 82 f8 d1 31 | data for hmac: 01 85 e0 00 31 9a 1a a5 ac e1 9f e8 67 ed c9 24 | calculated auth: 39 0c 42 6c e1 42 91 6c 7f a1 a6 38 | provided auth: 39 0c 42 6c e1 42 91 6c 7f a1 a6 38 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | d5 39 63 5d 85 d3 56 7d 09 ea 9f f3 82 f8 d1 31 | payload before decryption: | 01 85 e0 00 31 9a 1a a5 ac e1 9f e8 67 ed c9 24 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | stripping 8 octets as pad | #9 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | processing payload: ISAKMP_NEXT_v2D (len=0) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | 1f 76 f1 12 67 3d 5b b6 | responder cookie: | cc 88 7d 43 5d b9 94 50 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | adding 16 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0e repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0f repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 27 e7 1e be aa 23 da 71 65 11 94 ee 55 29 91 62 | data before encryption: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 57 7c 2a b3 86 26 78 ce 47 2d d3 2c fd 73 eb 1b | hmac PRF sha init symkey-key@0x7f49e4006650 (size 20) | hmac: symkey-key@0x7f49e4006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49e4006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b15a8 | result: clone-key@0x7f49e400a000 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49e8002b50 from symkey-key@0x7f49e400a000 | hmac prf: begin sha with context 0x7f49e8002b50 from symkey-key@0x7f49e400a000 | hmac: release clone-key@0x7f49e400a000 | hmac PRF sha crypt-prf@0x5641ad939208 | hmac PRF sha update data-bytes@0x5641aca808c0 (length 64) | 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | 27 e7 1e be aa 23 da 71 65 11 94 ee 55 29 91 62 | 57 7c 2a b3 86 26 78 ce 47 2d d3 2c fd 73 eb 1b | hmac PRF sha final-bytes@0x5641aca80900 (length 20) | cc b9 8c ea 84 a7 e3 48 ac cb 5a 3e fa 02 4c 0c | 65 ab 74 f3 | data being hmac: 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | data being hmac: 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | data being hmac: 27 e7 1e be aa 23 da 71 65 11 94 ee 55 29 91 62 | data being hmac: 57 7c 2a b3 86 26 78 ce 47 2d d3 2c fd 73 eb 1b | out calculated auth: | cc b9 8c ea 84 a7 e3 48 ac cb 5a 3e | sending 76 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #9) | 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | 27 e7 1e be aa 23 da 71 65 11 94 ee 55 29 91 62 | 57 7c 2a b3 86 26 78 ce 47 2d d3 2c fd 73 eb 1b | cc b9 8c ea 84 a7 e3 48 ac cb 5a 3e | Message ID: #9 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=3 | Message ID: sent #9 response 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2->3 responder.recv=2 wip.initiator=-1 wip.responder=3 | State DB: IKEv2 state not found (delete_my_family) | parent state #9: PARENT_R2(established IKE SA) => IKESA_DEL(established IKE SA) | pstats #9 ikev2.ike deleted completed | #9 spent 9.52 milliseconds in total | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #9: deleting state (STATE_IKESA_DEL) aged 0.144s and NOT sending notification | parent state #9: IKESA_DEL(established IKE SA) => delete | state #9 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x5641ad945978 | free_event_entry: release EVENT_SA_REKEY-pe@0x5641ad942c68 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #9 in IKESA_DEL | parent state #9: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f49e8003a28: destroyed | stop processing: state #9 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x7f49e400f0e0 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f49e400b980 | delete_state: release st->st_skey_ai_nss-key@0x5641ad93f800 | delete_state: release st->st_skey_ar_nss-key@0x7f49e4006650 | delete_state: release st->st_skey_ei_nss-key@0x5641ad93dd30 | delete_state: release st->st_skey_er_nss-key@0x7f49f4006bb0 | delete_state: release st->st_skey_pi_nss-key@0x5641ad924ad0 | delete_state: release st->st_skey_pr_nss-key@0x5641ad946af0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | in statetime_stop() and could not find #9 | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3379) | #0 complete_v2_state_transition() md.from_state=PARENT_R2 md.svm.state[from]=PARENT_R2 UNDEFINED->PARENT_R2 with status STF_OK | STF_OK but no state object remains | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #9 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.682 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00305 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 436 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | c3 b5 a9 58 56 e4 83 21 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 0c | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | c6 13 46 48 e4 8d c1 3f 76 89 a8 12 b4 f7 2e 02 | 2a f2 04 bf 39 a5 f8 c2 51 95 8d 74 57 0a b6 f4 | 24 4b 2a cc 5e bd 2e 0d 53 dd e7 4d da 38 e3 f5 | a2 9d 63 3d 7b a7 16 fb 02 dd 27 50 1e b7 d3 22 | 87 02 40 fb 53 73 05 eb 9e 0a 64 8c a6 66 82 3c | 65 86 32 da e0 0b 25 2f 94 56 81 95 f9 72 7d c0 | 09 ae 45 21 d7 fc 9d e1 e3 0a 0d 94 4f 3a ef d1 | bc 41 9c 7c 92 fb ee 0a 96 16 6f 0f 1d ce 96 53 | 91 ec 54 c5 dd bb 79 b2 e9 4a fe a5 7c 2f e4 9e | 93 a6 0c a9 d8 d9 d5 e1 8d 73 06 8f 29 1f a7 e8 | 0d b7 58 c5 51 1c 22 06 6a 3b df 42 d3 6b d2 88 | 62 1c f5 7a 64 4f c0 71 a8 0f bb f9 25 75 9d 05 | 08 94 3a 99 e4 e3 a7 17 46 a8 05 bf 39 61 39 b3 | de 49 24 c5 c2 e5 04 ce af e3 84 7b 1b 43 52 32 | 7e 95 a8 1a 9e b2 9d 08 1e a8 cf 8c a5 bc 8f a9 | eb ee 57 10 8f 27 cb 06 b0 5a 6c 61 5d 8a de a5 | 29 00 00 24 75 7a 34 ca 49 ca 29 43 32 4f fb f0 | 43 97 42 7d cc 7c 4b b4 6d 9e c9 58 d5 5f 82 7d | e6 88 98 29 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 61 e8 f5 1b 22 cd 33 14 68 c7 76 c7 | f9 01 bd 06 e5 ae 55 91 00 00 00 1c 00 00 40 05 | fc e1 25 72 dd 60 f5 92 86 d9 63 86 5a 8f e7 e4 | 7d c4 f9 90 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | c3 b5 a9 58 56 e4 83 21 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 436 (0x1b4) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x5641ad939378 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x5641aca74700 (length 32) | 64 59 39 7d cd b9 28 1d f1 c8 1c 37 a1 76 10 ce | 60 62 36 da 0f 08 a7 5a 08 fd 21 a0 d8 62 36 c1 | IKE SPIr hash sha2_256 digest counter-bytes@0x5641aca746e0 (length 4) | 07 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff837b2220 (length 32) | 82 ac db bb 62 b3 9f e7 c2 1c 21 b6 24 6d 6e 6e | cd e7 5f a8 21 f0 ee 80 82 b7 4b a8 a5 6f 4e 87 | creating state object #11 at 0x5641ad93c5a8 | State DB: adding IKEv2 state #11 in UNDEFINED | pstats #11 ikev2.ike started | Message ID: init #11: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #11: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #11; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #11 connection "east" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #11 connection "east" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) | #11 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #11 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #11 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #11 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #11 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: PRF+INTEG+DH; unmatched: ENCR | remote proposal 1 does not match; unmatched remote transforms: ENCR "east" #11: no local proposal matches remote proposals 1:IKE:ENCR=AES_CBC;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "east" #11: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification NO_PROPOSAL_CHOSEN | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | c3 b5 a9 58 56 e4 83 21 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | c3 b5 a9 58 56 e4 83 21 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | #11 spent 0.206 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #11 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #11 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #11 has no whack fd | pstats #11 ikev2.ike deleted other | [RE]START processing: state #11 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #11: deleting state (STATE_PARENT_R0) aged 0.000s and NOT sending notification | parent state #11: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #11 in PARENT_R0 | parent state #11: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #11 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #11 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.746 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00324 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 436 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 3c 7b 15 43 84 e6 cf f4 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 0c | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | 3d 82 9c 8a 92 14 23 cf 13 c0 1b 62 2a 61 de f4 | 5d 45 17 89 f3 f7 5f d6 ee e9 bf bf ac b9 5e 92 | 9c 8c 44 5e 4d b8 ff 4e f1 03 19 3c c3 fc 3c 59 | 2c 61 b2 15 48 4e 5b 45 81 b0 5a fc ac 8c b5 5a | 11 6a 41 2e 80 ab 36 a9 41 df a8 80 5a 7a a2 c9 | 03 1e 20 40 5d 93 83 79 93 be b4 fe f4 5f 4d e5 | 2f b7 46 c6 98 0f dd 7e c0 64 00 e0 e5 03 21 6a | 92 72 62 4c a2 4d b4 a1 45 66 b7 91 c6 8d ad 50 | 4a be c0 9c fd 4b 2a d1 0c fd 4a fa 6c 5f f9 78 | a6 b1 fb d4 36 49 7e 7d 88 13 1d 40 a6 88 9d 0d | 17 48 74 5a de f2 db d6 42 a0 c7 a4 50 8e f3 98 | 34 9d 51 b7 18 85 6f 6c 2f d9 6f 54 68 0a e2 01 | 44 54 f2 9b 8c 60 35 31 eb 69 6f b0 09 dd e9 ba | bd 99 a3 80 df ca 0a 68 fd 68 26 c6 bb 56 8f 95 | 1d eb 8d e7 78 7c c8 45 96 82 66 11 68 fa 49 0b | e4 41 7b 64 44 da ad fa 25 8b 07 48 64 4a 31 d2 | 29 00 00 24 f4 c8 f0 e0 b1 7f 78 8b 90 39 31 b6 | eb 96 c5 ad aa 13 4b bc ad 41 56 ce 38 eb 43 e3 | d8 57 2f 05 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 5e d2 85 67 c9 1c 29 53 54 45 02 4c | 43 03 84 12 88 26 82 c9 00 00 00 1c 00 00 40 05 | 45 9e 1c 27 c3 ab 9f a8 31 d7 c7 41 54 81 f9 2b | b2 c3 8a ab | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3c 7b 15 43 84 e6 cf f4 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 436 (0x1b4) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x5641ad939378 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x5641aca74700 (length 32) | 64 59 39 7d cd b9 28 1d f1 c8 1c 37 a1 76 10 ce | 60 62 36 da 0f 08 a7 5a 08 fd 21 a0 d8 62 36 c1 | IKE SPIr hash sha2_256 digest counter-bytes@0x5641aca746e0 (length 4) | 08 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff837b2220 (length 32) | 6a d9 b2 51 0c b3 c9 14 5a 7b 2a 30 ed 07 9c 63 | 2c 6d 9f de ce 80 3e eb d1 4a 50 c3 63 ed 12 a2 | creating state object #12 at 0x5641ad93c5a8 | State DB: adding IKEv2 state #12 in UNDEFINED | pstats #12 ikev2.ike started | Message ID: init #12: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #12: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #12; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #12 connection "east" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #12 connection "east" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) | #12 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #12 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #12 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #12 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #12 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: PRF+INTEG+DH; unmatched: ENCR | remote proposal 1 does not match; unmatched remote transforms: ENCR "east" #12: no local proposal matches remote proposals 1:IKE:ENCR=AES_CBC;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "east" #12: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification NO_PROPOSAL_CHOSEN | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | 3c 7b 15 43 84 e6 cf f4 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | 3c 7b 15 43 84 e6 cf f4 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | #12 spent 0.129 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #12 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #12 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #12 has no whack fd | pstats #12 ikev2.ike deleted other | [RE]START processing: state #12 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #12: deleting state (STATE_PARENT_R0) aged 0.001s and NOT sending notification | parent state #12: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #12 in PARENT_R0 | parent state #12: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #12 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #12 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.608 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00325 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 8f 95 81 70 ae b8 a3 89 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 17 75 94 bb cb 77 14 78 7d 33 b8 a8 | 55 60 08 74 bb a9 27 cc 4b bd ca 34 60 45 37 47 | c5 4b d5 b0 f8 3f 33 47 13 87 d1 c5 7c 45 d5 f4 | 5b 52 2b 41 fb 9d 40 61 9b f5 9d ef ec 15 6d db | 66 98 0b 19 8f d1 13 a0 44 91 b1 09 67 cc 02 0c | 3a 38 88 49 4f 6b 8c 28 0f 2e 29 e3 c0 36 82 85 | 1b f1 a7 5a 8a d7 ac a0 75 02 5a d2 5c de 55 39 | c5 4a 32 f7 b9 b1 c1 0f 54 da 22 a0 e5 7b 57 dd | cd 2f fc 27 d3 b7 97 81 d9 58 df d1 41 e1 ec b1 | ae fd 76 b0 d1 b0 fa 1e fe 1d 00 9e c3 57 d2 19 | c6 02 18 af 4c 9a b0 4d 56 aa ea 3a 77 a9 bd a7 | 64 34 f0 63 7a d5 50 9e ec 19 0d 57 b9 51 ce 69 | 6e ad da 15 72 c2 ec 9b f1 8e d1 b6 5f 1a 6b e9 | 24 1c bb 7f 38 00 d1 a3 20 b9 6d f1 ec 82 85 c9 | 49 6a ee b4 44 bc 69 0b 12 ce 2c 31 ee 01 d8 26 | 07 9a e8 2f 4e f9 f3 df cb ae ca 19 f1 c9 e0 08 | b0 67 2c e1 29 00 00 24 ae 68 9f 74 2c ab 51 df | b6 8c 58 e5 16 3e 8a 50 f4 3a b8 dd 5b 13 da e7 | bb bc d4 9b 94 f9 c2 e2 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 5b 36 99 ca 21 3f e2 ca | 2c 1f e1 29 de b3 b4 42 c5 4c da 97 00 00 00 1c | 00 00 40 05 50 17 c6 ca 13 c7 59 27 d4 94 ea 60 | 99 c7 72 b4 d4 fc 36 ff | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 8f 95 81 70 ae b8 a3 89 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x5641ad939378 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x5641aca74700 (length 32) | 64 59 39 7d cd b9 28 1d f1 c8 1c 37 a1 76 10 ce | 60 62 36 da 0f 08 a7 5a 08 fd 21 a0 d8 62 36 c1 | IKE SPIr hash sha2_256 digest counter-bytes@0x5641aca746e0 (length 4) | 09 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff837b2220 (length 32) | 94 07 0e 6f 00 e5 08 47 e1 e1 8a 9a 0c 91 30 5f | 6a 91 a0 d4 38 18 c9 9a d6 9b a5 24 65 20 4b 5f | creating state object #13 at 0x5641ad93c5a8 | State DB: adding IKEv2 state #13 in UNDEFINED | pstats #13 ikev2.ike started | Message ID: init #13: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #13: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #13; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #13 connection "east" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #13 connection "east" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) | #13 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #13 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #13 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #13 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #13 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 "east" #13: proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | DH public value received: | 17 75 94 bb cb 77 14 78 7d 33 b8 a8 55 60 08 74 | bb a9 27 cc 4b bd ca 34 60 45 37 47 c5 4b d5 b0 | f8 3f 33 47 13 87 d1 c5 7c 45 d5 f4 5b 52 2b 41 | fb 9d 40 61 9b f5 9d ef ec 15 6d db 66 98 0b 19 | 8f d1 13 a0 44 91 b1 09 67 cc 02 0c 3a 38 88 49 | 4f 6b 8c 28 0f 2e 29 e3 c0 36 82 85 1b f1 a7 5a | 8a d7 ac a0 75 02 5a d2 5c de 55 39 c5 4a 32 f7 | b9 b1 c1 0f 54 da 22 a0 e5 7b 57 dd cd 2f fc 27 | d3 b7 97 81 d9 58 df d1 41 e1 ec b1 ae fd 76 b0 | d1 b0 fa 1e fe 1d 00 9e c3 57 d2 19 c6 02 18 af | 4c 9a b0 4d 56 aa ea 3a 77 a9 bd a7 64 34 f0 63 | 7a d5 50 9e ec 19 0d 57 b9 51 ce 69 6e ad da 15 | 72 c2 ec 9b f1 8e d1 b6 5f 1a 6b e9 24 1c bb 7f | 38 00 d1 a3 20 b9 6d f1 ec 82 85 c9 49 6a ee b4 | 44 bc 69 0b 12 ce 2c 31 ee 01 d8 26 07 9a e8 2f | 4e f9 f3 df cb ae ca 19 f1 c9 e0 08 b0 67 2c e1 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff837b1c20 (length 8) | 8f 95 81 70 ae b8 a3 89 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff837b1c28 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff837b1bb4 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff837b1ba6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff837b1c30 (length 20) | 50 17 c6 ca 13 c7 59 27 d4 94 ea 60 99 c7 72 b4 | d4 fc 36 ff | natd_hash: hasher=0x5641aca57800(20) | natd_hash: icookie= 8f 95 81 70 ae b8 a3 89 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 50 17 c6 ca 13 c7 59 27 d4 94 ea 60 99 c7 72 b4 | natd_hash: hash= d4 fc 36 ff | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff837b1c20 (length 8) | 8f 95 81 70 ae b8 a3 89 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff837b1c28 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff837b1bb4 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff837b1ba6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff837b1c50 (length 20) | 5b 36 99 ca 21 3f e2 ca 2c 1f e1 29 de b3 b4 42 | c5 4c da 97 | natd_hash: hasher=0x5641aca57800(20) | natd_hash: icookie= 8f 95 81 70 ae b8 a3 89 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 5b 36 99 ca 21 3f e2 ca 2c 1f e1 29 de b3 b4 42 | natd_hash: hash= c5 4c da 97 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 | adding ikev2_inI1outR1 KE work-order 9 for state #13 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5641ad942c68 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #13 | libevent_malloc: new ptr-libevent@0x7f49fc0044f8 size 128 | #13 spent 0.289 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | crypto helper 1 resuming | [RE]START processing: state #13 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | crypto helper 1 starting work-order 9 for state #13 | #13 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND | suspending state #13 and saving MD | crypto helper 1 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 9 | #13 is busy; has a suspended MD | [RE]START processing: state #13 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | "east" #13 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | stop processing: state #13 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #13 spent 0.717 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.729 milliseconds in comm_handle_cb() reading and processing packet | DH secret MODP2048@0x7f49f400f398: created | NSS: Local DH MODP2048 secret (pointer): 0x7f49f400f398 | NSS: Public DH wire value: | d4 85 a6 aa 06 0d 2b b8 6e b5 c7 df 19 33 39 89 | f5 3d eb ff 0a 2c fe 27 88 d7 b3 c7 d7 0c fe 0c | 2f 96 d7 d0 a2 76 e1 a4 83 9f d8 4f 76 86 a9 88 | ac 1f 3c f3 0f 0f b8 8a 7b 12 42 6f d0 ff ef 72 | 87 50 34 44 a8 b5 ea 54 bd 48 cc 27 78 67 c4 7a | 99 e6 d9 57 d7 04 89 6f 45 36 ba 03 b0 5a 39 f2 | 77 3a 33 7c c3 81 f1 c1 cb 79 cc 0a 7c b6 34 30 | a0 6b 4d 63 79 20 ac 63 76 8e 0e 01 ed 51 aa 32 | 88 41 e7 2a 12 dd e7 70 be e7 f2 c2 2f a4 72 c9 | f3 23 e1 93 e6 74 37 94 0e fe 65 d4 1a d3 1b e5 | bb cb 6a ba db f3 f5 3d c8 f3 7e 41 45 29 85 b2 | 64 16 55 d5 1c 4b e4 cc 1f 4f 89 59 8b 2b 18 8d | 98 d6 29 05 b4 57 3f 79 f6 aa 17 b2 34 23 0a 88 | df 88 39 2d 09 5c 56 2f 7a 90 1d a2 30 fb 6d a1 | 59 8b ff 69 df 73 b3 c7 9d 51 48 81 3a 0f e2 18 | c3 14 30 26 2d 0a 86 03 8d 66 2c 16 3c 0e 22 a4 | Generated nonce: c2 5f 2b a7 7a 1d e9 26 37 38 5b 64 3e 35 69 31 | Generated nonce: 0d 36 ba b1 0e 84 b3 21 03 38 cf aa 75 d5 f4 83 | crypto helper 1 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 9 time elapsed 0.000686 seconds | (#13) spent 0.69 milliseconds in crypto helper computing work-order 9: ikev2_inI1outR1 KE (pcr) | crypto helper 1 sending results from work-order 9 for state #13 to event queue | scheduling resume sending helper answer for #13 | libevent_malloc: new ptr-libevent@0x7f49f4005088 size 128 | crypto helper 1 waiting (nothing to do) | processing resume sending helper answer for #13 | start processing: state #13 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 9 | calling continuation function 0x5641ac982b50 | ikev2_parent_inI1outR1_continue for #13: calculated ke+nonce, sending R1 | **emit ISAKMP Message: | initiator cookie: | 8f 95 81 70 ae b8 a3 89 | responder cookie: | 94 07 0e 6f 00 e5 08 47 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Emitting ikev2_proposal ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f49f400f398: transferring ownership from helper KE to state #13 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x d4 85 a6 aa 06 0d 2b b8 6e b5 c7 df 19 33 39 89 | ikev2 g^x f5 3d eb ff 0a 2c fe 27 88 d7 b3 c7 d7 0c fe 0c | ikev2 g^x 2f 96 d7 d0 a2 76 e1 a4 83 9f d8 4f 76 86 a9 88 | ikev2 g^x ac 1f 3c f3 0f 0f b8 8a 7b 12 42 6f d0 ff ef 72 | ikev2 g^x 87 50 34 44 a8 b5 ea 54 bd 48 cc 27 78 67 c4 7a | ikev2 g^x 99 e6 d9 57 d7 04 89 6f 45 36 ba 03 b0 5a 39 f2 | ikev2 g^x 77 3a 33 7c c3 81 f1 c1 cb 79 cc 0a 7c b6 34 30 | ikev2 g^x a0 6b 4d 63 79 20 ac 63 76 8e 0e 01 ed 51 aa 32 | ikev2 g^x 88 41 e7 2a 12 dd e7 70 be e7 f2 c2 2f a4 72 c9 | ikev2 g^x f3 23 e1 93 e6 74 37 94 0e fe 65 d4 1a d3 1b e5 | ikev2 g^x bb cb 6a ba db f3 f5 3d c8 f3 7e 41 45 29 85 b2 | ikev2 g^x 64 16 55 d5 1c 4b e4 cc 1f 4f 89 59 8b 2b 18 8d | ikev2 g^x 98 d6 29 05 b4 57 3f 79 f6 aa 17 b2 34 23 0a 88 | ikev2 g^x df 88 39 2d 09 5c 56 2f 7a 90 1d a2 30 fb 6d a1 | ikev2 g^x 59 8b ff 69 df 73 b3 c7 9d 51 48 81 3a 0f e2 18 | ikev2 g^x c3 14 30 26 2d 0a 86 03 8d 66 2c 16 3c 0e 22 a4 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce c2 5f 2b a7 7a 1d e9 26 37 38 5b 64 3e 35 69 31 | IKEv2 nonce 0d 36 ba b1 0e 84 b3 21 03 38 cf aa 75 d5 f4 83 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff837b2160 (length 8) | 8f 95 81 70 ae b8 a3 89 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff837b2168 (length 8) | 94 07 0e 6f 00 e5 08 47 | NATD hash sha digest IP addr-bytes@0x7fff837b2094 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff837b2086 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff837b2110 (length 20) | 08 66 ca 4e 1e 96 a3 2c 30 e4 b4 e8 5a f8 af 1b | 0f 9a 8e b9 | natd_hash: hasher=0x5641aca57800(20) | natd_hash: icookie= 8f 95 81 70 ae b8 a3 89 | natd_hash: rcookie= 94 07 0e 6f 00 e5 08 47 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 08 66 ca 4e 1e 96 a3 2c 30 e4 b4 e8 5a f8 af 1b | natd_hash: hash= 0f 9a 8e b9 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 08 66 ca 4e 1e 96 a3 2c 30 e4 b4 e8 5a f8 af 1b | Notify data 0f 9a 8e b9 | emitting length of IKEv2 Notify Payload: 28 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff837b2160 (length 8) | 8f 95 81 70 ae b8 a3 89 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff837b2168 (length 8) | 94 07 0e 6f 00 e5 08 47 | NATD hash sha digest IP addr-bytes@0x7fff837b2094 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff837b2086 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff837b2110 (length 20) | ef c9 cd a1 3c b0 b6 ab 1d d0 15 04 31 65 46 52 | eb b2 3d 3d | natd_hash: hasher=0x5641aca57800(20) | natd_hash: icookie= 8f 95 81 70 ae b8 a3 89 | natd_hash: rcookie= 94 07 0e 6f 00 e5 08 47 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= ef c9 cd a1 3c b0 b6 ab 1d d0 15 04 31 65 46 52 | natd_hash: hash= eb b2 3d 3d | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data ef c9 cd a1 3c b0 b6 ab 1d d0 15 04 31 65 46 52 | Notify data eb b2 3d 3d | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | [RE]START processing: state #13 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #13 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 | parent state #13: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) | Message ID: updating counters for #13 to 0 after switching state | Message ID: recv #13 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 | Message ID: sent #13 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 "east" #13: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 440 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #13) | 8f 95 81 70 ae b8 a3 89 94 07 0e 6f 00 e5 08 47 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 d4 85 a6 aa 06 0d 2b b8 6e b5 c7 df | 19 33 39 89 f5 3d eb ff 0a 2c fe 27 88 d7 b3 c7 | d7 0c fe 0c 2f 96 d7 d0 a2 76 e1 a4 83 9f d8 4f | 76 86 a9 88 ac 1f 3c f3 0f 0f b8 8a 7b 12 42 6f | d0 ff ef 72 87 50 34 44 a8 b5 ea 54 bd 48 cc 27 | 78 67 c4 7a 99 e6 d9 57 d7 04 89 6f 45 36 ba 03 | b0 5a 39 f2 77 3a 33 7c c3 81 f1 c1 cb 79 cc 0a | 7c b6 34 30 a0 6b 4d 63 79 20 ac 63 76 8e 0e 01 | ed 51 aa 32 88 41 e7 2a 12 dd e7 70 be e7 f2 c2 | 2f a4 72 c9 f3 23 e1 93 e6 74 37 94 0e fe 65 d4 | 1a d3 1b e5 bb cb 6a ba db f3 f5 3d c8 f3 7e 41 | 45 29 85 b2 64 16 55 d5 1c 4b e4 cc 1f 4f 89 59 | 8b 2b 18 8d 98 d6 29 05 b4 57 3f 79 f6 aa 17 b2 | 34 23 0a 88 df 88 39 2d 09 5c 56 2f 7a 90 1d a2 | 30 fb 6d a1 59 8b ff 69 df 73 b3 c7 9d 51 48 81 | 3a 0f e2 18 c3 14 30 26 2d 0a 86 03 8d 66 2c 16 | 3c 0e 22 a4 29 00 00 24 c2 5f 2b a7 7a 1d e9 26 | 37 38 5b 64 3e 35 69 31 0d 36 ba b1 0e 84 b3 21 | 03 38 cf aa 75 d5 f4 83 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 08 66 ca 4e 1e 96 a3 2c | 30 e4 b4 e8 5a f8 af 1b 0f 9a 8e b9 00 00 00 1c | 00 00 40 05 ef c9 cd a1 3c b0 b6 ab 1d d0 15 04 | 31 65 46 52 eb b2 3d 3d | state #13 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f49fc0044f8 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5641ad942c68 | event_schedule: new EVENT_SO_DISCARD-pe@0x5641ad942c68 | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #13 | libevent_malloc: new ptr-libevent@0x5641ad948448 size 128 | resume sending helper answer for #13 suppresed complete_v2_state_transition() | #13 spent 0.382 milliseconds in resume sending helper answer | stop processing: state #13 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f49f4005088 | spent 0.00324 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 204 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 8f 95 81 70 ae b8 a3 89 94 07 0e 6f 00 e5 08 47 | 2e 20 23 08 00 00 00 01 00 00 00 cc 23 00 00 b0 | 38 f7 09 37 ea be ac c4 49 b8 93 44 92 51 50 97 | d7 90 a3 af 9c 2c 52 e6 81 77 3b 4d 4f 4f 67 d3 | b2 bf 52 ab 38 37 ea 44 0d b0 56 3c 69 e0 1a 8a | a9 d6 29 31 38 f2 7b 96 9e dc 33 97 69 c5 e2 0a | af 28 c9 ca de 60 8d f8 34 5b 84 0e d7 bd 96 e1 | a5 93 88 39 7b cc b3 e6 40 c3 e8 5b 77 c1 14 da | 1e ac ae 0f 0e ec d2 00 7e ff fb 4b 33 f8 7d ea | 6e db 3b 66 41 c8 a8 27 9e fa a6 d2 23 a6 65 15 | e5 a6 54 0b b2 10 f1 b6 d1 40 39 b8 b1 55 1f c5 | 22 96 26 4f 6f 18 f2 72 c0 de 21 59 05 03 f6 46 | df 0a 6e 69 39 a5 05 e2 45 64 b6 02 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 8f 95 81 70 ae b8 a3 89 | responder cookie: | 94 07 0e 6f 00 e5 08 47 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 204 (0xcc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request | State DB: found IKEv2 state #13 in PARENT_R1 (find_v2_ike_sa) | start processing: state #13 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #13 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #13 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 | Message ID: #13 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 176 (0xb0) | processing payload: ISAKMP_NEXT_v2SK (len=172) | Message ID: start-responder #13 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 | #13 in state PARENT_R1: received v2I1, sent v2R1 | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request (no SKEYSEED) | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f49f400f398: transferring ownership from state #13 to helper IKEv2 DH | adding ikev2_inI2outR2 KE work-order 10 for state #13 | state #13 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x5641ad948448 | free_event_entry: release EVENT_SO_DISCARD-pe@0x5641ad942c68 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5641ad942c68 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #13 | libevent_malloc: new ptr-libevent@0x7f49f4005088 size 128 | crypto helper 3 resuming | crypto helper 3 starting work-order 10 for state #13 | crypto helper 3 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 10 | peer's g: 17 75 94 bb cb 77 14 78 7d 33 b8 a8 55 60 08 74 | peer's g: bb a9 27 cc 4b bd ca 34 60 45 37 47 c5 4b d5 b0 | peer's g: f8 3f 33 47 13 87 d1 c5 7c 45 d5 f4 5b 52 2b 41 | peer's g: fb 9d 40 61 9b f5 9d ef ec 15 6d db 66 98 0b 19 | peer's g: 8f d1 13 a0 44 91 b1 09 67 cc 02 0c 3a 38 88 49 | peer's g: 4f 6b 8c 28 0f 2e 29 e3 c0 36 82 85 1b f1 a7 5a | peer's g: 8a d7 ac a0 75 02 5a d2 5c de 55 39 c5 4a 32 f7 | peer's g: b9 b1 c1 0f 54 da 22 a0 e5 7b 57 dd cd 2f fc 27 | peer's g: d3 b7 97 81 d9 58 df d1 41 e1 ec b1 ae fd 76 b0 | peer's g: d1 b0 fa 1e fe 1d 00 9e c3 57 d2 19 c6 02 18 af | peer's g: 4c 9a b0 4d 56 aa ea 3a 77 a9 bd a7 64 34 f0 63 | peer's g: 7a d5 50 9e ec 19 0d 57 b9 51 ce 69 6e ad da 15 | peer's g: 72 c2 ec 9b f1 8e d1 b6 5f 1a 6b e9 24 1c bb 7f | peer's g: 38 00 d1 a3 20 b9 6d f1 ec 82 85 c9 49 6a ee b4 | peer's g: 44 bc 69 0b 12 ce 2c 31 ee 01 d8 26 07 9a e8 2f | peer's g: 4e f9 f3 df cb ae ca 19 f1 c9 e0 08 b0 67 2c e1 | Started DH shared-secret computation in NSS: | #13 spent 0.0371 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() | [RE]START processing: state #13 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #13 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND | suspending state #13 and saving MD | #13 is busy; has a suspended MD | [RE]START processing: state #13 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) | "east" #13 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | stop processing: state #13 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #13 spent 0.178 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.189 milliseconds in comm_handle_cb() reading and processing packet | new : g_ir-key@0x5641ad946af0 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f49f400f398: computed shared DH secret key@0x5641ad946af0 | dh-shared : g^ir-key@0x5641ad946af0 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f49f8003b28 (length 64) | ae 68 9f 74 2c ab 51 df b6 8c 58 e5 16 3e 8a 50 | f4 3a b8 dd 5b 13 da e7 bb bc d4 9b 94 f9 c2 e2 | c2 5f 2b a7 7a 1d e9 26 37 38 5b 64 3e 35 69 31 | 0d 36 ba b1 0e 84 b3 21 03 38 cf aa 75 d5 f4 83 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a046ce6e0 | result: Ni | Nr-key@0x7f49f4006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x7f49f4006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a046ce6c8 | result: Ni | Nr-key@0x5641ad924ad0 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x7f49f4006bb0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f49f8006e00 from Ni | Nr-key@0x5641ad924ad0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f49f8006e00 from Ni | Nr-key@0x5641ad924ad0 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x5641ad924ad0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f49f80028b8 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x5641ad946af0 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x5641ad946af0 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x5641ad946af0 | nss hmac digest hack: symkey-key@0x5641ad946af0 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)-1398808382: d8 da af 6b bf 7b b7 7f 24 e3 a7 c8 e2 83 f9 a5 c4 01 8a c9 a9 a1 df dc d7 ad 71 ac f8 7a 83 b8 41 01 29 4e f3 96 61 12 f2 61 04 2e c8 1a 84 75 27 c6 a0 06 3d 93 8d b5 43 19 df 10 92 1b 55 ca 18 c9 54 19 d7 35 85 f8 15 73 1b 96 2d 70 8a e1 75 f2 a5 0e bb 1f 7c 61 a4 6d 98 b7 93 42 66 aa da ae ea 52 44 53 12 d5 22 b0 6b 68 fd 81 6e 6b 6b 58 dd 47 a0 be 37 c2 de f0 a5 6f 80 a1 66 ea 03 ad 8d dd 25 fb 70 4a e6 b5 0a 99 8f 6a ca 84 45 98 39 ba ba c0 1f c0 a3 47 32 37 d8 87 26 2f 4a 2f 05 78 65 a4 7b 36 8c e8 e3 08 2f 71 75 31 63 19 21 6c 36 22 90 4f 58 e7 6f f9 64 d8 9c c0 3f 73 f4 19 2e 26 3d b5 e0 f2 86 3f 1a b8 b1 47 d0 15 5a d3 46 14 1c aa a3 ac 05 81 4c b7 80 6f 06 72 0b 9d 97 ed 94 3b a2 bb c9 74 51 6a fe e1 39 96 5e 93 52 d7 cf ca d5 d3 0e f1 80 45 7a 34 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 256 bytes at 0x7f49f8007918 | unwrapped: 35 8b b1 14 0e d2 56 a2 88 e0 1b 49 0a f5 62 ce | unwrapped: 95 db 95 48 74 ab a5 16 4e 7d 3f 9e 5a 86 9b 33 | unwrapped: ff df fe 5c 0f 5d 7b 4a fe 4a 63 d8 6c cb 3f fe | unwrapped: 26 11 ad 80 08 5a 2f 9f c0 2b 42 4c 35 23 8d 90 | unwrapped: b7 1e 2b 60 90 e0 c9 ec 4c 41 f9 5b c5 5a a7 03 | unwrapped: 34 49 f9 53 5b 9b a6 04 32 08 b1 20 8f bb 51 7c | unwrapped: be 20 b0 a7 23 fd 50 5c 35 c6 0e a4 c7 67 24 dc | unwrapped: c6 58 f2 b9 16 b5 2c bd e5 d9 b4 cc 9d aa 2e 81 | unwrapped: d6 6f 92 16 d0 21 42 b5 6a f3 cb 84 be 51 5b cf | unwrapped: e2 5e cd cb c2 09 bd c3 1b 05 42 4b d6 64 b1 5f | unwrapped: f7 51 ab a6 26 8f c1 b2 e4 4b b3 59 96 71 27 f0 | unwrapped: 4f ef 64 22 68 52 52 19 22 d6 68 2e a3 86 5e 4d | unwrapped: 01 d2 0a a4 3c 44 14 8b c0 30 b8 3d 33 49 fd 25 | unwrapped: d4 da 3f ad a5 df 3b b5 b7 7f 7c d1 16 21 11 b8 | unwrapped: 3b c0 87 84 ed b1 fa 68 14 99 99 13 fa 94 a4 7f | unwrapped: 21 f4 da 54 91 c5 45 83 d8 37 a0 9e 71 c4 8a b0 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a046ce700 | result: final-key@0x7f49f4006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49f4006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a046ce6e8 | result: final-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f49f4006bb0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x5641ad924ad0 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a046ce670 | result: data=Ni-key@0x5641ad93dd30 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x5641ad93dd30 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a046ce658 | result: data=Ni-key@0x7f49f4006bb0 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x5641ad93dd30 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f49f4006bb0 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f4a046ce660 | result: data+=Nr-key@0x5641ad93dd30 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f49f4006bb0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad93dd30 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f4a046ce660 | result: data+=SPIi-key@0x7f49f4006bb0 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5641ad93dd30 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f49f4006bb0 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f4a046ce660 | result: data+=SPIr-key@0x5641ad93dd30 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f49f4006bb0 | prf+0 PRF sha init key-key@0x5641ad924ad0 (size 20) | prf+0: key-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a046ce588 | result: clone-key@0x7f49f4006bb0 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f49f8006e00 from key-key@0x7f49f4006bb0 | prf+0 prf: begin sha with context 0x7f49f8006e00 from key-key@0x7f49f4006bb0 | prf+0: release clone-key@0x7f49f4006bb0 | prf+0 PRF sha crypt-prf@0x7f49f8006dd8 | prf+0 PRF sha update seed-key@0x5641ad93dd30 (size 80) | prf+0: seed-key@0x5641ad93dd30 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad93dd30 | nss hmac digest hack: symkey-key@0x5641ad93dd30 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: c6 36 de 85 fe c7 5d bb 50 5a f5 78 4e 27 49 11 24 6f 7d fb 3a c4 d3 52 b8 1a 9c ea 2f b6 1d b1 6d eb 22 3b 51 1e 52 86 ae ed 20 79 d4 41 92 64 19 08 9c 3e dd 63 81 87 64 f3 4b 89 d6 9d c9 2c 30 14 93 47 f0 71 d9 27 df 04 91 01 3d c9 c8 4a | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49f8007e48 | unwrapped: ae 68 9f 74 2c ab 51 df b6 8c 58 e5 16 3e 8a 50 | unwrapped: f4 3a b8 dd 5b 13 da e7 bb bc d4 9b 94 f9 c2 e2 | unwrapped: c2 5f 2b a7 7a 1d e9 26 37 38 5b 64 3e 35 69 31 | unwrapped: 0d 36 ba b1 0e 84 b3 21 03 38 cf aa 75 d5 f4 83 | unwrapped: 8f 95 81 70 ae b8 a3 89 94 07 0e 6f 00 e5 08 47 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a046ce590 | result: final-key@0x7f49e4006650 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49e4006650 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a046ce578 | result: final-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f49e4006650 | prf+0 PRF sha final-key@0x7f49f4006bb0 (size 20) | prf+0: key-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x7f49f4006bb0 | prf+N PRF sha init key-key@0x5641ad924ad0 (size 20) | prf+N: key-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a046ce588 | result: clone-key@0x7f49e4006650 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49f8006e00 from key-key@0x7f49e4006650 | prf+N prf: begin sha with context 0x7f49f8006e00 from key-key@0x7f49e4006650 | prf+N: release clone-key@0x7f49e4006650 | prf+N PRF sha crypt-prf@0x7f49f8007a48 | prf+N PRF sha update old_t-key@0x7f49f4006bb0 (size 20) | prf+N: old_t-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f49f4006bb0 | nss hmac digest hack: symkey-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: da d1 68 d8 54 18 59 e3 5c 51 0d 2c 87 1c 14 b0 48 9d 0f 3d 1d 0d b1 83 c3 d8 c8 87 11 63 06 65 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49f8006d88 | unwrapped: 9c 30 56 b1 8a 9d e7 71 df b7 cc 9f 44 3b 27 cf | unwrapped: 77 e1 ae 9a 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad93dd30 (size 80) | prf+N: seed-key@0x5641ad93dd30 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad93dd30 | nss hmac digest hack: symkey-key@0x5641ad93dd30 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: c6 36 de 85 fe c7 5d bb 50 5a f5 78 4e 27 49 11 24 6f 7d fb 3a c4 d3 52 b8 1a 9c ea 2f b6 1d b1 6d eb 22 3b 51 1e 52 86 ae ed 20 79 d4 41 92 64 19 08 9c 3e dd 63 81 87 64 f3 4b 89 d6 9d c9 2c 30 14 93 47 f0 71 d9 27 df 04 91 01 3d c9 c8 4a | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49f8007dc8 | unwrapped: ae 68 9f 74 2c ab 51 df b6 8c 58 e5 16 3e 8a 50 | unwrapped: f4 3a b8 dd 5b 13 da e7 bb bc d4 9b 94 f9 c2 e2 | unwrapped: c2 5f 2b a7 7a 1d e9 26 37 38 5b 64 3e 35 69 31 | unwrapped: 0d 36 ba b1 0e 84 b3 21 03 38 cf aa 75 d5 f4 83 | unwrapped: 8f 95 81 70 ae b8 a3 89 94 07 0e 6f 00 e5 08 47 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a046ce590 | result: final-key@0x5641ad93f800 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad93f800 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a046ce578 | result: final-key@0x7f49e4006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad93f800 | prf+N PRF sha final-key@0x7f49e4006650 (size 20) | prf+N: key-key@0x7f49e4006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a046ce608 | result: result-key@0x5641ad93f800 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f49f4006bb0 | prfplus: release old_t[N]-key@0x7f49f4006bb0 | prf+N PRF sha init key-key@0x5641ad924ad0 (size 20) | prf+N: key-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a046ce588 | result: clone-key@0x7f49f4006bb0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49f8006e00 from key-key@0x7f49f4006bb0 | prf+N prf: begin sha with context 0x7f49f8006e00 from key-key@0x7f49f4006bb0 | prf+N: release clone-key@0x7f49f4006bb0 | prf+N PRF sha crypt-prf@0x7f49f8006dd8 | prf+N PRF sha update old_t-key@0x7f49e4006650 (size 20) | prf+N: old_t-key@0x7f49e4006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f49e4006650 | nss hmac digest hack: symkey-key@0x7f49e4006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 35 33 2d 75 35 96 6f c1 c9 2b 22 1e da f7 90 13 9d 94 d7 0d 88 45 8d 87 6c 54 cd 03 8c 9e 98 50 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49f80028b8 | unwrapped: c1 b7 85 cb b6 f9 12 75 63 a9 22 1b c8 47 83 a4 | unwrapped: 61 8b 59 ca 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad93dd30 (size 80) | prf+N: seed-key@0x5641ad93dd30 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad93dd30 | nss hmac digest hack: symkey-key@0x5641ad93dd30 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: c6 36 de 85 fe c7 5d bb 50 5a f5 78 4e 27 49 11 24 6f 7d fb 3a c4 d3 52 b8 1a 9c ea 2f b6 1d b1 6d eb 22 3b 51 1e 52 86 ae ed 20 79 d4 41 92 64 19 08 9c 3e dd 63 81 87 64 f3 4b 89 d6 9d c9 2c 30 14 93 47 f0 71 d9 27 df 04 91 01 3d c9 c8 4a | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49f8007e48 | unwrapped: ae 68 9f 74 2c ab 51 df b6 8c 58 e5 16 3e 8a 50 | unwrapped: f4 3a b8 dd 5b 13 da e7 bb bc d4 9b 94 f9 c2 e2 | unwrapped: c2 5f 2b a7 7a 1d e9 26 37 38 5b 64 3e 35 69 31 | unwrapped: 0d 36 ba b1 0e 84 b3 21 03 38 cf aa 75 d5 f4 83 | unwrapped: 8f 95 81 70 ae b8 a3 89 94 07 0e 6f 00 e5 08 47 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a046ce590 | result: final-key@0x7f49e400b980 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49e400b980 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a046ce578 | result: final-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f49e400b980 | prf+N PRF sha final-key@0x7f49f4006bb0 (size 20) | prf+N: key-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad93f800 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a046ce608 | result: result-key@0x7f49e400b980 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5641ad93f800 | prfplus: release old_t[N]-key@0x7f49e4006650 | prf+N PRF sha init key-key@0x5641ad924ad0 (size 20) | prf+N: key-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a046ce588 | result: clone-key@0x7f49e4006650 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49f8006e00 from key-key@0x7f49e4006650 | prf+N prf: begin sha with context 0x7f49f8006e00 from key-key@0x7f49e4006650 | prf+N: release clone-key@0x7f49e4006650 | prf+N PRF sha crypt-prf@0x7f49f8006d88 | prf+N PRF sha update old_t-key@0x7f49f4006bb0 (size 20) | prf+N: old_t-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f49f4006bb0 | nss hmac digest hack: symkey-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: ca 29 41 ee ce b1 3f 15 eb b1 27 68 ad f4 b3 af ca fe 39 0a 2f 0d ac 86 f9 45 ba 4d 9d dc a8 0c | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49f8008848 | unwrapped: 1e a0 c8 f7 ba ac 8d 49 f1 bc c1 53 6d d8 f2 68 | unwrapped: be ac d4 f8 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad93dd30 (size 80) | prf+N: seed-key@0x5641ad93dd30 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad93dd30 | nss hmac digest hack: symkey-key@0x5641ad93dd30 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: c6 36 de 85 fe c7 5d bb 50 5a f5 78 4e 27 49 11 24 6f 7d fb 3a c4 d3 52 b8 1a 9c ea 2f b6 1d b1 6d eb 22 3b 51 1e 52 86 ae ed 20 79 d4 41 92 64 19 08 9c 3e dd 63 81 87 64 f3 4b 89 d6 9d c9 2c 30 14 93 47 f0 71 d9 27 df 04 91 01 3d c9 c8 4a | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49f8007dc8 | unwrapped: ae 68 9f 74 2c ab 51 df b6 8c 58 e5 16 3e 8a 50 | unwrapped: f4 3a b8 dd 5b 13 da e7 bb bc d4 9b 94 f9 c2 e2 | unwrapped: c2 5f 2b a7 7a 1d e9 26 37 38 5b 64 3e 35 69 31 | unwrapped: 0d 36 ba b1 0e 84 b3 21 03 38 cf aa 75 d5 f4 83 | unwrapped: 8f 95 81 70 ae b8 a3 89 94 07 0e 6f 00 e5 08 47 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a046ce590 | result: final-key@0x5641ad93f800 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad93f800 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a046ce578 | result: final-key@0x7f49e4006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad93f800 | prf+N PRF sha final-key@0x7f49e4006650 (size 20) | prf+N: key-key@0x7f49e4006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f49e400b980 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a046ce608 | result: result-key@0x5641ad93f800 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f49e400b980 | prfplus: release old_t[N]-key@0x7f49f4006bb0 | prf+N PRF sha init key-key@0x5641ad924ad0 (size 20) | prf+N: key-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a046ce588 | result: clone-key@0x7f49f4006bb0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49f8006e00 from key-key@0x7f49f4006bb0 | prf+N prf: begin sha with context 0x7f49f8006e00 from key-key@0x7f49f4006bb0 | prf+N: release clone-key@0x7f49f4006bb0 | prf+N PRF sha crypt-prf@0x7f49f8007a48 | prf+N PRF sha update old_t-key@0x7f49e4006650 (size 20) | prf+N: old_t-key@0x7f49e4006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f49e4006650 | nss hmac digest hack: symkey-key@0x7f49e4006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 56 ef bf 09 66 ae 96 87 fc d2 a6 bd a6 6c 0b 21 dc 1e 1e f6 db bc fd 39 09 0f 42 df e7 44 97 91 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49f80028b8 | unwrapped: 7b a9 27 16 0d 70 42 fe 59 d1 f4 8b d3 79 f6 2a | unwrapped: 94 55 d6 a3 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad93dd30 (size 80) | prf+N: seed-key@0x5641ad93dd30 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad93dd30 | nss hmac digest hack: symkey-key@0x5641ad93dd30 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: c6 36 de 85 fe c7 5d bb 50 5a f5 78 4e 27 49 11 24 6f 7d fb 3a c4 d3 52 b8 1a 9c ea 2f b6 1d b1 6d eb 22 3b 51 1e 52 86 ae ed 20 79 d4 41 92 64 19 08 9c 3e dd 63 81 87 64 f3 4b 89 d6 9d c9 2c 30 14 93 47 f0 71 d9 27 df 04 91 01 3d c9 c8 4a | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49f8007e48 | unwrapped: ae 68 9f 74 2c ab 51 df b6 8c 58 e5 16 3e 8a 50 | unwrapped: f4 3a b8 dd 5b 13 da e7 bb bc d4 9b 94 f9 c2 e2 | unwrapped: c2 5f 2b a7 7a 1d e9 26 37 38 5b 64 3e 35 69 31 | unwrapped: 0d 36 ba b1 0e 84 b3 21 03 38 cf aa 75 d5 f4 83 | unwrapped: 8f 95 81 70 ae b8 a3 89 94 07 0e 6f 00 e5 08 47 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a046ce590 | result: final-key@0x7f49e400b980 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49e400b980 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a046ce578 | result: final-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f49e400b980 | prf+N PRF sha final-key@0x7f49f4006bb0 (size 20) | prf+N: key-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad93f800 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a046ce608 | result: result-key@0x7f49e400b980 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5641ad93f800 | prfplus: release old_t[N]-key@0x7f49e4006650 | prf+N PRF sha init key-key@0x5641ad924ad0 (size 20) | prf+N: key-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a046ce588 | result: clone-key@0x7f49e4006650 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49f8008020 from key-key@0x7f49e4006650 | prf+N prf: begin sha with context 0x7f49f8008020 from key-key@0x7f49e4006650 | prf+N: release clone-key@0x7f49e4006650 | prf+N PRF sha crypt-prf@0x7f49f8006dd8 | prf+N PRF sha update old_t-key@0x7f49f4006bb0 (size 20) | prf+N: old_t-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f49f4006bb0 | nss hmac digest hack: symkey-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: b2 63 ec 81 f1 4d 75 83 c9 a2 31 48 47 9c aa fc f3 ad 8a 59 59 00 ec 19 dd 2c e5 8c 9d 7c de c8 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49f8006d88 | unwrapped: f6 6b e6 c7 52 3f 8a 60 2d 76 ce cd 17 f7 cb cf | unwrapped: 05 40 90 2e 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad93dd30 (size 80) | prf+N: seed-key@0x5641ad93dd30 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad93dd30 | nss hmac digest hack: symkey-key@0x5641ad93dd30 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: c6 36 de 85 fe c7 5d bb 50 5a f5 78 4e 27 49 11 24 6f 7d fb 3a c4 d3 52 b8 1a 9c ea 2f b6 1d b1 6d eb 22 3b 51 1e 52 86 ae ed 20 79 d4 41 92 64 19 08 9c 3e dd 63 81 87 64 f3 4b 89 d6 9d c9 2c 30 14 93 47 f0 71 d9 27 df 04 91 01 3d c9 c8 4a | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49f8007dc8 | unwrapped: ae 68 9f 74 2c ab 51 df b6 8c 58 e5 16 3e 8a 50 | unwrapped: f4 3a b8 dd 5b 13 da e7 bb bc d4 9b 94 f9 c2 e2 | unwrapped: c2 5f 2b a7 7a 1d e9 26 37 38 5b 64 3e 35 69 31 | unwrapped: 0d 36 ba b1 0e 84 b3 21 03 38 cf aa 75 d5 f4 83 | unwrapped: 8f 95 81 70 ae b8 a3 89 94 07 0e 6f 00 e5 08 47 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a046ce590 | result: final-key@0x5641ad93f800 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad93f800 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a046ce578 | result: final-key@0x7f49e4006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad93f800 | prf+N PRF sha final-key@0x7f49e4006650 (size 20) | prf+N: key-key@0x7f49e4006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f49e400b980 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a046ce608 | result: result-key@0x5641ad93f800 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f49e400b980 | prfplus: release old_t[N]-key@0x7f49f4006bb0 | prf+N PRF sha init key-key@0x5641ad924ad0 (size 20) | prf+N: key-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a046ce588 | result: clone-key@0x7f49f4006bb0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49f8006e00 from key-key@0x7f49f4006bb0 | prf+N prf: begin sha with context 0x7f49f8006e00 from key-key@0x7f49f4006bb0 | prf+N: release clone-key@0x7f49f4006bb0 | prf+N PRF sha crypt-prf@0x7f49f8007a48 | prf+N PRF sha update old_t-key@0x7f49e4006650 (size 20) | prf+N: old_t-key@0x7f49e4006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f49e4006650 | nss hmac digest hack: symkey-key@0x7f49e4006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: e9 92 f3 90 d8 36 1c 5a 6d aa e1 da 1e d2 60 e1 5b c8 48 a7 bf 78 f4 90 d4 84 f9 1e 42 d7 38 5e | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49f80028b8 | unwrapped: 0f 61 8b 14 34 fb ab 1d 0c 9a 26 fb 4f f6 dc cc | unwrapped: 34 e3 e3 23 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad93dd30 (size 80) | prf+N: seed-key@0x5641ad93dd30 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad93dd30 | nss hmac digest hack: symkey-key@0x5641ad93dd30 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: c6 36 de 85 fe c7 5d bb 50 5a f5 78 4e 27 49 11 24 6f 7d fb 3a c4 d3 52 b8 1a 9c ea 2f b6 1d b1 6d eb 22 3b 51 1e 52 86 ae ed 20 79 d4 41 92 64 19 08 9c 3e dd 63 81 87 64 f3 4b 89 d6 9d c9 2c 30 14 93 47 f0 71 d9 27 df 04 91 01 3d c9 c8 4a | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49f8008de8 | unwrapped: ae 68 9f 74 2c ab 51 df b6 8c 58 e5 16 3e 8a 50 | unwrapped: f4 3a b8 dd 5b 13 da e7 bb bc d4 9b 94 f9 c2 e2 | unwrapped: c2 5f 2b a7 7a 1d e9 26 37 38 5b 64 3e 35 69 31 | unwrapped: 0d 36 ba b1 0e 84 b3 21 03 38 cf aa 75 d5 f4 83 | unwrapped: 8f 95 81 70 ae b8 a3 89 94 07 0e 6f 00 e5 08 47 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a046ce590 | result: final-key@0x7f49e400b980 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49e400b980 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a046ce578 | result: final-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f49e400b980 | prf+N PRF sha final-key@0x7f49f4006bb0 (size 20) | prf+N: key-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad93f800 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a046ce608 | result: result-key@0x7f49e400b980 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5641ad93f800 | prfplus: release old_t[N]-key@0x7f49e4006650 | prfplus: release old_t[final]-key@0x7f49f4006bb0 | ike_sa_keymat: release data-key@0x5641ad93dd30 | calc_skeyseed_v2: release skeyseed_k-key@0x5641ad924ad0 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49e400b980 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a046ce7a8 | result: result-key@0x5641ad924ad0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49e400b980 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a046ce7a8 | result: result-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49e400b980 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a046ce7a8 | result: result-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f49e400b980 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a046ce7b8 | result: SK_ei_k-key@0x7f49e4006650 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f49e400b980 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a046ce7b8 | result: SK_er_k-key@0x5641ad93f800 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49e400b980 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a046ce7b8 | result: result-key@0x7f49e400f0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x7f49e400f0e0 | chunk_SK_pi: symkey-key@0x7f49e400f0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: a6 b7 6b 58 10 f1 30 67 e5 c1 b5 8d 4c 4b 17 d0 e4 7a 32 4f 57 57 18 44 3a 45 62 b1 af 81 65 df | chunk_SK_pi: release slot-key-key@0x5641ad91fd40 | chunk_SK_pi extracted len 32 bytes at 0x7f49f8006dd8 | unwrapped: 17 f7 cb cf 05 40 90 2e 0f 61 8b 14 34 fb ab 1d | unwrapped: 0c 9a 26 fb 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49e400b980 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a046ce7b8 | result: result-key@0x7f49e400a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x7f49e400a000 | chunk_SK_pr: symkey-key@0x7f49e400a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: ba 92 55 9c e8 bc 61 02 a9 d3 35 d8 aa 19 ab 1b 88 7c 77 ed ba f7 80 f9 7b ce 13 58 49 49 29 34 | chunk_SK_pr: release slot-key-key@0x5641ad91fd40 | chunk_SK_pr extracted len 32 bytes at 0x7f49f80028b8 | unwrapped: 4f f6 dc cc 34 e3 e3 23 99 03 93 37 f5 44 c1 e2 | unwrapped: 35 22 72 bf 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x7f49e400b980 | calc_skeyseed_v2 pointers: shared-key@0x5641ad946af0, SK_d-key@0x5641ad924ad0, SK_ai-key@0x5641ad93dd30, SK_ar-key@0x7f49f4006bb0, SK_ei-key@0x7f49e4006650, SK_er-key@0x5641ad93f800, SK_pi-key@0x7f49e400f0e0, SK_pr-key@0x7f49e400a000 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | 17 f7 cb cf 05 40 90 2e 0f 61 8b 14 34 fb ab 1d | 0c 9a 26 fb | calc_skeyseed_v2 SK_pr | 4f f6 dc cc 34 e3 e3 23 99 03 93 37 f5 44 c1 e2 | 35 22 72 bf | crypto helper 3 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 10 time elapsed 0.002558 seconds | (#13) spent 2.55 milliseconds in crypto helper computing work-order 10: ikev2_inI2outR2 KE (pcr) | crypto helper 3 sending results from work-order 10 for state #13 to event queue | scheduling resume sending helper answer for #13 | libevent_malloc: new ptr-libevent@0x7f49f8007648 size 128 | crypto helper 3 waiting (nothing to do) | processing resume sending helper answer for #13 | start processing: state #13 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 10 | calling continuation function 0x5641ac982b50 | ikev2_parent_inI2outR2_continue for #13: calculating g^{xy}, sending R2 | DH secret MODP2048@0x7f49f400f398: transferring ownership from helper IKEv2 DH to state #13 | finish_dh_v2: release st_shared_nss-key@NULL | #13 in state PARENT_R1: received v2I1, sent v2R1 | hmac PRF sha init symkey-key@0x5641ad93dd30 (size 20) | hmac: symkey-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad93dd30 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b1ab8 | result: clone-key@0x7f49e400b980 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49e8002b50 from symkey-key@0x7f49e400b980 | hmac prf: begin sha with context 0x7f49e8002b50 from symkey-key@0x7f49e400b980 | hmac: release clone-key@0x7f49e400b980 | hmac PRF sha crypt-prf@0x5641ad949d38 | hmac PRF sha update data-bytes@0x5641ad8cb328 (length 192) | 8f 95 81 70 ae b8 a3 89 94 07 0e 6f 00 e5 08 47 | 2e 20 23 08 00 00 00 01 00 00 00 cc 23 00 00 b0 | 38 f7 09 37 ea be ac c4 49 b8 93 44 92 51 50 97 | d7 90 a3 af 9c 2c 52 e6 81 77 3b 4d 4f 4f 67 d3 | b2 bf 52 ab 38 37 ea 44 0d b0 56 3c 69 e0 1a 8a | a9 d6 29 31 38 f2 7b 96 9e dc 33 97 69 c5 e2 0a | af 28 c9 ca de 60 8d f8 34 5b 84 0e d7 bd 96 e1 | a5 93 88 39 7b cc b3 e6 40 c3 e8 5b 77 c1 14 da | 1e ac ae 0f 0e ec d2 00 7e ff fb 4b 33 f8 7d ea | 6e db 3b 66 41 c8 a8 27 9e fa a6 d2 23 a6 65 15 | e5 a6 54 0b b2 10 f1 b6 d1 40 39 b8 b1 55 1f c5 | 22 96 26 4f 6f 18 f2 72 c0 de 21 59 05 03 f6 46 | hmac PRF sha final-bytes@0x7fff837b1c80 (length 20) | df 0a 6e 69 39 a5 05 e2 45 64 b6 02 98 44 09 ea | c0 d1 cb 55 | data for hmac: 8f 95 81 70 ae b8 a3 89 94 07 0e 6f 00 e5 08 47 | data for hmac: 2e 20 23 08 00 00 00 01 00 00 00 cc 23 00 00 b0 | data for hmac: 38 f7 09 37 ea be ac c4 49 b8 93 44 92 51 50 97 | data for hmac: d7 90 a3 af 9c 2c 52 e6 81 77 3b 4d 4f 4f 67 d3 | data for hmac: b2 bf 52 ab 38 37 ea 44 0d b0 56 3c 69 e0 1a 8a | data for hmac: a9 d6 29 31 38 f2 7b 96 9e dc 33 97 69 c5 e2 0a | data for hmac: af 28 c9 ca de 60 8d f8 34 5b 84 0e d7 bd 96 e1 | data for hmac: a5 93 88 39 7b cc b3 e6 40 c3 e8 5b 77 c1 14 da | data for hmac: 1e ac ae 0f 0e ec d2 00 7e ff fb 4b 33 f8 7d ea | data for hmac: 6e db 3b 66 41 c8 a8 27 9e fa a6 d2 23 a6 65 15 | data for hmac: e5 a6 54 0b b2 10 f1 b6 d1 40 39 b8 b1 55 1f c5 | data for hmac: 22 96 26 4f 6f 18 f2 72 c0 de 21 59 05 03 f6 46 | calculated auth: df 0a 6e 69 39 a5 05 e2 45 64 b6 02 | provided auth: df 0a 6e 69 39 a5 05 e2 45 64 b6 02 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 38 f7 09 37 ea be ac c4 49 b8 93 44 92 51 50 97 | payload before decryption: | d7 90 a3 af 9c 2c 52 e6 81 77 3b 4d 4f 4f 67 d3 | b2 bf 52 ab 38 37 ea 44 0d b0 56 3c 69 e0 1a 8a | a9 d6 29 31 38 f2 7b 96 9e dc 33 97 69 c5 e2 0a | af 28 c9 ca de 60 8d f8 34 5b 84 0e d7 bd 96 e1 | a5 93 88 39 7b cc b3 e6 40 c3 e8 5b 77 c1 14 da | 1e ac ae 0f 0e ec d2 00 7e ff fb 4b 33 f8 7d ea | 6e db 3b 66 41 c8 a8 27 9e fa a6 d2 23 a6 65 15 | e5 a6 54 0b b2 10 f1 b6 d1 40 39 b8 b1 55 1f c5 | 22 96 26 4f 6f 18 f2 72 c0 de 21 59 05 03 f6 46 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | e5 b0 d5 5e 23 22 92 02 76 22 da d9 fa fd 88 f2 | f8 5b 6f 8c 2c 00 00 28 00 00 00 24 01 03 04 03 | 95 e8 bd b2 03 00 00 08 01 00 00 0c 03 00 00 08 | 03 00 00 02 00 00 00 08 05 00 00 00 2d 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 01 00 | c0 00 01 ff 00 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 02 00 c0 00 02 ff 00 01 02 03 | stripping 4 octets as pad | #13 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) | **parse IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDi (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SA (len=36) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Responder: process IKE_AUTH request | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request "east" #13: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} | #13 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | received IDr payload - extracting our alleged ID | refine_host_connection for IKEv2: starting with "east" | match_id a=@west | b=@west | results matched | refine_host_connection: checking "east" against "east", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) | Warning: not switching back to template of current instance | Peer expects us to be @east (ID_FQDN) according to its IDr payload | This connection's local id is @east (ID_FQDN) | refine_host_connection: checked east against east, now for see if best | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x5641ad891c48 (line=1) | concluding with best_match=014 best=0x5641ad891c48 (lineno=1) | returning because exact peer id match | offered CA: '%none' "east" #13: IKEv2 mode peer ID is ID_FQDN: '@west' | hmac PRF sha init symkey-key@0x7f49e400f0e0 (size 20) | hmac: symkey-key@0x7f49e400f0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49e400f0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b1538 | result: clone-key@0x7f49e400b980 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49e8002b50 from symkey-key@0x7f49e400b980 | hmac prf: begin sha with context 0x7f49e8002b50 from symkey-key@0x7f49e400b980 | hmac: release clone-key@0x7f49e400b980 | hmac PRF sha crypt-prf@0x5641ad939208 | idhash verify I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x5641ad8cb35c (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7fff837b16e0 (length 20) | 01 b7 a2 72 ef 0f 86 2e d5 2d 30 76 ed 3f 8a 7d | 6c 7c bb 98 | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x5641ad891c48 (line=1) | concluding with best_match=014 best=0x5641ad891c48 (lineno=1) | inputs to hash1 (first packet) | 8f 95 81 70 ae b8 a3 89 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 17 75 94 bb cb 77 14 78 7d 33 b8 a8 | 55 60 08 74 bb a9 27 cc 4b bd ca 34 60 45 37 47 | c5 4b d5 b0 f8 3f 33 47 13 87 d1 c5 7c 45 d5 f4 | 5b 52 2b 41 fb 9d 40 61 9b f5 9d ef ec 15 6d db | 66 98 0b 19 8f d1 13 a0 44 91 b1 09 67 cc 02 0c | 3a 38 88 49 4f 6b 8c 28 0f 2e 29 e3 c0 36 82 85 | 1b f1 a7 5a 8a d7 ac a0 75 02 5a d2 5c de 55 39 | c5 4a 32 f7 b9 b1 c1 0f 54 da 22 a0 e5 7b 57 dd | cd 2f fc 27 d3 b7 97 81 d9 58 df d1 41 e1 ec b1 | ae fd 76 b0 d1 b0 fa 1e fe 1d 00 9e c3 57 d2 19 | c6 02 18 af 4c 9a b0 4d 56 aa ea 3a 77 a9 bd a7 | 64 34 f0 63 7a d5 50 9e ec 19 0d 57 b9 51 ce 69 | 6e ad da 15 72 c2 ec 9b f1 8e d1 b6 5f 1a 6b e9 | 24 1c bb 7f 38 00 d1 a3 20 b9 6d f1 ec 82 85 c9 | 49 6a ee b4 44 bc 69 0b 12 ce 2c 31 ee 01 d8 26 | 07 9a e8 2f 4e f9 f3 df cb ae ca 19 f1 c9 e0 08 | b0 67 2c e1 29 00 00 24 ae 68 9f 74 2c ab 51 df | b6 8c 58 e5 16 3e 8a 50 f4 3a b8 dd 5b 13 da e7 | bb bc d4 9b 94 f9 c2 e2 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 5b 36 99 ca 21 3f e2 ca | 2c 1f e1 29 de b3 b4 42 c5 4c da 97 00 00 00 1c | 00 00 40 05 50 17 c6 ca 13 c7 59 27 d4 94 ea 60 | 99 c7 72 b4 d4 fc 36 ff | verify: initiator inputs to hash2 (responder nonce) | c2 5f 2b a7 7a 1d e9 26 37 38 5b 64 3e 35 69 31 | 0d 36 ba b1 0e 84 b3 21 03 38 cf aa 75 d5 f4 83 | idhash 01 b7 a2 72 ef 0f 86 2e d5 2d 30 76 ed 3f 8a 7d | idhash 6c 7c bb 98 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x5641ad91fc98 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b1330 | result: shared secret-key@0x5641ad93d070 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x5641ad93d070 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b1318 | result: shared secret-key@0x7f49e400b980 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x5641ad93d070 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f49e8002b50 from shared secret-key@0x7f49e400b980 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f49e8002b50 from shared secret-key@0x7f49e400b980 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f49e400b980 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x5641ad949d38 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x5641aca154d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b1350 | result: final-key@0x5641ad93d070 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad93d070 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b1338 | result: final-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad93d070 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f49e400b980 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f49e400b980 (size 20) | = prf(, ): -key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b1348 | result: clone-key@0x5641ad93d070 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f49e8002b50 from -key@0x5641ad93d070 | = prf(, ) prf: begin sha with context 0x7f49e8002b50 from -key@0x5641ad93d070 | = prf(, ): release clone-key@0x5641ad93d070 | = prf(, ) PRF sha crypt-prf@0x5641ad939208 | = prf(, ) PRF sha update first-packet-bytes@0x5641ad93d268 (length 440) | 8f 95 81 70 ae b8 a3 89 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 17 75 94 bb cb 77 14 78 7d 33 b8 a8 | 55 60 08 74 bb a9 27 cc 4b bd ca 34 60 45 37 47 | c5 4b d5 b0 f8 3f 33 47 13 87 d1 c5 7c 45 d5 f4 | 5b 52 2b 41 fb 9d 40 61 9b f5 9d ef ec 15 6d db | 66 98 0b 19 8f d1 13 a0 44 91 b1 09 67 cc 02 0c | 3a 38 88 49 4f 6b 8c 28 0f 2e 29 e3 c0 36 82 85 | 1b f1 a7 5a 8a d7 ac a0 75 02 5a d2 5c de 55 39 | c5 4a 32 f7 b9 b1 c1 0f 54 da 22 a0 e5 7b 57 dd | cd 2f fc 27 d3 b7 97 81 d9 58 df d1 41 e1 ec b1 | ae fd 76 b0 d1 b0 fa 1e fe 1d 00 9e c3 57 d2 19 | c6 02 18 af 4c 9a b0 4d 56 aa ea 3a 77 a9 bd a7 | 64 34 f0 63 7a d5 50 9e ec 19 0d 57 b9 51 ce 69 | 6e ad da 15 72 c2 ec 9b f1 8e d1 b6 5f 1a 6b e9 | 24 1c bb 7f 38 00 d1 a3 20 b9 6d f1 ec 82 85 c9 | 49 6a ee b4 44 bc 69 0b 12 ce 2c 31 ee 01 d8 26 | 07 9a e8 2f 4e f9 f3 df cb ae ca 19 f1 c9 e0 08 | b0 67 2c e1 29 00 00 24 ae 68 9f 74 2c ab 51 df | b6 8c 58 e5 16 3e 8a 50 f4 3a b8 dd 5b 13 da e7 | bb bc d4 9b 94 f9 c2 e2 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 5b 36 99 ca 21 3f e2 ca | 2c 1f e1 29 de b3 b4 42 c5 4c da 97 00 00 00 1c | 00 00 40 05 50 17 c6 ca 13 c7 59 27 d4 94 ea 60 | 99 c7 72 b4 d4 fc 36 ff | = prf(, ) PRF sha update nonce-bytes@0x7f49f4003a78 (length 32) | c2 5f 2b a7 7a 1d e9 26 37 38 5b 64 3e 35 69 31 | 0d 36 ba b1 0e 84 b3 21 03 38 cf aa 75 d5 f4 83 | = prf(, ) PRF sha update hash-bytes@0x7fff837b16e0 (length 20) | 01 b7 a2 72 ef 0f 86 2e d5 2d 30 76 ed 3f 8a 7d | 6c 7c bb 98 | = prf(, ) PRF sha final-chunk@0x5641ad942cd8 (length 20) | e5 b0 d5 5e 23 22 92 02 76 22 da d9 fa fd 88 f2 | f8 5b 6f 8c | psk_auth: release prf-psk-key@0x7f49e400b980 | Received PSK auth octets | e5 b0 d5 5e 23 22 92 02 76 22 da d9 fa fd 88 f2 | f8 5b 6f 8c | Calculated PSK auth octets | e5 b0 d5 5e 23 22 92 02 76 22 da d9 fa fd 88 f2 | f8 5b 6f 8c "east" #13: Authenticated using authby=secret | parent state #13: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) | #13 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) | state #13 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f49f4005088 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5641ad942c68 | event_schedule: new EVENT_SA_REKEY-pe@0x5641ad942c68 | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #13 | libevent_malloc: new ptr-libevent@0x5641ad945978 size 128 | pstats #13 ikev2.ike established | **emit ISAKMP Message: | initiator cookie: | 8f 95 81 70 ae b8 a3 89 | responder cookie: | 94 07 0e 6f 00 e5 08 47 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | hmac PRF sha init symkey-key@0x7f49e400a000 (size 20) | hmac: symkey-key@0x7f49e400a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49e400a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0eb8 | result: clone-key@0x7f49e400b980 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49e8002b50 from symkey-key@0x7f49e400b980 | hmac prf: begin sha with context 0x7f49e8002b50 from symkey-key@0x7f49e400b980 | hmac: release clone-key@0x7f49e400b980 | hmac PRF sha crypt-prf@0x5641ad939208 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload | my identity 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | idhash calc R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x5641aca808f4 (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7fff837b11b0 (length 20) | d1 28 9b e9 a3 96 33 c2 b6 f6 40 f5 b6 3b 2b b7 | 22 2e 05 96 | assembled IDr payload | CHILD SA proposals received | going to assemble AUTH payload | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x5641ad891c48 (line=1) | concluding with best_match=014 best=0x5641ad891c48 (lineno=1) | inputs to hash1 (first packet) | 8f 95 81 70 ae b8 a3 89 94 07 0e 6f 00 e5 08 47 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 d4 85 a6 aa 06 0d 2b b8 6e b5 c7 df | 19 33 39 89 f5 3d eb ff 0a 2c fe 27 88 d7 b3 c7 | d7 0c fe 0c 2f 96 d7 d0 a2 76 e1 a4 83 9f d8 4f | 76 86 a9 88 ac 1f 3c f3 0f 0f b8 8a 7b 12 42 6f | d0 ff ef 72 87 50 34 44 a8 b5 ea 54 bd 48 cc 27 | 78 67 c4 7a 99 e6 d9 57 d7 04 89 6f 45 36 ba 03 | b0 5a 39 f2 77 3a 33 7c c3 81 f1 c1 cb 79 cc 0a | 7c b6 34 30 a0 6b 4d 63 79 20 ac 63 76 8e 0e 01 | ed 51 aa 32 88 41 e7 2a 12 dd e7 70 be e7 f2 c2 | 2f a4 72 c9 f3 23 e1 93 e6 74 37 94 0e fe 65 d4 | 1a d3 1b e5 bb cb 6a ba db f3 f5 3d c8 f3 7e 41 | 45 29 85 b2 64 16 55 d5 1c 4b e4 cc 1f 4f 89 59 | 8b 2b 18 8d 98 d6 29 05 b4 57 3f 79 f6 aa 17 b2 | 34 23 0a 88 df 88 39 2d 09 5c 56 2f 7a 90 1d a2 | 30 fb 6d a1 59 8b ff 69 df 73 b3 c7 9d 51 48 81 | 3a 0f e2 18 c3 14 30 26 2d 0a 86 03 8d 66 2c 16 | 3c 0e 22 a4 29 00 00 24 c2 5f 2b a7 7a 1d e9 26 | 37 38 5b 64 3e 35 69 31 0d 36 ba b1 0e 84 b3 21 | 03 38 cf aa 75 d5 f4 83 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 08 66 ca 4e 1e 96 a3 2c | 30 e4 b4 e8 5a f8 af 1b 0f 9a 8e b9 00 00 00 1c | 00 00 40 05 ef c9 cd a1 3c b0 b6 ab 1d d0 15 04 | 31 65 46 52 eb b2 3d 3d | create: responder inputs to hash2 (initiator nonce) | ae 68 9f 74 2c ab 51 df b6 8c 58 e5 16 3e 8a 50 | f4 3a b8 dd 5b 13 da e7 bb bc d4 9b 94 f9 c2 e2 | idhash d1 28 9b e9 a3 96 33 c2 b6 f6 40 f5 b6 3b 2b b7 | idhash 22 2e 05 96 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x5641ad91fc98 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0ca0 | result: shared secret-key@0x5641ad93d070 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x5641ad93d070 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c88 | result: shared secret-key@0x7f49e400b980 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x5641ad93d070 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f49e8002b50 from shared secret-key@0x7f49e400b980 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f49e8002b50 from shared secret-key@0x7f49e400b980 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f49e400b980 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x5641ad942cd8 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x5641aca154d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0cc0 | result: final-key@0x5641ad93d070 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad93d070 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0ca8 | result: final-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad93d070 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f49e400b980 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f49e400b980 (size 20) | = prf(, ): -key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0cb8 | result: clone-key@0x5641ad93d070 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f49e8002b50 from -key@0x5641ad93d070 | = prf(, ) prf: begin sha with context 0x7f49e8002b50 from -key@0x5641ad93d070 | = prf(, ): release clone-key@0x5641ad93d070 | = prf(, ) PRF sha crypt-prf@0x5641ad939208 | = prf(, ) PRF sha update first-packet-bytes@0x5641ad9453a8 (length 440) | 8f 95 81 70 ae b8 a3 89 94 07 0e 6f 00 e5 08 47 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 d4 85 a6 aa 06 0d 2b b8 6e b5 c7 df | 19 33 39 89 f5 3d eb ff 0a 2c fe 27 88 d7 b3 c7 | d7 0c fe 0c 2f 96 d7 d0 a2 76 e1 a4 83 9f d8 4f | 76 86 a9 88 ac 1f 3c f3 0f 0f b8 8a 7b 12 42 6f | d0 ff ef 72 87 50 34 44 a8 b5 ea 54 bd 48 cc 27 | 78 67 c4 7a 99 e6 d9 57 d7 04 89 6f 45 36 ba 03 | b0 5a 39 f2 77 3a 33 7c c3 81 f1 c1 cb 79 cc 0a | 7c b6 34 30 a0 6b 4d 63 79 20 ac 63 76 8e 0e 01 | ed 51 aa 32 88 41 e7 2a 12 dd e7 70 be e7 f2 c2 | 2f a4 72 c9 f3 23 e1 93 e6 74 37 94 0e fe 65 d4 | 1a d3 1b e5 bb cb 6a ba db f3 f5 3d c8 f3 7e 41 | 45 29 85 b2 64 16 55 d5 1c 4b e4 cc 1f 4f 89 59 | 8b 2b 18 8d 98 d6 29 05 b4 57 3f 79 f6 aa 17 b2 | 34 23 0a 88 df 88 39 2d 09 5c 56 2f 7a 90 1d a2 | 30 fb 6d a1 59 8b ff 69 df 73 b3 c7 9d 51 48 81 | 3a 0f e2 18 c3 14 30 26 2d 0a 86 03 8d 66 2c 16 | 3c 0e 22 a4 29 00 00 24 c2 5f 2b a7 7a 1d e9 26 | 37 38 5b 64 3e 35 69 31 0d 36 ba b1 0e 84 b3 21 | 03 38 cf aa 75 d5 f4 83 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 08 66 ca 4e 1e 96 a3 2c | 30 e4 b4 e8 5a f8 af 1b 0f 9a 8e b9 00 00 00 1c | 00 00 40 05 ef c9 cd a1 3c b0 b6 ab 1d d0 15 04 | 31 65 46 52 eb b2 3d 3d | = prf(, ) PRF sha update nonce-bytes@0x5641ad93dcb8 (length 32) | ae 68 9f 74 2c ab 51 df b6 8c 58 e5 16 3e 8a 50 | f4 3a b8 dd 5b 13 da e7 bb bc d4 9b 94 f9 c2 e2 | = prf(, ) PRF sha update hash-bytes@0x7fff837b11b0 (length 20) | d1 28 9b e9 a3 96 33 c2 b6 f6 40 f5 b6 3b 2b b7 | 22 2e 05 96 | = prf(, ) PRF sha final-chunk@0x5641ad949d38 (length 20) | bc b7 c3 f8 92 88 18 e0 08 c1 27 c4 42 82 d9 9a | 33 c1 fc 9f | psk_auth: release prf-psk-key@0x7f49e400b980 | PSK auth octets bc b7 c3 f8 92 88 18 e0 08 c1 27 c4 42 82 d9 9a | PSK auth octets 33 c1 fc 9f | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth bc b7 c3 f8 92 88 18 e0 08 c1 27 c4 42 82 d9 9a | PSK auth 33 c1 fc 9f | emitting length of IKEv2 Authentication Payload: 28 | creating state object #14 at 0x5641ad945ad8 | State DB: adding IKEv2 state #14 in UNDEFINED | pstats #14 ikev2.child started | duplicating state object #13 "east" as #14 for IPSEC SA | #14 setting local endpoint to 192.1.2.23:500 from #13.st_localport (in duplicate_state() at state.c:1484) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x5641ad924ad0 | duplicate_state: reference st_skey_ai_nss-key@0x5641ad93dd30 | duplicate_state: reference st_skey_ar_nss-key@0x7f49f4006bb0 | duplicate_state: reference st_skey_ei_nss-key@0x7f49e4006650 | duplicate_state: reference st_skey_er_nss-key@0x5641ad93f800 | duplicate_state: reference st_skey_pi_nss-key@0x7f49e400f0e0 | duplicate_state: reference st_skey_pr_nss-key@0x7f49e400a000 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #13.#14; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #13 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 | Message ID: switch-to #13.#14 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 | Child SA TS Request has ike->sa == md->st; so using parent connection | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | looking for best SPD in current connection | evaluating our conn="east" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found better spd route for TSi[0],TSr[0] | looking for better host pair | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | checking hostpair 192.0.2.0/24 -> 192.0.1.0/24 is found | investigating connection "east" as a better match | match_id a=@west | b=@west | results matched | evaluating our conn="east" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | did not find a better connection using host pair | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | using existing local ESP/AH proposals for east (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED 2:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 0 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 1 transforms | local proposal 2 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 36 (0x24) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI 95 e8 bd b2 | Comparing remote proposal 1 containing 3 transforms against local proposal [1..2] of 2 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: INTEG+ESN; unmatched: ENCR | remote proposal 1 does not match; unmatched remote transforms: ENCR "east" #13: no local proposal matches remote proposals 1:ESP:ENCR=AES_CBC;INTEG=HMAC_SHA1_96;ESN=DISABLED "east" #13: IKE_AUTH responder matching remote ESP/AH proposals failed, responder SA processing returned STF_FAIL+v2N_NO_PROPOSAL_CHOSEN | ikev2_child_sa_respond returned STF_FAIL+v2N_NO_PROPOSAL_CHOSEN | ikev2_parent_inI2outR2_continue_tail returned STF_FAIL+v2N_NO_PROPOSAL_CHOSEN | #13 spent 1.31 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() | suspend processing: state #13 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | start processing: state #14 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #14 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_FAIL+v2N_NO_PROPOSAL_CHOSEN | sending a notification reply "east" #14: responding to IKE_AUTH message (ID 1) from 192.1.2.45:500 with encrypted notification NO_PROPOSAL_CHOSEN | Opening output PBS encrypted notification | **emit ISAKMP Message: | initiator cookie: | 8f 95 81 70 ae b8 a3 89 | responder cookie: | 94 07 0e 6f 00 e5 08 47 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'encrypted notification' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | Adding a v2N Payload | ****emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'encrypted notification' | emitting length of IKEv2 Notify Payload: 8 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 05 b3 ea 6d 9b 0d b0 f0 b6 94 3f e9 68 d0 46 8b | data before encryption: | 00 00 00 08 00 00 00 0e 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | b5 2b 62 df 38 96 8b 3e 1d b3 e3 a7 97 3a 3a 53 | hmac PRF sha init symkey-key@0x7f49f4006bb0 (size 20) | hmac: symkey-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0f98 | result: clone-key@0x7f49e400b980 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49e8002b50 from symkey-key@0x7f49e400b980 | hmac prf: begin sha with context 0x7f49e8002b50 from symkey-key@0x7f49e400b980 | hmac: release clone-key@0x7f49e400b980 | hmac PRF sha crypt-prf@0x5641ad9413c8 | hmac PRF sha update data-bytes@0x7fff837b13c0 (length 64) | 8f 95 81 70 ae b8 a3 89 94 07 0e 6f 00 e5 08 47 | 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | 05 b3 ea 6d 9b 0d b0 f0 b6 94 3f e9 68 d0 46 8b | b5 2b 62 df 38 96 8b 3e 1d b3 e3 a7 97 3a 3a 53 | hmac PRF sha final-bytes@0x7fff837b1400 (length 20) | 0d 77 42 f0 02 a2 06 a0 52 9d a7 7b 10 32 eb c6 | cc 32 c4 df | data being hmac: 8f 95 81 70 ae b8 a3 89 94 07 0e 6f 00 e5 08 47 | data being hmac: 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | data being hmac: 05 b3 ea 6d 9b 0d b0 f0 b6 94 3f e9 68 d0 46 8b | data being hmac: b5 2b 62 df 38 96 8b 3e 1d b3 e3 a7 97 3a 3a 53 | out calculated auth: | 0d 77 42 f0 02 a2 06 a0 52 9d a7 7b | sending 76 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #13) | 8f 95 81 70 ae b8 a3 89 94 07 0e 6f 00 e5 08 47 | 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | 05 b3 ea 6d 9b 0d b0 f0 b6 94 3f e9 68 d0 46 8b | b5 2b 62 df 38 96 8b 3e 1d b3 e3 a7 97 3a 3a 53 | 0d 77 42 f0 02 a2 06 a0 52 9d a7 7b | forcing #14 to a discard event | event_schedule: new EVENT_SO_DISCARD-pe@0x7f49e8002b78 | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #14 | libevent_malloc: new ptr-libevent@0x5641ad942b78 size 128 | state transition function for STATE_UNDEFINED failed: v2N_NO_PROPOSAL_CHOSEN | resume sending helper answer for #13 suppresed complete_v2_state_transition() | #13 spent 1.9 milliseconds in resume sending helper answer | stop processing: state #14 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f49f8007648 | spent 0.00286 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 74 23 ad d1 28 79 70 93 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 00 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 9f dd 5b 88 07 d7 78 a1 43 49 bc 27 | 19 6a 66 12 6a 70 e1 ee 78 64 da 1e 15 b5 f9 4f | 8d 90 94 9b 52 67 46 55 38 af de 9e 66 e8 37 7c | a6 2a cc f8 ac 8c 9b 92 db 5a 1b 71 cc 54 2e 56 | 75 cb 70 e9 36 80 24 0e ae ae ab 89 8b ce 76 ff | 51 aa 28 0a d6 58 a1 ad 8c 72 81 a6 66 a0 ff 08 | 2c ba 26 98 79 3b 2e 33 74 c0 3f 9e 3e 7e e9 9b | 80 77 55 04 07 6c 48 92 d3 db 48 c4 c1 48 80 4f | 68 1f c0 3b 3f e4 66 a2 94 e0 0b 43 12 d5 73 16 | 2a cd c8 ba e1 9b b5 5c 6f 08 fe 9e a7 b9 76 26 | 62 c9 b9 9a 55 56 a3 9d 88 8c 0d 44 4a 62 e3 83 | 10 9c 22 32 bb 5b 08 3e b0 b3 ba cc 6f 7b 8c 26 | c8 51 0d 2d 53 79 29 be 35 a5 9c 29 5f 10 e5 d3 | 15 07 f3 cc d1 fc 19 69 b1 97 90 e8 42 3f e6 9b | 9c f1 59 65 d3 94 df e0 1e 88 a1 ef 59 e1 df b6 | 55 00 ef 8f be 8c 16 79 2c 3d 88 2a 92 54 21 c0 | 1a a9 74 bd 29 00 00 24 53 3b a7 57 28 dd 3c 09 | 82 e5 ee 55 40 12 a3 2f e0 c5 81 ac 69 e2 79 f8 | e6 c9 91 fb 8c 17 85 0f 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 04 9f 83 73 43 96 6b a6 | 23 89 8e 41 77 75 d2 82 a8 e8 36 3c 00 00 00 1c | 00 00 40 05 f5 62 50 12 e1 7b 73 3c 45 8a f6 15 | c3 31 98 79 40 75 9b d5 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 74 23 ad d1 28 79 70 93 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x5641ad939378 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x5641aca74700 (length 32) | 64 59 39 7d cd b9 28 1d f1 c8 1c 37 a1 76 10 ce | 60 62 36 da 0f 08 a7 5a 08 fd 21 a0 d8 62 36 c1 | IKE SPIr hash sha2_256 digest counter-bytes@0x5641aca746e0 (length 4) | 0a 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff837b2220 (length 32) | dd a7 8e 35 78 e4 ab ab 9b 49 7f 44 12 40 7b 74 | b1 36 7c 01 57 db e3 09 44 21 de 2c 24 82 bc c9 | creating state object #15 at 0x5641ad9447d8 | State DB: adding IKEv2 state #15 in UNDEFINED | pstats #15 ikev2.ike started | Message ID: init #15: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #15: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #15; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #15 connection "east" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #15 connection "east" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) | #15 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #15 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #15 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #15 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #15 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) "east" #15: af+type of IKEv2 Attribute Substructure Payload has an unknown value: 14 (0xe) "east" #15: remote proposal 1 transform 0 contains corrupt attribute "east" #15: partial list of remote proposals: 1:IKE:[corrupt-attribute] "east" #15: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification INVALID_SYNTAX | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | 74 23 ad d1 28 79 70 93 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_INVALID_SYNTAX (0x7) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | 74 23 ad d1 28 79 70 93 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 07 | #15 spent 0.157 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #15 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #15 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #15 has no whack fd | pstats #15 ikev2.ike deleted other | [RE]START processing: state #15 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #15: deleting state (STATE_PARENT_R0) aged 0.000s and NOT sending notification | parent state #15: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #15 in PARENT_R0 | parent state #15: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #15 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #15 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.646 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00268 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 04 72 5e e4 6e f1 79 89 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 00 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 d9 58 c8 24 d6 80 52 8a cc 16 fe ea | 4d a7 f9 73 2b 43 d9 d3 0d b9 ac 03 0e 70 92 21 | 43 7a 90 bb 19 96 99 ba be c1 53 ee ac 21 01 0a | 43 f4 73 96 25 07 9a a2 dd 40 eb 15 16 12 b1 d7 | 1b 30 ec 21 f3 da 91 16 c7 a2 7d 23 e9 af 42 cb | 08 66 26 19 e8 77 53 eb 38 c8 0f 4a 00 52 b9 5d | bb a9 79 24 38 4a 21 2d 2d ba db ff 83 d6 ed 83 | 0f 7f ca 52 cc 19 1f b9 1a 3a 3e a1 2e 9b 8e 76 | b9 6f 83 c8 b5 96 ed d4 88 7a 34 1d ce f9 4e 96 | 8b 32 20 70 f2 48 69 22 e5 51 fa c8 dd 36 e0 bd | c7 31 39 de 72 12 b0 80 78 93 1c d9 63 9d 70 f8 | 49 50 f7 83 ed d5 73 40 b7 03 b7 06 f0 1b 07 75 | cd cb c3 74 36 32 f8 90 b6 10 02 bb fb d1 aa 22 | fa bc 56 3d 23 c0 37 29 45 51 ca 12 26 31 48 57 | 7f 4e c4 4a e5 ae 22 11 ee 02 e3 8e df c3 66 78 | 24 30 c1 8c 78 ea 85 36 0a a6 74 80 59 38 df 10 | a8 53 d6 2a 29 00 00 24 ae 0c 5a 9f c5 77 bd 15 | f6 87 ad 9b 78 fc b3 b2 fa 92 49 b9 f9 a5 73 48 | de db df dd 4d a8 dd 01 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 49 bc 5f e0 8c c9 51 62 | a9 36 b9 0b 42 8a fa cd 0c b9 ac 4f 00 00 00 1c | 00 00 40 05 23 9f 36 8c f1 4a e7 2e 76 e8 c0 9b | b8 37 ad ba 01 43 c6 cf | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 04 72 5e e4 6e f1 79 89 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x5641ad939378 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x5641aca74700 (length 32) | 64 59 39 7d cd b9 28 1d f1 c8 1c 37 a1 76 10 ce | 60 62 36 da 0f 08 a7 5a 08 fd 21 a0 d8 62 36 c1 | IKE SPIr hash sha2_256 digest counter-bytes@0x5641aca746e0 (length 4) | 0b 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff837b2220 (length 32) | 9b d3 be a7 ce b8 33 ef 73 8b 10 b7 eb 93 30 d9 | 91 ee 2f e0 29 18 f3 ae 07 07 76 be d7 02 2f 86 | creating state object #16 at 0x5641ad9447d8 | State DB: adding IKEv2 state #16 in UNDEFINED | pstats #16 ikev2.ike started | Message ID: init #16: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #16: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #16; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #16 connection "east" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #16 connection "east" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) | #16 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #16 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #16 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #16 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #16 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) "east" #16: af+type of IKEv2 Attribute Substructure Payload has an unknown value: 14 (0xe) "east" #16: remote proposal 1 transform 0 contains corrupt attribute "east" #16: partial list of remote proposals: 1:IKE:[corrupt-attribute] "east" #16: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification INVALID_SYNTAX | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | 04 72 5e e4 6e f1 79 89 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_INVALID_SYNTAX (0x7) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | 04 72 5e e4 6e f1 79 89 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 07 | #16 spent 0.17 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #16 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #16 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #16 has no whack fd | pstats #16 ikev2.ike deleted other | [RE]START processing: state #16 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #16: deleting state (STATE_PARENT_R0) aged 0.000s and NOT sending notification | parent state #16: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #16 in PARENT_R0 | parent state #16: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #16 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #16 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.638 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00263 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 1d 3d c1 a9 ba 21 c1 00 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 00 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 74 cc e6 2a c4 1d a0 ba ba 64 42 af | d5 88 46 74 ab d2 cc cc 78 63 58 aa ff 05 4d 77 | 73 68 48 fc 2e e7 19 8f 4d 6e 13 ac b3 e7 9f b6 | 0b 34 49 a5 2a 13 4c c8 fa 6d 89 18 4c 3b a6 20 | 53 ca e5 18 96 e0 3e 80 07 d4 7b 29 4a c7 d7 12 | 32 01 11 6e 87 56 0d 5a 4f 5b a8 dc 68 c6 0d e0 | 7b 15 9b 46 58 7c f6 dc 29 d2 2c 9c 68 69 99 b5 | 60 7f 4c 5c 4c a4 e8 f5 82 98 4e b4 09 fb 78 b3 | d0 26 f1 3c cc 5c 6a ef 26 d1 11 cf 34 75 7e 4b | b7 5a 86 90 83 2f d1 9e ba 57 61 d2 e5 d5 98 be | 2f 6a a8 37 c8 3d 5d cc 0d e7 34 3b 3a 79 c2 12 | be 64 ac 89 87 57 a5 62 6c d7 96 89 5a 71 2d 6a | 10 36 53 5c 7e 4b 1c 96 11 db 90 80 bb 3d 6c dc | a2 cd 5d e7 23 87 03 1c f3 7d 5e d4 03 41 51 8f | 97 37 df 89 7d f5 99 3c 29 f3 3d d9 93 29 96 01 | bf db a6 b1 25 33 7b 83 eb e0 e3 3f 4a ac 99 af | e9 02 7a f7 29 00 00 24 fb 46 86 a4 73 b4 70 59 | ed 32 f5 39 97 1e a8 1c f8 ec 4d 7e 44 12 fc 16 | 4d 31 84 7b c7 60 53 c0 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 00 a2 11 10 a3 4c 7b f6 | d7 c0 43 35 b2 0a 4d 59 f5 dd e8 82 00 00 00 1c | 00 00 40 05 f6 cb b5 5d 4b fa b1 40 5d c9 26 4c | c2 60 76 e9 ef 15 46 ce | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 1d 3d c1 a9 ba 21 c1 00 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x5641ad939378 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x5641aca74700 (length 32) | 64 59 39 7d cd b9 28 1d f1 c8 1c 37 a1 76 10 ce | 60 62 36 da 0f 08 a7 5a 08 fd 21 a0 d8 62 36 c1 | IKE SPIr hash sha2_256 digest counter-bytes@0x5641aca746e0 (length 4) | 0c 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff837b2220 (length 32) | dc 1a 43 ae 75 b7 6c 4b 46 6b de 29 9f c5 04 be | 86 3b be ab 77 83 b5 01 0d ed e6 d4 2d cb 5d 33 | creating state object #17 at 0x5641ad9447d8 | State DB: adding IKEv2 state #17 in UNDEFINED | pstats #17 ikev2.ike started | Message ID: init #17: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #17: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #17; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #17 connection "east" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #17 connection "east" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) | #17 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #17 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #17 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #17 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #17 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) "east" #17: af+type of IKEv2 Attribute Substructure Payload has an unknown value: 14 (0xe) "east" #17: remote proposal 1 transform 0 contains corrupt attribute "east" #17: partial list of remote proposals: 1:IKE:[corrupt-attribute] "east" #17: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification INVALID_SYNTAX | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | 1d 3d c1 a9 ba 21 c1 00 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_INVALID_SYNTAX (0x7) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | 1d 3d c1 a9 ba 21 c1 00 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 07 | #17 spent 0.143 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #17 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #17 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #17 has no whack fd | pstats #17 ikev2.ike deleted other | [RE]START processing: state #17 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #17: deleting state (STATE_PARENT_R0) aged 0.000s and NOT sending notification | parent state #17: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #17 in PARENT_R0 | parent state #17: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #17 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #17 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.612 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00319 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | dd f1 a7 97 73 22 40 a8 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 00 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 28 44 24 35 3b 04 a4 fc c9 a7 41 dc | a4 fe bd ff 3a 5e f4 3d 55 03 3a 7a aa 3f bd 70 | 6d d7 dd 5e cc d0 5b 06 c9 4d dc f2 c2 5e 94 12 | 0f a5 2d 8c cf ce f2 7e 1e c0 21 30 24 c5 2d 76 | 11 5f 97 25 19 7f fd 6e d0 1f c5 99 18 e9 2a 83 | 22 3e 4e 10 92 73 d1 de 78 66 eb bf a8 ff b4 6f | 80 b1 b7 ed e8 29 4a c8 66 db 0d 19 7f 5d f2 ea | 7f 71 0b b3 4a 79 68 a2 bf 6d 69 a9 19 d3 f0 eb | 29 07 b7 85 a5 cc 84 fe 8d 4a 6e e1 49 58 10 20 | 12 78 96 da 1c a2 bc a9 9f 44 2b b1 91 8c 4f 84 | 09 7f 8e b2 5e 19 ac be d6 db c0 2e ab 0e 37 c9 | 15 76 1c b1 23 2c 28 ce 60 c9 5b 0c 3f c8 9e 6d | 8e 07 d0 20 44 fd e2 6f e6 79 34 33 56 c5 6e 98 | 81 c9 37 68 e9 4c 7a ee 66 3b 80 18 13 55 83 23 | 63 2c 64 da b2 b0 98 de a0 7e ee 09 09 18 e1 1e | a7 9c 9a be b7 88 39 0e 4f 92 95 c8 d9 83 c4 2e | 68 31 5d 76 29 00 00 24 bb 76 80 fc de f3 68 b4 | 6d 39 4a 5b ab 7a 08 b6 81 3f cb a7 78 49 b4 e8 | bf c1 9d df a6 6c 1d bc 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 64 53 6b 42 7f c3 45 31 | 9c 1e b4 b1 56 86 6b 21 e5 e8 c9 ba 00 00 00 1c | 00 00 40 05 d9 1e 7c a9 b9 1f ab 91 32 4d 72 ce | fe 3d d0 96 1d 13 3e ad | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | dd f1 a7 97 73 22 40 a8 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x5641ad939378 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x5641aca74700 (length 32) | 64 59 39 7d cd b9 28 1d f1 c8 1c 37 a1 76 10 ce | 60 62 36 da 0f 08 a7 5a 08 fd 21 a0 d8 62 36 c1 | IKE SPIr hash sha2_256 digest counter-bytes@0x5641aca746e0 (length 4) | 0d 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff837b2220 (length 32) | 0e ce b7 64 0d dd 8d c4 d5 47 ec 61 99 38 28 08 | 19 15 bd c7 ca 0c 26 89 39 93 7d 2a a6 e1 f9 51 | creating state object #18 at 0x5641ad9447d8 | State DB: adding IKEv2 state #18 in UNDEFINED | pstats #18 ikev2.ike started | Message ID: init #18: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #18: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #18; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #18 connection "east" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #18 connection "east" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) | #18 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #18 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #18 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #18 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #18 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) "east" #18: af+type of IKEv2 Attribute Substructure Payload has an unknown value: 14 (0xe) "east" #18: remote proposal 1 transform 0 contains corrupt attribute "east" #18: partial list of remote proposals: 1:IKE:[corrupt-attribute] "east" #18: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification INVALID_SYNTAX | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | dd f1 a7 97 73 22 40 a8 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_INVALID_SYNTAX (0x7) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | dd f1 a7 97 73 22 40 a8 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 07 | #18 spent 0.141 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #18 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #18 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #18 has no whack fd | pstats #18 ikev2.ike deleted other | [RE]START processing: state #18 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #18: deleting state (STATE_PARENT_R0) aged 0.000s and NOT sending notification | parent state #18: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #18 in PARENT_R0 | parent state #18: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #18 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #18 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.614 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00276 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 436 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | b4 9f d5 a5 56 78 42 52 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | 3d a9 d4 a5 ad a5 e8 ca 0b e2 52 49 47 80 7b a7 | 09 cb d8 3a 4e 27 02 45 21 49 c3 14 60 7b 6e bb | 49 9e 8e 22 28 54 d8 85 f6 c9 5f dc 83 02 0e 75 | c3 f8 e0 4f 65 ba 84 c2 be cb 40 dd a3 57 c3 c2 | cd 6e 29 15 f5 6a 43 69 3f a8 54 15 ad 13 7a fe | ba a6 9f c5 0b 71 ea 0e 8c 6c b8 e5 71 f1 7d 2d | f7 d1 95 a6 2a 86 75 82 96 b6 7f 98 70 72 38 08 | 03 52 58 07 8c be 3f c6 a2 fe 56 58 31 f6 1f 3f | ec 50 9f 96 8e a2 b8 d4 f4 95 67 b0 10 3a a5 c4 | db 9a 55 b3 4f bb 32 25 7d f7 d6 a6 de 24 7d 29 | 91 44 57 1d 5d a5 db 2d 8a 3c 9e f8 0e 98 b4 ec | 89 25 81 28 68 fd 6d 40 6f 29 88 30 91 89 06 78 | cd ab 67 b0 f8 52 88 d4 68 7c 78 03 0f af fc 24 | 5e bf d8 4b 98 8c 91 e1 0a bc c0 bd e3 35 32 85 | 03 b5 66 6e c2 93 71 9f 59 5a dd 99 f0 e7 de 56 | 7e cf 2e f2 93 22 7a dc 86 e3 fc 80 8b 8f 18 94 | 29 00 00 24 7e ef df b9 e6 c0 95 b6 35 29 54 b9 | ca 10 f9 27 df af 2b 9d e8 b2 43 e8 cb eb 84 20 | d3 7e 8c ca 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 d0 fe 55 3f 51 19 d4 f8 2d c0 7b 7f | 22 c6 c8 96 0a a6 b5 d2 00 00 00 1c 00 00 40 05 | d8 3e 84 3d 45 f6 ac 66 b0 b3 16 7d f1 63 b8 43 | 77 2f 23 62 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | b4 9f d5 a5 56 78 42 52 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 436 (0x1b4) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x5641ad939378 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x5641aca74700 (length 32) | 64 59 39 7d cd b9 28 1d f1 c8 1c 37 a1 76 10 ce | 60 62 36 da 0f 08 a7 5a 08 fd 21 a0 d8 62 36 c1 | IKE SPIr hash sha2_256 digest counter-bytes@0x5641aca746e0 (length 4) | 0e 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff837b2220 (length 32) | 64 8b 3f f5 9a 68 9d 5a f0 a5 5e d6 da c6 f6 d0 | 59 af 09 41 06 6e 8a 95 ad 5e a7 24 4f 26 21 e5 | creating state object #19 at 0x5641ad9447d8 | State DB: adding IKEv2 state #19 in UNDEFINED | pstats #19 ikev2.ike started | Message ID: init #19: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #19: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #19; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #19 connection "east" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #19 connection "east" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) | #19 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #19 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #19 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #19 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #19 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | remote proposal 1 transform 0 (ENCR=3DES) matches local proposal 2 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: PRF+INTEG+DH | remote proposal 1 does not match local proposal 1; unmatched transforms: ENCR; missing transforms: ENCR | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 2; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 2 "east" #19: proposal 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: 3DES=3, found 3DES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | DH public value received: | 3d a9 d4 a5 ad a5 e8 ca 0b e2 52 49 47 80 7b a7 | 09 cb d8 3a 4e 27 02 45 21 49 c3 14 60 7b 6e bb | 49 9e 8e 22 28 54 d8 85 f6 c9 5f dc 83 02 0e 75 | c3 f8 e0 4f 65 ba 84 c2 be cb 40 dd a3 57 c3 c2 | cd 6e 29 15 f5 6a 43 69 3f a8 54 15 ad 13 7a fe | ba a6 9f c5 0b 71 ea 0e 8c 6c b8 e5 71 f1 7d 2d | f7 d1 95 a6 2a 86 75 82 96 b6 7f 98 70 72 38 08 | 03 52 58 07 8c be 3f c6 a2 fe 56 58 31 f6 1f 3f | ec 50 9f 96 8e a2 b8 d4 f4 95 67 b0 10 3a a5 c4 | db 9a 55 b3 4f bb 32 25 7d f7 d6 a6 de 24 7d 29 | 91 44 57 1d 5d a5 db 2d 8a 3c 9e f8 0e 98 b4 ec | 89 25 81 28 68 fd 6d 40 6f 29 88 30 91 89 06 78 | cd ab 67 b0 f8 52 88 d4 68 7c 78 03 0f af fc 24 | 5e bf d8 4b 98 8c 91 e1 0a bc c0 bd e3 35 32 85 | 03 b5 66 6e c2 93 71 9f 59 5a dd 99 f0 e7 de 56 | 7e cf 2e f2 93 22 7a dc 86 e3 fc 80 8b 8f 18 94 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff837b1c20 (length 8) | b4 9f d5 a5 56 78 42 52 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff837b1c28 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff837b1bb4 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff837b1ba6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff837b1c30 (length 20) | d8 3e 84 3d 45 f6 ac 66 b0 b3 16 7d f1 63 b8 43 | 77 2f 23 62 | natd_hash: hasher=0x5641aca57800(20) | natd_hash: icookie= b4 9f d5 a5 56 78 42 52 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= d8 3e 84 3d 45 f6 ac 66 b0 b3 16 7d f1 63 b8 43 | natd_hash: hash= 77 2f 23 62 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff837b1c20 (length 8) | b4 9f d5 a5 56 78 42 52 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff837b1c28 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff837b1bb4 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff837b1ba6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff837b1c50 (length 20) | d0 fe 55 3f 51 19 d4 f8 2d c0 7b 7f 22 c6 c8 96 | 0a a6 b5 d2 | natd_hash: hasher=0x5641aca57800(20) | natd_hash: icookie= b4 9f d5 a5 56 78 42 52 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= d0 fe 55 3f 51 19 d4 f8 2d c0 7b 7f 22 c6 c8 96 | natd_hash: hash= 0a a6 b5 d2 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 | adding ikev2_inI1outR1 KE work-order 11 for state #19 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f49f0002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #19 | libevent_malloc: new ptr-libevent@0x7f49f8007648 size 128 | #19 spent 0.306 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | crypto helper 4 resuming | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | crypto helper 4 starting work-order 11 for state #19 | #19 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND | crypto helper 4 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 11 | suspending state #19 and saving MD | #19 is busy; has a suspended MD | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) | "east" #19 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | stop processing: state #19 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #19 spent 0.746 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.758 milliseconds in comm_handle_cb() reading and processing packet | DH secret MODP2048@0x7f49ec007848: created | NSS: Local DH MODP2048 secret (pointer): 0x7f49ec007848 | NSS: Public DH wire value: | fa f5 0e d0 64 2b 86 2a de 62 a4 8f 0a 1e 9d 69 | a3 44 88 71 80 da 05 5e 56 e2 27 84 fe b0 ee 09 | a7 2e d8 47 f0 7c 5f fc d3 d4 0a cd 6f 55 89 12 | 9d 99 1b 65 a7 53 90 ff 0a 4e 75 44 43 07 fa 99 | 0a ec 25 e8 28 86 7d 68 36 25 3d a6 af 85 f9 e4 | 54 c5 39 08 4a 5a 93 38 cf 35 81 99 ea 7a 98 5c | 59 99 27 f0 16 dc b1 e1 c2 06 34 b2 39 2b 19 f8 | 89 4b 07 35 04 07 ba ec 5e 3f d7 db d8 0c 4c c0 | 7c 72 87 e8 78 f5 bf b4 e1 77 56 58 37 c7 0f 71 | f2 9c 53 93 ed bc 8c a1 37 f8 3e 0b 24 78 15 4e | 3d da a5 5e 54 ea 2c 7c 19 ee e8 02 20 0e be 33 | f8 4c 9c 7f 6e 5b 5d 70 18 5a f7 0a 19 c3 fb 13 | fd 31 c9 94 07 60 4e 19 f9 66 cc 06 4a 33 f3 cf | f7 19 d4 d3 66 f7 6c 87 15 b8 0d 82 cd 73 cf b8 | 51 ec fd 31 44 c7 a3 52 03 4a 32 f4 9f 61 76 79 | c1 ad b0 c6 7a 53 8d e5 a4 d4 d4 d4 73 75 6f af | Generated nonce: 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d 63 21 66 52 | Generated nonce: 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 9a 54 db b9 | crypto helper 4 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 11 time elapsed 0.001086 seconds | (#19) spent 1.07 milliseconds in crypto helper computing work-order 11: ikev2_inI1outR1 KE (pcr) | crypto helper 4 sending results from work-order 11 for state #19 to event queue | scheduling resume sending helper answer for #19 | libevent_malloc: new ptr-libevent@0x7f49ec004f28 size 128 | crypto helper 4 waiting (nothing to do) | processing resume sending helper answer for #19 | start processing: state #19 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 4 replies to request ID 11 | calling continuation function 0x5641ac982b50 | ikev2_parent_inI1outR1_continue for #19: calculated ke+nonce, sending R1 | **emit ISAKMP Message: | initiator cookie: | b4 9f d5 a5 56 78 42 52 | responder cookie: | 64 8b 3f f5 9a 68 9d 5a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Emitting ikev2_proposal ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f49ec007848: transferring ownership from helper KE to state #19 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x fa f5 0e d0 64 2b 86 2a de 62 a4 8f 0a 1e 9d 69 | ikev2 g^x a3 44 88 71 80 da 05 5e 56 e2 27 84 fe b0 ee 09 | ikev2 g^x a7 2e d8 47 f0 7c 5f fc d3 d4 0a cd 6f 55 89 12 | ikev2 g^x 9d 99 1b 65 a7 53 90 ff 0a 4e 75 44 43 07 fa 99 | ikev2 g^x 0a ec 25 e8 28 86 7d 68 36 25 3d a6 af 85 f9 e4 | ikev2 g^x 54 c5 39 08 4a 5a 93 38 cf 35 81 99 ea 7a 98 5c | ikev2 g^x 59 99 27 f0 16 dc b1 e1 c2 06 34 b2 39 2b 19 f8 | ikev2 g^x 89 4b 07 35 04 07 ba ec 5e 3f d7 db d8 0c 4c c0 | ikev2 g^x 7c 72 87 e8 78 f5 bf b4 e1 77 56 58 37 c7 0f 71 | ikev2 g^x f2 9c 53 93 ed bc 8c a1 37 f8 3e 0b 24 78 15 4e | ikev2 g^x 3d da a5 5e 54 ea 2c 7c 19 ee e8 02 20 0e be 33 | ikev2 g^x f8 4c 9c 7f 6e 5b 5d 70 18 5a f7 0a 19 c3 fb 13 | ikev2 g^x fd 31 c9 94 07 60 4e 19 f9 66 cc 06 4a 33 f3 cf | ikev2 g^x f7 19 d4 d3 66 f7 6c 87 15 b8 0d 82 cd 73 cf b8 | ikev2 g^x 51 ec fd 31 44 c7 a3 52 03 4a 32 f4 9f 61 76 79 | ikev2 g^x c1 ad b0 c6 7a 53 8d e5 a4 d4 d4 d4 73 75 6f af | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d 63 21 66 52 | IKEv2 nonce 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 9a 54 db b9 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff837b2160 (length 8) | b4 9f d5 a5 56 78 42 52 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff837b2168 (length 8) | 64 8b 3f f5 9a 68 9d 5a | NATD hash sha digest IP addr-bytes@0x7fff837b2094 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff837b2086 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff837b2110 (length 20) | 3e 47 fc 3b c5 a7 32 0a 39 a5 ba 05 71 1d 70 9c | d1 72 db 45 | natd_hash: hasher=0x5641aca57800(20) | natd_hash: icookie= b4 9f d5 a5 56 78 42 52 | natd_hash: rcookie= 64 8b 3f f5 9a 68 9d 5a | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 3e 47 fc 3b c5 a7 32 0a 39 a5 ba 05 71 1d 70 9c | natd_hash: hash= d1 72 db 45 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 3e 47 fc 3b c5 a7 32 0a 39 a5 ba 05 71 1d 70 9c | Notify data d1 72 db 45 | emitting length of IKEv2 Notify Payload: 28 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff837b2160 (length 8) | b4 9f d5 a5 56 78 42 52 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff837b2168 (length 8) | 64 8b 3f f5 9a 68 9d 5a | NATD hash sha digest IP addr-bytes@0x7fff837b2094 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff837b2086 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff837b2110 (length 20) | ad 95 42 f3 6d e5 d6 bb b0 67 6a 84 da 6b 7c 96 | 0f e2 48 23 | natd_hash: hasher=0x5641aca57800(20) | natd_hash: icookie= b4 9f d5 a5 56 78 42 52 | natd_hash: rcookie= 64 8b 3f f5 9a 68 9d 5a | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= ad 95 42 f3 6d e5 d6 bb b0 67 6a 84 da 6b 7c 96 | natd_hash: hash= 0f e2 48 23 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data ad 95 42 f3 6d e5 d6 bb b0 67 6a 84 da 6b 7c 96 | Notify data 0f e2 48 23 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 436 | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #19 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 | parent state #19: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) | Message ID: updating counters for #19 to 0 after switching state | Message ID: recv #19 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 | Message ID: sent #19 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 "east" #19: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=3DES_CBC_192 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 436 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #19) | b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | fa f5 0e d0 64 2b 86 2a de 62 a4 8f 0a 1e 9d 69 | a3 44 88 71 80 da 05 5e 56 e2 27 84 fe b0 ee 09 | a7 2e d8 47 f0 7c 5f fc d3 d4 0a cd 6f 55 89 12 | 9d 99 1b 65 a7 53 90 ff 0a 4e 75 44 43 07 fa 99 | 0a ec 25 e8 28 86 7d 68 36 25 3d a6 af 85 f9 e4 | 54 c5 39 08 4a 5a 93 38 cf 35 81 99 ea 7a 98 5c | 59 99 27 f0 16 dc b1 e1 c2 06 34 b2 39 2b 19 f8 | 89 4b 07 35 04 07 ba ec 5e 3f d7 db d8 0c 4c c0 | 7c 72 87 e8 78 f5 bf b4 e1 77 56 58 37 c7 0f 71 | f2 9c 53 93 ed bc 8c a1 37 f8 3e 0b 24 78 15 4e | 3d da a5 5e 54 ea 2c 7c 19 ee e8 02 20 0e be 33 | f8 4c 9c 7f 6e 5b 5d 70 18 5a f7 0a 19 c3 fb 13 | fd 31 c9 94 07 60 4e 19 f9 66 cc 06 4a 33 f3 cf | f7 19 d4 d3 66 f7 6c 87 15 b8 0d 82 cd 73 cf b8 | 51 ec fd 31 44 c7 a3 52 03 4a 32 f4 9f 61 76 79 | c1 ad b0 c6 7a 53 8d e5 a4 d4 d4 d4 73 75 6f af | 29 00 00 24 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d | 63 21 66 52 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 | 9a 54 db b9 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 3e 47 fc 3b c5 a7 32 0a 39 a5 ba 05 | 71 1d 70 9c d1 72 db 45 00 00 00 1c 00 00 40 05 | ad 95 42 f3 6d e5 d6 bb b0 67 6a 84 da 6b 7c 96 | 0f e2 48 23 | state #19 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f49f8007648 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f49f0002b78 | event_schedule: new EVENT_SO_DISCARD-pe@0x7f49f0002b78 | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #19 | libevent_malloc: new ptr-libevent@0x5641ad9465c8 size 128 | resume sending helper answer for #19 suppresed complete_v2_state_transition() | #19 spent 0.477 milliseconds in resume sending helper answer | stop processing: state #19 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f49ec004f28 | spent 0.00323 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 196 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | 25 88 ec bc 4c 66 ec 38 90 2b d1 e6 90 6b 66 69 | ab ff d9 18 31 7a ba e9 b8 05 69 db 9c 39 8a a1 | 63 05 9b 04 45 57 97 2c 4e 1a 73 4a d7 2e 04 b8 | a3 86 a1 cb 0d 2c c4 50 fe cf 61 47 03 ce 1c 57 | f9 4d 7e 4c 13 01 c3 6b 33 a9 44 41 0a 2c 20 fe | 2b 9a fb 0b c0 86 91 b9 31 0d 43 b3 8b f1 30 c9 | 6d 31 02 19 a6 03 e5 3d 38 45 4a d4 53 4e 29 16 | 8b 7e be 1b 64 a0 27 30 76 93 25 ca 5f d5 4e bc | 0f e2 27 04 c1 86 3d d7 d6 f8 29 01 cc ca 5b 11 | 25 81 dd 48 b3 ed 52 d0 b3 1a 14 2a 86 e2 0a d9 | 56 5a 00 92 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | b4 9f d5 a5 56 78 42 52 | responder cookie: | 64 8b 3f f5 9a 68 9d 5a | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 196 (0xc4) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request | State DB: found IKEv2 state #19 in PARENT_R1 (find_v2_ike_sa) | start processing: state #19 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #19 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 | Message ID: #19 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 168 (0xa8) | processing payload: ISAKMP_NEXT_v2SK (len=164) | Message ID: start-responder #19 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 | #19 in state PARENT_R1: received v2I1, sent v2R1 | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request (no SKEYSEED) | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=3DES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f49ec007848: transferring ownership from state #19 to helper IKEv2 DH | adding ikev2_inI2outR2 KE work-order 12 for state #19 | state #19 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x5641ad9465c8 | free_event_entry: release EVENT_SO_DISCARD-pe@0x7f49f0002b78 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f49f0002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #19 | libevent_malloc: new ptr-libevent@0x7f49ec004f28 size 128 | #19 spent 0.0337 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | crypto helper 5 resuming | #19 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND | suspending state #19 and saving MD | #19 is busy; has a suspended MD | crypto helper 5 starting work-order 12 for state #19 | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) | "east" #19 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | crypto helper 5 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 12 | stop processing: state #19 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | peer's g: 3d a9 d4 a5 ad a5 e8 ca 0b e2 52 49 47 80 7b a7 | peer's g: 09 cb d8 3a 4e 27 02 45 21 49 c3 14 60 7b 6e bb | peer's g: 49 9e 8e 22 28 54 d8 85 f6 c9 5f dc 83 02 0e 75 | peer's g: c3 f8 e0 4f 65 ba 84 c2 be cb 40 dd a3 57 c3 c2 | peer's g: cd 6e 29 15 f5 6a 43 69 3f a8 54 15 ad 13 7a fe | peer's g: ba a6 9f c5 0b 71 ea 0e 8c 6c b8 e5 71 f1 7d 2d | peer's g: f7 d1 95 a6 2a 86 75 82 96 b6 7f 98 70 72 38 08 | peer's g: 03 52 58 07 8c be 3f c6 a2 fe 56 58 31 f6 1f 3f | peer's g: ec 50 9f 96 8e a2 b8 d4 f4 95 67 b0 10 3a a5 c4 | peer's g: db 9a 55 b3 4f bb 32 25 7d f7 d6 a6 de 24 7d 29 | peer's g: 91 44 57 1d 5d a5 db 2d 8a 3c 9e f8 0e 98 b4 ec | peer's g: 89 25 81 28 68 fd 6d 40 6f 29 88 30 91 89 06 78 | peer's g: cd ab 67 b0 f8 52 88 d4 68 7c 78 03 0f af fc 24 | peer's g: 5e bf d8 4b 98 8c 91 e1 0a bc c0 bd e3 35 32 85 | peer's g: 03 b5 66 6e c2 93 71 9f 59 5a dd 99 f0 e7 de 56 | peer's g: 7e cf 2e f2 93 22 7a dc 86 e3 fc 80 8b 8f 18 94 | #19 spent 0.173 milliseconds in ikev2_process_packet() | Started DH shared-secret computation in NSS: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.211 milliseconds in comm_handle_cb() reading and processing packet | new : g_ir-key@0x7f49e400b980 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f49ec007848: computed shared DH secret key@0x7f49e400b980 | dh-shared : g^ir-key@0x7f49e400b980 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=24 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x5641ad91a2b8 (length 64) | 7e ef df b9 e6 c0 95 b6 35 29 54 b9 ca 10 f9 27 | df af 2b 9d e8 b2 43 e8 cb eb 84 20 d3 7e 8c ca | 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d 63 21 66 52 | 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 9a 54 db b9 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a036cc6e0 | result: Ni | Nr-key@0x5641ad9469b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x5641ad9469b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a036cc6c8 | result: Ni | Nr-key@0x5641ad93d070 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x5641ad9469b0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f49f0003b00 from Ni | Nr-key@0x5641ad93d070 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f49f0003b00 from Ni | Nr-key@0x5641ad93d070 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x5641ad93d070 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f49f0001658 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x7f49e400b980 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x7f49e400b980 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x7f49e400b980 | nss hmac digest hack: symkey-key@0x7f49e400b980 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)-1398808382: 9d d3 e4 2a 88 ba 90 dc 64 00 bd ec 80 c1 04 36 8f c4 c5 79 ac ba 63 11 17 87 fd 52 42 2f aa 8b 21 fd 4a a1 d8 c9 89 c6 e8 be 7b e5 a0 44 33 17 a8 f7 e1 01 a2 ae aa 69 14 88 ba 0c 98 64 a5 a2 b7 72 ec be db f7 ee 6e 7d dc e2 8f 26 20 16 5e 09 81 73 3e 54 28 17 07 82 bc 57 ab 56 5c 1d ab 1c a8 0d 6c f8 52 ac 87 ec 01 09 bc f2 c2 0a 9f 97 a4 f3 79 32 1c 16 7b ab 77 c8 8a e9 2c 43 0c e2 da eb 29 39 c9 6a f8 48 11 28 bf 8f 34 94 70 38 51 42 a2 21 bd 6b 23 96 85 2f d6 b2 9f ed 4a 25 e3 c3 90 8e 4b 31 47 0a 43 0f c4 c1 cd 6c e5 1c 75 4f 68 30 94 af aa 77 87 30 b2 c7 df 7e 3e f7 7d 8e bd 38 73 df cb 1a f2 8a 5a 8d 56 91 24 b4 05 ef a6 ff 9d ae 23 ef d5 8b 3a 6e 49 24 28 f3 45 95 a5 7b 57 d8 3a cb 5a bf 88 79 2c da 54 79 7c 51 74 86 8f a3 91 29 59 17 78 96 eb f5 75 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 256 bytes at 0x7f49f00045a8 | unwrapped: 0f 96 14 f4 55 71 a9 3c 29 1e a7 4e b7 58 6c 3d | unwrapped: 7d c2 67 34 84 32 09 5d f5 73 12 ea e3 9d ae 73 | unwrapped: e3 18 70 35 fa 6f 9f 41 ae 57 26 5c 9a 6c b8 2d | unwrapped: 8b ef 30 2f e5 b1 dd 17 b0 e0 09 2f 6a 9c d7 78 | unwrapped: 82 5d 70 f9 90 8f 26 5a b6 09 ce d4 3e ec 18 fd | unwrapped: f5 c1 d5 8d fe ff bd 96 ab b5 18 76 8d 63 75 cc | unwrapped: e3 85 db 98 d9 77 a4 8c a6 52 21 b0 a8 90 ff ae | unwrapped: e5 b2 fe 60 0e 01 99 5f 23 2b 14 4e 67 49 bc 84 | unwrapped: 23 96 2a 8c ff 3c c2 64 23 10 4d ec dd e5 fd 90 | unwrapped: 3a 8e 40 6b ad cb b0 20 93 fc 74 35 e7 4b c9 54 | unwrapped: be d4 70 fb 7e 3d 6c 3d 99 2f ad cd b9 e3 cd 97 | unwrapped: 1c a7 d5 5b af 6d e9 30 46 b1 bf e6 12 71 24 f7 | unwrapped: 5e 63 89 f4 75 85 b9 8b e2 6d 6e a1 99 4b 53 68 | unwrapped: 0f 99 5e 4d c4 8c 9f 35 27 3d 8f d6 d7 e0 68 de | unwrapped: b4 8e 5d 18 9d 27 39 4e 05 83 33 e0 83 23 6a 58 | unwrapped: 24 20 8f 8a 67 6a 43 3d 27 44 c8 a6 7e 88 8a f8 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a036cc700 | result: final-key@0x5641ad9469b0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad9469b0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a036cc6e8 | result: final-key@0x5641ad93d070 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad9469b0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x5641ad93d070 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x5641ad93d070 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a036cc670 | result: data=Ni-key@0x5641ad9373d0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x5641ad9373d0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a036cc658 | result: data=Ni-key@0x5641ad9469b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x5641ad9373d0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad9469b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f4a036cc660 | result: data+=Nr-key@0x5641ad9373d0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5641ad9469b0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad9373d0 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f4a036cc660 | result: data+=SPIi-key@0x5641ad9469b0 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5641ad9373d0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad9469b0 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f4a036cc660 | result: data+=SPIr-key@0x5641ad9373d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5641ad9469b0 | prf+0 PRF sha init key-key@0x5641ad93d070 (size 20) | prf+0: key-key@0x5641ad93d070 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad93d070 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a036cc588 | result: clone-key@0x5641ad9469b0 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f49f0003b00 from key-key@0x5641ad9469b0 | prf+0 prf: begin sha with context 0x7f49f0003b00 from key-key@0x5641ad9469b0 | prf+0: release clone-key@0x5641ad9469b0 | prf+0 PRF sha crypt-prf@0x7f49f0002168 | prf+0 PRF sha update seed-key@0x5641ad9373d0 (size 80) | prf+0: seed-key@0x5641ad9373d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad9373d0 | nss hmac digest hack: symkey-key@0x5641ad9373d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: 36 18 49 93 00 8c ad e3 00 c8 eb aa 57 6a 63 ca 0b 78 fc d6 76 c9 35 ea 18 df 2d 13 a6 6c 6c 6b 40 9b c6 8e ec 0e c9 45 29 25 65 d9 98 e0 6a 72 e3 f1 f4 cd 5f 02 03 70 07 9e d4 1a 9e f8 85 64 af 94 c2 ae 35 94 60 19 ef 0d cc b8 5b b5 10 ed | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49f0008498 | unwrapped: 7e ef df b9 e6 c0 95 b6 35 29 54 b9 ca 10 f9 27 | unwrapped: df af 2b 9d e8 b2 43 e8 cb eb 84 20 d3 7e 8c ca | unwrapped: 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d 63 21 66 52 | unwrapped: 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 9a 54 db b9 | unwrapped: b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a036cc590 | result: final-key@0x5641ad949c80 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad949c80 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a036cc578 | result: final-key@0x5641ad9469b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad949c80 | prf+0 PRF sha final-key@0x5641ad9469b0 (size 20) | prf+0: key-key@0x5641ad9469b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x5641ad9469b0 | prf+N PRF sha init key-key@0x5641ad93d070 (size 20) | prf+N: key-key@0x5641ad93d070 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad93d070 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a036cc588 | result: clone-key@0x5641ad949c80 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49f0003b00 from key-key@0x5641ad949c80 | prf+N prf: begin sha with context 0x7f49f0003b00 from key-key@0x5641ad949c80 | prf+N: release clone-key@0x5641ad949c80 | prf+N PRF sha crypt-prf@0x7f49f00048d8 | prf+N PRF sha update old_t-key@0x5641ad9469b0 (size 20) | prf+N: old_t-key@0x5641ad9469b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad9469b0 | nss hmac digest hack: symkey-key@0x5641ad9469b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 30 cc 8d 10 4f 12 71 2d 7c ed 89 19 85 a2 3a 6c 82 77 7b 32 95 bf 1a 11 71 40 27 e6 e7 12 4e c0 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49f0001278 | unwrapped: 21 62 c5 27 5b d5 06 c1 31 f9 1f 13 9a f0 27 32 | unwrapped: 75 04 40 d5 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad9373d0 (size 80) | prf+N: seed-key@0x5641ad9373d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad9373d0 | nss hmac digest hack: symkey-key@0x5641ad9373d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: 36 18 49 93 00 8c ad e3 00 c8 eb aa 57 6a 63 ca 0b 78 fc d6 76 c9 35 ea 18 df 2d 13 a6 6c 6c 6b 40 9b c6 8e ec 0e c9 45 29 25 65 d9 98 e0 6a 72 e3 f1 f4 cd 5f 02 03 70 07 9e d4 1a 9e f8 85 64 af 94 c2 ae 35 94 60 19 ef 0d cc b8 5b b5 10 ed | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49f0001b08 | unwrapped: 7e ef df b9 e6 c0 95 b6 35 29 54 b9 ca 10 f9 27 | unwrapped: df af 2b 9d e8 b2 43 e8 cb eb 84 20 d3 7e 8c ca | unwrapped: 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d 63 21 66 52 | unwrapped: 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 9a 54 db b9 | unwrapped: b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a036cc590 | result: final-key@0x7f49f0004900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49f0004900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a036cc578 | result: final-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f49f0004900 | prf+N PRF sha final-key@0x5641ad949c80 (size 20) | prf+N: key-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad9469b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a036cc608 | result: result-key@0x7f49f0004900 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5641ad9469b0 | prfplus: release old_t[N]-key@0x5641ad9469b0 | prf+N PRF sha init key-key@0x5641ad93d070 (size 20) | prf+N: key-key@0x5641ad93d070 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad93d070 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a036cc588 | result: clone-key@0x5641ad9469b0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49f0003b00 from key-key@0x5641ad9469b0 | prf+N prf: begin sha with context 0x7f49f0003b00 from key-key@0x5641ad9469b0 | prf+N: release clone-key@0x5641ad9469b0 | prf+N PRF sha crypt-prf@0x7f49f0002168 | prf+N PRF sha update old_t-key@0x5641ad949c80 (size 20) | prf+N: old_t-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad949c80 | nss hmac digest hack: symkey-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 2f e6 2c c3 9b a5 60 c4 cd c1 ee b8 1d 58 2e cb 6f cf d0 7d 08 50 9c ad 5e b2 38 df c6 9d 9f bc | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49f0001658 | unwrapped: 14 09 11 41 00 e2 80 77 0e e3 de 66 c4 fd 47 a6 | unwrapped: d9 51 e8 21 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad9373d0 (size 80) | prf+N: seed-key@0x5641ad9373d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad9373d0 | nss hmac digest hack: symkey-key@0x5641ad9373d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: 36 18 49 93 00 8c ad e3 00 c8 eb aa 57 6a 63 ca 0b 78 fc d6 76 c9 35 ea 18 df 2d 13 a6 6c 6c 6b 40 9b c6 8e ec 0e c9 45 29 25 65 d9 98 e0 6a 72 e3 f1 f4 cd 5f 02 03 70 07 9e d4 1a 9e f8 85 64 af 94 c2 ae 35 94 60 19 ef 0d cc b8 5b b5 10 ed | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49f0008498 | unwrapped: 7e ef df b9 e6 c0 95 b6 35 29 54 b9 ca 10 f9 27 | unwrapped: df af 2b 9d e8 b2 43 e8 cb eb 84 20 d3 7e 8c ca | unwrapped: 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d 63 21 66 52 | unwrapped: 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 9a 54 db b9 | unwrapped: b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a036cc590 | result: final-key@0x7f49f000a2d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49f000a2d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a036cc578 | result: final-key@0x5641ad9469b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f49f000a2d0 | prf+N PRF sha final-key@0x5641ad9469b0 (size 20) | prf+N: key-key@0x5641ad9469b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f49f0004900 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a036cc608 | result: result-key@0x7f49f000a2d0 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f49f0004900 | prfplus: release old_t[N]-key@0x5641ad949c80 | prf+N PRF sha init key-key@0x5641ad93d070 (size 20) | prf+N: key-key@0x5641ad93d070 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad93d070 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a036cc588 | result: clone-key@0x5641ad949c80 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49f0003b00 from key-key@0x5641ad949c80 | prf+N prf: begin sha with context 0x7f49f0003b00 from key-key@0x5641ad949c80 | prf+N: release clone-key@0x5641ad949c80 | prf+N PRF sha crypt-prf@0x7f49f0001278 | prf+N PRF sha update old_t-key@0x5641ad9469b0 (size 20) | prf+N: old_t-key@0x5641ad9469b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad9469b0 | nss hmac digest hack: symkey-key@0x5641ad9469b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 2c 3a 2f f5 44 87 ee f9 ff 42 60 27 42 96 a0 19 e4 f0 e5 af 27 eb f9 9c fe a8 79 89 c4 1b 64 62 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49f000c028 | unwrapped: ad cf 84 17 0d 44 ef b8 9e 15 d0 80 63 46 15 e7 | unwrapped: cd 62 bb 9d 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad9373d0 (size 80) | prf+N: seed-key@0x5641ad9373d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad9373d0 | nss hmac digest hack: symkey-key@0x5641ad9373d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: 36 18 49 93 00 8c ad e3 00 c8 eb aa 57 6a 63 ca 0b 78 fc d6 76 c9 35 ea 18 df 2d 13 a6 6c 6c 6b 40 9b c6 8e ec 0e c9 45 29 25 65 d9 98 e0 6a 72 e3 f1 f4 cd 5f 02 03 70 07 9e d4 1a 9e f8 85 64 af 94 c2 ae 35 94 60 19 ef 0d cc b8 5b b5 10 ed | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49f0001b08 | unwrapped: 7e ef df b9 e6 c0 95 b6 35 29 54 b9 ca 10 f9 27 | unwrapped: df af 2b 9d e8 b2 43 e8 cb eb 84 20 d3 7e 8c ca | unwrapped: 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d 63 21 66 52 | unwrapped: 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 9a 54 db b9 | unwrapped: b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a036cc590 | result: final-key@0x7f49f0004900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49f0004900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a036cc578 | result: final-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f49f0004900 | prf+N PRF sha final-key@0x5641ad949c80 (size 20) | prf+N: key-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f49f000a2d0 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a036cc608 | result: result-key@0x7f49f0004900 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f49f000a2d0 | prfplus: release old_t[N]-key@0x5641ad9469b0 | prf+N PRF sha init key-key@0x5641ad93d070 (size 20) | prf+N: key-key@0x5641ad93d070 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad93d070 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a036cc588 | result: clone-key@0x5641ad9469b0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49f0003b00 from key-key@0x5641ad9469b0 | prf+N prf: begin sha with context 0x7f49f0003b00 from key-key@0x5641ad9469b0 | prf+N: release clone-key@0x5641ad9469b0 | prf+N PRF sha crypt-prf@0x7f49f00048d8 | prf+N PRF sha update old_t-key@0x5641ad949c80 (size 20) | prf+N: old_t-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad949c80 | nss hmac digest hack: symkey-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 8c e0 da 8b cc eb 5c e6 6d 22 a7 2d 0a 48 53 5e eb c9 10 28 49 09 67 c4 3c 55 01 44 96 ac 4d 38 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49f0001658 | unwrapped: 1c ef 83 61 4b 4c a5 70 2a 74 5b 4c 97 1b 83 b9 | unwrapped: ac 66 24 12 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad9373d0 (size 80) | prf+N: seed-key@0x5641ad9373d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad9373d0 | nss hmac digest hack: symkey-key@0x5641ad9373d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: 36 18 49 93 00 8c ad e3 00 c8 eb aa 57 6a 63 ca 0b 78 fc d6 76 c9 35 ea 18 df 2d 13 a6 6c 6c 6b 40 9b c6 8e ec 0e c9 45 29 25 65 d9 98 e0 6a 72 e3 f1 f4 cd 5f 02 03 70 07 9e d4 1a 9e f8 85 64 af 94 c2 ae 35 94 60 19 ef 0d cc b8 5b b5 10 ed | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49f0008498 | unwrapped: 7e ef df b9 e6 c0 95 b6 35 29 54 b9 ca 10 f9 27 | unwrapped: df af 2b 9d e8 b2 43 e8 cb eb 84 20 d3 7e 8c ca | unwrapped: 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d 63 21 66 52 | unwrapped: 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 9a 54 db b9 | unwrapped: b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a036cc590 | result: final-key@0x7f49f000a2d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49f000a2d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a036cc578 | result: final-key@0x5641ad9469b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f49f000a2d0 | prf+N PRF sha final-key@0x5641ad9469b0 (size 20) | prf+N: key-key@0x5641ad9469b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f49f0004900 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a036cc608 | result: result-key@0x7f49f000a2d0 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f49f0004900 | prfplus: release old_t[N]-key@0x5641ad949c80 | prf+N PRF sha init key-key@0x5641ad93d070 (size 20) | prf+N: key-key@0x5641ad93d070 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad93d070 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a036cc588 | result: clone-key@0x5641ad949c80 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x5641ad91a290 from key-key@0x5641ad949c80 | prf+N prf: begin sha with context 0x5641ad91a290 from key-key@0x5641ad949c80 | prf+N: release clone-key@0x5641ad949c80 | prf+N PRF sha crypt-prf@0x7f49f0002168 | prf+N PRF sha update old_t-key@0x5641ad9469b0 (size 20) | prf+N: old_t-key@0x5641ad9469b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad9469b0 | nss hmac digest hack: symkey-key@0x5641ad9469b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: eb d8 57 eb 5f e3 ab 8d 4f b8 aa d5 18 1b c9 4f e0 cb 0a cd e5 6b e5 c0 31 08 62 fc 3f f8 91 7b | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49f0001278 | unwrapped: ae f6 db a9 b9 27 7c 45 d8 01 4e 88 0c 3f 2c fb | unwrapped: ed fb eb 69 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad9373d0 (size 80) | prf+N: seed-key@0x5641ad9373d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad9373d0 | nss hmac digest hack: symkey-key@0x5641ad9373d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: 36 18 49 93 00 8c ad e3 00 c8 eb aa 57 6a 63 ca 0b 78 fc d6 76 c9 35 ea 18 df 2d 13 a6 6c 6c 6b 40 9b c6 8e ec 0e c9 45 29 25 65 d9 98 e0 6a 72 e3 f1 f4 cd 5f 02 03 70 07 9e d4 1a 9e f8 85 64 af 94 c2 ae 35 94 60 19 ef 0d cc b8 5b b5 10 ed | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49f0001b08 | unwrapped: 7e ef df b9 e6 c0 95 b6 35 29 54 b9 ca 10 f9 27 | unwrapped: df af 2b 9d e8 b2 43 e8 cb eb 84 20 d3 7e 8c ca | unwrapped: 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d 63 21 66 52 | unwrapped: 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 9a 54 db b9 | unwrapped: b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a036cc590 | result: final-key@0x7f49f0004900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49f0004900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a036cc578 | result: final-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f49f0004900 | prf+N PRF sha final-key@0x5641ad949c80 (size 20) | prf+N: key-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f49f000a2d0 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a036cc608 | result: result-key@0x7f49f0004900 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f49f000a2d0 | prfplus: release old_t[N]-key@0x5641ad9469b0 | prf+N PRF sha init key-key@0x5641ad93d070 (size 20) | prf+N: key-key@0x5641ad93d070 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad93d070 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a036cc588 | result: clone-key@0x5641ad9469b0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49f0003b00 from key-key@0x5641ad9469b0 | prf+N prf: begin sha with context 0x7f49f0003b00 from key-key@0x5641ad9469b0 | prf+N: release clone-key@0x5641ad9469b0 | prf+N PRF sha crypt-prf@0x7f49f00048d8 | prf+N PRF sha update old_t-key@0x5641ad949c80 (size 20) | prf+N: old_t-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad949c80 | nss hmac digest hack: symkey-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: b1 57 cb 84 74 bf 1c 52 36 fe 13 6c 78 f5 b9 b4 00 2f 74 c2 55 9a cb ee 9b 3f e5 f3 4c ce 57 e1 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49f0001658 | unwrapped: 67 14 4f d9 4c 47 8f 22 4f c4 fd 0a 09 18 1f a7 | unwrapped: bc 63 59 ad 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad9373d0 (size 80) | prf+N: seed-key@0x5641ad9373d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad9373d0 | nss hmac digest hack: symkey-key@0x5641ad9373d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: 36 18 49 93 00 8c ad e3 00 c8 eb aa 57 6a 63 ca 0b 78 fc d6 76 c9 35 ea 18 df 2d 13 a6 6c 6c 6b 40 9b c6 8e ec 0e c9 45 29 25 65 d9 98 e0 6a 72 e3 f1 f4 cd 5f 02 03 70 07 9e d4 1a 9e f8 85 64 af 94 c2 ae 35 94 60 19 ef 0d cc b8 5b b5 10 ed | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49f000c608 | unwrapped: 7e ef df b9 e6 c0 95 b6 35 29 54 b9 ca 10 f9 27 | unwrapped: df af 2b 9d e8 b2 43 e8 cb eb 84 20 d3 7e 8c ca | unwrapped: 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d 63 21 66 52 | unwrapped: 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 9a 54 db b9 | unwrapped: b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a036cc590 | result: final-key@0x7f49f000a2d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49f000a2d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a036cc578 | result: final-key@0x5641ad9469b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f49f000a2d0 | prf+N PRF sha final-key@0x5641ad9469b0 (size 20) | prf+N: key-key@0x5641ad9469b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f49f0004900 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a036cc608 | result: result-key@0x7f49f000a2d0 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f49f0004900 | prfplus: release old_t[N]-key@0x5641ad949c80 | prf+N PRF sha init key-key@0x5641ad93d070 (size 20) | prf+N: key-key@0x5641ad93d070 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad93d070 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a036cc588 | result: clone-key@0x5641ad949c80 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49f0003b00 from key-key@0x5641ad949c80 | prf+N prf: begin sha with context 0x7f49f0003b00 from key-key@0x5641ad949c80 | prf+N: release clone-key@0x5641ad949c80 | prf+N PRF sha crypt-prf@0x7f49f0002168 | prf+N PRF sha update old_t-key@0x5641ad9469b0 (size 20) | prf+N: old_t-key@0x5641ad9469b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad9469b0 | nss hmac digest hack: symkey-key@0x5641ad9469b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 89 13 6e 76 df 83 b8 e7 9b 6f 59 2d 5d 42 e1 a0 fb 25 d0 20 c4 e7 14 f1 68 7c be d2 59 04 9b cb | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49f0001278 | unwrapped: a7 f5 e8 ea f4 9c ee f7 85 ee df 21 7b 63 a3 ca | unwrapped: 7b 9f 66 2e 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad9373d0 (size 80) | prf+N: seed-key@0x5641ad9373d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad9373d0 | nss hmac digest hack: symkey-key@0x5641ad9373d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: 36 18 49 93 00 8c ad e3 00 c8 eb aa 57 6a 63 ca 0b 78 fc d6 76 c9 35 ea 18 df 2d 13 a6 6c 6c 6b 40 9b c6 8e ec 0e c9 45 29 25 65 d9 98 e0 6a 72 e3 f1 f4 cd 5f 02 03 70 07 9e d4 1a 9e f8 85 64 af 94 c2 ae 35 94 60 19 ef 0d cc b8 5b b5 10 ed | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49f0008498 | unwrapped: 7e ef df b9 e6 c0 95 b6 35 29 54 b9 ca 10 f9 27 | unwrapped: df af 2b 9d e8 b2 43 e8 cb eb 84 20 d3 7e 8c ca | unwrapped: 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d 63 21 66 52 | unwrapped: 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 9a 54 db b9 | unwrapped: b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | prf+N PRF sha update N++-byte@0x8 (8) | 08 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a036cc590 | result: final-key@0x7f49f0004900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49f0004900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a036cc578 | result: final-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f49f0004900 | prf+N PRF sha final-key@0x5641ad949c80 (size 20) | prf+N: key-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f49f000a2d0 (140-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a036cc608 | result: result-key@0x7f49f0004900 (160-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f49f000a2d0 | prfplus: release old_t[N]-key@0x5641ad9469b0 | prfplus: release old_t[final]-key@0x5641ad949c80 | ike_sa_keymat: release data-key@0x5641ad9373d0 | calc_skeyseed_v2: release skeyseed_k-key@0x5641ad93d070 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49f0004900 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a036cc7a8 | result: result-key@0x5641ad93d070 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49f0004900 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a036cc7a8 | result: result-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49f0004900 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a036cc7a8 | result: result-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: DES3_CBC | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x7f49f0004900 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a036cc7b8 | result: SK_ei_k-key@0x5641ad9469b0 (24-bytes, DES3_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 84, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: DES3_CBC | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x7f49f0004900 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a036cc7b8 | result: SK_er_k-key@0x7f49f000a2d0 (24-bytes, DES3_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 108, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49f0004900 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a036cc7b8 | result: result-key@0x7f49f000c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x7f49f000c660 | chunk_SK_pi: symkey-key@0x7f49f000c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: 06 62 ec 67 cb 09 f2 8b bb 48 fd f2 e7 2a 44 45 e4 d3 85 b5 0e 98 1e d3 2d 3e fe 47 30 e5 0c 92 | chunk_SK_pi: release slot-key-key@0x5641ad91fd40 | chunk_SK_pi extracted len 32 bytes at 0x7f49f00048d8 | unwrapped: 4f c4 fd 0a 09 18 1f a7 bc 63 59 ad a7 f5 e8 ea | unwrapped: f4 9c ee f7 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 128, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49f0004900 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a036cc7b8 | result: result-key@0x7f49f000c6f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x7f49f000c6f0 | chunk_SK_pr: symkey-key@0x7f49f000c6f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: 9b dd 22 a2 fb d3 c9 f1 84 27 37 c8 57 27 39 8f 13 3f fa e9 6a 4d 9e 85 a1 5e 46 52 0d 82 6f 00 | chunk_SK_pr: release slot-key-key@0x5641ad91fd40 | chunk_SK_pr extracted len 32 bytes at 0x7f49f0001278 | unwrapped: 85 ee df 21 7b 63 a3 ca 7b 9f 66 2e aa ea bc cd | unwrapped: 15 d1 52 60 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x7f49f0004900 | calc_skeyseed_v2 pointers: shared-key@0x7f49e400b980, SK_d-key@0x5641ad93d070, SK_ai-key@0x5641ad9373d0, SK_ar-key@0x5641ad949c80, SK_ei-key@0x5641ad9469b0, SK_er-key@0x7f49f000a2d0, SK_pi-key@0x7f49f000c660, SK_pr-key@0x7f49f000c6f0 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | 4f c4 fd 0a 09 18 1f a7 bc 63 59 ad a7 f5 e8 ea | f4 9c ee f7 | calc_skeyseed_v2 SK_pr | 85 ee df 21 7b 63 a3 ca 7b 9f 66 2e aa ea bc cd | 15 d1 52 60 | crypto helper 5 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 12 time elapsed 0.003272 seconds | (#19) spent 3.25 milliseconds in crypto helper computing work-order 12: ikev2_inI2outR2 KE (pcr) | crypto helper 5 sending results from work-order 12 for state #19 to event queue | scheduling resume sending helper answer for #19 | libevent_malloc: new ptr-libevent@0x7f49f000f588 size 128 | crypto helper 5 waiting (nothing to do) | processing resume sending helper answer for #19 | start processing: state #19 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 5 replies to request ID 12 | calling continuation function 0x5641ac982b50 | ikev2_parent_inI2outR2_continue for #19: calculating g^{xy}, sending R2 | DH secret MODP2048@0x7f49ec007848: transferring ownership from helper IKEv2 DH to state #19 | finish_dh_v2: release st_shared_nss-key@NULL | #19 in state PARENT_R1: received v2I1, sent v2R1 | hmac PRF sha init symkey-key@0x5641ad9373d0 (size 20) | hmac: symkey-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b1ab8 | result: clone-key@0x7f49f0004900 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49fc002b50 from symkey-key@0x7f49f0004900 | hmac prf: begin sha with context 0x7f49fc002b50 from symkey-key@0x7f49f0004900 | hmac: release clone-key@0x7f49f0004900 | hmac PRF sha crypt-prf@0x5641ad940ff8 | hmac PRF sha update data-bytes@0x5641ad8cb328 (length 184) | b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | 25 88 ec bc 4c 66 ec 38 90 2b d1 e6 90 6b 66 69 | ab ff d9 18 31 7a ba e9 b8 05 69 db 9c 39 8a a1 | 63 05 9b 04 45 57 97 2c 4e 1a 73 4a d7 2e 04 b8 | a3 86 a1 cb 0d 2c c4 50 fe cf 61 47 03 ce 1c 57 | f9 4d 7e 4c 13 01 c3 6b 33 a9 44 41 0a 2c 20 fe | 2b 9a fb 0b c0 86 91 b9 31 0d 43 b3 8b f1 30 c9 | 6d 31 02 19 a6 03 e5 3d 38 45 4a d4 53 4e 29 16 | 8b 7e be 1b 64 a0 27 30 76 93 25 ca 5f d5 4e bc | 0f e2 27 04 c1 86 3d d7 d6 f8 29 01 cc ca 5b 11 | 25 81 dd 48 b3 ed 52 d0 | hmac PRF sha final-bytes@0x7fff837b1c80 (length 20) | b3 1a 14 2a 86 e2 0a d9 56 5a 00 92 31 67 1d a8 | c7 39 b4 3d | data for hmac: b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | data for hmac: 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | data for hmac: 25 88 ec bc 4c 66 ec 38 90 2b d1 e6 90 6b 66 69 | data for hmac: ab ff d9 18 31 7a ba e9 b8 05 69 db 9c 39 8a a1 | data for hmac: 63 05 9b 04 45 57 97 2c 4e 1a 73 4a d7 2e 04 b8 | data for hmac: a3 86 a1 cb 0d 2c c4 50 fe cf 61 47 03 ce 1c 57 | data for hmac: f9 4d 7e 4c 13 01 c3 6b 33 a9 44 41 0a 2c 20 fe | data for hmac: 2b 9a fb 0b c0 86 91 b9 31 0d 43 b3 8b f1 30 c9 | data for hmac: 6d 31 02 19 a6 03 e5 3d 38 45 4a d4 53 4e 29 16 | data for hmac: 8b 7e be 1b 64 a0 27 30 76 93 25 ca 5f d5 4e bc | data for hmac: 0f e2 27 04 c1 86 3d d7 d6 f8 29 01 cc ca 5b 11 | data for hmac: 25 81 dd 48 b3 ed 52 d0 | calculated auth: b3 1a 14 2a 86 e2 0a d9 56 5a 00 92 | provided auth: b3 1a 14 2a 86 e2 0a d9 56 5a 00 92 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 25 88 ec bc 4c 66 ec 38 | payload before decryption: | 90 2b d1 e6 90 6b 66 69 ab ff d9 18 31 7a ba e9 | b8 05 69 db 9c 39 8a a1 63 05 9b 04 45 57 97 2c | 4e 1a 73 4a d7 2e 04 b8 a3 86 a1 cb 0d 2c c4 50 | fe cf 61 47 03 ce 1c 57 f9 4d 7e 4c 13 01 c3 6b | 33 a9 44 41 0a 2c 20 fe 2b 9a fb 0b c0 86 91 b9 | 31 0d 43 b3 8b f1 30 c9 6d 31 02 19 a6 03 e5 3d | 38 45 4a d4 53 4e 29 16 8b 7e be 1b 64 a0 27 30 | 76 93 25 ca 5f d5 4e bc 0f e2 27 04 c1 86 3d d7 | d6 f8 29 01 cc ca 5b 11 25 81 dd 48 b3 ed 52 d0 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | payload after decryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | be 85 ef f0 bd eb 28 ff 5e dc 07 4c db 3a cb 3d | 9f 84 c2 d3 2c 00 00 28 00 00 00 24 01 03 04 03 | 8e c9 8d 3f 03 00 00 08 01 00 00 03 03 00 00 08 | 03 00 00 02 00 00 00 08 05 00 00 00 2d 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 01 00 | c0 00 01 ff 00 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 02 00 c0 00 02 ff 00 01 02 03 | stripping 4 octets as pad | #19 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) | **parse IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDi (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SA (len=36) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Responder: process IKE_AUTH request | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request "east" #19: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} | #19 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | received IDr payload - extracting our alleged ID | refine_host_connection for IKEv2: starting with "east" | match_id a=@west | b=@west | results matched | refine_host_connection: checking "east" against "east", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) | Warning: not switching back to template of current instance | Peer expects us to be @east (ID_FQDN) according to its IDr payload | This connection's local id is @east (ID_FQDN) | refine_host_connection: checked east against east, now for see if best | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x5641ad891c48 (line=1) | concluding with best_match=014 best=0x5641ad891c48 (lineno=1) | returning because exact peer id match | offered CA: '%none' "east" #19: IKEv2 mode peer ID is ID_FQDN: '@west' | hmac PRF sha init symkey-key@0x7f49f000c660 (size 20) | hmac: symkey-key@0x7f49f000c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49f000c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b1538 | result: clone-key@0x7f49f0004900 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49fc002b50 from symkey-key@0x7f49f0004900 | hmac prf: begin sha with context 0x7f49fc002b50 from symkey-key@0x7f49f0004900 | hmac: release clone-key@0x7f49f0004900 | hmac PRF sha crypt-prf@0x5641ad9413c8 | idhash verify I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x5641ad8cb354 (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7fff837b16e0 (length 20) | 27 ad 79 e0 a5 04 a8 3e 08 f7 20 4e de a8 17 2d | a3 bb 02 0f | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x5641ad891c48 (line=1) | concluding with best_match=014 best=0x5641ad891c48 (lineno=1) | inputs to hash1 (first packet) | b4 9f d5 a5 56 78 42 52 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | 3d a9 d4 a5 ad a5 e8 ca 0b e2 52 49 47 80 7b a7 | 09 cb d8 3a 4e 27 02 45 21 49 c3 14 60 7b 6e bb | 49 9e 8e 22 28 54 d8 85 f6 c9 5f dc 83 02 0e 75 | c3 f8 e0 4f 65 ba 84 c2 be cb 40 dd a3 57 c3 c2 | cd 6e 29 15 f5 6a 43 69 3f a8 54 15 ad 13 7a fe | ba a6 9f c5 0b 71 ea 0e 8c 6c b8 e5 71 f1 7d 2d | f7 d1 95 a6 2a 86 75 82 96 b6 7f 98 70 72 38 08 | 03 52 58 07 8c be 3f c6 a2 fe 56 58 31 f6 1f 3f | ec 50 9f 96 8e a2 b8 d4 f4 95 67 b0 10 3a a5 c4 | db 9a 55 b3 4f bb 32 25 7d f7 d6 a6 de 24 7d 29 | 91 44 57 1d 5d a5 db 2d 8a 3c 9e f8 0e 98 b4 ec | 89 25 81 28 68 fd 6d 40 6f 29 88 30 91 89 06 78 | cd ab 67 b0 f8 52 88 d4 68 7c 78 03 0f af fc 24 | 5e bf d8 4b 98 8c 91 e1 0a bc c0 bd e3 35 32 85 | 03 b5 66 6e c2 93 71 9f 59 5a dd 99 f0 e7 de 56 | 7e cf 2e f2 93 22 7a dc 86 e3 fc 80 8b 8f 18 94 | 29 00 00 24 7e ef df b9 e6 c0 95 b6 35 29 54 b9 | ca 10 f9 27 df af 2b 9d e8 b2 43 e8 cb eb 84 20 | d3 7e 8c ca 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 d0 fe 55 3f 51 19 d4 f8 2d c0 7b 7f | 22 c6 c8 96 0a a6 b5 d2 00 00 00 1c 00 00 40 05 | d8 3e 84 3d 45 f6 ac 66 b0 b3 16 7d f1 63 b8 43 | 77 2f 23 62 | verify: initiator inputs to hash2 (responder nonce) | 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d 63 21 66 52 | 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 9a 54 db b9 | idhash 27 ad 79 e0 a5 04 a8 3e 08 f7 20 4e de a8 17 2d | idhash a3 bb 02 0f | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x5641ad91fc98 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b1330 | result: shared secret-key@0x5641ad9465a0 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x5641ad9465a0 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b1318 | result: shared secret-key@0x7f49f0004900 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x5641ad9465a0 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f49fc002b50 from shared secret-key@0x7f49f0004900 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f49fc002b50 from shared secret-key@0x7f49f0004900 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f49f0004900 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x5641ad940ff8 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x5641aca154d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b1350 | result: final-key@0x5641ad9465a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad9465a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b1338 | result: final-key@0x7f49f0004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad9465a0 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f49f0004900 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f49f0004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f49f0004900 (size 20) | = prf(, ): -key@0x7f49f0004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49f0004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b1348 | result: clone-key@0x5641ad9465a0 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f49fc002b50 from -key@0x5641ad9465a0 | = prf(, ) prf: begin sha with context 0x7f49fc002b50 from -key@0x5641ad9465a0 | = prf(, ): release clone-key@0x5641ad9465a0 | = prf(, ) PRF sha crypt-prf@0x5641ad9413c8 | = prf(, ) PRF sha update first-packet-bytes@0x5641ad94c348 (length 436) | b4 9f d5 a5 56 78 42 52 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | 3d a9 d4 a5 ad a5 e8 ca 0b e2 52 49 47 80 7b a7 | 09 cb d8 3a 4e 27 02 45 21 49 c3 14 60 7b 6e bb | 49 9e 8e 22 28 54 d8 85 f6 c9 5f dc 83 02 0e 75 | c3 f8 e0 4f 65 ba 84 c2 be cb 40 dd a3 57 c3 c2 | cd 6e 29 15 f5 6a 43 69 3f a8 54 15 ad 13 7a fe | ba a6 9f c5 0b 71 ea 0e 8c 6c b8 e5 71 f1 7d 2d | f7 d1 95 a6 2a 86 75 82 96 b6 7f 98 70 72 38 08 | 03 52 58 07 8c be 3f c6 a2 fe 56 58 31 f6 1f 3f | ec 50 9f 96 8e a2 b8 d4 f4 95 67 b0 10 3a a5 c4 | db 9a 55 b3 4f bb 32 25 7d f7 d6 a6 de 24 7d 29 | 91 44 57 1d 5d a5 db 2d 8a 3c 9e f8 0e 98 b4 ec | 89 25 81 28 68 fd 6d 40 6f 29 88 30 91 89 06 78 | cd ab 67 b0 f8 52 88 d4 68 7c 78 03 0f af fc 24 | 5e bf d8 4b 98 8c 91 e1 0a bc c0 bd e3 35 32 85 | 03 b5 66 6e c2 93 71 9f 59 5a dd 99 f0 e7 de 56 | 7e cf 2e f2 93 22 7a dc 86 e3 fc 80 8b 8f 18 94 | 29 00 00 24 7e ef df b9 e6 c0 95 b6 35 29 54 b9 | ca 10 f9 27 df af 2b 9d e8 b2 43 e8 cb eb 84 20 | d3 7e 8c ca 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 d0 fe 55 3f 51 19 d4 f8 2d c0 7b 7f | 22 c6 c8 96 0a a6 b5 d2 00 00 00 1c 00 00 40 05 | d8 3e 84 3d 45 f6 ac 66 b0 b3 16 7d f1 63 b8 43 | 77 2f 23 62 | = prf(, ) PRF sha update nonce-bytes@0x7f49ec0030d8 (length 32) | 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d 63 21 66 52 | 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 9a 54 db b9 | = prf(, ) PRF sha update hash-bytes@0x7fff837b16e0 (length 20) | 27 ad 79 e0 a5 04 a8 3e 08 f7 20 4e de a8 17 2d | a3 bb 02 0f | = prf(, ) PRF sha final-chunk@0x5641ad93f908 (length 20) | be 85 ef f0 bd eb 28 ff 5e dc 07 4c db 3a cb 3d | 9f 84 c2 d3 | psk_auth: release prf-psk-key@0x7f49f0004900 | Received PSK auth octets | be 85 ef f0 bd eb 28 ff 5e dc 07 4c db 3a cb 3d | 9f 84 c2 d3 | Calculated PSK auth octets | be 85 ef f0 bd eb 28 ff 5e dc 07 4c db 3a cb 3d | 9f 84 c2 d3 "east" #19: Authenticated using authby=secret | parent state #19: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) | #19 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) | state #19 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f49ec004f28 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f49f0002b78 | event_schedule: new EVENT_SA_REKEY-pe@0x7f49f0002b78 | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #19 | libevent_malloc: new ptr-libevent@0x5641ad948448 size 128 | pstats #19 ikev2.ike established | **emit ISAKMP Message: | initiator cookie: | b4 9f d5 a5 56 78 42 52 | responder cookie: | 64 8b 3f f5 9a 68 9d 5a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | hmac PRF sha init symkey-key@0x7f49f000c6f0 (size 20) | hmac: symkey-key@0x7f49f000c6f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49f000c6f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0eb8 | result: clone-key@0x7f49f0004900 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49fc002b50 from symkey-key@0x7f49f0004900 | hmac prf: begin sha with context 0x7f49fc002b50 from symkey-key@0x7f49f0004900 | hmac: release clone-key@0x7f49f0004900 | hmac PRF sha crypt-prf@0x5641ad9413c8 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload | my identity 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | idhash calc R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x5641aca808ec (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7fff837b11b0 (length 20) | dc 81 f7 ef 1a ed b5 90 e4 e6 ff 0b f3 85 36 01 | c8 0d d8 f6 | assembled IDr payload | CHILD SA proposals received | going to assemble AUTH payload | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x5641ad891c48 (line=1) | concluding with best_match=014 best=0x5641ad891c48 (lineno=1) | inputs to hash1 (first packet) | b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | fa f5 0e d0 64 2b 86 2a de 62 a4 8f 0a 1e 9d 69 | a3 44 88 71 80 da 05 5e 56 e2 27 84 fe b0 ee 09 | a7 2e d8 47 f0 7c 5f fc d3 d4 0a cd 6f 55 89 12 | 9d 99 1b 65 a7 53 90 ff 0a 4e 75 44 43 07 fa 99 | 0a ec 25 e8 28 86 7d 68 36 25 3d a6 af 85 f9 e4 | 54 c5 39 08 4a 5a 93 38 cf 35 81 99 ea 7a 98 5c | 59 99 27 f0 16 dc b1 e1 c2 06 34 b2 39 2b 19 f8 | 89 4b 07 35 04 07 ba ec 5e 3f d7 db d8 0c 4c c0 | 7c 72 87 e8 78 f5 bf b4 e1 77 56 58 37 c7 0f 71 | f2 9c 53 93 ed bc 8c a1 37 f8 3e 0b 24 78 15 4e | 3d da a5 5e 54 ea 2c 7c 19 ee e8 02 20 0e be 33 | f8 4c 9c 7f 6e 5b 5d 70 18 5a f7 0a 19 c3 fb 13 | fd 31 c9 94 07 60 4e 19 f9 66 cc 06 4a 33 f3 cf | f7 19 d4 d3 66 f7 6c 87 15 b8 0d 82 cd 73 cf b8 | 51 ec fd 31 44 c7 a3 52 03 4a 32 f4 9f 61 76 79 | c1 ad b0 c6 7a 53 8d e5 a4 d4 d4 d4 73 75 6f af | 29 00 00 24 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d | 63 21 66 52 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 | 9a 54 db b9 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 3e 47 fc 3b c5 a7 32 0a 39 a5 ba 05 | 71 1d 70 9c d1 72 db 45 00 00 00 1c 00 00 40 05 | ad 95 42 f3 6d e5 d6 bb b0 67 6a 84 da 6b 7c 96 | 0f e2 48 23 | create: responder inputs to hash2 (initiator nonce) | 7e ef df b9 e6 c0 95 b6 35 29 54 b9 ca 10 f9 27 | df af 2b 9d e8 b2 43 e8 cb eb 84 20 d3 7e 8c ca | idhash dc 81 f7 ef 1a ed b5 90 e4 e6 ff 0b f3 85 36 01 | idhash c8 0d d8 f6 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x5641ad91fc98 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0ca0 | result: shared secret-key@0x5641ad9465a0 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x5641ad9465a0 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c88 | result: shared secret-key@0x7f49f0004900 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x5641ad9465a0 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f49fc002b50 from shared secret-key@0x7f49f0004900 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f49fc002b50 from shared secret-key@0x7f49f0004900 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f49f0004900 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x5641ad93f908 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x5641aca154d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0cc0 | result: final-key@0x5641ad9465a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad9465a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0ca8 | result: final-key@0x7f49f0004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad9465a0 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f49f0004900 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f49f0004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f49f0004900 (size 20) | = prf(, ): -key@0x7f49f0004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49f0004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0cb8 | result: clone-key@0x5641ad9465a0 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f49fc002b50 from -key@0x5641ad9465a0 | = prf(, ) prf: begin sha with context 0x7f49fc002b50 from -key@0x5641ad9465a0 | = prf(, ): release clone-key@0x5641ad9465a0 | = prf(, ) PRF sha crypt-prf@0x5641ad9413c8 | = prf(, ) PRF sha update first-packet-bytes@0x5641ad94c728 (length 436) | b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | fa f5 0e d0 64 2b 86 2a de 62 a4 8f 0a 1e 9d 69 | a3 44 88 71 80 da 05 5e 56 e2 27 84 fe b0 ee 09 | a7 2e d8 47 f0 7c 5f fc d3 d4 0a cd 6f 55 89 12 | 9d 99 1b 65 a7 53 90 ff 0a 4e 75 44 43 07 fa 99 | 0a ec 25 e8 28 86 7d 68 36 25 3d a6 af 85 f9 e4 | 54 c5 39 08 4a 5a 93 38 cf 35 81 99 ea 7a 98 5c | 59 99 27 f0 16 dc b1 e1 c2 06 34 b2 39 2b 19 f8 | 89 4b 07 35 04 07 ba ec 5e 3f d7 db d8 0c 4c c0 | 7c 72 87 e8 78 f5 bf b4 e1 77 56 58 37 c7 0f 71 | f2 9c 53 93 ed bc 8c a1 37 f8 3e 0b 24 78 15 4e | 3d da a5 5e 54 ea 2c 7c 19 ee e8 02 20 0e be 33 | f8 4c 9c 7f 6e 5b 5d 70 18 5a f7 0a 19 c3 fb 13 | fd 31 c9 94 07 60 4e 19 f9 66 cc 06 4a 33 f3 cf | f7 19 d4 d3 66 f7 6c 87 15 b8 0d 82 cd 73 cf b8 | 51 ec fd 31 44 c7 a3 52 03 4a 32 f4 9f 61 76 79 | c1 ad b0 c6 7a 53 8d e5 a4 d4 d4 d4 73 75 6f af | 29 00 00 24 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d | 63 21 66 52 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 | 9a 54 db b9 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 3e 47 fc 3b c5 a7 32 0a 39 a5 ba 05 | 71 1d 70 9c d1 72 db 45 00 00 00 1c 00 00 40 05 | ad 95 42 f3 6d e5 d6 bb b0 67 6a 84 da 6b 7c 96 | 0f e2 48 23 | = prf(, ) PRF sha update nonce-bytes@0x5641ad942cd8 (length 32) | 7e ef df b9 e6 c0 95 b6 35 29 54 b9 ca 10 f9 27 | df af 2b 9d e8 b2 43 e8 cb eb 84 20 d3 7e 8c ca | = prf(, ) PRF sha update hash-bytes@0x7fff837b11b0 (length 20) | dc 81 f7 ef 1a ed b5 90 e4 e6 ff 0b f3 85 36 01 | c8 0d d8 f6 | = prf(, ) PRF sha final-chunk@0x5641ad940ff8 (length 20) | af f8 62 b1 c8 ef ea 59 4e 5b d5 9b 77 23 98 5a | 94 8b f4 76 | psk_auth: release prf-psk-key@0x7f49f0004900 | PSK auth octets af f8 62 b1 c8 ef ea 59 4e 5b d5 9b 77 23 98 5a | PSK auth octets 94 8b f4 76 | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth af f8 62 b1 c8 ef ea 59 4e 5b d5 9b 77 23 98 5a | PSK auth 94 8b f4 76 | emitting length of IKEv2 Authentication Payload: 28 | creating state object #20 at 0x5641ad94c918 | State DB: adding IKEv2 state #20 in UNDEFINED | pstats #20 ikev2.child started | duplicating state object #19 "east" as #20 for IPSEC SA | #20 setting local endpoint to 192.1.2.23:500 from #19.st_localport (in duplicate_state() at state.c:1484) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x5641ad93d070 | duplicate_state: reference st_skey_ai_nss-key@0x5641ad9373d0 | duplicate_state: reference st_skey_ar_nss-key@0x5641ad949c80 | duplicate_state: reference st_skey_ei_nss-key@0x5641ad9469b0 | duplicate_state: reference st_skey_er_nss-key@0x7f49f000a2d0 | duplicate_state: reference st_skey_pi_nss-key@0x7f49f000c660 | duplicate_state: reference st_skey_pr_nss-key@0x7f49f000c6f0 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #19.#20; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #19 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 | Message ID: switch-to #19.#20 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 | Child SA TS Request has ike->sa == md->st; so using parent connection | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | looking for best SPD in current connection | evaluating our conn="east" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found better spd route for TSi[0],TSr[0] | looking for better host pair | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | checking hostpair 192.0.2.0/24 -> 192.0.1.0/24 is found | investigating connection "east" as a better match | match_id a=@west | b=@west | results matched | evaluating our conn="east" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | did not find a better connection using host pair | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | using existing local ESP/AH proposals for east (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED 2:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 0 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 1 transforms | local proposal 2 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 36 (0x24) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI 8e c9 8d 3f | Comparing remote proposal 1 containing 3 transforms against local proposal [1..2] of 2 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | remote proposal 1 transform 0 (ENCR=3DES) matches local proposal 2 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: INTEG+ESN | remote proposal 1 does not match local proposal 1; unmatched transforms: ENCR; missing transforms: ENCR | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 2; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 2 "east" #19: proposal 1:ESP:SPI=8ec98d3f;ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=8ec98d3f;ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: 3DES=3, found 3DES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | netlink_get_spi: allocated 0x6a815278 for esp.0@192.1.2.23 | Emitting ikev2_proposal ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 6a 81 52 78 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 36 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 40 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 01 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 02 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | integ=sha: .key_size=20 encrypt=3des_cbc: .key_size=24 .salt_size=0 keymat_len=44 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0d30 | result: data=Ni-key@0x5641ad9465a0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x5641ad9465a0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0d18 | result: data=Ni-key@0x7f49f0004900 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x5641ad9465a0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f49f0004900 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff837b0d20 | result: data+=Nr-key@0x5641ad9465a0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f49f0004900 | prf+0 PRF sha init key-key@0x5641ad93d070 (size 20) | prf+0: key-key@0x5641ad93d070 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad93d070 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c48 | result: clone-key@0x7f49f0004900 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f49fc002b50 from key-key@0x7f49f0004900 | prf+0 prf: begin sha with context 0x7f49fc002b50 from key-key@0x7f49f0004900 | prf+0: release clone-key@0x7f49f0004900 | prf+0 PRF sha crypt-prf@0x5641ad93d628 | prf+0 PRF sha update seed-key@0x5641ad9465a0 (size 64) | prf+0: seed-key@0x5641ad9465a0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5641ad9465a0 | nss hmac digest hack: symkey-key@0x5641ad9465a0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1398713859: 36 18 49 93 00 8c ad e3 00 c8 eb aa 57 6a 63 ca 0b 78 fc d6 76 c9 35 ea 18 df 2d 13 a6 6c 6c 6b 40 9b c6 8e ec 0e c9 45 29 25 65 d9 98 e0 6a 72 e3 f1 f4 cd 5f 02 03 70 07 9e d4 1a 9e f8 85 64 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 64 bytes at 0x5641ad9410e8 | unwrapped: 7e ef df b9 e6 c0 95 b6 35 29 54 b9 ca 10 f9 27 | unwrapped: df af 2b 9d e8 b2 43 e8 cb eb 84 20 d3 7e 8c ca | unwrapped: 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d 63 21 66 52 | unwrapped: 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 9a 54 db b9 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0c50 | result: final-key@0x5641ad94b590 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad94b590 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c38 | result: final-key@0x7f49f0004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad94b590 | prf+0 PRF sha final-key@0x7f49f0004900 (size 20) | prf+0: key-key@0x7f49f0004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x7f49f0004900 | prf+N PRF sha init key-key@0x5641ad93d070 (size 20) | prf+N: key-key@0x5641ad93d070 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad93d070 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c48 | result: clone-key@0x5641ad94b590 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49fc002b50 from key-key@0x5641ad94b590 | prf+N prf: begin sha with context 0x7f49fc002b50 from key-key@0x5641ad94b590 | prf+N: release clone-key@0x5641ad94b590 | prf+N PRF sha crypt-prf@0x5641ad93d128 | prf+N PRF sha update old_t-key@0x7f49f0004900 (size 20) | prf+N: old_t-key@0x7f49f0004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f49f0004900 | nss hmac digest hack: symkey-key@0x7f49f0004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 00 0e 73 7d b6 a7 83 ae 75 b9 25 79 74 3f 90 82 cb 5b c9 73 5f 79 79 6c 5a b1 0d 55 57 42 7e 2e | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x5641ad94efd8 | unwrapped: 1b e1 32 35 f3 c5 2b a8 06 9e a1 aa 09 79 bd dd | unwrapped: c2 53 5e 0c 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad9465a0 (size 64) | prf+N: seed-key@0x5641ad9465a0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5641ad9465a0 | nss hmac digest hack: symkey-key@0x5641ad9465a0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1398713859: 36 18 49 93 00 8c ad e3 00 c8 eb aa 57 6a 63 ca 0b 78 fc d6 76 c9 35 ea 18 df 2d 13 a6 6c 6c 6b 40 9b c6 8e ec 0e c9 45 29 25 65 d9 98 e0 6a 72 e3 f1 f4 cd 5f 02 03 70 07 9e d4 1a 9e f8 85 64 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 64 bytes at 0x5641ad93d458 | unwrapped: 7e ef df b9 e6 c0 95 b6 35 29 54 b9 ca 10 f9 27 | unwrapped: df af 2b 9d e8 b2 43 e8 cb eb 84 20 d3 7e 8c ca | unwrapped: 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d 63 21 66 52 | unwrapped: 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 9a 54 db b9 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0c50 | result: final-key@0x5641ad94d7f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad94d7f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c38 | result: final-key@0x5641ad94b590 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad94d7f0 | prf+N PRF sha final-key@0x5641ad94b590 (size 20) | prf+N: key-key@0x5641ad94b590 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f49f0004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff837b0cc8 | result: result-key@0x5641ad94d7f0 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f49f0004900 | prfplus: release old_t[N]-key@0x7f49f0004900 | prf+N PRF sha init key-key@0x5641ad93d070 (size 20) | prf+N: key-key@0x5641ad93d070 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad93d070 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c48 | result: clone-key@0x7f49f0004900 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49fc002b50 from key-key@0x7f49f0004900 | prf+N prf: begin sha with context 0x7f49fc002b50 from key-key@0x7f49f0004900 | prf+N: release clone-key@0x7f49f0004900 | prf+N PRF sha crypt-prf@0x5641ad93d628 | prf+N PRF sha update old_t-key@0x5641ad94b590 (size 20) | prf+N: old_t-key@0x5641ad94b590 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad94b590 | nss hmac digest hack: symkey-key@0x5641ad94b590 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 86 86 d8 95 a1 38 08 4b 0a db 02 ef 5c c1 90 4a 39 8b 15 83 c5 e6 6b 7d 8d 34 50 e4 d3 50 ae 5e | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x5641ad94b668 | unwrapped: b5 48 84 29 af 5f 73 07 94 3c 7e 95 c5 4c 91 77 | unwrapped: 2c 7e be b2 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad9465a0 (size 64) | prf+N: seed-key@0x5641ad9465a0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5641ad9465a0 | nss hmac digest hack: symkey-key@0x5641ad9465a0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1398713859: 36 18 49 93 00 8c ad e3 00 c8 eb aa 57 6a 63 ca 0b 78 fc d6 76 c9 35 ea 18 df 2d 13 a6 6c 6c 6b 40 9b c6 8e ec 0e c9 45 29 25 65 d9 98 e0 6a 72 e3 f1 f4 cd 5f 02 03 70 07 9e d4 1a 9e f8 85 64 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 64 bytes at 0x5641ad9410e8 | unwrapped: 7e ef df b9 e6 c0 95 b6 35 29 54 b9 ca 10 f9 27 | unwrapped: df af 2b 9d e8 b2 43 e8 cb eb 84 20 d3 7e 8c ca | unwrapped: 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d 63 21 66 52 | unwrapped: 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 9a 54 db b9 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0c50 | result: final-key@0x5641ad94d880 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad94d880 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c38 | result: final-key@0x7f49f0004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad94d880 | prf+N PRF sha final-key@0x7f49f0004900 (size 20) | prf+N: key-key@0x7f49f0004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad94d7f0 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff837b0cc8 | result: result-key@0x5641ad94d880 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5641ad94d7f0 | prfplus: release old_t[N]-key@0x5641ad94b590 | prf+N PRF sha init key-key@0x5641ad93d070 (size 20) | prf+N: key-key@0x5641ad93d070 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad93d070 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c48 | result: clone-key@0x5641ad94b590 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49fc002b50 from key-key@0x5641ad94b590 | prf+N prf: begin sha with context 0x7f49fc002b50 from key-key@0x5641ad94b590 | prf+N: release clone-key@0x5641ad94b590 | prf+N PRF sha crypt-prf@0x5641ad94efd8 | prf+N PRF sha update old_t-key@0x7f49f0004900 (size 20) | prf+N: old_t-key@0x7f49f0004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f49f0004900 | nss hmac digest hack: symkey-key@0x7f49f0004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 26 b2 ef 27 23 df 7f 13 e2 4d b0 29 c1 98 fd e1 cb ba 64 3c 7c 07 3e 57 48 6c 71 22 53 54 0a 68 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x5641ad950b38 | unwrapped: 24 61 db fe 63 56 4b 39 83 4c 5f 65 c6 16 e6 75 | unwrapped: d2 28 db 05 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad9465a0 (size 64) | prf+N: seed-key@0x5641ad9465a0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5641ad9465a0 | nss hmac digest hack: symkey-key@0x5641ad9465a0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1398713859: 36 18 49 93 00 8c ad e3 00 c8 eb aa 57 6a 63 ca 0b 78 fc d6 76 c9 35 ea 18 df 2d 13 a6 6c 6c 6b 40 9b c6 8e ec 0e c9 45 29 25 65 d9 98 e0 6a 72 e3 f1 f4 cd 5f 02 03 70 07 9e d4 1a 9e f8 85 64 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 64 bytes at 0x5641ad93d458 | unwrapped: 7e ef df b9 e6 c0 95 b6 35 29 54 b9 ca 10 f9 27 | unwrapped: df af 2b 9d e8 b2 43 e8 cb eb 84 20 d3 7e 8c ca | unwrapped: 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d 63 21 66 52 | unwrapped: 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 9a 54 db b9 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0c50 | result: final-key@0x5641ad94d7f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad94d7f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c38 | result: final-key@0x5641ad94b590 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad94d7f0 | prf+N PRF sha final-key@0x5641ad94b590 (size 20) | prf+N: key-key@0x5641ad94b590 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad94d880 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff837b0cc8 | result: result-key@0x5641ad94d7f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5641ad94d880 | prfplus: release old_t[N]-key@0x7f49f0004900 | prf+N PRF sha init key-key@0x5641ad93d070 (size 20) | prf+N: key-key@0x5641ad93d070 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad93d070 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c48 | result: clone-key@0x7f49f0004900 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49fc002b50 from key-key@0x7f49f0004900 | prf+N prf: begin sha with context 0x7f49fc002b50 from key-key@0x7f49f0004900 | prf+N: release clone-key@0x7f49f0004900 | prf+N PRF sha crypt-prf@0x5641ad93d128 | prf+N PRF sha update old_t-key@0x5641ad94b590 (size 20) | prf+N: old_t-key@0x5641ad94b590 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad94b590 | nss hmac digest hack: symkey-key@0x5641ad94b590 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 9e dd 68 04 aa 27 1c 74 5f 58 3b 33 ec c0 08 d0 6c f1 c2 b1 d5 dc 55 75 e3 21 89 9c dd 38 f4 d3 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x5641ad94b668 | unwrapped: bd 6c 63 92 b1 74 52 0a 0c 8b d0 ba eb 8d c3 77 | unwrapped: 48 1d 57 36 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad9465a0 (size 64) | prf+N: seed-key@0x5641ad9465a0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5641ad9465a0 | nss hmac digest hack: symkey-key@0x5641ad9465a0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1398713859: 36 18 49 93 00 8c ad e3 00 c8 eb aa 57 6a 63 ca 0b 78 fc d6 76 c9 35 ea 18 df 2d 13 a6 6c 6c 6b 40 9b c6 8e ec 0e c9 45 29 25 65 d9 98 e0 6a 72 e3 f1 f4 cd 5f 02 03 70 07 9e d4 1a 9e f8 85 64 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 64 bytes at 0x5641ad9410e8 | unwrapped: 7e ef df b9 e6 c0 95 b6 35 29 54 b9 ca 10 f9 27 | unwrapped: df af 2b 9d e8 b2 43 e8 cb eb 84 20 d3 7e 8c ca | unwrapped: 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d 63 21 66 52 | unwrapped: 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 9a 54 db b9 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0c50 | result: final-key@0x5641ad94d880 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad94d880 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c38 | result: final-key@0x7f49f0004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad94d880 | prf+N PRF sha final-key@0x7f49f0004900 (size 20) | prf+N: key-key@0x7f49f0004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad94d7f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff837b0cc8 | result: result-key@0x5641ad94d880 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5641ad94d7f0 | prfplus: release old_t[N]-key@0x5641ad94b590 | prfplus: release old_t[final]-key@0x7f49f0004900 | child_sa_keymat: release data-key@0x5641ad9465a0 | key-offset: 0, key-size: 44 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 44-bytes | base: base-key@0x5641ad94d880 (100-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0da8 | result: result-key@0x5641ad9465a0 (44-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 44 bytes of key@0x5641ad9465a0 | initiator to responder keys: symkey-key@0x5641ad9465a0 (44-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x5641ad91fd40 (44-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)540160032: 00 0e 73 7d b6 a7 83 ae 75 b9 25 79 74 3f 90 82 b3 13 d0 b1 dd f3 fe 0c c2 ab ac 70 ac d5 67 5a 19 09 cb 94 24 7a b4 0c a2 ee 86 41 fa df b0 20 | initiator to responder keys: release slot-key-key@0x5641ad91fd40 | initiator to responder keys extracted len 48 bytes at 0x7f49fc001378 | unwrapped: 1b e1 32 35 f3 c5 2b a8 06 9e a1 aa 09 79 bd dd | unwrapped: c2 53 5e 0c b5 48 84 29 af 5f 73 07 94 3c 7e 95 | unwrapped: c5 4c 91 77 2c 7e be b2 24 61 db fe 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x5641ad9465a0 | key-offset: 44, key-size: 44 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 44-bytes | base: base-key@0x5641ad94d880 (100-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0da8 | result: result-key@0x5641ad9465a0 (44-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 44 bytes of key@0x5641ad9465a0 | responder to initiator keys:: symkey-key@0x5641ad9465a0 (44-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x5641ad91fd40 (44-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)540160032: bd 09 d7 c2 65 d5 99 60 40 59 11 86 bd 05 26 25 9e dd 68 04 aa 27 1c 74 5f 58 3b 33 ec c0 08 d0 72 22 c5 ce 51 e8 15 6a 7b ee 5b 83 55 27 0b 1b | responder to initiator keys:: release slot-key-key@0x5641ad91fd40 | responder to initiator keys: extracted len 48 bytes at 0x5641ad9444e8 | unwrapped: 63 56 4b 39 83 4c 5f 65 c6 16 e6 75 d2 28 db 05 | unwrapped: bd 6c 63 92 b1 74 52 0a 0c 8b d0 ba eb 8d c3 77 | unwrapped: 48 1d 57 36 48 83 34 26 f6 b6 39 14 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x5641ad9465a0 | ikev2_derive_child_keys: release keymat-key@0x5641ad94d880 | FOR_EACH_CONNECTION_... in ISAKMP_SA_established | #19 spent 2.67 milliseconds | install_ipsec_sa() for #20: inbound and outbound | could_route called for east (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" prospective erouted: self; eroute owner: self | looking for alg with encrypt: 3DES_CBC keylen: 192 integ: HMAC_SHA1_96 | encrypt 3DES_CBC keylen=192 transid=3, key_size=24, encryptalg=3 | st->st_esp.keymat_len=44 is encrypt_keymat_size=24 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.8ec98d3f@192.1.2.45 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: 3DES_CBC keylen: 192 integ: HMAC_SHA1_96 | encrypt 3DES_CBC keylen=192 transid=3, key_size=24, encryptalg=3 | st->st_esp.keymat_len=44 is encrypt_keymat_size=24 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.6a815278@192.1.2.23 included non-error error | priority calculation of connection "east" is 0xfe7e7 | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #20: prospective erouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" prospective erouted: self; eroute owner: self | route_and_eroute with c: east (next: none) ero:east esr:{(nil)} ro:east rosr:{(nil)} and state: #20 | priority calculation of connection "east" is 0xfe7e7 | eroute_connection replace eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45>tun.0@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x8ec98d3f SPI_OUT=0x6a8 | popen cmd is 1020 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFA: | cmd( 80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' : | cmd( 160):PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_M: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1638: | cmd( 320):8' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_: | cmd( 400):CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK=': | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKE: | cmd( 640):V2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO: | cmd( 720):_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_IN: | cmd( 800):FO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_: | cmd( 880):CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=: | cmd( 960):'no' SPI_IN=0x8ec98d3f SPI_OUT=0x6a815278 ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | route_and_eroute: instance "east", setting eroute_owner {spd=0x5641ad9383e8,sr=0x5641ad9383e8} to #20 (was #0) (newest_ipsec_sa=#0) | #19 spent 0.808 milliseconds in install_ipsec_sa() | ISAKMP_v2_IKE_AUTH: instance east[0], setting IKEv2 newest_ipsec_sa to #20 (was #0) (spd.eroute=#20) cloned from #19 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 160 | emitting length of ISAKMP Message: 188 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 65 c9 cb 17 43 e7 fc 10 | data before encryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 af f8 62 b1 c8 ef ea 59 4e 5b d5 9b | 77 23 98 5a 94 8b f4 76 2c 00 00 28 00 00 00 24 | 01 03 04 03 6a 81 52 78 03 00 00 08 01 00 00 03 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | 9b 52 48 e5 99 6c 49 b3 c1 d9 21 11 5e a9 4b 4a | 18 b0 27 d8 f7 87 e0 8f b9 dd bc 51 54 f9 2d b2 | fe 10 32 ca d0 2f 03 d6 35 0a 7c d8 cd 35 a7 cc | e0 e3 54 69 76 ab 3c 77 4a c3 1e 2a bc 37 2a fb | 45 b5 13 bb b2 d7 e0 e7 75 ae ca 8c 4d 38 82 30 | 61 1a f6 29 64 f8 d1 2f f0 cb 45 07 22 eb b8 f5 | 7f ba 51 78 1a f5 67 b3 dd 84 01 36 bf 5d 05 89 | 78 a8 85 a2 f8 4b 73 dc 55 69 ad 8a 3e 23 17 cd | ad f9 cf 02 43 3f f1 82 | hmac PRF sha init symkey-key@0x5641ad949c80 (size 20) | hmac: symkey-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0dc8 | result: clone-key@0x5641ad94d880 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49fc002b50 from symkey-key@0x5641ad94d880 | hmac prf: begin sha with context 0x7f49fc002b50 from symkey-key@0x5641ad94d880 | hmac: release clone-key@0x5641ad94d880 | hmac PRF sha crypt-prf@0x5641ad93d128 | hmac PRF sha update data-bytes@0x5641aca808c0 (length 176) | b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | 65 c9 cb 17 43 e7 fc 10 9b 52 48 e5 99 6c 49 b3 | c1 d9 21 11 5e a9 4b 4a 18 b0 27 d8 f7 87 e0 8f | b9 dd bc 51 54 f9 2d b2 fe 10 32 ca d0 2f 03 d6 | 35 0a 7c d8 cd 35 a7 cc e0 e3 54 69 76 ab 3c 77 | 4a c3 1e 2a bc 37 2a fb 45 b5 13 bb b2 d7 e0 e7 | 75 ae ca 8c 4d 38 82 30 61 1a f6 29 64 f8 d1 2f | f0 cb 45 07 22 eb b8 f5 7f ba 51 78 1a f5 67 b3 | dd 84 01 36 bf 5d 05 89 78 a8 85 a2 f8 4b 73 dc | 55 69 ad 8a 3e 23 17 cd ad f9 cf 02 43 3f f1 82 | hmac PRF sha final-bytes@0x5641aca80970 (length 20) | 3d 28 d3 1c a4 34 29 e5 40 15 19 f4 5f 49 52 9d | fc af 5e 4c | data being hmac: b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | data being hmac: 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | data being hmac: 65 c9 cb 17 43 e7 fc 10 9b 52 48 e5 99 6c 49 b3 | data being hmac: c1 d9 21 11 5e a9 4b 4a 18 b0 27 d8 f7 87 e0 8f | data being hmac: b9 dd bc 51 54 f9 2d b2 fe 10 32 ca d0 2f 03 d6 | data being hmac: 35 0a 7c d8 cd 35 a7 cc e0 e3 54 69 76 ab 3c 77 | data being hmac: 4a c3 1e 2a bc 37 2a fb 45 b5 13 bb b2 d7 e0 e7 | data being hmac: 75 ae ca 8c 4d 38 82 30 61 1a f6 29 64 f8 d1 2f | data being hmac: f0 cb 45 07 22 eb b8 f5 7f ba 51 78 1a f5 67 b3 | data being hmac: dd 84 01 36 bf 5d 05 89 78 a8 85 a2 f8 4b 73 dc | data being hmac: 55 69 ad 8a 3e 23 17 cd ad f9 cf 02 43 3f f1 82 | out calculated auth: | 3d 28 d3 1c a4 34 29 e5 40 15 19 f4 | ikev2_parent_inI2outR2_continue_tail returned STF_OK | #19 spent 3.74 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() | suspend processing: state #19 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | start processing: state #20 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #20 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R | child state #20: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) | Message ID: updating counters for #20 to 1 after switching state | Message ID: recv #19.#20 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 | Message ID: sent #19.#20 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 | pstats #20 ikev2.child established "east" #20: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0] | NAT-T: encaps is 'auto' "east" #20: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0x8ec98d3f <0x6a815278 xfrm=3DES_CBC-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 188 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #19) | b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | 65 c9 cb 17 43 e7 fc 10 9b 52 48 e5 99 6c 49 b3 | c1 d9 21 11 5e a9 4b 4a 18 b0 27 d8 f7 87 e0 8f | b9 dd bc 51 54 f9 2d b2 fe 10 32 ca d0 2f 03 d6 | 35 0a 7c d8 cd 35 a7 cc e0 e3 54 69 76 ab 3c 77 | 4a c3 1e 2a bc 37 2a fb 45 b5 13 bb b2 d7 e0 e7 | 75 ae ca 8c 4d 38 82 30 61 1a f6 29 64 f8 d1 2f | f0 cb 45 07 22 eb b8 f5 7f ba 51 78 1a f5 67 b3 | dd 84 01 36 bf 5d 05 89 78 a8 85 a2 f8 4b 73 dc | 55 69 ad 8a 3e 23 17 cd ad f9 cf 02 43 3f f1 82 | 3d 28 d3 1c a4 34 29 e5 40 15 19 f4 | releasing whack for #20 (sock=fd@-1) | releasing whack and unpending for parent #19 | unpending state #19 connection "east" | #20 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x7f49fc002b78 | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #20 | libevent_malloc: new ptr-libevent@0x5641ad94b508 size 128 | resume sending helper answer for #19 suppresed complete_v2_state_transition() | #19 spent 4.14 milliseconds in resume sending helper answer | stop processing: state #20 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f49f000f588 | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00513 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00274 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 68 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | a1 5b e9 60 c7 85 47 d6 d7 de 3b 4d c7 23 da 35 | 8f c4 b2 3d 83 65 88 cd ec 37 47 27 71 30 ce 01 | c4 bd 62 b8 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | b4 9f d5 a5 56 78 42 52 | responder cookie: | 64 8b 3f f5 9a 68 9d 5a | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | length: 68 (0x44) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #19 in PARENT_R2 (find_v2_ike_sa) | start processing: state #19 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #19 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 | Message ID: #19 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SK (len=36) | Message ID: start-responder #19 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 | #19 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x5641ad9373d0 (size 20) | hmac: symkey-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b19f8 | result: clone-key@0x5641ad94d880 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x5641ad9410c0 from symkey-key@0x5641ad94d880 | hmac prf: begin sha with context 0x5641ad9410c0 from symkey-key@0x5641ad94d880 | hmac: release clone-key@0x5641ad94d880 | hmac PRF sha crypt-prf@0x5641ad93c4a8 | hmac PRF sha update data-bytes@0x5641ad891898 (length 56) | b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | a1 5b e9 60 c7 85 47 d6 d7 de 3b 4d c7 23 da 35 | 8f c4 b2 3d 83 65 88 cd | hmac PRF sha final-bytes@0x7fff837b1bc0 (length 20) | ec 37 47 27 71 30 ce 01 c4 bd 62 b8 1f 6a c1 fc | 41 fd 6a cf | data for hmac: b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | data for hmac: 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | data for hmac: a1 5b e9 60 c7 85 47 d6 d7 de 3b 4d c7 23 da 35 | data for hmac: 8f c4 b2 3d 83 65 88 cd | calculated auth: ec 37 47 27 71 30 ce 01 c4 bd 62 b8 | provided auth: ec 37 47 27 71 30 ce 01 c4 bd 62 b8 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | a1 5b e9 60 c7 85 47 d6 | payload before decryption: | d7 de 3b 4d c7 23 da 35 8f c4 b2 3d 83 65 88 cd | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | payload after decryption: | 00 00 00 0c 03 04 00 01 8e c9 8d 3f 00 01 02 03 | stripping 4 octets as pad | #19 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 12 (0xc) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | processing payload: ISAKMP_NEXT_v2D (len=4) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | b4 9f d5 a5 56 78 42 52 | responder cookie: | 64 8b 3f f5 9a 68 9d 5a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | parsing 4 raw bytes of IKEv2 Delete Payload into SPI | SPI 8e c9 8d 3f | delete PROTO_v2_ESP SA(0x8ec98d3f) | v2 CHILD SA #20 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_R | State DB: found IKEv2 state #20 in V2_IPSEC_R (find_v2_child_sa_by_outbound_spi) | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x8ec98d3f) "east" #19: received Delete SA payload: delete IPsec State #20 now | pstats #20 ikev2.child deleted completed | suspend processing: state #19 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) | start processing: state #20 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #20: deleting other state #20 (STATE_V2_IPSEC_R) aged 0.088s and NOT sending notification | child state #20: V2_IPSEC_R(established CHILD SA) => delete | get_sa_info esp.8ec98d3f@192.1.2.45 | get_sa_info esp.6a815278@192.1.2.23 "east" #20: ESP traffic information: in=84B out=84B | child state #20: V2_IPSEC_R(established CHILD SA) => CHILDSA_DEL(informational) | state #20 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x5641ad94b508 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f49fc002b78 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844018' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x8ec98d3f | popen cmd is 1031 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east: | cmd( 160):' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='1566844018' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUN: | cmd( 640):NEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMA: | cmd( 720):NENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_: | cmd( 800):PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER: | cmd( 880):='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' : | cmd( 960):VTI_SHARED='no' SPI_IN=0x8ec98d3f SPI_OUT=0x6a815278 ipsec _updown 2>&1: | shunt_eroute() called for connection 'east' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "east" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.8ec98d3f@192.1.2.45 | netlink response for Del SA esp.8ec98d3f@192.1.2.45 included non-error error | priority calculation of connection "east" is 0xfe7e7 | delete inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) | raw_eroute result=success | delete esp.6a815278@192.1.2.23 | netlink response for Del SA esp.6a815278@192.1.2.23 included non-error error | in connection_discard for connection east | State DB: deleting IKEv2 state #20 in CHILDSA_DEL | child state #20: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #20 from 192.1.2.45:500 (in delete_state() at state.c:1143) | resume processing: state #19 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x5641ad93d070 | delete_state: release st->st_skey_ai_nss-key@0x5641ad9373d0 | delete_state: release st->st_skey_ar_nss-key@0x5641ad949c80 | delete_state: release st->st_skey_ei_nss-key@0x5641ad9469b0 | delete_state: release st->st_skey_er_nss-key@0x7f49f000a2d0 | delete_state: release st->st_skey_pi_nss-key@0x7f49f000c660 | delete_state: release st->st_skey_pr_nss-key@0x7f49f000c6f0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload | local SPIs 6a 81 52 78 | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 40 | emitting length of ISAKMP Message: 68 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 02 6b 47 77 71 45 9e 3a | data before encryption: | 00 00 00 0c 03 04 00 01 6a 81 52 78 00 01 02 03 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | ae 5f f4 37 ea 55 c4 51 41 d3 19 fa eb 36 07 0c | hmac PRF sha init symkey-key@0x5641ad949c80 (size 20) | hmac: symkey-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b15a8 | result: clone-key@0x5641ad94d880 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49fc002b50 from symkey-key@0x5641ad94d880 | hmac prf: begin sha with context 0x7f49fc002b50 from symkey-key@0x5641ad94d880 | hmac: release clone-key@0x5641ad94d880 | hmac PRF sha crypt-prf@0x5641ad93d128 | hmac PRF sha update data-bytes@0x5641aca808c0 (length 56) | b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | 2e 20 25 20 00 00 00 02 00 00 00 44 2a 00 00 28 | 02 6b 47 77 71 45 9e 3a ae 5f f4 37 ea 55 c4 51 | 41 d3 19 fa eb 36 07 0c | hmac PRF sha final-bytes@0x5641aca808f8 (length 20) | 1c b3 5b 51 66 d1 b5 83 0a 2a f1 9c 02 86 42 1e | e3 b2 66 e2 | data being hmac: b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | data being hmac: 2e 20 25 20 00 00 00 02 00 00 00 44 2a 00 00 28 | data being hmac: 02 6b 47 77 71 45 9e 3a ae 5f f4 37 ea 55 c4 51 | data being hmac: 41 d3 19 fa eb 36 07 0c | out calculated auth: | 1c b3 5b 51 66 d1 b5 83 0a 2a f1 9c | sending 68 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #19) | b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | 2e 20 25 20 00 00 00 02 00 00 00 44 2a 00 00 28 | 02 6b 47 77 71 45 9e 3a ae 5f f4 37 ea 55 c4 51 | 41 d3 19 fa eb 36 07 0c 1c b3 5b 51 66 d1 b5 83 | 0a 2a f1 9c | Message ID: #19 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2 | Message ID: sent #19 response 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1->2 responder.recv=1 wip.initiator=-1 wip.responder=2 | #19 spent 1.1 milliseconds in processing: R2: process INFORMATIONAL Request in ikev2_process_state_packet() | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #19 complete_v2_state_transition() PARENT_R2->PARENT_R2 with status STF_OK | Message ID: updating counters for #19 to 2 after switching state | Message ID: recv #19 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=1->2 wip.initiator=-1 wip.responder=2->-1 | Message ID: #19 skipping update_send as nothing to send; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1 "east" #19: STATE_PARENT_R2: received v2I2, PARENT SA established | stop processing: state #19 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #19 spent 1.34 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.35 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00345 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00194 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 68 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | ab 0d 66 af 01 50 d3 17 a1 82 60 ad 92 c8 23 3f | d8 41 fc 68 97 b0 3a d9 24 69 52 b9 94 61 df 2a | 8f f4 54 3f | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | b4 9f d5 a5 56 78 42 52 | responder cookie: | 64 8b 3f f5 9a 68 9d 5a | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | length: 68 (0x44) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #19 in PARENT_R2 (find_v2_ike_sa) | start processing: state #19 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #19 st.st_msgid_lastrecv 2 md.hdr.isa_msgid 00000003 | Message ID: #19 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SK (len=36) | Message ID: start-responder #19 request 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1->3 | #19 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x5641ad9373d0 (size 20) | hmac: symkey-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b19f8 | result: clone-key@0x5641ad94d880 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49fc002b50 from symkey-key@0x5641ad94d880 | hmac prf: begin sha with context 0x7f49fc002b50 from symkey-key@0x5641ad94d880 | hmac: release clone-key@0x5641ad94d880 | hmac PRF sha crypt-prf@0x5641ad93c4a8 | hmac PRF sha update data-bytes@0x5641ad891898 (length 56) | b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | ab 0d 66 af 01 50 d3 17 a1 82 60 ad 92 c8 23 3f | d8 41 fc 68 97 b0 3a d9 | hmac PRF sha final-bytes@0x7fff837b1bc0 (length 20) | 24 69 52 b9 94 61 df 2a 8f f4 54 3f 1b 91 ba 2d | e4 16 06 94 | data for hmac: b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | data for hmac: 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | data for hmac: ab 0d 66 af 01 50 d3 17 a1 82 60 ad 92 c8 23 3f | data for hmac: d8 41 fc 68 97 b0 3a d9 | calculated auth: 24 69 52 b9 94 61 df 2a 8f f4 54 3f | provided auth: 24 69 52 b9 94 61 df 2a 8f f4 54 3f | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | ab 0d 66 af 01 50 d3 17 | payload before decryption: | a1 82 60 ad 92 c8 23 3f d8 41 fc 68 97 b0 3a d9 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | payload after decryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | stripping 8 octets as pad | #19 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | processing payload: ISAKMP_NEXT_v2D (len=0) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | b4 9f d5 a5 56 78 42 52 | responder cookie: | 64 8b 3f f5 9a 68 9d 5a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 32 | emitting length of ISAKMP Message: 60 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 18 88 68 12 c4 29 5f c1 | data before encryption: | 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | a4 ca 01 e2 03 36 c5 8d | hmac PRF sha init symkey-key@0x5641ad949c80 (size 20) | hmac: symkey-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b15a8 | result: clone-key@0x5641ad94d880 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49fc002b50 from symkey-key@0x5641ad94d880 | hmac prf: begin sha with context 0x7f49fc002b50 from symkey-key@0x5641ad94d880 | hmac: release clone-key@0x5641ad94d880 | hmac PRF sha crypt-prf@0x5641ad93d128 | hmac PRF sha update data-bytes@0x5641aca808c0 (length 48) | b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | 2e 20 25 20 00 00 00 03 00 00 00 3c 00 00 00 20 | 18 88 68 12 c4 29 5f c1 a4 ca 01 e2 03 36 c5 8d | hmac PRF sha final-bytes@0x5641aca808f0 (length 20) | a3 83 d6 6f ee 43 f0 77 cc d6 30 43 9e 7a 28 50 | cd f4 17 20 | data being hmac: b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | data being hmac: 2e 20 25 20 00 00 00 03 00 00 00 3c 00 00 00 20 | data being hmac: 18 88 68 12 c4 29 5f c1 a4 ca 01 e2 03 36 c5 8d | out calculated auth: | a3 83 d6 6f ee 43 f0 77 cc d6 30 43 | sending 60 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #19) | b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | 2e 20 25 20 00 00 00 03 00 00 00 3c 00 00 00 20 | 18 88 68 12 c4 29 5f c1 a4 ca 01 e2 03 36 c5 8d | a3 83 d6 6f ee 43 f0 77 cc d6 30 43 | Message ID: #19 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=3 | Message ID: sent #19 response 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2->3 responder.recv=2 wip.initiator=-1 wip.responder=3 | State DB: IKEv2 state not found (delete_my_family) | parent state #19: PARENT_R2(established IKE SA) => IKESA_DEL(established IKE SA) | pstats #19 ikev2.ike deleted completed | #19 spent 11.2 milliseconds in total | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #19: deleting state (STATE_IKESA_DEL) aged 0.110s and NOT sending notification | parent state #19: IKESA_DEL(established IKE SA) => delete | state #19 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x5641ad948448 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f49f0002b78 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #19 in IKESA_DEL | parent state #19: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f49ec007848: destroyed | stop processing: state #19 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x7f49e400b980 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x5641ad93d070 | delete_state: release st->st_skey_ai_nss-key@0x5641ad9373d0 | delete_state: release st->st_skey_ar_nss-key@0x5641ad949c80 | delete_state: release st->st_skey_ei_nss-key@0x5641ad9469b0 | delete_state: release st->st_skey_er_nss-key@0x7f49f000a2d0 | delete_state: release st->st_skey_pi_nss-key@0x7f49f000c660 | delete_state: release st->st_skey_pr_nss-key@0x7f49f000c6f0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | in statetime_stop() and could not find #19 | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3379) | #0 complete_v2_state_transition() md.from_state=PARENT_R2 md.svm.state[from]=PARENT_R2 UNDEFINED->PARENT_R2 with status STF_OK | STF_OK but no state object remains | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #19 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.474 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00283 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 31 91 a7 e4 1f 1e 39 2b 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 46 71 e7 56 e8 56 e2 84 f7 80 b1 1e | ce d9 e0 1a e9 d8 6a 1b 5d 2d 03 9b ef 6f 27 3f | 50 1c a3 b8 55 91 84 1c 14 9b 9e 45 89 09 86 5d | dc 91 49 c0 18 9f e5 dc 25 6c 33 aa 83 23 94 73 | 76 70 c2 f7 d8 6b 99 02 d4 47 f4 21 14 eb 01 33 | 5e 07 8c 79 b1 c6 a7 1f 70 19 14 24 c9 dd 12 0d | b7 d3 ee 91 83 77 65 b4 29 2c 65 4d ac e3 c8 cc | 41 cc 84 2a fe ed 9f cb 25 ae 1e c6 6d 52 f9 67 | 04 42 69 03 9d b3 6b 11 b9 9f bc 7d 55 47 a4 7b | 40 78 fe 96 ee fa 59 66 0a 70 a8 bc 94 5a c9 8d | a4 88 ba 18 24 b0 8b 5d 93 63 37 cd 6a ae b1 92 | 60 72 75 cb 17 fe 93 f7 1b 45 11 52 e4 31 99 6e | a5 f3 df 00 ee 1d 3a e8 5a f3 3e 9b 8f 4e 76 d3 | 88 2f 12 0c 02 58 af e8 92 2f e0 d6 29 c5 1f e9 | 10 de 74 16 1a 50 4e 98 6f e2 a3 75 a4 f7 cd b6 | da 83 cf d7 02 ad 83 34 f5 b7 45 e6 64 a6 8d 11 | 90 b8 d9 0d 29 00 00 24 52 42 a6 4f b9 ae d7 f0 | 18 e1 f6 13 b3 0b 6b b8 f0 35 2d cd b9 3e 0a 80 | df 34 34 5c e7 12 d0 26 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 03 00 a3 52 49 3e fe a5 | 38 fc db fa 93 87 a2 04 d8 af dc 29 00 00 00 1c | 00 00 40 05 15 5b 2e 20 43 8e 57 54 6c 02 96 4e | d2 c9 5e 89 af 57 d6 d1 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 31 91 a7 e4 1f 1e 39 2b | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x5641ad939378 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x5641aca74700 (length 32) | 64 59 39 7d cd b9 28 1d f1 c8 1c 37 a1 76 10 ce | 60 62 36 da 0f 08 a7 5a 08 fd 21 a0 d8 62 36 c1 | IKE SPIr hash sha2_256 digest counter-bytes@0x5641aca746e0 (length 4) | 0f 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff837b2220 (length 32) | 3c ff 26 95 49 7e 55 86 b5 a1 81 5a 2e d5 c6 46 | 54 b4 2c 48 f8 0d 00 9e a2 fb bd 98 00 e2 d2 85 | creating state object #21 at 0x5641ad9447d8 | State DB: adding IKEv2 state #21 in UNDEFINED | pstats #21 ikev2.ike started | Message ID: init #21: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #21: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #21; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #21 connection "east" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #21 connection "east" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) | #21 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #21 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #21 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #21 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #21 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 0 (0x0) | remote proposal 1 transform 0 (ENCR=3DES) matches local proposal 2 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: PRF+INTEG+DH | remote proposal 1 does not match local proposal 1; unmatched transforms: ENCR; missing transforms: ENCR | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 2; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 2 "east" #21: proposal 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: 3DES=3, found 3DES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | DH public value received: | 46 71 e7 56 e8 56 e2 84 f7 80 b1 1e ce d9 e0 1a | e9 d8 6a 1b 5d 2d 03 9b ef 6f 27 3f 50 1c a3 b8 | 55 91 84 1c 14 9b 9e 45 89 09 86 5d dc 91 49 c0 | 18 9f e5 dc 25 6c 33 aa 83 23 94 73 76 70 c2 f7 | d8 6b 99 02 d4 47 f4 21 14 eb 01 33 5e 07 8c 79 | b1 c6 a7 1f 70 19 14 24 c9 dd 12 0d b7 d3 ee 91 | 83 77 65 b4 29 2c 65 4d ac e3 c8 cc 41 cc 84 2a | fe ed 9f cb 25 ae 1e c6 6d 52 f9 67 04 42 69 03 | 9d b3 6b 11 b9 9f bc 7d 55 47 a4 7b 40 78 fe 96 | ee fa 59 66 0a 70 a8 bc 94 5a c9 8d a4 88 ba 18 | 24 b0 8b 5d 93 63 37 cd 6a ae b1 92 60 72 75 cb | 17 fe 93 f7 1b 45 11 52 e4 31 99 6e a5 f3 df 00 | ee 1d 3a e8 5a f3 3e 9b 8f 4e 76 d3 88 2f 12 0c | 02 58 af e8 92 2f e0 d6 29 c5 1f e9 10 de 74 16 | 1a 50 4e 98 6f e2 a3 75 a4 f7 cd b6 da 83 cf d7 | 02 ad 83 34 f5 b7 45 e6 64 a6 8d 11 90 b8 d9 0d | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff837b1c20 (length 8) | 31 91 a7 e4 1f 1e 39 2b | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff837b1c28 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff837b1bb4 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff837b1ba6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff837b1c30 (length 20) | 15 5b 2e 20 43 8e 57 54 6c 02 96 4e d2 c9 5e 89 | af 57 d6 d1 | natd_hash: hasher=0x5641aca57800(20) | natd_hash: icookie= 31 91 a7 e4 1f 1e 39 2b | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 15 5b 2e 20 43 8e 57 54 6c 02 96 4e d2 c9 5e 89 | natd_hash: hash= af 57 d6 d1 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff837b1c20 (length 8) | 31 91 a7 e4 1f 1e 39 2b | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff837b1c28 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff837b1bb4 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff837b1ba6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff837b1c50 (length 20) | 03 00 a3 52 49 3e fe a5 38 fc db fa 93 87 a2 04 | d8 af dc 29 | natd_hash: hasher=0x5641aca57800(20) | natd_hash: icookie= 31 91 a7 e4 1f 1e 39 2b | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 03 00 a3 52 49 3e fe a5 38 fc db fa 93 87 a2 04 | natd_hash: hash= d8 af dc 29 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 | adding ikev2_inI1outR1 KE work-order 13 for state #21 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f49fc002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #21 | libevent_malloc: new ptr-libevent@0x7f49f000f588 size 128 | #21 spent 0.227 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | crypto helper 2 resuming | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | crypto helper 2 starting work-order 13 for state #21 | #21 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND | crypto helper 2 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 13 | suspending state #21 and saving MD | #21 is busy; has a suspended MD | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) | "east" #21 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | NSS: Value of Prime: | stop processing: state #21 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | #21 spent 0.517 milliseconds in ikev2_process_packet() | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.575 milliseconds in comm_handle_cb() reading and processing packet | DH secret MODP2048@0x7f49e4011c58: created | NSS: Local DH MODP2048 secret (pointer): 0x7f49e4011c58 | NSS: Public DH wire value: | 2f c2 e4 d2 02 ee df 01 45 9f 87 55 13 94 c0 5c | 19 4e 6d 9f 48 7a 8f df 5d 23 9e 55 6b bf 07 36 | af 0a d5 71 c2 78 ab 14 78 b8 45 3a 73 8f 98 46 | 60 41 88 72 b6 6d 01 f7 4e 20 b6 d7 75 be ee 58 | 4f 5f 4f 19 e2 e2 06 3d 66 9d 1a 50 3e 5a 35 af | c0 3e d9 aa b4 d8 bc e0 1f bb 4c 46 ac b0 d2 95 | aa cf 7f 9a 23 90 b1 6d 7b a7 4a 88 37 63 37 dd | 64 c4 b8 3d 96 90 79 ee 7e 7e 6d 51 06 f4 44 54 | fc 36 ff f1 13 ac 66 bd a6 dc aa 11 45 a8 2c 2a | 4c b7 2e 44 91 ef b2 1a e1 56 c3 d7 de b7 79 70 | d1 61 02 d9 6e 32 5b 5b 4e b9 94 34 13 97 78 1f | d6 cd 1e ba 9f 40 bb 2c 34 4e 4c 93 b4 aa 85 7b | 82 a4 34 d8 80 ac bc bf 72 98 1e e9 e9 9a bf 18 | de 43 03 15 d7 d5 6b ac 64 0b 19 83 b3 8c a0 1b | 81 33 12 98 7b c1 4e 27 b7 7c 6f 45 4e 4e ed 51 | b9 31 62 d4 ac 0f 9b b2 6f b4 69 b2 33 02 73 77 | Generated nonce: 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a 7a 20 e0 9c | Generated nonce: cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 48 39 54 9a | crypto helper 2 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 13 time elapsed 0.001081 seconds | (#21) spent 1.07 milliseconds in crypto helper computing work-order 13: ikev2_inI1outR1 KE (pcr) | crypto helper 2 sending results from work-order 13 for state #21 to event queue | scheduling resume sending helper answer for #21 | libevent_malloc: new ptr-libevent@0x7f49e4005088 size 128 | crypto helper 2 waiting (nothing to do) | processing resume sending helper answer for #21 | start processing: state #21 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 2 replies to request ID 13 | calling continuation function 0x5641ac982b50 | ikev2_parent_inI1outR1_continue for #21: calculated ke+nonce, sending R1 | **emit ISAKMP Message: | initiator cookie: | 31 91 a7 e4 1f 1e 39 2b | responder cookie: | 3c ff 26 95 49 7e 55 86 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Emitting ikev2_proposal ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f49e4011c58: transferring ownership from helper KE to state #21 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 2f c2 e4 d2 02 ee df 01 45 9f 87 55 13 94 c0 5c | ikev2 g^x 19 4e 6d 9f 48 7a 8f df 5d 23 9e 55 6b bf 07 36 | ikev2 g^x af 0a d5 71 c2 78 ab 14 78 b8 45 3a 73 8f 98 46 | ikev2 g^x 60 41 88 72 b6 6d 01 f7 4e 20 b6 d7 75 be ee 58 | ikev2 g^x 4f 5f 4f 19 e2 e2 06 3d 66 9d 1a 50 3e 5a 35 af | ikev2 g^x c0 3e d9 aa b4 d8 bc e0 1f bb 4c 46 ac b0 d2 95 | ikev2 g^x aa cf 7f 9a 23 90 b1 6d 7b a7 4a 88 37 63 37 dd | ikev2 g^x 64 c4 b8 3d 96 90 79 ee 7e 7e 6d 51 06 f4 44 54 | ikev2 g^x fc 36 ff f1 13 ac 66 bd a6 dc aa 11 45 a8 2c 2a | ikev2 g^x 4c b7 2e 44 91 ef b2 1a e1 56 c3 d7 de b7 79 70 | ikev2 g^x d1 61 02 d9 6e 32 5b 5b 4e b9 94 34 13 97 78 1f | ikev2 g^x d6 cd 1e ba 9f 40 bb 2c 34 4e 4c 93 b4 aa 85 7b | ikev2 g^x 82 a4 34 d8 80 ac bc bf 72 98 1e e9 e9 9a bf 18 | ikev2 g^x de 43 03 15 d7 d5 6b ac 64 0b 19 83 b3 8c a0 1b | ikev2 g^x 81 33 12 98 7b c1 4e 27 b7 7c 6f 45 4e 4e ed 51 | ikev2 g^x b9 31 62 d4 ac 0f 9b b2 6f b4 69 b2 33 02 73 77 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a 7a 20 e0 9c | IKEv2 nonce cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 48 39 54 9a | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff837b2160 (length 8) | 31 91 a7 e4 1f 1e 39 2b | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff837b2168 (length 8) | 3c ff 26 95 49 7e 55 86 | NATD hash sha digest IP addr-bytes@0x7fff837b2094 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff837b2086 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff837b2110 (length 20) | 0c b0 56 2e ed 28 d2 10 0f a5 5b 50 e0 ea 20 ee | a7 44 de 9d | natd_hash: hasher=0x5641aca57800(20) | natd_hash: icookie= 31 91 a7 e4 1f 1e 39 2b | natd_hash: rcookie= 3c ff 26 95 49 7e 55 86 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 0c b0 56 2e ed 28 d2 10 0f a5 5b 50 e0 ea 20 ee | natd_hash: hash= a7 44 de 9d | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 0c b0 56 2e ed 28 d2 10 0f a5 5b 50 e0 ea 20 ee | Notify data a7 44 de 9d | emitting length of IKEv2 Notify Payload: 28 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff837b2160 (length 8) | 31 91 a7 e4 1f 1e 39 2b | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff837b2168 (length 8) | 3c ff 26 95 49 7e 55 86 | NATD hash sha digest IP addr-bytes@0x7fff837b2094 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff837b2086 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff837b2110 (length 20) | 4a fb 76 88 f0 e9 69 db f5 bf 78 75 73 09 5a a7 | 4e a4 a3 46 | natd_hash: hasher=0x5641aca57800(20) | natd_hash: icookie= 31 91 a7 e4 1f 1e 39 2b | natd_hash: rcookie= 3c ff 26 95 49 7e 55 86 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 4a fb 76 88 f0 e9 69 db f5 bf 78 75 73 09 5a a7 | natd_hash: hash= 4e a4 a3 46 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 4a fb 76 88 f0 e9 69 db f5 bf 78 75 73 09 5a a7 | Notify data 4e a4 a3 46 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 436 | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #21 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 | parent state #21: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) | Message ID: updating counters for #21 to 0 after switching state | Message ID: recv #21 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 | Message ID: sent #21 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 "east" #21: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=3DES_CBC_192 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 436 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #21) | 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | 2f c2 e4 d2 02 ee df 01 45 9f 87 55 13 94 c0 5c | 19 4e 6d 9f 48 7a 8f df 5d 23 9e 55 6b bf 07 36 | af 0a d5 71 c2 78 ab 14 78 b8 45 3a 73 8f 98 46 | 60 41 88 72 b6 6d 01 f7 4e 20 b6 d7 75 be ee 58 | 4f 5f 4f 19 e2 e2 06 3d 66 9d 1a 50 3e 5a 35 af | c0 3e d9 aa b4 d8 bc e0 1f bb 4c 46 ac b0 d2 95 | aa cf 7f 9a 23 90 b1 6d 7b a7 4a 88 37 63 37 dd | 64 c4 b8 3d 96 90 79 ee 7e 7e 6d 51 06 f4 44 54 | fc 36 ff f1 13 ac 66 bd a6 dc aa 11 45 a8 2c 2a | 4c b7 2e 44 91 ef b2 1a e1 56 c3 d7 de b7 79 70 | d1 61 02 d9 6e 32 5b 5b 4e b9 94 34 13 97 78 1f | d6 cd 1e ba 9f 40 bb 2c 34 4e 4c 93 b4 aa 85 7b | 82 a4 34 d8 80 ac bc bf 72 98 1e e9 e9 9a bf 18 | de 43 03 15 d7 d5 6b ac 64 0b 19 83 b3 8c a0 1b | 81 33 12 98 7b c1 4e 27 b7 7c 6f 45 4e 4e ed 51 | b9 31 62 d4 ac 0f 9b b2 6f b4 69 b2 33 02 73 77 | 29 00 00 24 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a | 7a 20 e0 9c cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 | 48 39 54 9a 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 0c b0 56 2e ed 28 d2 10 0f a5 5b 50 | e0 ea 20 ee a7 44 de 9d 00 00 00 1c 00 00 40 05 | 4a fb 76 88 f0 e9 69 db f5 bf 78 75 73 09 5a a7 | 4e a4 a3 46 | state #21 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f49f000f588 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f49fc002b78 | event_schedule: new EVENT_SO_DISCARD-pe@0x7f49fc002b78 | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #21 | libevent_malloc: new ptr-libevent@0x5641ad94b508 size 128 | resume sending helper answer for #21 suppresed complete_v2_state_transition() | #21 spent 0.482 milliseconds in resume sending helper answer | stop processing: state #21 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f49e4005088 | spent 0.00271 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 196 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | 63 5e 1b 85 73 17 ab f2 4a f8 b1 73 50 be 8a 41 | d3 cb 4a 75 07 50 bc a4 3b 84 71 1d 3d 52 fb fc | e8 77 c4 85 9f 9b a5 79 95 ed e5 61 54 33 ea a9 | 1e 94 55 ac c0 23 8d 1c 75 35 9d 09 f5 a1 d4 f6 | 29 85 c2 59 49 7f fd 85 20 c0 db 98 55 83 97 a3 | 66 d3 86 a2 4e 4d aa 1a 21 fc 05 0e 60 a8 0e 48 | 92 cb 54 97 f9 8c 0f e5 60 40 8d f2 63 39 cc 96 | 9d 1d 82 6d bc c5 9b 44 1e 68 8c 0a 19 48 2b 03 | 80 98 c5 cd ef fb 52 0e ae e6 84 ab 60 cb 38 fb | 8f 02 ad 57 bf 1b cc 2b d6 49 5f 14 0f ab cc a7 | e6 16 2b 68 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 31 91 a7 e4 1f 1e 39 2b | responder cookie: | 3c ff 26 95 49 7e 55 86 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 196 (0xc4) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request | State DB: found IKEv2 state #21 in PARENT_R1 (find_v2_ike_sa) | start processing: state #21 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #21 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 | Message ID: #21 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 168 (0xa8) | processing payload: ISAKMP_NEXT_v2SK (len=164) | Message ID: start-responder #21 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 | #21 in state PARENT_R1: received v2I1, sent v2R1 | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request (no SKEYSEED) | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=3DES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f49e4011c58: transferring ownership from state #21 to helper IKEv2 DH | adding ikev2_inI2outR2 KE work-order 14 for state #21 | state #21 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x5641ad94b508 | free_event_entry: release EVENT_SO_DISCARD-pe@0x7f49fc002b78 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f49fc002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #21 | libevent_malloc: new ptr-libevent@0x7f49e4005088 size 128 | #21 spent 0.0324 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | crypto helper 6 resuming | #21 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND | suspending state #21 and saving MD | #21 is busy; has a suspended MD | crypto helper 6 starting work-order 14 for state #21 | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) | crypto helper 6 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 14 | "east" #21 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | peer's g: 46 71 e7 56 e8 56 e2 84 f7 80 b1 1e ce d9 e0 1a | peer's g: e9 d8 6a 1b 5d 2d 03 9b ef 6f 27 3f 50 1c a3 b8 | peer's g: 55 91 84 1c 14 9b 9e 45 89 09 86 5d dc 91 49 c0 | peer's g: 18 9f e5 dc 25 6c 33 aa 83 23 94 73 76 70 c2 f7 | peer's g: d8 6b 99 02 d4 47 f4 21 14 eb 01 33 5e 07 8c 79 | stop processing: state #21 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | peer's g: b1 c6 a7 1f 70 19 14 24 c9 dd 12 0d b7 d3 ee 91 | peer's g: 83 77 65 b4 29 2c 65 4d ac e3 c8 cc 41 cc 84 2a | peer's g: fe ed 9f cb 25 ae 1e c6 6d 52 f9 67 04 42 69 03 | peer's g: 9d b3 6b 11 b9 9f bc 7d 55 47 a4 7b 40 78 fe 96 | peer's g: ee fa 59 66 0a 70 a8 bc 94 5a c9 8d a4 88 ba 18 | peer's g: 24 b0 8b 5d 93 63 37 cd 6a ae b1 92 60 72 75 cb | peer's g: 17 fe 93 f7 1b 45 11 52 e4 31 99 6e a5 f3 df 00 | peer's g: ee 1d 3a e8 5a f3 3e 9b 8f 4e 76 d3 88 2f 12 0c | peer's g: 02 58 af e8 92 2f e0 d6 29 c5 1f e9 10 de 74 16 | peer's g: 1a 50 4e 98 6f e2 a3 75 a4 f7 cd b6 da 83 cf d7 | peer's g: 02 ad 83 34 f5 b7 45 e6 64 a6 8d 11 90 b8 d9 0d | #21 spent 0.19 milliseconds in ikev2_process_packet() | Started DH shared-secret computation in NSS: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.222 milliseconds in comm_handle_cb() reading and processing packet | new : g_ir-key@0x7f49f000c6f0 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f49e4011c58: computed shared DH secret key@0x7f49f000c6f0 | dh-shared : g^ir-key@0x7f49f000c6f0 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=24 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f49e8003b28 (length 64) | 52 42 a6 4f b9 ae d7 f0 18 e1 f6 13 b3 0b 6b b8 | f0 35 2d cd b9 3e 0a 80 df 34 34 5c e7 12 d0 26 | 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a 7a 20 e0 9c | cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 48 39 54 9a | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a02ecb6e0 | result: Ni | Nr-key@0x7f49f000a2d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x7f49f000a2d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a02ecb6c8 | result: Ni | Nr-key@0x7f49f000c660 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x7f49f000a2d0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f49e80013b0 from Ni | Nr-key@0x7f49f000c660 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f49e80013b0 from Ni | Nr-key@0x7f49f000c660 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x7f49f000c660 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f49e80016c8 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x7f49f000c6f0 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x7f49f000c6f0 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x7f49f000c6f0 | nss hmac digest hack: symkey-key@0x7f49f000c6f0 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)-1398808382: ec 10 30 81 33 8c 8d 40 94 6e b3 bf 41 28 97 41 e0 68 2d a9 73 e1 ba 69 8c 7f 83 f1 ee 32 44 db 30 94 40 23 0b 17 3d e2 b9 86 d4 28 c6 59 27 33 da 2e 11 79 f0 01 fd 4e f5 88 b0 d1 d0 79 9d 7e 31 9c df a0 fa 63 ed 0b 72 cf fc 5a 5b ce 32 bb 66 1e db dd 3a 3f a4 5c fb 38 a2 1e 96 5e c5 00 21 3b 15 c3 cf 7f 9f f8 75 72 97 3e 82 db b1 2d 63 26 9c c8 10 a6 da d3 ff fb 67 36 8a cd e3 86 11 bc 70 6b 89 91 54 d9 60 4f 4a 97 81 85 a2 86 b6 e1 5c 44 7b 79 c2 2f 36 88 17 74 12 eb 6b 59 17 5b e8 02 1d c1 ee 6a 87 78 1c 50 44 b5 92 5b ed 78 a7 e2 13 10 99 3f 77 e8 98 45 e8 f2 03 ef 0d 85 5c 3e 9e f5 c7 c4 d7 a4 18 26 e7 ed 62 cb 9b a2 bf 39 56 ef 8e 2c 51 48 f1 27 69 0a 5c 0c 04 dc 40 31 8f 3b b4 f6 3b cf 07 ca 96 d8 a0 49 cc 70 9a 4e 71 a9 9d cd 9e 28 07 9c fd a2 19 fa | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 256 bytes at 0x7f49e80045a8 | unwrapped: 7c 26 7d dc 6b d7 46 4b 70 56 4b c4 b8 9a b2 ac | unwrapped: ca 82 31 29 7a 90 5c ba c3 35 32 97 70 32 73 bc | unwrapped: 7e 5e b0 15 50 0f ce 64 6c a4 29 c7 7c 68 2e 57 | unwrapped: 76 a6 4a 58 fd e5 f8 4f 1c ed 58 13 d5 3e 20 2b | unwrapped: 0c 1d 7d ab bd 09 bf 92 67 75 39 04 b1 09 6c ee | unwrapped: 5d 1d 3f f1 75 56 53 4c 78 ce a9 03 c6 21 d6 d0 | unwrapped: f4 3a 11 8e 98 a8 14 c7 d3 59 8d df db a3 a1 33 | unwrapped: 85 ed 0d f3 e6 91 99 19 4e 00 24 cd d6 7d a9 23 | unwrapped: 92 39 91 62 27 d9 d0 73 1b db 1c ac 7c d4 9d ce | unwrapped: 9f 3e 0e f3 c7 52 27 24 a7 85 88 7f 94 0b 6e 18 | unwrapped: cb c4 e2 b1 0f 37 59 f8 7a fd fe ef ae 8b 43 01 | unwrapped: e1 ef 0c a3 84 04 ac 1d d5 43 97 28 43 d4 78 12 | unwrapped: 08 10 c2 5d c9 04 3d 1c e5 bd a0 7d 54 aa 4d b6 | unwrapped: c0 c2 4f c0 26 aa d2 04 3a 43 d6 ba 7e 8a 01 5e | unwrapped: 8d 90 2d e0 ad 03 f7 76 0c a8 4f 8a 20 e0 9f 47 | unwrapped: 0d 8f 5c bb f9 90 cc 97 25 a2 7c 8a aa be 7a f4 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a02ecb700 | result: final-key@0x7f49f000a2d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49f000a2d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a02ecb6e8 | result: final-key@0x7f49f000c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f49f000a2d0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x7f49f000c660 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x7f49f000c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a02ecb670 | result: data=Ni-key@0x5641ad9469b0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x5641ad9469b0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a02ecb658 | result: data=Ni-key@0x7f49f000a2d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x5641ad9469b0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f49f000a2d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f4a02ecb660 | result: data+=Nr-key@0x5641ad9469b0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f49f000a2d0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad9469b0 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f4a02ecb660 | result: data+=SPIi-key@0x7f49f000a2d0 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5641ad9469b0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f49f000a2d0 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f4a02ecb660 | result: data+=SPIr-key@0x5641ad9469b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f49f000a2d0 | prf+0 PRF sha init key-key@0x7f49f000c660 (size 20) | prf+0: key-key@0x7f49f000c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49f000c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a02ecb588 | result: clone-key@0x7f49f000a2d0 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f49e80013b0 from key-key@0x7f49f000a2d0 | prf+0 prf: begin sha with context 0x7f49e80013b0 from key-key@0x7f49f000a2d0 | prf+0: release clone-key@0x7f49f000a2d0 | prf+0 PRF sha crypt-prf@0x7f49e8002168 | prf+0 PRF sha update seed-key@0x5641ad9469b0 (size 80) | prf+0: seed-key@0x5641ad9469b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad9469b0 | nss hmac digest hack: symkey-key@0x5641ad9469b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: 92 57 4e d7 85 eb 1c 53 89 26 23 93 c8 18 02 da 5f 9e 0b ff 60 5f 2c 0f bb e9 9b fc 94 bb 12 63 25 d3 3d c3 b4 a5 00 e3 8f b4 07 90 a5 57 76 35 ca 9f d5 a6 17 0f 58 59 0b 7e 66 a6 d7 20 3f a3 21 35 88 2d e3 1d 04 54 9c 23 29 aa d6 86 08 cf | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49e8004ba8 | unwrapped: 52 42 a6 4f b9 ae d7 f0 18 e1 f6 13 b3 0b 6b b8 | unwrapped: f0 35 2d cd b9 3e 0a 80 df 34 34 5c e7 12 d0 26 | unwrapped: 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a 7a 20 e0 9c | unwrapped: cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 48 39 54 9a | unwrapped: 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a02ecb590 | result: final-key@0x5641ad949c80 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad949c80 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a02ecb578 | result: final-key@0x7f49f000a2d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad949c80 | prf+0 PRF sha final-key@0x7f49f000a2d0 (size 20) | prf+0: key-key@0x7f49f000a2d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x7f49f000a2d0 | prf+N PRF sha init key-key@0x7f49f000c660 (size 20) | prf+N: key-key@0x7f49f000c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49f000c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a02ecb588 | result: clone-key@0x5641ad949c80 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49e80013b0 from key-key@0x5641ad949c80 | prf+N prf: begin sha with context 0x7f49e80013b0 from key-key@0x5641ad949c80 | prf+N: release clone-key@0x5641ad949c80 | prf+N PRF sha crypt-prf@0x7f49e80046d8 | prf+N PRF sha update old_t-key@0x7f49f000a2d0 (size 20) | prf+N: old_t-key@0x7f49f000a2d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f49f000a2d0 | nss hmac digest hack: symkey-key@0x7f49f000a2d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: e9 52 ff d3 18 37 10 f4 0b c0 2c 51 f2 9a c2 84 d4 a5 b6 7f 1f 63 8d 17 a9 e7 f3 99 3b aa ca b9 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49e8001278 | unwrapped: 8b 95 d7 86 43 b6 50 ef 14 e7 31 e1 e8 e3 db fa | unwrapped: 17 75 2c d6 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad9469b0 (size 80) | prf+N: seed-key@0x5641ad9469b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad9469b0 | nss hmac digest hack: symkey-key@0x5641ad9469b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: 92 57 4e d7 85 eb 1c 53 89 26 23 93 c8 18 02 da 5f 9e 0b ff 60 5f 2c 0f bb e9 9b fc 94 bb 12 63 25 d3 3d c3 b4 a5 00 e3 8f b4 07 90 a5 57 76 35 ca 9f d5 a6 17 0f 58 59 0b 7e 66 a6 d7 20 3f a3 21 35 88 2d e3 1d 04 54 9c 23 29 aa d6 86 08 cf | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49e8004b28 | unwrapped: 52 42 a6 4f b9 ae d7 f0 18 e1 f6 13 b3 0b 6b b8 | unwrapped: f0 35 2d cd b9 3e 0a 80 df 34 34 5c e7 12 d0 26 | unwrapped: 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a 7a 20 e0 9c | unwrapped: cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 48 39 54 9a | unwrapped: 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a02ecb590 | result: final-key@0x5641ad9373d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a02ecb578 | result: final-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad9373d0 | prf+N PRF sha final-key@0x5641ad949c80 (size 20) | prf+N: key-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f49f000a2d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a02ecb608 | result: result-key@0x5641ad9373d0 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f49f000a2d0 | prfplus: release old_t[N]-key@0x7f49f000a2d0 | prf+N PRF sha init key-key@0x7f49f000c660 (size 20) | prf+N: key-key@0x7f49f000c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49f000c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a02ecb588 | result: clone-key@0x7f49f000a2d0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49e80013b0 from key-key@0x7f49f000a2d0 | prf+N prf: begin sha with context 0x7f49e80013b0 from key-key@0x7f49f000a2d0 | prf+N: release clone-key@0x7f49f000a2d0 | prf+N PRF sha crypt-prf@0x7f49e8002168 | prf+N PRF sha update old_t-key@0x5641ad949c80 (size 20) | prf+N: old_t-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad949c80 | nss hmac digest hack: symkey-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 7e 67 f0 7b c0 2d 7a 5d c1 7a 22 3e 9d 62 bc 86 6f d9 cc 89 73 58 61 3d d3 ba 82 7c ee ab 7f 98 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49e80016c8 | unwrapped: 78 d7 7a 3d 41 ef d2 67 e8 a7 64 de 28 4e 67 27 | unwrapped: a5 2c ea 5b 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad9469b0 (size 80) | prf+N: seed-key@0x5641ad9469b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad9469b0 | nss hmac digest hack: symkey-key@0x5641ad9469b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: 92 57 4e d7 85 eb 1c 53 89 26 23 93 c8 18 02 da 5f 9e 0b ff 60 5f 2c 0f bb e9 9b fc 94 bb 12 63 25 d3 3d c3 b4 a5 00 e3 8f b4 07 90 a5 57 76 35 ca 9f d5 a6 17 0f 58 59 0b 7e 66 a6 d7 20 3f a3 21 35 88 2d e3 1d 04 54 9c 23 29 aa d6 86 08 cf | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49e8004ba8 | unwrapped: 52 42 a6 4f b9 ae d7 f0 18 e1 f6 13 b3 0b 6b b8 | unwrapped: f0 35 2d cd b9 3e 0a 80 df 34 34 5c e7 12 d0 26 | unwrapped: 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a 7a 20 e0 9c | unwrapped: cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 48 39 54 9a | unwrapped: 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a02ecb590 | result: final-key@0x5641ad93d070 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad93d070 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a02ecb578 | result: final-key@0x7f49f000a2d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad93d070 | prf+N PRF sha final-key@0x7f49f000a2d0 (size 20) | prf+N: key-key@0x7f49f000a2d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad9373d0 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a02ecb608 | result: result-key@0x5641ad93d070 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5641ad9373d0 | prfplus: release old_t[N]-key@0x5641ad949c80 | prf+N PRF sha init key-key@0x7f49f000c660 (size 20) | prf+N: key-key@0x7f49f000c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49f000c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a02ecb588 | result: clone-key@0x5641ad949c80 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49e80013b0 from key-key@0x5641ad949c80 | prf+N prf: begin sha with context 0x7f49e80013b0 from key-key@0x5641ad949c80 | prf+N: release clone-key@0x5641ad949c80 | prf+N PRF sha crypt-prf@0x7f49e8001278 | prf+N PRF sha update old_t-key@0x7f49f000a2d0 (size 20) | prf+N: old_t-key@0x7f49f000a2d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f49f000a2d0 | nss hmac digest hack: symkey-key@0x7f49f000a2d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 8d e6 18 0c f9 6e f0 43 45 cb d2 50 e4 48 48 66 62 d5 f7 32 7d 1e b0 7d 2b 34 7a 5e 53 c8 6e ac | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49e80061e8 | unwrapped: 0e ea 0d 3d 4c f0 92 31 af 3a fe 2c b6 1f 79 7a | unwrapped: d3 f9 3a 6a 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad9469b0 (size 80) | prf+N: seed-key@0x5641ad9469b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad9469b0 | nss hmac digest hack: symkey-key@0x5641ad9469b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: 92 57 4e d7 85 eb 1c 53 89 26 23 93 c8 18 02 da 5f 9e 0b ff 60 5f 2c 0f bb e9 9b fc 94 bb 12 63 25 d3 3d c3 b4 a5 00 e3 8f b4 07 90 a5 57 76 35 ca 9f d5 a6 17 0f 58 59 0b 7e 66 a6 d7 20 3f a3 21 35 88 2d e3 1d 04 54 9c 23 29 aa d6 86 08 cf | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49e8004b28 | unwrapped: 52 42 a6 4f b9 ae d7 f0 18 e1 f6 13 b3 0b 6b b8 | unwrapped: f0 35 2d cd b9 3e 0a 80 df 34 34 5c e7 12 d0 26 | unwrapped: 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a 7a 20 e0 9c | unwrapped: cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 48 39 54 9a | unwrapped: 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a02ecb590 | result: final-key@0x5641ad9373d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a02ecb578 | result: final-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad9373d0 | prf+N PRF sha final-key@0x5641ad949c80 (size 20) | prf+N: key-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad93d070 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a02ecb608 | result: result-key@0x5641ad9373d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5641ad93d070 | prfplus: release old_t[N]-key@0x7f49f000a2d0 | prf+N PRF sha init key-key@0x7f49f000c660 (size 20) | prf+N: key-key@0x7f49f000c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49f000c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a02ecb588 | result: clone-key@0x7f49f000a2d0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49e80013b0 from key-key@0x7f49f000a2d0 | prf+N prf: begin sha with context 0x7f49e80013b0 from key-key@0x7f49f000a2d0 | prf+N: release clone-key@0x7f49f000a2d0 | prf+N PRF sha crypt-prf@0x7f49e80046d8 | prf+N PRF sha update old_t-key@0x5641ad949c80 (size 20) | prf+N: old_t-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad949c80 | nss hmac digest hack: symkey-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 5a 6e 97 27 4d 4c 4c 90 b3 1a ee 0a be ac bd 48 ed 0f 84 8a 1a 0d ed b4 3e b9 45 0b 19 7e 69 89 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49e80016c8 | unwrapped: c9 8a 7f 61 25 ce 32 a1 fe 6c 6e c5 4d 5c c8 81 | unwrapped: 49 fa d8 b8 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad9469b0 (size 80) | prf+N: seed-key@0x5641ad9469b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad9469b0 | nss hmac digest hack: symkey-key@0x5641ad9469b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: 92 57 4e d7 85 eb 1c 53 89 26 23 93 c8 18 02 da 5f 9e 0b ff 60 5f 2c 0f bb e9 9b fc 94 bb 12 63 25 d3 3d c3 b4 a5 00 e3 8f b4 07 90 a5 57 76 35 ca 9f d5 a6 17 0f 58 59 0b 7e 66 a6 d7 20 3f a3 21 35 88 2d e3 1d 04 54 9c 23 29 aa d6 86 08 cf | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49e8004ba8 | unwrapped: 52 42 a6 4f b9 ae d7 f0 18 e1 f6 13 b3 0b 6b b8 | unwrapped: f0 35 2d cd b9 3e 0a 80 df 34 34 5c e7 12 d0 26 | unwrapped: 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a 7a 20 e0 9c | unwrapped: cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 48 39 54 9a | unwrapped: 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a02ecb590 | result: final-key@0x5641ad93d070 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad93d070 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a02ecb578 | result: final-key@0x7f49f000a2d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad93d070 | prf+N PRF sha final-key@0x7f49f000a2d0 (size 20) | prf+N: key-key@0x7f49f000a2d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad9373d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a02ecb608 | result: result-key@0x5641ad93d070 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5641ad9373d0 | prfplus: release old_t[N]-key@0x5641ad949c80 | prf+N PRF sha init key-key@0x7f49f000c660 (size 20) | prf+N: key-key@0x7f49f000c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49f000c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a02ecb588 | result: clone-key@0x5641ad949c80 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49e80059e0 from key-key@0x5641ad949c80 | prf+N prf: begin sha with context 0x7f49e80059e0 from key-key@0x5641ad949c80 | prf+N: release clone-key@0x5641ad949c80 | prf+N PRF sha crypt-prf@0x7f49e8002168 | prf+N PRF sha update old_t-key@0x7f49f000a2d0 (size 20) | prf+N: old_t-key@0x7f49f000a2d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f49f000a2d0 | nss hmac digest hack: symkey-key@0x7f49f000a2d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 30 8f d3 c9 ef fc 98 3e 05 3a bb b5 c6 bf 44 f6 99 bd 57 bd 3a 9a 28 98 22 4a 5a 2c 58 93 d4 18 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49e8001278 | unwrapped: a9 3c 7a 7c 05 15 90 5f b9 ba 86 10 e4 f7 80 e8 | unwrapped: 28 72 03 43 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad9469b0 (size 80) | prf+N: seed-key@0x5641ad9469b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad9469b0 | nss hmac digest hack: symkey-key@0x5641ad9469b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: 92 57 4e d7 85 eb 1c 53 89 26 23 93 c8 18 02 da 5f 9e 0b ff 60 5f 2c 0f bb e9 9b fc 94 bb 12 63 25 d3 3d c3 b4 a5 00 e3 8f b4 07 90 a5 57 76 35 ca 9f d5 a6 17 0f 58 59 0b 7e 66 a6 d7 20 3f a3 21 35 88 2d e3 1d 04 54 9c 23 29 aa d6 86 08 cf | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49e8004b28 | unwrapped: 52 42 a6 4f b9 ae d7 f0 18 e1 f6 13 b3 0b 6b b8 | unwrapped: f0 35 2d cd b9 3e 0a 80 df 34 34 5c e7 12 d0 26 | unwrapped: 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a 7a 20 e0 9c | unwrapped: cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 48 39 54 9a | unwrapped: 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a02ecb590 | result: final-key@0x5641ad9373d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a02ecb578 | result: final-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad9373d0 | prf+N PRF sha final-key@0x5641ad949c80 (size 20) | prf+N: key-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad93d070 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a02ecb608 | result: result-key@0x5641ad9373d0 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5641ad93d070 | prfplus: release old_t[N]-key@0x7f49f000a2d0 | prf+N PRF sha init key-key@0x7f49f000c660 (size 20) | prf+N: key-key@0x7f49f000c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49f000c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a02ecb588 | result: clone-key@0x7f49f000a2d0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49e80013b0 from key-key@0x7f49f000a2d0 | prf+N prf: begin sha with context 0x7f49e80013b0 from key-key@0x7f49f000a2d0 | prf+N: release clone-key@0x7f49f000a2d0 | prf+N PRF sha crypt-prf@0x7f49e80046d8 | prf+N PRF sha update old_t-key@0x5641ad949c80 (size 20) | prf+N: old_t-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad949c80 | nss hmac digest hack: symkey-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 48 64 d6 a4 8e be c9 9a dc 0d ef bb ca a7 70 7b 55 16 8c 20 31 df ce 3a 12 38 df 0d bd 1b 41 f6 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49e80016c8 | unwrapped: 6f 8b 53 33 c7 6c 1c af e2 2a 64 8a 80 00 8a b2 | unwrapped: a6 10 73 03 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad9469b0 (size 80) | prf+N: seed-key@0x5641ad9469b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad9469b0 | nss hmac digest hack: symkey-key@0x5641ad9469b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: 92 57 4e d7 85 eb 1c 53 89 26 23 93 c8 18 02 da 5f 9e 0b ff 60 5f 2c 0f bb e9 9b fc 94 bb 12 63 25 d3 3d c3 b4 a5 00 e3 8f b4 07 90 a5 57 76 35 ca 9f d5 a6 17 0f 58 59 0b 7e 66 a6 d7 20 3f a3 21 35 88 2d e3 1d 04 54 9c 23 29 aa d6 86 08 cf | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49e8006878 | unwrapped: 52 42 a6 4f b9 ae d7 f0 18 e1 f6 13 b3 0b 6b b8 | unwrapped: f0 35 2d cd b9 3e 0a 80 df 34 34 5c e7 12 d0 26 | unwrapped: 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a 7a 20 e0 9c | unwrapped: cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 48 39 54 9a | unwrapped: 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a02ecb590 | result: final-key@0x5641ad93d070 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad93d070 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a02ecb578 | result: final-key@0x7f49f000a2d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad93d070 | prf+N PRF sha final-key@0x7f49f000a2d0 (size 20) | prf+N: key-key@0x7f49f000a2d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad9373d0 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a02ecb608 | result: result-key@0x5641ad93d070 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5641ad9373d0 | prfplus: release old_t[N]-key@0x5641ad949c80 | prf+N PRF sha init key-key@0x7f49f000c660 (size 20) | prf+N: key-key@0x7f49f000c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49f000c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a02ecb588 | result: clone-key@0x5641ad949c80 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49e80013b0 from key-key@0x5641ad949c80 | prf+N prf: begin sha with context 0x7f49e80013b0 from key-key@0x5641ad949c80 | prf+N: release clone-key@0x5641ad949c80 | prf+N PRF sha crypt-prf@0x7f49e8002168 | prf+N PRF sha update old_t-key@0x7f49f000a2d0 (size 20) | prf+N: old_t-key@0x7f49f000a2d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f49f000a2d0 | nss hmac digest hack: symkey-key@0x7f49f000a2d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 1d 44 1f 2c 26 6f 1e f0 75 b6 dd d9 e6 71 48 ae 8a 46 95 c1 83 c0 b5 d3 fa ac 41 73 f9 ab c6 38 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x7f49e8001278 | unwrapped: c2 67 94 e6 ee 4f 72 a6 9c 21 72 28 5d 0f 80 94 | unwrapped: c0 8e 6d b5 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad9469b0 (size 80) | prf+N: seed-key@0x5641ad9469b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5641ad9469b0 | nss hmac digest hack: symkey-key@0x5641ad9469b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1398713859: 92 57 4e d7 85 eb 1c 53 89 26 23 93 c8 18 02 da 5f 9e 0b ff 60 5f 2c 0f bb e9 9b fc 94 bb 12 63 25 d3 3d c3 b4 a5 00 e3 8f b4 07 90 a5 57 76 35 ca 9f d5 a6 17 0f 58 59 0b 7e 66 a6 d7 20 3f a3 21 35 88 2d e3 1d 04 54 9c 23 29 aa d6 86 08 cf | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 80 bytes at 0x7f49e8004ba8 | unwrapped: 52 42 a6 4f b9 ae d7 f0 18 e1 f6 13 b3 0b 6b b8 | unwrapped: f0 35 2d cd b9 3e 0a 80 df 34 34 5c e7 12 d0 26 | unwrapped: 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a 7a 20 e0 9c | unwrapped: cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 48 39 54 9a | unwrapped: 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | prf+N PRF sha update N++-byte@0x8 (8) | 08 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4a02ecb590 | result: final-key@0x5641ad9373d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a02ecb578 | result: final-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad9373d0 | prf+N PRF sha final-key@0x5641ad949c80 (size 20) | prf+N: key-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad93d070 (140-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4a02ecb608 | result: result-key@0x5641ad9373d0 (160-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5641ad93d070 | prfplus: release old_t[N]-key@0x7f49f000a2d0 | prfplus: release old_t[final]-key@0x5641ad949c80 | ike_sa_keymat: release data-key@0x5641ad9469b0 | calc_skeyseed_v2: release skeyseed_k-key@0x7f49f000c660 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a02ecb7a8 | result: result-key@0x7f49f000c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a02ecb7a8 | result: result-key@0x5641ad9469b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a02ecb7a8 | result: result-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: DES3_CBC | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x5641ad9373d0 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a02ecb7b8 | result: SK_ei_k-key@0x7f49f000a2d0 (24-bytes, DES3_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 84, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: DES3_CBC | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x5641ad9373d0 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a02ecb7b8 | result: SK_er_k-key@0x5641ad93d070 (24-bytes, DES3_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 108, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a02ecb7b8 | result: result-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x7f49e400b980 | chunk_SK_pi: symkey-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: 45 a4 38 6e a2 41 7f c7 55 6c 93 dc fc 36 35 10 a6 53 5e 21 03 21 e3 f0 bd 1e 97 b0 fe 51 fe 80 | chunk_SK_pi: release slot-key-key@0x5641ad91fd40 | chunk_SK_pi extracted len 32 bytes at 0x7f49e80046d8 | unwrapped: e2 2a 64 8a 80 00 8a b2 a6 10 73 03 c2 67 94 e6 | unwrapped: ee 4f 72 a6 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 128, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4a02ecb7b8 | result: result-key@0x5641ad94d880 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x5641ad94d880 | chunk_SK_pr: symkey-key@0x5641ad94d880 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: e4 93 bf 96 b8 09 6f 8e 5e c8 b6 83 73 21 46 2f be 72 0f 0c 0f 92 50 27 a2 7f 25 c5 76 5f 74 e9 | chunk_SK_pr: release slot-key-key@0x5641ad91fd40 | chunk_SK_pr extracted len 32 bytes at 0x7f49e8001278 | unwrapped: 9c 21 72 28 5d 0f 80 94 c0 8e 6d b5 15 0b e0 99 | unwrapped: 10 86 44 44 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x5641ad9373d0 | calc_skeyseed_v2 pointers: shared-key@0x7f49f000c6f0, SK_d-key@0x7f49f000c660, SK_ai-key@0x5641ad9469b0, SK_ar-key@0x5641ad949c80, SK_ei-key@0x7f49f000a2d0, SK_er-key@0x5641ad93d070, SK_pi-key@0x7f49e400b980, SK_pr-key@0x5641ad94d880 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | e2 2a 64 8a 80 00 8a b2 a6 10 73 03 c2 67 94 e6 | ee 4f 72 a6 | calc_skeyseed_v2 SK_pr | 9c 21 72 28 5d 0f 80 94 c0 8e 6d b5 15 0b e0 99 | 10 86 44 44 | crypto helper 6 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 14 time elapsed 0.002837 seconds | (#21) spent 2.81 milliseconds in crypto helper computing work-order 14: ikev2_inI2outR2 KE (pcr) | crypto helper 6 sending results from work-order 14 for state #21 to event queue | scheduling resume sending helper answer for #21 | libevent_malloc: new ptr-libevent@0x7f49e80060e8 size 128 | crypto helper 6 waiting (nothing to do) | processing resume sending helper answer for #21 | start processing: state #21 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 6 replies to request ID 14 | calling continuation function 0x5641ac982b50 | ikev2_parent_inI2outR2_continue for #21: calculating g^{xy}, sending R2 | DH secret MODP2048@0x7f49e4011c58: transferring ownership from helper IKEv2 DH to state #21 | finish_dh_v2: release st_shared_nss-key@NULL | #21 in state PARENT_R1: received v2I1, sent v2R1 | hmac PRF sha init symkey-key@0x5641ad9469b0 (size 20) | hmac: symkey-key@0x5641ad9469b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad9469b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b1ab8 | result: clone-key@0x5641ad9373d0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49f0002b50 from symkey-key@0x5641ad9373d0 | hmac prf: begin sha with context 0x7f49f0002b50 from symkey-key@0x5641ad9373d0 | hmac: release clone-key@0x5641ad9373d0 | hmac PRF sha crypt-prf@0x5641ad93d628 | hmac PRF sha update data-bytes@0x5641ad8cb328 (length 184) | 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | 63 5e 1b 85 73 17 ab f2 4a f8 b1 73 50 be 8a 41 | d3 cb 4a 75 07 50 bc a4 3b 84 71 1d 3d 52 fb fc | e8 77 c4 85 9f 9b a5 79 95 ed e5 61 54 33 ea a9 | 1e 94 55 ac c0 23 8d 1c 75 35 9d 09 f5 a1 d4 f6 | 29 85 c2 59 49 7f fd 85 20 c0 db 98 55 83 97 a3 | 66 d3 86 a2 4e 4d aa 1a 21 fc 05 0e 60 a8 0e 48 | 92 cb 54 97 f9 8c 0f e5 60 40 8d f2 63 39 cc 96 | 9d 1d 82 6d bc c5 9b 44 1e 68 8c 0a 19 48 2b 03 | 80 98 c5 cd ef fb 52 0e ae e6 84 ab 60 cb 38 fb | 8f 02 ad 57 bf 1b cc 2b | hmac PRF sha final-bytes@0x7fff837b1c80 (length 20) | d6 49 5f 14 0f ab cc a7 e6 16 2b 68 d4 f1 48 31 | 3b 34 95 79 | data for hmac: 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | data for hmac: 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | data for hmac: 63 5e 1b 85 73 17 ab f2 4a f8 b1 73 50 be 8a 41 | data for hmac: d3 cb 4a 75 07 50 bc a4 3b 84 71 1d 3d 52 fb fc | data for hmac: e8 77 c4 85 9f 9b a5 79 95 ed e5 61 54 33 ea a9 | data for hmac: 1e 94 55 ac c0 23 8d 1c 75 35 9d 09 f5 a1 d4 f6 | data for hmac: 29 85 c2 59 49 7f fd 85 20 c0 db 98 55 83 97 a3 | data for hmac: 66 d3 86 a2 4e 4d aa 1a 21 fc 05 0e 60 a8 0e 48 | data for hmac: 92 cb 54 97 f9 8c 0f e5 60 40 8d f2 63 39 cc 96 | data for hmac: 9d 1d 82 6d bc c5 9b 44 1e 68 8c 0a 19 48 2b 03 | data for hmac: 80 98 c5 cd ef fb 52 0e ae e6 84 ab 60 cb 38 fb | data for hmac: 8f 02 ad 57 bf 1b cc 2b | calculated auth: d6 49 5f 14 0f ab cc a7 e6 16 2b 68 | provided auth: d6 49 5f 14 0f ab cc a7 e6 16 2b 68 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 63 5e 1b 85 73 17 ab f2 | payload before decryption: | 4a f8 b1 73 50 be 8a 41 d3 cb 4a 75 07 50 bc a4 | 3b 84 71 1d 3d 52 fb fc e8 77 c4 85 9f 9b a5 79 | 95 ed e5 61 54 33 ea a9 1e 94 55 ac c0 23 8d 1c | 75 35 9d 09 f5 a1 d4 f6 29 85 c2 59 49 7f fd 85 | 20 c0 db 98 55 83 97 a3 66 d3 86 a2 4e 4d aa 1a | 21 fc 05 0e 60 a8 0e 48 92 cb 54 97 f9 8c 0f e5 | 60 40 8d f2 63 39 cc 96 9d 1d 82 6d bc c5 9b 44 | 1e 68 8c 0a 19 48 2b 03 80 98 c5 cd ef fb 52 0e | ae e6 84 ab 60 cb 38 fb 8f 02 ad 57 bf 1b cc 2b | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | payload after decryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | 8d 11 65 2b 50 3a 04 7e dd 9e 5b 0a 78 b3 07 19 | c3 64 1a d4 2c 00 00 28 00 00 00 24 01 03 04 03 | a6 04 13 64 03 00 00 08 01 00 00 03 03 00 00 08 | 03 00 00 02 00 00 00 08 05 00 00 00 2d 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 01 00 | c0 00 01 ff 00 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 02 00 c0 00 02 ff 00 01 02 03 | stripping 4 octets as pad | #21 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) | **parse IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDi (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SA (len=36) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Responder: process IKE_AUTH request | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request "east" #21: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} | #21 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | received IDr payload - extracting our alleged ID | refine_host_connection for IKEv2: starting with "east" | match_id a=@west | b=@west | results matched | refine_host_connection: checking "east" against "east", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) | Warning: not switching back to template of current instance | Peer expects us to be @east (ID_FQDN) according to its IDr payload | This connection's local id is @east (ID_FQDN) | refine_host_connection: checked east against east, now for see if best | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x5641ad891c48 (line=1) | concluding with best_match=014 best=0x5641ad891c48 (lineno=1) | returning because exact peer id match | offered CA: '%none' "east" #21: IKEv2 mode peer ID is ID_FQDN: '@west' | hmac PRF sha init symkey-key@0x7f49e400b980 (size 20) | hmac: symkey-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49e400b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b1538 | result: clone-key@0x5641ad9373d0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49f0002b50 from symkey-key@0x5641ad9373d0 | hmac prf: begin sha with context 0x7f49f0002b50 from symkey-key@0x5641ad9373d0 | hmac: release clone-key@0x5641ad9373d0 | hmac PRF sha crypt-prf@0x5641ad93d128 | idhash verify I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x5641ad8cb354 (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7fff837b16e0 (length 20) | f9 04 03 fc 9d c0 98 74 04 66 0b 81 28 f1 6c 03 | 2c 9b 87 d2 | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x5641ad891c48 (line=1) | concluding with best_match=014 best=0x5641ad891c48 (lineno=1) | inputs to hash1 (first packet) | 31 91 a7 e4 1f 1e 39 2b 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 46 71 e7 56 e8 56 e2 84 f7 80 b1 1e | ce d9 e0 1a e9 d8 6a 1b 5d 2d 03 9b ef 6f 27 3f | 50 1c a3 b8 55 91 84 1c 14 9b 9e 45 89 09 86 5d | dc 91 49 c0 18 9f e5 dc 25 6c 33 aa 83 23 94 73 | 76 70 c2 f7 d8 6b 99 02 d4 47 f4 21 14 eb 01 33 | 5e 07 8c 79 b1 c6 a7 1f 70 19 14 24 c9 dd 12 0d | b7 d3 ee 91 83 77 65 b4 29 2c 65 4d ac e3 c8 cc | 41 cc 84 2a fe ed 9f cb 25 ae 1e c6 6d 52 f9 67 | 04 42 69 03 9d b3 6b 11 b9 9f bc 7d 55 47 a4 7b | 40 78 fe 96 ee fa 59 66 0a 70 a8 bc 94 5a c9 8d | a4 88 ba 18 24 b0 8b 5d 93 63 37 cd 6a ae b1 92 | 60 72 75 cb 17 fe 93 f7 1b 45 11 52 e4 31 99 6e | a5 f3 df 00 ee 1d 3a e8 5a f3 3e 9b 8f 4e 76 d3 | 88 2f 12 0c 02 58 af e8 92 2f e0 d6 29 c5 1f e9 | 10 de 74 16 1a 50 4e 98 6f e2 a3 75 a4 f7 cd b6 | da 83 cf d7 02 ad 83 34 f5 b7 45 e6 64 a6 8d 11 | 90 b8 d9 0d 29 00 00 24 52 42 a6 4f b9 ae d7 f0 | 18 e1 f6 13 b3 0b 6b b8 f0 35 2d cd b9 3e 0a 80 | df 34 34 5c e7 12 d0 26 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 03 00 a3 52 49 3e fe a5 | 38 fc db fa 93 87 a2 04 d8 af dc 29 00 00 00 1c | 00 00 40 05 15 5b 2e 20 43 8e 57 54 6c 02 96 4e | d2 c9 5e 89 af 57 d6 d1 | verify: initiator inputs to hash2 (responder nonce) | 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a 7a 20 e0 9c | cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 48 39 54 9a | idhash f9 04 03 fc 9d c0 98 74 04 66 0b 81 28 f1 6c 03 | idhash 2c 9b 87 d2 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x5641ad91fc98 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b1330 | result: shared secret-key@0x5641ad9465a0 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x5641ad9465a0 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b1318 | result: shared secret-key@0x5641ad9373d0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x5641ad9465a0 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f49f0002b50 from shared secret-key@0x5641ad9373d0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f49f0002b50 from shared secret-key@0x5641ad9373d0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x5641ad9373d0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x5641ad93d628 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x5641aca154d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b1350 | result: final-key@0x5641ad9465a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad9465a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b1338 | result: final-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad9465a0 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x5641ad9373d0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x5641ad9373d0 (size 20) | = prf(, ): -key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b1348 | result: clone-key@0x5641ad9465a0 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f49f0002b50 from -key@0x5641ad9465a0 | = prf(, ) prf: begin sha with context 0x7f49f0002b50 from -key@0x5641ad9465a0 | = prf(, ): release clone-key@0x5641ad9465a0 | = prf(, ) PRF sha crypt-prf@0x5641ad93d128 | = prf(, ) PRF sha update first-packet-bytes@0x5641ad94c728 (length 440) | 31 91 a7 e4 1f 1e 39 2b 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 46 71 e7 56 e8 56 e2 84 f7 80 b1 1e | ce d9 e0 1a e9 d8 6a 1b 5d 2d 03 9b ef 6f 27 3f | 50 1c a3 b8 55 91 84 1c 14 9b 9e 45 89 09 86 5d | dc 91 49 c0 18 9f e5 dc 25 6c 33 aa 83 23 94 73 | 76 70 c2 f7 d8 6b 99 02 d4 47 f4 21 14 eb 01 33 | 5e 07 8c 79 b1 c6 a7 1f 70 19 14 24 c9 dd 12 0d | b7 d3 ee 91 83 77 65 b4 29 2c 65 4d ac e3 c8 cc | 41 cc 84 2a fe ed 9f cb 25 ae 1e c6 6d 52 f9 67 | 04 42 69 03 9d b3 6b 11 b9 9f bc 7d 55 47 a4 7b | 40 78 fe 96 ee fa 59 66 0a 70 a8 bc 94 5a c9 8d | a4 88 ba 18 24 b0 8b 5d 93 63 37 cd 6a ae b1 92 | 60 72 75 cb 17 fe 93 f7 1b 45 11 52 e4 31 99 6e | a5 f3 df 00 ee 1d 3a e8 5a f3 3e 9b 8f 4e 76 d3 | 88 2f 12 0c 02 58 af e8 92 2f e0 d6 29 c5 1f e9 | 10 de 74 16 1a 50 4e 98 6f e2 a3 75 a4 f7 cd b6 | da 83 cf d7 02 ad 83 34 f5 b7 45 e6 64 a6 8d 11 | 90 b8 d9 0d 29 00 00 24 52 42 a6 4f b9 ae d7 f0 | 18 e1 f6 13 b3 0b 6b b8 f0 35 2d cd b9 3e 0a 80 | df 34 34 5c e7 12 d0 26 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 03 00 a3 52 49 3e fe a5 | 38 fc db fa 93 87 a2 04 d8 af dc 29 00 00 00 1c | 00 00 40 05 15 5b 2e 20 43 8e 57 54 6c 02 96 4e | d2 c9 5e 89 af 57 d6 d1 | = prf(, ) PRF sha update nonce-bytes@0x7f49e4003a78 (length 32) | 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a 7a 20 e0 9c | cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 48 39 54 9a | = prf(, ) PRF sha update hash-bytes@0x7fff837b16e0 (length 20) | f9 04 03 fc 9d c0 98 74 04 66 0b 81 28 f1 6c 03 | 2c 9b 87 d2 | = prf(, ) PRF sha final-chunk@0x5641ad94b668 (length 20) | 8d 11 65 2b 50 3a 04 7e dd 9e 5b 0a 78 b3 07 19 | c3 64 1a d4 | psk_auth: release prf-psk-key@0x5641ad9373d0 | Received PSK auth octets | 8d 11 65 2b 50 3a 04 7e dd 9e 5b 0a 78 b3 07 19 | c3 64 1a d4 | Calculated PSK auth octets | 8d 11 65 2b 50 3a 04 7e dd 9e 5b 0a 78 b3 07 19 | c3 64 1a d4 "east" #21: Authenticated using authby=secret | parent state #21: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) | #21 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) | state #21 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f49e4005088 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f49fc002b78 | event_schedule: new EVENT_SA_REKEY-pe@0x7f49fc002b78 | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #21 | libevent_malloc: new ptr-libevent@0x5641ad948448 size 128 | pstats #21 ikev2.ike established | **emit ISAKMP Message: | initiator cookie: | 31 91 a7 e4 1f 1e 39 2b | responder cookie: | 3c ff 26 95 49 7e 55 86 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | hmac PRF sha init symkey-key@0x5641ad94d880 (size 20) | hmac: symkey-key@0x5641ad94d880 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad94d880 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0eb8 | result: clone-key@0x5641ad9373d0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49f0002b50 from symkey-key@0x5641ad9373d0 | hmac prf: begin sha with context 0x7f49f0002b50 from symkey-key@0x5641ad9373d0 | hmac: release clone-key@0x5641ad9373d0 | hmac PRF sha crypt-prf@0x5641ad93d128 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload | my identity 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | idhash calc R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x5641aca808ec (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7fff837b11b0 (length 20) | a8 be 21 94 55 06 9f df 6c e6 89 db a9 c2 f9 60 | 83 95 4f a4 | assembled IDr payload | CHILD SA proposals received | going to assemble AUTH payload | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x5641ad891c48 (line=1) | concluding with best_match=014 best=0x5641ad891c48 (lineno=1) | inputs to hash1 (first packet) | 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | 2f c2 e4 d2 02 ee df 01 45 9f 87 55 13 94 c0 5c | 19 4e 6d 9f 48 7a 8f df 5d 23 9e 55 6b bf 07 36 | af 0a d5 71 c2 78 ab 14 78 b8 45 3a 73 8f 98 46 | 60 41 88 72 b6 6d 01 f7 4e 20 b6 d7 75 be ee 58 | 4f 5f 4f 19 e2 e2 06 3d 66 9d 1a 50 3e 5a 35 af | c0 3e d9 aa b4 d8 bc e0 1f bb 4c 46 ac b0 d2 95 | aa cf 7f 9a 23 90 b1 6d 7b a7 4a 88 37 63 37 dd | 64 c4 b8 3d 96 90 79 ee 7e 7e 6d 51 06 f4 44 54 | fc 36 ff f1 13 ac 66 bd a6 dc aa 11 45 a8 2c 2a | 4c b7 2e 44 91 ef b2 1a e1 56 c3 d7 de b7 79 70 | d1 61 02 d9 6e 32 5b 5b 4e b9 94 34 13 97 78 1f | d6 cd 1e ba 9f 40 bb 2c 34 4e 4c 93 b4 aa 85 7b | 82 a4 34 d8 80 ac bc bf 72 98 1e e9 e9 9a bf 18 | de 43 03 15 d7 d5 6b ac 64 0b 19 83 b3 8c a0 1b | 81 33 12 98 7b c1 4e 27 b7 7c 6f 45 4e 4e ed 51 | b9 31 62 d4 ac 0f 9b b2 6f b4 69 b2 33 02 73 77 | 29 00 00 24 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a | 7a 20 e0 9c cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 | 48 39 54 9a 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 0c b0 56 2e ed 28 d2 10 0f a5 5b 50 | e0 ea 20 ee a7 44 de 9d 00 00 00 1c 00 00 40 05 | 4a fb 76 88 f0 e9 69 db f5 bf 78 75 73 09 5a a7 | 4e a4 a3 46 | create: responder inputs to hash2 (initiator nonce) | 52 42 a6 4f b9 ae d7 f0 18 e1 f6 13 b3 0b 6b b8 | f0 35 2d cd b9 3e 0a 80 df 34 34 5c e7 12 d0 26 | idhash a8 be 21 94 55 06 9f df 6c e6 89 db a9 c2 f9 60 | idhash 83 95 4f a4 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x5641ad91fc98 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0ca0 | result: shared secret-key@0x5641ad9465a0 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x5641ad9465a0 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c88 | result: shared secret-key@0x5641ad9373d0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x5641ad9465a0 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f49f0002b50 from shared secret-key@0x5641ad9373d0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f49f0002b50 from shared secret-key@0x5641ad9373d0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x5641ad9373d0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x5641ad94b668 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x5641aca154d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0cc0 | result: final-key@0x5641ad9465a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad9465a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0ca8 | result: final-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad9465a0 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x5641ad9373d0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x5641ad9373d0 (size 20) | = prf(, ): -key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0cb8 | result: clone-key@0x5641ad9465a0 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f49f0002b50 from -key@0x5641ad9465a0 | = prf(, ) prf: begin sha with context 0x7f49f0002b50 from -key@0x5641ad9465a0 | = prf(, ): release clone-key@0x5641ad9465a0 | = prf(, ) PRF sha crypt-prf@0x5641ad93d128 | = prf(, ) PRF sha update first-packet-bytes@0x5641ad945788 (length 436) | 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | 2f c2 e4 d2 02 ee df 01 45 9f 87 55 13 94 c0 5c | 19 4e 6d 9f 48 7a 8f df 5d 23 9e 55 6b bf 07 36 | af 0a d5 71 c2 78 ab 14 78 b8 45 3a 73 8f 98 46 | 60 41 88 72 b6 6d 01 f7 4e 20 b6 d7 75 be ee 58 | 4f 5f 4f 19 e2 e2 06 3d 66 9d 1a 50 3e 5a 35 af | c0 3e d9 aa b4 d8 bc e0 1f bb 4c 46 ac b0 d2 95 | aa cf 7f 9a 23 90 b1 6d 7b a7 4a 88 37 63 37 dd | 64 c4 b8 3d 96 90 79 ee 7e 7e 6d 51 06 f4 44 54 | fc 36 ff f1 13 ac 66 bd a6 dc aa 11 45 a8 2c 2a | 4c b7 2e 44 91 ef b2 1a e1 56 c3 d7 de b7 79 70 | d1 61 02 d9 6e 32 5b 5b 4e b9 94 34 13 97 78 1f | d6 cd 1e ba 9f 40 bb 2c 34 4e 4c 93 b4 aa 85 7b | 82 a4 34 d8 80 ac bc bf 72 98 1e e9 e9 9a bf 18 | de 43 03 15 d7 d5 6b ac 64 0b 19 83 b3 8c a0 1b | 81 33 12 98 7b c1 4e 27 b7 7c 6f 45 4e 4e ed 51 | b9 31 62 d4 ac 0f 9b b2 6f b4 69 b2 33 02 73 77 | 29 00 00 24 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a | 7a 20 e0 9c cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 | 48 39 54 9a 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 0c b0 56 2e ed 28 d2 10 0f a5 5b 50 | e0 ea 20 ee a7 44 de 9d 00 00 00 1c 00 00 40 05 | 4a fb 76 88 f0 e9 69 db f5 bf 78 75 73 09 5a a7 | 4e a4 a3 46 | = prf(, ) PRF sha update nonce-bytes@0x5641ad93c4a8 (length 32) | 52 42 a6 4f b9 ae d7 f0 18 e1 f6 13 b3 0b 6b b8 | f0 35 2d cd b9 3e 0a 80 df 34 34 5c e7 12 d0 26 | = prf(, ) PRF sha update hash-bytes@0x7fff837b11b0 (length 20) | a8 be 21 94 55 06 9f df 6c e6 89 db a9 c2 f9 60 | 83 95 4f a4 | = prf(, ) PRF sha final-chunk@0x5641ad93d628 (length 20) | 55 5e 7a 22 c0 b3 cd 6d 56 29 9b a1 59 58 d1 83 | af 82 41 c1 | psk_auth: release prf-psk-key@0x5641ad9373d0 | PSK auth octets 55 5e 7a 22 c0 b3 cd 6d 56 29 9b a1 59 58 d1 83 | PSK auth octets af 82 41 c1 | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth 55 5e 7a 22 c0 b3 cd 6d 56 29 9b a1 59 58 d1 83 | PSK auth af 82 41 c1 | emitting length of IKEv2 Authentication Payload: 28 | creating state object #22 at 0x5641ad94c918 | State DB: adding IKEv2 state #22 in UNDEFINED | pstats #22 ikev2.child started | duplicating state object #21 "east" as #22 for IPSEC SA | #22 setting local endpoint to 192.1.2.23:500 from #21.st_localport (in duplicate_state() at state.c:1484) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x7f49f000c660 | duplicate_state: reference st_skey_ai_nss-key@0x5641ad9469b0 | duplicate_state: reference st_skey_ar_nss-key@0x5641ad949c80 | duplicate_state: reference st_skey_ei_nss-key@0x7f49f000a2d0 | duplicate_state: reference st_skey_er_nss-key@0x5641ad93d070 | duplicate_state: reference st_skey_pi_nss-key@0x7f49e400b980 | duplicate_state: reference st_skey_pr_nss-key@0x5641ad94d880 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #21.#22; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #21 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 | Message ID: switch-to #21.#22 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 | Child SA TS Request has ike->sa == md->st; so using parent connection | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | looking for best SPD in current connection | evaluating our conn="east" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found better spd route for TSi[0],TSr[0] | looking for better host pair | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | checking hostpair 192.0.2.0/24 -> 192.0.1.0/24 is found | investigating connection "east" as a better match | match_id a=@west | b=@west | results matched | evaluating our conn="east" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | did not find a better connection using host pair | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | using existing local ESP/AH proposals for east (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED 2:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 0 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 1 transforms | local proposal 2 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 36 (0x24) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI a6 04 13 64 | Comparing remote proposal 1 containing 3 transforms against local proposal [1..2] of 2 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | remote proposal 1 transform 0 (ENCR=3DES) matches local proposal 2 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: INTEG+ESN | remote proposal 1 does not match local proposal 1; unmatched transforms: ENCR; missing transforms: ENCR | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 2; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 2 "east" #21: proposal 1:ESP:SPI=a6041364;ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=a6041364;ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: 3DES=3, found 3DES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | netlink_get_spi: allocated 0xd7ad909d for esp.0@192.1.2.23 | Emitting ikev2_proposal ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi d7 ad 90 9d | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 36 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 40 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 01 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 02 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | integ=sha: .key_size=20 encrypt=3des_cbc: .key_size=24 .salt_size=0 keymat_len=44 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0d30 | result: data=Ni-key@0x5641ad9465a0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x5641ad9465a0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0d18 | result: data=Ni-key@0x5641ad9373d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x5641ad9465a0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad9373d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff837b0d20 | result: data+=Nr-key@0x5641ad9465a0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5641ad9373d0 | prf+0 PRF sha init key-key@0x7f49f000c660 (size 20) | prf+0: key-key@0x7f49f000c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49f000c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c48 | result: clone-key@0x5641ad9373d0 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f49f0002b50 from key-key@0x5641ad9373d0 | prf+0 prf: begin sha with context 0x7f49f0002b50 from key-key@0x5641ad9373d0 | prf+0: release clone-key@0x5641ad9373d0 | prf+0 PRF sha crypt-prf@0x5641ad94f228 | prf+0 PRF sha update seed-key@0x5641ad9465a0 (size 64) | prf+0: seed-key@0x5641ad9465a0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5641ad9465a0 | nss hmac digest hack: symkey-key@0x5641ad9465a0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1398713859: 92 57 4e d7 85 eb 1c 53 89 26 23 93 c8 18 02 da 5f 9e 0b ff 60 5f 2c 0f bb e9 9b fc 94 bb 12 63 25 d3 3d c3 b4 a5 00 e3 8f b4 07 90 a5 57 76 35 ca 9f d5 a6 17 0f 58 59 0b 7e 66 a6 d7 20 3f a3 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 64 bytes at 0x5641ad93d458 | unwrapped: 52 42 a6 4f b9 ae d7 f0 18 e1 f6 13 b3 0b 6b b8 | unwrapped: f0 35 2d cd b9 3e 0a 80 df 34 34 5c e7 12 d0 26 | unwrapped: 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a 7a 20 e0 9c | unwrapped: cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 48 39 54 9a | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0c50 | result: final-key@0x7f49f0004900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f49f0004900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c38 | result: final-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f49f0004900 | prf+0 PRF sha final-key@0x5641ad9373d0 (size 20) | prf+0: key-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x5641ad9373d0 | prf+N PRF sha init key-key@0x7f49f000c660 (size 20) | prf+N: key-key@0x7f49f000c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49f000c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c48 | result: clone-key@0x7f49f0004900 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49f0002b50 from key-key@0x7f49f0004900 | prf+N prf: begin sha with context 0x7f49f0002b50 from key-key@0x7f49f0004900 | prf+N: release clone-key@0x7f49f0004900 | prf+N PRF sha crypt-prf@0x5641ad950b38 | prf+N PRF sha update old_t-key@0x5641ad9373d0 (size 20) | prf+N: old_t-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad9373d0 | nss hmac digest hack: symkey-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 53 c3 25 7b 67 71 12 ab f8 9f 0c 35 45 a6 ed 73 52 18 f5 5f de e9 2f 5f 3a 62 3d 78 2a c5 b4 40 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x5641ad940ff8 | unwrapped: 2f 49 96 3f 63 9e ba 69 1d d7 cf 43 b7 a4 84 3c | unwrapped: b8 58 e5 d2 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad9465a0 (size 64) | prf+N: seed-key@0x5641ad9465a0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5641ad9465a0 | nss hmac digest hack: symkey-key@0x5641ad9465a0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1398713859: 92 57 4e d7 85 eb 1c 53 89 26 23 93 c8 18 02 da 5f 9e 0b ff 60 5f 2c 0f bb e9 9b fc 94 bb 12 63 25 d3 3d c3 b4 a5 00 e3 8f b4 07 90 a5 57 76 35 ca 9f d5 a6 17 0f 58 59 0b 7e 66 a6 d7 20 3f a3 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 64 bytes at 0x5641ad9410e8 | unwrapped: 52 42 a6 4f b9 ae d7 f0 18 e1 f6 13 b3 0b 6b b8 | unwrapped: f0 35 2d cd b9 3e 0a 80 df 34 34 5c e7 12 d0 26 | unwrapped: 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a 7a 20 e0 9c | unwrapped: cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 48 39 54 9a | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0c50 | result: final-key@0x5641ad94b590 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad94b590 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c38 | result: final-key@0x7f49f0004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad94b590 | prf+N PRF sha final-key@0x7f49f0004900 (size 20) | prf+N: key-key@0x7f49f0004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff837b0cc8 | result: result-key@0x5641ad94b590 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5641ad9373d0 | prfplus: release old_t[N]-key@0x5641ad9373d0 | prf+N PRF sha init key-key@0x7f49f000c660 (size 20) | prf+N: key-key@0x7f49f000c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49f000c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c48 | result: clone-key@0x5641ad9373d0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49f0002b50 from key-key@0x5641ad9373d0 | prf+N prf: begin sha with context 0x7f49f0002b50 from key-key@0x5641ad9373d0 | prf+N: release clone-key@0x5641ad9373d0 | prf+N PRF sha crypt-prf@0x5641ad94f228 | prf+N PRF sha update old_t-key@0x7f49f0004900 (size 20) | prf+N: old_t-key@0x7f49f0004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f49f0004900 | nss hmac digest hack: symkey-key@0x7f49f0004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: de 64 8c 80 44 fc f0 31 a4 4b b3 79 76 20 90 dc 24 74 7e 93 22 c9 4c f2 19 51 76 d3 a5 a0 7e a3 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x5641ad93f908 | unwrapped: 44 41 38 59 4c ee 99 60 d1 6d f3 88 53 73 b1 d2 | unwrapped: be 60 20 2a 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad9465a0 (size 64) | prf+N: seed-key@0x5641ad9465a0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5641ad9465a0 | nss hmac digest hack: symkey-key@0x5641ad9465a0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1398713859: 92 57 4e d7 85 eb 1c 53 89 26 23 93 c8 18 02 da 5f 9e 0b ff 60 5f 2c 0f bb e9 9b fc 94 bb 12 63 25 d3 3d c3 b4 a5 00 e3 8f b4 07 90 a5 57 76 35 ca 9f d5 a6 17 0f 58 59 0b 7e 66 a6 d7 20 3f a3 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 64 bytes at 0x5641ad93d458 | unwrapped: 52 42 a6 4f b9 ae d7 f0 18 e1 f6 13 b3 0b 6b b8 | unwrapped: f0 35 2d cd b9 3e 0a 80 df 34 34 5c e7 12 d0 26 | unwrapped: 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a 7a 20 e0 9c | unwrapped: cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 48 39 54 9a | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0c50 | result: final-key@0x5641ad94d7f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad94d7f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c38 | result: final-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad94d7f0 | prf+N PRF sha final-key@0x5641ad9373d0 (size 20) | prf+N: key-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad94b590 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff837b0cc8 | result: result-key@0x5641ad94d7f0 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5641ad94b590 | prfplus: release old_t[N]-key@0x7f49f0004900 | prf+N PRF sha init key-key@0x7f49f000c660 (size 20) | prf+N: key-key@0x7f49f000c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49f000c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c48 | result: clone-key@0x7f49f0004900 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49f0002b50 from key-key@0x7f49f0004900 | prf+N prf: begin sha with context 0x7f49f0002b50 from key-key@0x7f49f0004900 | prf+N: release clone-key@0x7f49f0004900 | prf+N PRF sha crypt-prf@0x5641ad940ff8 | prf+N PRF sha update old_t-key@0x5641ad9373d0 (size 20) | prf+N: old_t-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5641ad9373d0 | nss hmac digest hack: symkey-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 8d 5f e8 91 92 f5 a4 48 f2 fe 47 00 ae 0b 90 0d b9 89 64 62 16 39 f1 92 da f0 f5 cb 8c ac 69 dd | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x5641ad942cd8 | unwrapped: 63 4f 72 02 ad 3b 10 21 4a 1f f9 ce f7 37 63 8c | unwrapped: 8b e3 3d 2a 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad9465a0 (size 64) | prf+N: seed-key@0x5641ad9465a0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5641ad9465a0 | nss hmac digest hack: symkey-key@0x5641ad9465a0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1398713859: 92 57 4e d7 85 eb 1c 53 89 26 23 93 c8 18 02 da 5f 9e 0b ff 60 5f 2c 0f bb e9 9b fc 94 bb 12 63 25 d3 3d c3 b4 a5 00 e3 8f b4 07 90 a5 57 76 35 ca 9f d5 a6 17 0f 58 59 0b 7e 66 a6 d7 20 3f a3 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 64 bytes at 0x5641ad9410e8 | unwrapped: 52 42 a6 4f b9 ae d7 f0 18 e1 f6 13 b3 0b 6b b8 | unwrapped: f0 35 2d cd b9 3e 0a 80 df 34 34 5c e7 12 d0 26 | unwrapped: 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a 7a 20 e0 9c | unwrapped: cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 48 39 54 9a | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0c50 | result: final-key@0x5641ad94b590 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad94b590 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c38 | result: final-key@0x7f49f0004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad94b590 | prf+N PRF sha final-key@0x7f49f0004900 (size 20) | prf+N: key-key@0x7f49f0004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad94d7f0 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff837b0cc8 | result: result-key@0x5641ad94b590 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5641ad94d7f0 | prfplus: release old_t[N]-key@0x5641ad9373d0 | prf+N PRF sha init key-key@0x7f49f000c660 (size 20) | prf+N: key-key@0x7f49f000c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49f000c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c48 | result: clone-key@0x5641ad9373d0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f49f0002b50 from key-key@0x5641ad9373d0 | prf+N prf: begin sha with context 0x7f49f0002b50 from key-key@0x5641ad9373d0 | prf+N: release clone-key@0x5641ad9373d0 | prf+N PRF sha crypt-prf@0x5641ad950b38 | prf+N PRF sha update old_t-key@0x7f49f0004900 (size 20) | prf+N: old_t-key@0x7f49f0004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f49f0004900 | nss hmac digest hack: symkey-key@0x7f49f0004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1398713760: 84 cb 02 44 3c 6c a3 b1 5b 02 a8 c5 24 43 61 98 9e 2c 77 7a 0c 29 99 d2 8f 48 9f 77 19 e7 88 e8 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 32 bytes at 0x5641ad93f908 | unwrapped: 51 23 f3 89 e9 58 17 04 fd 2b d2 46 2b d4 9f bb | unwrapped: ed 56 c5 bc 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5641ad9465a0 (size 64) | prf+N: seed-key@0x5641ad9465a0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5641ad9465a0 | nss hmac digest hack: symkey-key@0x5641ad9465a0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5641ad91fd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1398713859: 92 57 4e d7 85 eb 1c 53 89 26 23 93 c8 18 02 da 5f 9e 0b ff 60 5f 2c 0f bb e9 9b fc 94 bb 12 63 25 d3 3d c3 b4 a5 00 e3 8f b4 07 90 a5 57 76 35 ca 9f d5 a6 17 0f 58 59 0b 7e 66 a6 d7 20 3f a3 | nss hmac digest hack: release slot-key-key@0x5641ad91fd40 | nss hmac digest hack extracted len 64 bytes at 0x5641ad93d458 | unwrapped: 52 42 a6 4f b9 ae d7 f0 18 e1 f6 13 b3 0b 6b b8 | unwrapped: f0 35 2d cd b9 3e 0a 80 df 34 34 5c e7 12 d0 26 | unwrapped: 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a 7a 20 e0 9c | unwrapped: cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 48 39 54 9a | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff837b0c50 | result: final-key@0x5641ad94d7f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5641ad94d7f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0c38 | result: final-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5641ad94d7f0 | prf+N PRF sha final-key@0x5641ad9373d0 (size 20) | prf+N: key-key@0x5641ad9373d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5641ad94b590 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff837b0cc8 | result: result-key@0x5641ad94d7f0 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5641ad94b590 | prfplus: release old_t[N]-key@0x7f49f0004900 | prfplus: release old_t[final]-key@0x5641ad9373d0 | child_sa_keymat: release data-key@0x5641ad9465a0 | key-offset: 0, key-size: 44 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 44-bytes | base: base-key@0x5641ad94d7f0 (100-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0da8 | result: result-key@0x5641ad9465a0 (44-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 44 bytes of key@0x5641ad9465a0 | initiator to responder keys: symkey-key@0x5641ad9465a0 (44-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x5641ad91fd40 (44-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)543567904: 53 c3 25 7b 67 71 12 ab f8 9f 0c 35 45 a6 ed 73 21 21 4c 99 bc 61 94 b2 61 37 0e 35 b7 9c 49 c2 4e b4 d7 24 ab dd 83 8e 40 1b 82 13 65 17 cf 11 | initiator to responder keys: release slot-key-key@0x5641ad91fd40 | initiator to responder keys extracted len 48 bytes at 0x7f49f0002108 | unwrapped: 2f 49 96 3f 63 9e ba 69 1d d7 cf 43 b7 a4 84 3c | unwrapped: b8 58 e5 d2 44 41 38 59 4c ee 99 60 d1 6d f3 88 | unwrapped: 53 73 b1 d2 be 60 20 2a 63 4f 72 02 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x5641ad9465a0 | key-offset: 44, key-size: 44 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 44-bytes | base: base-key@0x5641ad94d7f0 (100-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0da8 | result: result-key@0x5641ad9465a0 (44-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 44 bytes of key@0x5641ad9465a0 | responder to initiator keys:: symkey-key@0x5641ad9465a0 (44-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x5641ad89b1c0 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x5641ad91fd40 (44-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)543567904: 92 1a 7c c3 24 c4 e2 94 d1 5c 45 c4 ce af a1 d5 84 cb 02 44 3c 6c a3 b1 5b 02 a8 c5 24 43 61 98 60 f7 34 36 c3 3a 71 de c3 bd b7 92 bf 42 04 84 | responder to initiator keys:: release slot-key-key@0x5641ad91fd40 | responder to initiator keys: extracted len 48 bytes at 0x7f49ec002e68 | unwrapped: ad 3b 10 21 4a 1f f9 ce f7 37 63 8c 8b e3 3d 2a | unwrapped: 51 23 f3 89 e9 58 17 04 fd 2b d2 46 2b d4 9f bb | unwrapped: ed 56 c5 bc 92 b2 65 07 cd 81 de 06 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x5641ad9465a0 | ikev2_derive_child_keys: release keymat-key@0x5641ad94d7f0 | FOR_EACH_CONNECTION_... in ISAKMP_SA_established | #21 spent 2.86 milliseconds | install_ipsec_sa() for #22: inbound and outbound | could_route called for east (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" prospective erouted: self; eroute owner: self | looking for alg with encrypt: 3DES_CBC keylen: 192 integ: HMAC_SHA1_96 | encrypt 3DES_CBC keylen=192 transid=3, key_size=24, encryptalg=3 | st->st_esp.keymat_len=44 is encrypt_keymat_size=24 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.a6041364@192.1.2.45 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: 3DES_CBC keylen: 192 integ: HMAC_SHA1_96 | encrypt 3DES_CBC keylen=192 transid=3, key_size=24, encryptalg=3 | st->st_esp.keymat_len=44 is encrypt_keymat_size=24 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.d7ad909d@192.1.2.23 included non-error error | priority calculation of connection "east" is 0xfe7e7 | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #22: prospective erouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" prospective erouted: self; eroute owner: self | route_and_eroute with c: east (next: none) ero:east esr:{(nil)} ro:east rosr:{(nil)} and state: #22 | priority calculation of connection "east" is 0xfe7e7 | eroute_connection replace eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45>tun.0@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xa6041364 SPI_OUT=0xd7a | popen cmd is 1020 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFA: | cmd( 80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' : | cmd( 160):PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_M: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1638: | cmd( 320):8' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_: | cmd( 400):CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK=': | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKE: | cmd( 640):V2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO: | cmd( 720):_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_IN: | cmd( 800):FO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_: | cmd( 880):CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=: | cmd( 960):'no' SPI_IN=0xa6041364 SPI_OUT=0xd7ad909d ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | route_and_eroute: instance "east", setting eroute_owner {spd=0x5641ad9383e8,sr=0x5641ad9383e8} to #22 (was #0) (newest_ipsec_sa=#0) | #21 spent 0.711 milliseconds in install_ipsec_sa() | ISAKMP_v2_IKE_AUTH: instance east[0], setting IKEv2 newest_ipsec_sa to #22 (was #0) (spd.eroute=#22) cloned from #21 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 160 | emitting length of ISAKMP Message: 188 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 56 8b d3 e3 89 2e 81 51 | data before encryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 55 5e 7a 22 c0 b3 cd 6d 56 29 9b a1 | 59 58 d1 83 af 82 41 c1 2c 00 00 28 00 00 00 24 | 01 03 04 03 d7 ad 90 9d 03 00 00 08 01 00 00 03 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | cf b6 a8 f7 7c 02 52 b7 26 4f 4b a4 2c c7 c4 02 | 15 81 d2 09 6f cd 7b 2e 92 ef 40 20 15 3c 7e d2 | d4 96 5e 45 32 ab 76 cc bf 2a 44 36 17 ad ab ff | 39 99 b9 b2 55 f2 95 46 2a b1 07 92 8c 32 7f df | 6c 67 c6 cb 48 36 6e 98 e6 25 57 fe 7b 36 21 39 | d4 42 9a cc 66 25 2a fa e3 f2 02 dd 9e ee 2c 03 | a0 4b 75 5e 67 16 8a 0f 83 0c 29 4c e1 e7 5e 9d | bb c5 04 da e5 b6 af 6a a1 0f 3a d6 35 88 7b c6 | 5c 77 46 f2 db f5 88 01 | hmac PRF sha init symkey-key@0x5641ad949c80 (size 20) | hmac: symkey-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b0dc8 | result: clone-key@0x5641ad94d7f0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49f0002b50 from symkey-key@0x5641ad94d7f0 | hmac prf: begin sha with context 0x7f49f0002b50 from symkey-key@0x5641ad94d7f0 | hmac: release clone-key@0x5641ad94d7f0 | hmac PRF sha crypt-prf@0x5641ad950b38 | hmac PRF sha update data-bytes@0x5641aca808c0 (length 176) | 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | 56 8b d3 e3 89 2e 81 51 cf b6 a8 f7 7c 02 52 b7 | 26 4f 4b a4 2c c7 c4 02 15 81 d2 09 6f cd 7b 2e | 92 ef 40 20 15 3c 7e d2 d4 96 5e 45 32 ab 76 cc | bf 2a 44 36 17 ad ab ff 39 99 b9 b2 55 f2 95 46 | 2a b1 07 92 8c 32 7f df 6c 67 c6 cb 48 36 6e 98 | e6 25 57 fe 7b 36 21 39 d4 42 9a cc 66 25 2a fa | e3 f2 02 dd 9e ee 2c 03 a0 4b 75 5e 67 16 8a 0f | 83 0c 29 4c e1 e7 5e 9d bb c5 04 da e5 b6 af 6a | a1 0f 3a d6 35 88 7b c6 5c 77 46 f2 db f5 88 01 | hmac PRF sha final-bytes@0x5641aca80970 (length 20) | ef d3 5b 01 37 95 22 5c 47 52 c6 d6 d8 97 9b f3 | 7f 95 9b e9 | data being hmac: 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | data being hmac: 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | data being hmac: 56 8b d3 e3 89 2e 81 51 cf b6 a8 f7 7c 02 52 b7 | data being hmac: 26 4f 4b a4 2c c7 c4 02 15 81 d2 09 6f cd 7b 2e | data being hmac: 92 ef 40 20 15 3c 7e d2 d4 96 5e 45 32 ab 76 cc | data being hmac: bf 2a 44 36 17 ad ab ff 39 99 b9 b2 55 f2 95 46 | data being hmac: 2a b1 07 92 8c 32 7f df 6c 67 c6 cb 48 36 6e 98 | data being hmac: e6 25 57 fe 7b 36 21 39 d4 42 9a cc 66 25 2a fa | data being hmac: e3 f2 02 dd 9e ee 2c 03 a0 4b 75 5e 67 16 8a 0f | data being hmac: 83 0c 29 4c e1 e7 5e 9d bb c5 04 da e5 b6 af 6a | data being hmac: a1 0f 3a d6 35 88 7b c6 5c 77 46 f2 db f5 88 01 | out calculated auth: | ef d3 5b 01 37 95 22 5c 47 52 c6 d6 | ikev2_parent_inI2outR2_continue_tail returned STF_OK | #21 spent 3.85 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() | suspend processing: state #21 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | start processing: state #22 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #22 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R | child state #22: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) | Message ID: updating counters for #22 to 1 after switching state | Message ID: recv #21.#22 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 | Message ID: sent #21.#22 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 | pstats #22 ikev2.child established "east" #22: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0] | NAT-T: encaps is 'auto' "east" #22: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0xa6041364 <0xd7ad909d xfrm=3DES_CBC-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 188 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #21) | 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | 56 8b d3 e3 89 2e 81 51 cf b6 a8 f7 7c 02 52 b7 | 26 4f 4b a4 2c c7 c4 02 15 81 d2 09 6f cd 7b 2e | 92 ef 40 20 15 3c 7e d2 d4 96 5e 45 32 ab 76 cc | bf 2a 44 36 17 ad ab ff 39 99 b9 b2 55 f2 95 46 | 2a b1 07 92 8c 32 7f df 6c 67 c6 cb 48 36 6e 98 | e6 25 57 fe 7b 36 21 39 d4 42 9a cc 66 25 2a fa | e3 f2 02 dd 9e ee 2c 03 a0 4b 75 5e 67 16 8a 0f | 83 0c 29 4c e1 e7 5e 9d bb c5 04 da e5 b6 af 6a | a1 0f 3a d6 35 88 7b c6 5c 77 46 f2 db f5 88 01 | ef d3 5b 01 37 95 22 5c 47 52 c6 d6 | releasing whack for #22 (sock=fd@-1) | releasing whack and unpending for parent #21 | unpending state #21 connection "east" | #22 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x7f49f0002b78 | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #22 | libevent_malloc: new ptr-libevent@0x5641ad9509d8 size 128 | resume sending helper answer for #21 suppresed complete_v2_state_transition() | #21 spent 4.24 milliseconds in resume sending helper answer | stop processing: state #22 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f49e80060e8 | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00485 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.0025 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 68 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | 0e 4b f1 0d c3 3e 15 d7 50 5b fa 8e 21 d1 e9 82 | 62 83 a7 81 6c 3d 7a 2b 5c 27 3b 31 13 8f a2 ca | fc 8d 4b 22 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 31 91 a7 e4 1f 1e 39 2b | responder cookie: | 3c ff 26 95 49 7e 55 86 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | length: 68 (0x44) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #21 in PARENT_R2 (find_v2_ike_sa) | start processing: state #21 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #21 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 | Message ID: #21 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SK (len=36) | Message ID: start-responder #21 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 | #21 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x5641ad9469b0 (size 20) | hmac: symkey-key@0x5641ad9469b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad9469b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b19f8 | result: clone-key@0x5641ad94d7f0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x5641ad93d430 from symkey-key@0x5641ad94d7f0 | hmac prf: begin sha with context 0x5641ad93d430 from symkey-key@0x5641ad94d7f0 | hmac: release clone-key@0x5641ad94d7f0 | hmac PRF sha crypt-prf@0x5641ad94efd8 | hmac PRF sha update data-bytes@0x5641ad891898 (length 56) | 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | 0e 4b f1 0d c3 3e 15 d7 50 5b fa 8e 21 d1 e9 82 | 62 83 a7 81 6c 3d 7a 2b | hmac PRF sha final-bytes@0x7fff837b1bc0 (length 20) | 5c 27 3b 31 13 8f a2 ca fc 8d 4b 22 eb e4 44 d7 | e2 a9 e0 2f | data for hmac: 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | data for hmac: 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | data for hmac: 0e 4b f1 0d c3 3e 15 d7 50 5b fa 8e 21 d1 e9 82 | data for hmac: 62 83 a7 81 6c 3d 7a 2b | calculated auth: 5c 27 3b 31 13 8f a2 ca fc 8d 4b 22 | provided auth: 5c 27 3b 31 13 8f a2 ca fc 8d 4b 22 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 0e 4b f1 0d c3 3e 15 d7 | payload before decryption: | 50 5b fa 8e 21 d1 e9 82 62 83 a7 81 6c 3d 7a 2b | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | payload after decryption: | 00 00 00 0c 03 04 00 01 a6 04 13 64 00 01 02 03 | stripping 4 octets as pad | #21 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 12 (0xc) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | processing payload: ISAKMP_NEXT_v2D (len=4) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | 31 91 a7 e4 1f 1e 39 2b | responder cookie: | 3c ff 26 95 49 7e 55 86 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | parsing 4 raw bytes of IKEv2 Delete Payload into SPI | SPI a6 04 13 64 | delete PROTO_v2_ESP SA(0xa6041364) | v2 CHILD SA #22 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_R | State DB: found IKEv2 state #22 in V2_IPSEC_R (find_v2_child_sa_by_outbound_spi) | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0xa6041364) "east" #21: received Delete SA payload: delete IPsec State #22 now | pstats #22 ikev2.child deleted completed | suspend processing: state #21 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) | start processing: state #22 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #22: deleting other state #22 (STATE_V2_IPSEC_R) aged 0.078s and NOT sending notification | child state #22: V2_IPSEC_R(established CHILD SA) => delete | get_sa_info esp.a6041364@192.1.2.45 | get_sa_info esp.d7ad909d@192.1.2.23 "east" #22: ESP traffic information: in=84B out=84B | child state #22: V2_IPSEC_R(established CHILD SA) => CHILDSA_DEL(informational) | state #22 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x5641ad9509d8 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f49f0002b78 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844019' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xa6041364 | popen cmd is 1031 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east: | cmd( 160):' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='1566844019' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUN: | cmd( 640):NEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMA: | cmd( 720):NENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_: | cmd( 800):PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER: | cmd( 880):='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' : | cmd( 960):VTI_SHARED='no' SPI_IN=0xa6041364 SPI_OUT=0xd7ad909d ipsec _updown 2>&1: | shunt_eroute() called for connection 'east' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "east" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.a6041364@192.1.2.45 | netlink response for Del SA esp.a6041364@192.1.2.45 included non-error error | priority calculation of connection "east" is 0xfe7e7 | delete inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) | raw_eroute result=success | delete esp.d7ad909d@192.1.2.23 | netlink response for Del SA esp.d7ad909d@192.1.2.23 included non-error error | in connection_discard for connection east | State DB: deleting IKEv2 state #22 in CHILDSA_DEL | child state #22: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #22 from 192.1.2.45:500 (in delete_state() at state.c:1143) | resume processing: state #21 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f49f000c660 | delete_state: release st->st_skey_ai_nss-key@0x5641ad9469b0 | delete_state: release st->st_skey_ar_nss-key@0x5641ad949c80 | delete_state: release st->st_skey_ei_nss-key@0x7f49f000a2d0 | delete_state: release st->st_skey_er_nss-key@0x5641ad93d070 | delete_state: release st->st_skey_pi_nss-key@0x7f49e400b980 | delete_state: release st->st_skey_pr_nss-key@0x5641ad94d880 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload | local SPIs d7 ad 90 9d | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 40 | emitting length of ISAKMP Message: 68 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | b8 1c 96 d0 d1 c8 2e bd | data before encryption: | 00 00 00 0c 03 04 00 01 d7 ad 90 9d 00 01 02 03 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | 01 c9 0b 12 af 8f 61 54 94 eb 59 d0 b1 7c c6 f3 | hmac PRF sha init symkey-key@0x5641ad949c80 (size 20) | hmac: symkey-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b15a8 | result: clone-key@0x5641ad94d7f0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49f0002b50 from symkey-key@0x5641ad94d7f0 | hmac prf: begin sha with context 0x7f49f0002b50 from symkey-key@0x5641ad94d7f0 | hmac: release clone-key@0x5641ad94d7f0 | hmac PRF sha crypt-prf@0x5641ad950b38 | hmac PRF sha update data-bytes@0x5641aca808c0 (length 56) | 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | 2e 20 25 20 00 00 00 02 00 00 00 44 2a 00 00 28 | b8 1c 96 d0 d1 c8 2e bd 01 c9 0b 12 af 8f 61 54 | 94 eb 59 d0 b1 7c c6 f3 | hmac PRF sha final-bytes@0x5641aca808f8 (length 20) | 1d 9e 3d a2 1f e0 c0 06 e5 99 ce ba b8 33 14 ce | 9d 23 a0 53 | data being hmac: 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | data being hmac: 2e 20 25 20 00 00 00 02 00 00 00 44 2a 00 00 28 | data being hmac: b8 1c 96 d0 d1 c8 2e bd 01 c9 0b 12 af 8f 61 54 | data being hmac: 94 eb 59 d0 b1 7c c6 f3 | out calculated auth: | 1d 9e 3d a2 1f e0 c0 06 e5 99 ce ba | sending 68 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #21) | 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | 2e 20 25 20 00 00 00 02 00 00 00 44 2a 00 00 28 | b8 1c 96 d0 d1 c8 2e bd 01 c9 0b 12 af 8f 61 54 | 94 eb 59 d0 b1 7c c6 f3 1d 9e 3d a2 1f e0 c0 06 | e5 99 ce ba | Message ID: #21 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2 | Message ID: sent #21 response 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1->2 responder.recv=1 wip.initiator=-1 wip.responder=2 | #21 spent 1.18 milliseconds in processing: R2: process INFORMATIONAL Request in ikev2_process_state_packet() | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #21 complete_v2_state_transition() PARENT_R2->PARENT_R2 with status STF_OK | Message ID: updating counters for #21 to 2 after switching state | Message ID: recv #21 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=1->2 wip.initiator=-1 wip.responder=2->-1 | Message ID: #21 skipping update_send as nothing to send; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1 "east" #21: STATE_PARENT_R2: received v2I2, PARENT SA established | stop processing: state #21 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #21 spent 1.39 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.4 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00348 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00282 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 68 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | 98 ba 46 3c 94 d2 e2 27 a6 e8 aa d9 b9 bc a9 8a | a6 4e 5e 3b 82 36 8f ec b8 4e 86 61 03 ae ed 7a | ae 4a cf 2b | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 31 91 a7 e4 1f 1e 39 2b | responder cookie: | 3c ff 26 95 49 7e 55 86 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | length: 68 (0x44) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #21 in PARENT_R2 (find_v2_ike_sa) | start processing: state #21 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #21 st.st_msgid_lastrecv 2 md.hdr.isa_msgid 00000003 | Message ID: #21 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SK (len=36) | Message ID: start-responder #21 request 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1->3 | #21 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x5641ad9469b0 (size 20) | hmac: symkey-key@0x5641ad9469b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad9469b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b19f8 | result: clone-key@0x5641ad94d7f0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49f0002b50 from symkey-key@0x5641ad94d7f0 | hmac prf: begin sha with context 0x7f49f0002b50 from symkey-key@0x5641ad94d7f0 | hmac: release clone-key@0x5641ad94d7f0 | hmac PRF sha crypt-prf@0x5641ad94efd8 | hmac PRF sha update data-bytes@0x5641ad891898 (length 56) | 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | 98 ba 46 3c 94 d2 e2 27 a6 e8 aa d9 b9 bc a9 8a | a6 4e 5e 3b 82 36 8f ec | hmac PRF sha final-bytes@0x7fff837b1bc0 (length 20) | b8 4e 86 61 03 ae ed 7a ae 4a cf 2b c5 3c 31 55 | 06 46 9e 21 | data for hmac: 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | data for hmac: 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | data for hmac: 98 ba 46 3c 94 d2 e2 27 a6 e8 aa d9 b9 bc a9 8a | data for hmac: a6 4e 5e 3b 82 36 8f ec | calculated auth: b8 4e 86 61 03 ae ed 7a ae 4a cf 2b | provided auth: b8 4e 86 61 03 ae ed 7a ae 4a cf 2b | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 98 ba 46 3c 94 d2 e2 27 | payload before decryption: | a6 e8 aa d9 b9 bc a9 8a a6 4e 5e 3b 82 36 8f ec | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | payload after decryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | stripping 8 octets as pad | #21 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | processing payload: ISAKMP_NEXT_v2D (len=0) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | 31 91 a7 e4 1f 1e 39 2b | responder cookie: | 3c ff 26 95 49 7e 55 86 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 32 | emitting length of ISAKMP Message: 60 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 95 7e e1 63 91 38 56 1e | data before encryption: | 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | ef ca 19 a0 00 d8 d8 40 | hmac PRF sha init symkey-key@0x5641ad949c80 (size 20) | hmac: symkey-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad949c80 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837b15a8 | result: clone-key@0x5641ad94d7f0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49f0002b50 from symkey-key@0x5641ad94d7f0 | hmac prf: begin sha with context 0x7f49f0002b50 from symkey-key@0x5641ad94d7f0 | hmac: release clone-key@0x5641ad94d7f0 | hmac PRF sha crypt-prf@0x5641ad950b38 | hmac PRF sha update data-bytes@0x5641aca808c0 (length 48) | 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | 2e 20 25 20 00 00 00 03 00 00 00 3c 00 00 00 20 | 95 7e e1 63 91 38 56 1e ef ca 19 a0 00 d8 d8 40 | hmac PRF sha final-bytes@0x5641aca808f0 (length 20) | f7 58 20 87 42 f0 9c 2c ed 43 f4 61 3e 2c 89 0e | 31 7b fc 4e | data being hmac: 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | data being hmac: 2e 20 25 20 00 00 00 03 00 00 00 3c 00 00 00 20 | data being hmac: 95 7e e1 63 91 38 56 1e ef ca 19 a0 00 d8 d8 40 | out calculated auth: | f7 58 20 87 42 f0 9c 2c ed 43 f4 61 | sending 60 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #21) | 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | 2e 20 25 20 00 00 00 03 00 00 00 3c 00 00 00 20 | 95 7e e1 63 91 38 56 1e ef ca 19 a0 00 d8 d8 40 | f7 58 20 87 42 f0 9c 2c ed 43 f4 61 | Message ID: #21 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=3 | Message ID: sent #21 response 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2->3 responder.recv=2 wip.initiator=-1 wip.responder=3 | State DB: IKEv2 state not found (delete_my_family) | parent state #21: PARENT_R2(established IKE SA) => IKESA_DEL(established IKE SA) | pstats #21 ikev2.ike deleted completed | #21 spent 10.7 milliseconds in total | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #21: deleting state (STATE_IKESA_DEL) aged 0.101s and NOT sending notification | parent state #21: IKESA_DEL(established IKE SA) => delete | state #21 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x5641ad948448 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f49fc002b78 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #21 in IKESA_DEL | parent state #21: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f49e4011c58: destroyed | stop processing: state #21 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x7f49f000c6f0 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f49f000c660 | delete_state: release st->st_skey_ai_nss-key@0x5641ad9469b0 | delete_state: release st->st_skey_ar_nss-key@0x5641ad949c80 | delete_state: release st->st_skey_ei_nss-key@0x7f49f000a2d0 | delete_state: release st->st_skey_er_nss-key@0x5641ad93d070 | delete_state: release st->st_skey_pi_nss-key@0x7f49e400b980 | delete_state: release st->st_skey_pr_nss-key@0x5641ad94d880 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | in statetime_stop() and could not find #21 | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3379) | #0 complete_v2_state_transition() md.from_state=PARENT_R2 md.svm.state[from]=PARENT_R2 UNDEFINED->PARENT_R2 with status STF_OK | STF_OK but no state object remains | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #21 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.655 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00273 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | f5 87 e4 83 5b ca 11 7d 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 c0 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 bc 9f 5a 93 d6 fd 00 f2 f9 11 53 29 | 0d f0 8d ca 32 8b a3 41 5d 3e 2e 7f 50 2f 85 5d | 43 5a 34 80 1b ea c2 de ee b9 64 e5 ff e7 68 0c | 1f 8b 3b 83 d6 8d 15 7a 7c 8f a3 83 45 8c 5c 57 | f4 cf 40 59 eb 92 02 db 8e 90 ee 84 1f cc 5a 53 | 07 37 2b 7f 3c b7 18 71 a7 79 41 5a c0 fc 46 3e | a7 b2 9a 44 60 96 09 e3 3f 6c 5e 55 84 84 de bd | c3 31 cf 1e 60 11 26 a0 89 5c f3 a2 9f 86 7c 02 | 9d 19 bc 82 22 61 5b 01 57 ea 22 16 d4 56 b8 bc | 40 9b 73 30 27 c1 4a b0 d8 2d 2e 50 ab 93 e9 f0 | 1c bb 4e b2 35 0d 18 86 15 d0 27 05 79 16 96 85 | 93 f9 0f 14 e6 e8 51 98 6d d4 a9 00 0a 70 84 3e | 36 19 ae 5e ea 0c d4 72 4c ff 31 cf 1e 10 2b b5 | d5 7b 98 35 81 2f fe 32 98 0d bf 7f 04 0b c1 f5 | 0c e2 ad 18 90 b2 c5 19 46 e3 da 1f c2 54 f3 9d | c5 a8 de 32 1f 55 3f 36 67 b6 d7 d2 25 bb 49 41 | cc 2a 8d bc 29 00 00 24 4a f3 c0 9d 48 6e 09 c3 | 30 61 d5 ba 4c 0f 53 96 1e 06 c2 ab 8a 4a 63 e2 | 1c 6d f0 c7 36 b1 e0 03 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 a1 ec 32 fa 73 7c f0 f6 | 68 19 de 9b 8d c6 c2 d7 53 ff 13 c9 00 00 00 1c | 00 00 40 05 be f9 a2 9c 8d 80 14 a7 7e 43 bc 28 | 73 17 7d e4 c8 4c 04 08 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | f5 87 e4 83 5b ca 11 7d | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x5641ad939378 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x5641aca74700 (length 32) | 64 59 39 7d cd b9 28 1d f1 c8 1c 37 a1 76 10 ce | 60 62 36 da 0f 08 a7 5a 08 fd 21 a0 d8 62 36 c1 | IKE SPIr hash sha2_256 digest counter-bytes@0x5641aca746e0 (length 4) | 10 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff837b2220 (length 32) | 01 3c 56 a4 18 d8 54 54 83 3f 06 51 10 10 ea 4a | a8 6c f2 98 63 d0 fa 64 78 f8 0e 96 3b 02 ec ce | creating state object #23 at 0x5641ad9447d8 | State DB: adding IKEv2 state #23 in UNDEFINED | pstats #23 ikev2.ike started | Message ID: init #23: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #23: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #23; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #23 connection "east" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #23 connection "east" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) | #23 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #23 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #23 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #23 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #23 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 192 (0xc0) | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: PRF+INTEG+DH; unmatched: ENCR | remote proposal 1 does not match; unmatched remote transforms: ENCR "east" #23: no local proposal matches remote proposals 1:IKE:ENCR=3DES_192;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "east" #23: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification NO_PROPOSAL_CHOSEN | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | f5 87 e4 83 5b ca 11 7d | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | f5 87 e4 83 5b ca 11 7d 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | #23 spent 0.127 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #23 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #23 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #23 has no whack fd | pstats #23 ikev2.ike deleted other | [RE]START processing: state #23 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #23: deleting state (STATE_PARENT_R0) aged 0.000s and NOT sending notification | parent state #23: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #23 in PARENT_R0 | parent state #23: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #23 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #23 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.58 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00346 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 66 c2 d1 b5 26 39 da 11 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 c0 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 47 ce d0 53 89 d7 b9 35 3d f7 da c1 | 71 4e af 19 b8 2b b6 42 f0 36 99 32 ea d2 76 b9 | 3a 37 22 e3 0b 07 70 16 8b f7 2e af 4e ee 73 39 | 74 3c cf d5 e4 cb 90 6a 68 0b 14 40 38 1b cd de | e2 64 c0 56 43 52 68 b4 05 15 6a e0 ac 59 a9 2f | b8 51 6c 88 6c fe 82 22 45 6b 65 44 24 cc b5 f9 | 05 49 81 d8 2f 8d ad d9 2b 76 dc 54 fa ef b0 71 | 35 6b eb 28 1d 85 91 fa c9 de 61 ec 45 a0 89 f7 | 2e c8 ab 28 03 fa 87 6e a4 f2 cd 7c 52 b3 88 ce | 36 6d d1 0c 95 b7 5b f2 f0 1a ac 4e 5a a9 b7 02 | 82 1a e9 4b 6c b1 a0 d9 e3 8c 07 90 2b 9b 56 ba | 06 b9 f5 b8 a8 c9 50 24 31 1a 02 8b cc 52 f5 58 | bb e1 f3 98 bb e3 73 76 bb 5e 33 ad b8 94 9b 77 | 6b 58 43 eb ad 43 54 db 96 d6 f4 3e c7 b4 7f 61 | c2 bb 09 6b 39 9f a1 0a 19 dd 33 d8 25 1d 31 b5 | 51 7a 49 08 a5 13 53 7e 72 39 f6 3f d8 2d fc c0 | e7 33 68 36 29 00 00 24 7f 3c 6c 83 6d c8 86 12 | 44 40 e3 4a ff 9b 00 f0 4d fd 6b 75 de 09 1e 9c | 4a 7f 1b 5d f3 8d 53 32 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 6f 3b 8f 8a fd 5b 76 85 | 0c d3 04 d6 2a 74 ae ab ef 97 9f e8 00 00 00 1c | 00 00 40 05 1c 9f e1 53 74 10 e7 b8 f0 64 77 8e | 9b db db f8 6f 1e e5 93 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 66 c2 d1 b5 26 39 da 11 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x5641ad939378 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x5641aca74700 (length 32) | 64 59 39 7d cd b9 28 1d f1 c8 1c 37 a1 76 10 ce | 60 62 36 da 0f 08 a7 5a 08 fd 21 a0 d8 62 36 c1 | IKE SPIr hash sha2_256 digest counter-bytes@0x5641aca746e0 (length 4) | 11 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff837b2220 (length 32) | 3f 6a 3f 45 4a bb ce 08 dc 14 98 5f d4 07 2a 56 | 76 f0 db 72 fd ad 37 fa 84 67 39 f5 4a a6 33 37 | creating state object #24 at 0x5641ad9447d8 | State DB: adding IKEv2 state #24 in UNDEFINED | pstats #24 ikev2.ike started | Message ID: init #24: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #24: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #24; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #24 connection "east" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #24 connection "east" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) | #24 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #24 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #24 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #24 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #24 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 192 (0xc0) | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: PRF+INTEG+DH; unmatched: ENCR | remote proposal 1 does not match; unmatched remote transforms: ENCR "east" #24: no local proposal matches remote proposals 1:IKE:ENCR=3DES_192;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "east" #24: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification NO_PROPOSAL_CHOSEN | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | 66 c2 d1 b5 26 39 da 11 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | 66 c2 d1 b5 26 39 da 11 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | #24 spent 0.182 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #24 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #24 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #24 has no whack fd | pstats #24 ikev2.ike deleted other | [RE]START processing: state #24 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #24: deleting state (STATE_PARENT_R0) aged 0.000s and NOT sending notification | parent state #24: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #24 in PARENT_R0 | parent state #24: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #24 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #24 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.811 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_STATE_... in show_states_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.302 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) shutting down | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' | start processing: connection "east" (in delete_connection() at connections.c:189) | Deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #14 | suspend processing: connection "east" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #14 connection "east" from 192.1.2.45:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #14 ikev2.child deleted other | [RE]START processing: state #14 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #14: deleting state (STATE_UNDEFINED) aged 5.016s and NOT sending notification | child state #14: UNDEFINED(ignore) => delete | child state #14: UNDEFINED(ignore) => CHILDSA_DEL(informational) | state #14 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x5641ad942b78 | free_event_entry: release EVENT_SO_DISCARD-pe@0x7f49e8002b78 | priority calculation of connection "east" is 0xfe7e7 | delete inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) | raw_eroute result=success | stop processing: connection "east" (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection east | State DB: deleting IKEv2 state #14 in CHILDSA_DEL | child state #14: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #14 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x5641ad924ad0 | delete_state: release st->st_skey_ai_nss-key@0x5641ad93dd30 | delete_state: release st->st_skey_ar_nss-key@0x7f49f4006bb0 | delete_state: release st->st_skey_ei_nss-key@0x7f49e4006650 | delete_state: release st->st_skey_er_nss-key@0x5641ad93f800 | delete_state: release st->st_skey_pi_nss-key@0x7f49e400f0e0 | delete_state: release st->st_skey_pr_nss-key@0x7f49e400a000 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #13 | state #6 | start processing: state #6 connection "east" from 192.1.2.45:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #6 ikev2.child deleted other | [RE]START processing: state #6 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #6: deleting state (STATE_UNDEFINED) aged 7.547s and NOT sending notification | child state #6: UNDEFINED(ignore) => delete | child state #6: UNDEFINED(ignore) => CHILDSA_DEL(informational) | state #6 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x5641ad93d578 | free_event_entry: release EVENT_SO_DISCARD-pe@0x7f49f8002b78 | priority calculation of connection "east" is 0xfe7e7 | delete inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) | raw_eroute result=success | in connection_discard for connection east | State DB: deleting IKEv2 state #6 in CHILDSA_DEL | child state #6: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #6 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f49f400a0e0 | delete_state: release st->st_skey_ai_nss-key@0x5641ad926910 | delete_state: release st->st_skey_ar_nss-key@0x5641ad89c080 | delete_state: release st->st_skey_ei_nss-key@0x5641ad923020 | delete_state: release st->st_skey_er_nss-key@0x5641ad895ec0 | delete_state: release st->st_skey_pi_nss-key@0x5641ad926530 | delete_state: release st->st_skey_pr_nss-key@0x5641ad93f770 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #5 | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #13 | start processing: state #13 connection "east" from 192.1.2.45:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #13 ikev2.ike deleted completed | #13 spent 6.42 milliseconds in total | [RE]START processing: state #13 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #13: deleting state (STATE_PARENT_R2) aged 5.027s and sending notification | parent state #13: PARENT_R2(established IKE SA) => delete | #13 send IKEv2 delete notification for STATE_PARENT_R2 | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | 8f 95 81 70 ae b8 a3 89 | responder cookie: | 94 07 0e 6f 00 e5 08 47 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting length of IKEv2 Delete Payload: 8 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 9c 56 65 5c 40 aa 41 c0 a3 24 8b c8 2b 53 14 0b | data before encryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 57 67 93 c6 6b a2 bf ba 46 f9 85 7c 0f 7d b3 f7 | hmac PRF sha init symkey-key@0x7f49f4006bb0 (size 20) | hmac: symkey-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f49f4006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837ae778 | result: clone-key@0x5641ad94d880 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49e8002b50 from symkey-key@0x5641ad94d880 | hmac prf: begin sha with context 0x7f49e8002b50 from symkey-key@0x5641ad94d880 | hmac: release clone-key@0x5641ad94d880 | hmac PRF sha crypt-prf@0x5641ad94efd8 | hmac PRF sha update data-bytes@0x7fff837aeb50 (length 64) | 8f 95 81 70 ae b8 a3 89 94 07 0e 6f 00 e5 08 47 | 2e 20 25 00 00 00 00 00 00 00 00 4c 2a 00 00 30 | 9c 56 65 5c 40 aa 41 c0 a3 24 8b c8 2b 53 14 0b | 57 67 93 c6 6b a2 bf ba 46 f9 85 7c 0f 7d b3 f7 | hmac PRF sha final-bytes@0x7fff837aeb90 (length 20) | 10 ee 56 2d 61 bc 17 a9 aa a4 05 fb 71 58 e7 d7 | 00 15 73 5d | data being hmac: 8f 95 81 70 ae b8 a3 89 94 07 0e 6f 00 e5 08 47 | data being hmac: 2e 20 25 00 00 00 00 00 00 00 00 4c 2a 00 00 30 | data being hmac: 9c 56 65 5c 40 aa 41 c0 a3 24 8b c8 2b 53 14 0b | data being hmac: 57 67 93 c6 6b a2 bf ba 46 f9 85 7c 0f 7d b3 f7 | out calculated auth: | 10 ee 56 2d 61 bc 17 a9 aa a4 05 fb | sending 76 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #13) | 8f 95 81 70 ae b8 a3 89 94 07 0e 6f 00 e5 08 47 | 2e 20 25 00 00 00 00 00 00 00 00 4c 2a 00 00 30 | 9c 56 65 5c 40 aa 41 c0 a3 24 8b c8 2b 53 14 0b | 57 67 93 c6 6b a2 bf ba 46 f9 85 7c 0f 7d b3 f7 | 10 ee 56 2d 61 bc 17 a9 aa a4 05 fb | Message ID: IKE #13 sender #13 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 | Message ID: IKE #13 sender #13 in send_delete hacking around record ' send | Message ID: sent #13 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1->0 wip.responder=-1 | state #13 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x5641ad945978 | free_event_entry: release EVENT_SA_REKEY-pe@0x5641ad942c68 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #13 in PARENT_R2 | parent state #13: PARENT_R2(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f49f400f398: destroyed | stop processing: state #13 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x5641ad946af0 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x5641ad924ad0 | delete_state: release st->st_skey_ai_nss-key@0x5641ad93dd30 | delete_state: release st->st_skey_ar_nss-key@0x7f49f4006bb0 | delete_state: release st->st_skey_ei_nss-key@0x7f49e4006650 | delete_state: release st->st_skey_er_nss-key@0x5641ad93f800 | delete_state: release st->st_skey_pi_nss-key@0x7f49e400f0e0 | delete_state: release st->st_skey_pr_nss-key@0x7f49e400a000 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #5 | start processing: state #5 connection "east" from 192.1.2.45:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #5 ikev2.ike deleted completed | #5 spent 7.48 milliseconds in total | [RE]START processing: state #5 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #5: deleting state (STATE_PARENT_R2) aged 7.560s and sending notification | parent state #5: PARENT_R2(established IKE SA) => delete | #5 send IKEv2 delete notification for STATE_PARENT_R2 | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | 26 fd 91 00 6e 77 b5 b1 | responder cookie: | 21 84 58 56 c8 5b a4 f1 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting length of IKEv2 Delete Payload: 8 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | d7 20 f2 29 70 ff 74 e7 db 01 a0 2c a0 ab 28 73 | data before encryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | da 2e 7c ef fb a4 81 7e 1a aa 31 b2 51 4d d6 52 | hmac PRF sha init symkey-key@0x5641ad89c080 (size 20) | hmac: symkey-key@0x5641ad89c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5641ad89c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff837ae778 | result: clone-key@0x7f49e400a000 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f49e8002b50 from symkey-key@0x7f49e400a000 | hmac prf: begin sha with context 0x7f49e8002b50 from symkey-key@0x7f49e400a000 | hmac: release clone-key@0x7f49e400a000 | hmac PRF sha crypt-prf@0x5641ad950b38 | hmac PRF sha update data-bytes@0x7fff837aeb50 (length 64) | 26 fd 91 00 6e 77 b5 b1 21 84 58 56 c8 5b a4 f1 | 2e 20 25 00 00 00 00 00 00 00 00 4c 2a 00 00 30 | d7 20 f2 29 70 ff 74 e7 db 01 a0 2c a0 ab 28 73 | da 2e 7c ef fb a4 81 7e 1a aa 31 b2 51 4d d6 52 | hmac PRF sha final-bytes@0x7fff837aeb90 (length 20) | 39 88 0d 32 f1 53 23 ba db 07 29 f3 84 74 3d 7a | 61 be 3c 3e | data being hmac: 26 fd 91 00 6e 77 b5 b1 21 84 58 56 c8 5b a4 f1 | data being hmac: 2e 20 25 00 00 00 00 00 00 00 00 4c 2a 00 00 30 | data being hmac: d7 20 f2 29 70 ff 74 e7 db 01 a0 2c a0 ab 28 73 | data being hmac: da 2e 7c ef fb a4 81 7e 1a aa 31 b2 51 4d d6 52 | out calculated auth: | 39 88 0d 32 f1 53 23 ba db 07 29 f3 | sending 76 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #5) | 26 fd 91 00 6e 77 b5 b1 21 84 58 56 c8 5b a4 f1 | 2e 20 25 00 00 00 00 00 00 00 00 4c 2a 00 00 30 | d7 20 f2 29 70 ff 74 e7 db 01 a0 2c a0 ab 28 73 | da 2e 7c ef fb a4 81 7e 1a aa 31 b2 51 4d d6 52 | 39 88 0d 32 f1 53 23 ba db 07 29 f3 | Message ID: IKE #5 sender #5 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 | Message ID: IKE #5 sender #5 in send_delete hacking around record ' send | Message ID: sent #5 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1->0 wip.responder=-1 | state #5 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x5641ad93dc08 | free_event_entry: release EVENT_SA_REKEY-pe@0x5641ad93a768 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #5 in PARENT_R2 | parent state #5: PARENT_R2(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f49f8003a28: destroyed | stop processing: state #5 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x7f49f400d840 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f49f400a0e0 | delete_state: release st->st_skey_ai_nss-key@0x5641ad926910 | delete_state: release st->st_skey_ar_nss-key@0x5641ad89c080 | delete_state: release st->st_skey_ei_nss-key@0x5641ad923020 | delete_state: release st->st_skey_er_nss-key@0x5641ad895ec0 | delete_state: release st->st_skey_pi_nss-key@0x5641ad926530 | delete_state: release st->st_skey_pr_nss-key@0x5641ad93f770 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | shunt_eroute() called for connection 'east' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "east" is 0xfe7e7 | priority calculation of connection "east" is 0xfe7e7 | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" unrouted: NULL | running updown command "ipsec _updown" for verb unroute | command executing unroute-client | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0 | popen cmd is 1012 chars long | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_IN: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@e: | cmd( 160):ast' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLI: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: | cmd( 320):'16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO: | cmd( 400):_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_: | cmd( 480):MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=': | cmd( 560):' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+P: | cmd( 640):FS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT': | cmd( 720): PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_: | cmd( 800):DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' : | cmd( 880):PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S: | cmd( 960):HARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. | free hp@0x5641ad938f38 | flush revival: connection 'east' wasn't on the list | processing: STOP connection NULL (in discard_connection() at connections.c:249) | crl fetch request list locked by 'free_crl_fetch' | crl fetch request list unlocked by 'free_crl_fetch' shutting down interface lo/lo 127.0.0.1:4500 shutting down interface lo/lo 127.0.0.1:500 shutting down interface eth0/eth0 192.0.2.254:4500 shutting down interface eth0/eth0 192.0.2.254:500 shutting down interface eth1/eth1 192.1.2.23:4500 shutting down interface eth1/eth1 192.1.2.23:500 | FOR_EACH_STATE_... in delete_states_dead_interfaces | libevent_free: release ptr-libevent@0x5641ad92bbf8 | free_event_entry: release EVENT_NULL-pe@0x5641ad937908 | libevent_free: release ptr-libevent@0x5641ad8c1f68 | free_event_entry: release EVENT_NULL-pe@0x5641ad9379b8 | libevent_free: release ptr-libevent@0x5641ad8c6a88 | free_event_entry: release EVENT_NULL-pe@0x5641ad937a68 | libevent_free: release ptr-libevent@0x5641ad89b138 | free_event_entry: release EVENT_NULL-pe@0x5641ad937b18 | libevent_free: release ptr-libevent@0x5641ad8964e8 | free_event_entry: release EVENT_NULL-pe@0x5641ad937bc8 | libevent_free: release ptr-libevent@0x5641ad8961d8 | free_event_entry: release EVENT_NULL-pe@0x5641ad937c78 | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | libevent_free: release ptr-libevent@0x5641ad92bca8 | free_event_entry: release EVENT_NULL-pe@0x5641ad91f9e8 | libevent_free: release ptr-libevent@0x5641ad8bf978 | free_event_entry: release EVENT_NULL-pe@0x5641ad91f978 | libevent_free: release ptr-libevent@0x5641ad9033b8 | free_event_entry: release EVENT_NULL-pe@0x5641ad91ee38 | global timer EVENT_REINIT_SECRET uninitialized | global timer EVENT_SHUNT_SCAN uninitialized | global timer EVENT_PENDING_DDNS uninitialized | global timer EVENT_PENDING_PHASE2 uninitialized | global timer EVENT_CHECK_CRLS uninitialized | global timer EVENT_REVIVE_CONNS uninitialized | global timer EVENT_FREE_ROOT_CERTS uninitialized | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized | global timer EVENT_NAT_T_KEEPALIVE uninitialized | libevent_free: release ptr-libevent@0x5641ad8bf038 | signal event handler PLUTO_SIGCHLD uninstalled | libevent_free: release ptr-libevent@0x5641ad8c69b8 | signal event handler PLUTO_SIGTERM uninstalled | libevent_free: release ptr-libevent@0x5641ad9370e8 | signal event handler PLUTO_SIGHUP uninstalled | libevent_free: release ptr-libevent@0x5641ad937328 | signal event handler PLUTO_SIGSYS uninstalled | releasing event base | libevent_free: release ptr-libevent@0x5641ad9371f8 | libevent_free: release ptr-libevent@0x5641ad91a378 | libevent_free: release ptr-libevent@0x5641ad91a328 | libevent_free: release ptr-libevent@0x7f49f00027d8 | libevent_free: release ptr-libevent@0x5641ad91a278 | libevent_free: release ptr-libevent@0x5641ad936e78 | libevent_free: release ptr-libevent@0x5641ad937028 | libevent_free: release ptr-libevent@0x5641ad91a528 | libevent_free: release ptr-libevent@0x5641ad91f608 | libevent_free: release ptr-libevent@0x5641ad91faf8 | libevent_free: release ptr-libevent@0x5641ad937ce8 | libevent_free: release ptr-libevent@0x5641ad937c38 | libevent_free: release ptr-libevent@0x5641ad937b88 | libevent_free: release ptr-libevent@0x5641ad937ad8 | libevent_free: release ptr-libevent@0x5641ad937a28 | libevent_free: release ptr-libevent@0x5641ad937978 | libevent_free: release ptr-libevent@0x5641ad8be168 | libevent_free: release ptr-libevent@0x5641ad9370a8 | libevent_free: release ptr-libevent@0x5641ad937068 | libevent_free: release ptr-libevent@0x5641ad936fe8 | libevent_free: release ptr-libevent@0x5641ad9371b8 | libevent_free: release ptr-libevent@0x5641ad936eb8 | libevent_free: release ptr-libevent@0x5641ad895908 | libevent_free: release ptr-libevent@0x5641ad895d38 | libevent_free: release ptr-libevent@0x5641ad8be4d8 | releasing global libevent data | libevent_free: release ptr-libevent@0x5641ad896488 | libevent_free: release ptr-libevent@0x5641ad895cd8 | libevent_free: release ptr-libevent@0x5641ad895dd8 leak detective found no leaks