FIPS Product: YES FIPS Kernel: NO FIPS Mode: NO NSS DB directory: sql:/etc/ipsec.d Initializing NSS Opening NSS database "sql:/etc/ipsec.d" read-only NSS initialized NSS crypto library initialized FIPS HMAC integrity support [enabled] FIPS mode disabled for pluto daemon FIPS HMAC integrity verification self-test FAILED libcap-ng support [enabled] Linux audit support [enabled] Linux audit activated Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:7754 core dump dir: /tmp secrets file: /etc/ipsec.secrets leak-detective enabled NSS crypto [enabled] XAUTH PAM support [enabled] | libevent is using pluto's memory allocator Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) | libevent_malloc: new ptr-libevent@0x55fd4c44b138 size 40 | libevent_malloc: new ptr-libevent@0x55fd4c445cd8 size 40 | libevent_malloc: new ptr-libevent@0x55fd4c445dd8 size 40 | creating event base | libevent_malloc: new ptr-libevent@0x55fd4c4ca338 size 56 | libevent_malloc: new ptr-libevent@0x55fd4c46e448 size 664 | libevent_malloc: new ptr-libevent@0x55fd4c4ca3a8 size 24 | libevent_malloc: new ptr-libevent@0x55fd4c4ca3f8 size 384 | libevent_malloc: new ptr-libevent@0x55fd4c4ca2f8 size 16 | libevent_malloc: new ptr-libevent@0x55fd4c445908 size 40 | libevent_malloc: new ptr-libevent@0x55fd4c445d38 size 48 | libevent_realloc: new ptr-libevent@0x55fd4c46e0d8 size 256 | libevent_malloc: new ptr-libevent@0x55fd4c4ca5a8 size 16 | libevent_free: release ptr-libevent@0x55fd4c4ca338 | libevent initialized | libevent_realloc: new ptr-libevent@0x55fd4c4ca338 size 64 | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds | init_nat_traversal() initialized with keep_alive=0s NAT-Traversal support [enabled] | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized | global one-shot timer EVENT_FREE_ROOT_CERTS initialized | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds | global one-shot timer EVENT_REVIVE_CONNS initialized | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds | encryption algorithm assertion checks | encryption algorithm AES_CCM_16, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 16, IKEv2 id: 16 | IKEv1 ESP ID id: 16 enum name: AES_CCM_C | IKEv2 ID id: 16 enum name: AES_CCM_C | encryption algorithm AES_CCM_12, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 15, IKEv2 id: 15 | IKEv1 ESP ID id: 15 enum name: AES_CCM_B | IKEv2 ID id: 15 enum name: AES_CCM_B | encryption algorithm AES_CCM_8, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 14, IKEv2 id: 14 | IKEv1 ESP ID id: 14 enum name: AES_CCM_A | IKEv2 ID id: 14 enum name: AES_CCM_A | encryption algorithm 3DES_CBC, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: 3, IKEv2 id: 3 | IKEv1 OAKLEY ID id: 5 enum name: 3DES_CBC | IKEv1 ESP ID id: 3 enum name: 3DES | IKEv2 ID id: 3 enum name: 3DES | encryption algorithm CAMELLIA_CTR, IKEv1 OAKLEY id: 24, IKEv1 ESP_INFO id: 24, IKEv2 id: 24 | IKEv1 OAKLEY ID id: 24 enum name: CAMELLIA_CTR | IKEv1 ESP ID id: 24 enum name: CAMELLIA_CTR | IKEv2 ID id: 24 enum name: CAMELLIA_CTR | encryption algorithm CAMELLIA_CBC, IKEv1 OAKLEY id: 8, IKEv1 ESP_INFO id: 22, IKEv2 id: 23 | IKEv1 OAKLEY ID id: 8 enum name: CAMELLIA_CBC | IKEv1 ESP ID id: 22 enum name: CAMELLIA | IKEv2 ID id: 23 enum name: CAMELLIA_CBC | encryption algorithm AES_GCM_16, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 20, IKEv2 id: 20 | IKEv1 ESP ID id: 20 enum name: AES_GCM_C | IKEv2 ID id: 20 enum name: AES_GCM_C | encryption algorithm AES_GCM_12, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 19, IKEv2 id: 19 | IKEv1 ESP ID id: 19 enum name: AES_GCM_B | IKEv2 ID id: 19 enum name: AES_GCM_B | encryption algorithm AES_GCM_8, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 18, IKEv2 id: 18 | IKEv1 ESP ID id: 18 enum name: AES_GCM_A | IKEv2 ID id: 18 enum name: AES_GCM_A | encryption algorithm AES_CTR, IKEv1 OAKLEY id: 13, IKEv1 ESP_INFO id: 13, IKEv2 id: 13 | IKEv1 OAKLEY ID id: 13 enum name: AES_CTR | IKEv1 ESP ID id: 13 enum name: AES_CTR | IKEv2 ID id: 13 enum name: AES_CTR | encryption algorithm AES_CBC, IKEv1 OAKLEY id: 7, IKEv1 ESP_INFO id: 12, IKEv2 id: 12 | IKEv1 OAKLEY ID id: 7 enum name: AES_CBC | IKEv1 ESP ID id: 12 enum name: AES | IKEv2 ID id: 12 enum name: AES_CBC | encryption algorithm SERPENT_CBC, IKEv1 OAKLEY id: 65004, IKEv1 ESP_INFO id: 252, IKEv2 id: 65004 | IKEv1 OAKLEY ID id: 65004 enum name: SERPENT_CBC | IKEv1 ESP ID id: 252 enum name: SERPENT | IKEv2 ID id: 65004 enum name: SERPENT_CBC | encryption algorithm TWOFISH_CBC, IKEv1 OAKLEY id: 65005, IKEv1 ESP_INFO id: 253, IKEv2 id: 65005 | IKEv1 OAKLEY ID id: 65005 enum name: TWOFISH_CBC | IKEv1 ESP ID id: 253 enum name: TWOFISH | IKEv2 ID id: 65005 enum name: TWOFISH_CBC | encryption algorithm TWOFISH_SSH, IKEv1 OAKLEY id: 65289, IKEv1 ESP_INFO id: -1, IKEv2 id: 65289 | IKEv1 OAKLEY ID id: 65289 enum name: TWOFISH_CBC_SSH | IKEv2 ID id: 65289 enum name: TWOFISH_CBC_SSH | encryption algorithm NULL_AUTH_AES_GMAC, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 23, IKEv2 id: 21 | IKEv1 ESP ID id: 23 enum name: NULL_AUTH_AES_GMAC | IKEv2 ID id: 21 enum name: NULL_AUTH_AES_GMAC | encryption algorithm NULL, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 11, IKEv2 id: 11 | IKEv1 ESP ID id: 11 enum name: NULL | IKEv2 ID id: 11 enum name: NULL | encryption algorithm CHACHA20_POLY1305, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: -1, IKEv2 id: 28 | IKEv2 ID id: 28 enum name: CHACHA20_POLY1305 Encryption algorithms: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac NULL IKEv1: ESP IKEv2: ESP [] CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 | hash algorithm assertion checks | hash algorithm MD5, IKEv1 OAKLEY id: 1, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 1 enum name: MD5 | hash algorithm SHA1, IKEv1 OAKLEY id: 2, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 2 enum name: SHA1 | hash algorithm SHA2_256, IKEv1 OAKLEY id: 4, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 4 enum name: SHA2_256 | hash algorithm SHA2_384, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 5 enum name: SHA2_384 | hash algorithm SHA2_512, IKEv1 OAKLEY id: 6, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 6 enum name: SHA2_512 Hash algorithms: MD5 IKEv1: IKE IKEv2: SHA1 IKEv1: IKE IKEv2: FIPS sha SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 | PRF algorithm assertion checks | PRF algorithm HMAC_MD5, IKEv1 OAKLEY id: 1, IKEv1 ESP_INFO id: -1, IKEv2 id: 1 | IKEv1 OAKLEY ID id: 1 enum name: MD5 | IKEv2 ID id: 1 enum name: HMAC_MD5 | PRF algorithm HMAC_SHA1, IKEv1 OAKLEY id: 2, IKEv1 ESP_INFO id: -1, IKEv2 id: 2 | IKEv1 OAKLEY ID id: 2 enum name: SHA1 | IKEv2 ID id: 2 enum name: HMAC_SHA1 | PRF algorithm HMAC_SHA2_256, IKEv1 OAKLEY id: 4, IKEv1 ESP_INFO id: -1, IKEv2 id: 5 | IKEv1 OAKLEY ID id: 4 enum name: SHA2_256 | IKEv2 ID id: 5 enum name: HMAC_SHA2_256 | PRF algorithm HMAC_SHA2_384, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: -1, IKEv2 id: 6 | IKEv1 OAKLEY ID id: 5 enum name: SHA2_384 | IKEv2 ID id: 6 enum name: HMAC_SHA2_384 | PRF algorithm HMAC_SHA2_512, IKEv1 OAKLEY id: 6, IKEv1 ESP_INFO id: -1, IKEv2 id: 7 | IKEv1 OAKLEY ID id: 6 enum name: SHA2_512 | IKEv2 ID id: 7 enum name: HMAC_SHA2_512 | PRF algorithm AES_XCBC, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: -1, IKEv2 id: 4 | IKEv2 ID id: 4 enum name: AES128_XCBC PRF algorithms: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc | integrity algorithm assertion checks | integrity algorithm HMAC_MD5_96, IKEv1 OAKLEY id: 1, IKEv1 ESP_INFO id: 1, IKEv2 id: 1 | IKEv1 OAKLEY ID id: 1 enum name: MD5 | IKEv1 ESP ID id: 1 enum name: HMAC_MD5 | IKEv2 ID id: 1 enum name: HMAC_MD5_96 | integrity algorithm HMAC_SHA1_96, IKEv1 OAKLEY id: 2, IKEv1 ESP_INFO id: 2, IKEv2 id: 2 | IKEv1 OAKLEY ID id: 2 enum name: SHA1 | IKEv1 ESP ID id: 2 enum name: HMAC_SHA1 | IKEv2 ID id: 2 enum name: HMAC_SHA1_96 | integrity algorithm HMAC_SHA2_512_256, IKEv1 OAKLEY id: 6, IKEv1 ESP_INFO id: 7, IKEv2 id: 14 | IKEv1 OAKLEY ID id: 6 enum name: SHA2_512 | IKEv1 ESP ID id: 7 enum name: HMAC_SHA2_512 | IKEv2 ID id: 14 enum name: HMAC_SHA2_512_256 | integrity algorithm HMAC_SHA2_384_192, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: 6, IKEv2 id: 13 | IKEv1 OAKLEY ID id: 5 enum name: SHA2_384 | IKEv1 ESP ID id: 6 enum name: HMAC_SHA2_384 | IKEv2 ID id: 13 enum name: HMAC_SHA2_384_192 | integrity algorithm HMAC_SHA2_256_128, IKEv1 OAKLEY id: 4, IKEv1 ESP_INFO id: 5, IKEv2 id: 12 | IKEv1 OAKLEY ID id: 4 enum name: SHA2_256 | IKEv1 ESP ID id: 5 enum name: HMAC_SHA2_256 | IKEv2 ID id: 12 enum name: HMAC_SHA2_256_128 | integrity algorithm HMAC_SHA2_256_TRUNCBUG, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 252, IKEv2 id: -1 | IKEv1 ESP ID id: 252 enum name: HMAC_SHA2_256_TRUNCBUG | integrity algorithm AES_XCBC_96, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 9, IKEv2 id: 5 | IKEv1 ESP ID id: 9 enum name: AES_XCBC | IKEv2 ID id: 5 enum name: AES_XCBC_96 | integrity algorithm AES_CMAC_96, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 250, IKEv2 id: 8 | IKEv1 ESP ID id: 250 enum name: AES_CMAC_96 | IKEv2 ID id: 8 enum name: AES_CMAC_96 | integrity algorithm NONE, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 0, IKEv2 id: 0 | IKEv1 ESP ID id: 0 enum name: NONE | IKEv2 ID id: 0 enum name: NONE Integrity algorithms: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac NONE IKEv1: ESP IKEv2: IKE ESP FIPS null | DH algorithm assertion checks | DH algorithm NONE, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: -1, IKEv2 id: 0 | IKEv2 ID id: 0 enum name: NONE | DH algorithm MODP1536, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: 5, IKEv2 id: 5 | IKEv1 OAKLEY ID id: 5 enum name: MODP1536 | IKEv1 ESP ID id: 5 enum name: MODP1536 | IKEv2 ID id: 5 enum name: MODP1536 | DH algorithm MODP2048, IKEv1 OAKLEY id: 14, IKEv1 ESP_INFO id: 14, IKEv2 id: 14 | IKEv1 OAKLEY ID id: 14 enum name: MODP2048 | IKEv1 ESP ID id: 14 enum name: MODP2048 | IKEv2 ID id: 14 enum name: MODP2048 | DH algorithm MODP3072, IKEv1 OAKLEY id: 15, IKEv1 ESP_INFO id: 15, IKEv2 id: 15 | IKEv1 OAKLEY ID id: 15 enum name: MODP3072 | IKEv1 ESP ID id: 15 enum name: MODP3072 | IKEv2 ID id: 15 enum name: MODP3072 | DH algorithm MODP4096, IKEv1 OAKLEY id: 16, IKEv1 ESP_INFO id: 16, IKEv2 id: 16 | IKEv1 OAKLEY ID id: 16 enum name: MODP4096 | IKEv1 ESP ID id: 16 enum name: MODP4096 | IKEv2 ID id: 16 enum name: MODP4096 | DH algorithm MODP6144, IKEv1 OAKLEY id: 17, IKEv1 ESP_INFO id: 17, IKEv2 id: 17 | IKEv1 OAKLEY ID id: 17 enum name: MODP6144 | IKEv1 ESP ID id: 17 enum name: MODP6144 | IKEv2 ID id: 17 enum name: MODP6144 | DH algorithm MODP8192, IKEv1 OAKLEY id: 18, IKEv1 ESP_INFO id: 18, IKEv2 id: 18 | IKEv1 OAKLEY ID id: 18 enum name: MODP8192 | IKEv1 ESP ID id: 18 enum name: MODP8192 | IKEv2 ID id: 18 enum name: MODP8192 | DH algorithm DH19, IKEv1 OAKLEY id: 19, IKEv1 ESP_INFO id: -1, IKEv2 id: 19 | IKEv1 OAKLEY ID id: 19 enum name: ECP_256 | IKEv2 ID id: 19 enum name: ECP_256 | DH algorithm DH20, IKEv1 OAKLEY id: 20, IKEv1 ESP_INFO id: -1, IKEv2 id: 20 | IKEv1 OAKLEY ID id: 20 enum name: ECP_384 | IKEv2 ID id: 20 enum name: ECP_384 | DH algorithm DH21, IKEv1 OAKLEY id: 21, IKEv1 ESP_INFO id: -1, IKEv2 id: 21 | IKEv1 OAKLEY ID id: 21 enum name: ECP_521 | IKEv2 ID id: 21 enum name: ECP_521 | DH algorithm DH31, IKEv1 OAKLEY id: 31, IKEv1 ESP_INFO id: -1, IKEv2 id: 31 | IKEv1 OAKLEY ID id: 31 enum name: CURVE25519 | IKEv2 ID id: 31 enum name: CURVE25519 DH algorithms: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 testing CAMELLIA_CBC: Camellia: 16 bytes with 128-bit key | decode_to_chunk: raw_key: input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867620 | result: symkey-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: CAMELLIA_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867608 | result: symkey-key@0x55fd4c44c080 (16-bytes, CAMELLIA_CBC) | symkey: release tmp-key@0x55fd4c4cd5b0 | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C" | decode_to_chunk: output: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: ciphertext: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C" | decode_to_chunk: output: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C" | decode_to_chunk: output: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c | decode_to_chunk: cipertext: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C" | decode_to_chunk: output: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x55fd4c44c080 | test_ctr_vector: Camellia: 16 bytes with 128-bit key passed Camellia: 16 bytes with 128-bit key | decode_to_chunk: raw_key: input "0x00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF" | decode_to_chunk: output: | 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867620 | result: symkey-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: CAMELLIA_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867608 | result: symkey-key@0x55fd4c44c080 (16-bytes, CAMELLIA_CBC) | symkey: release tmp-key@0x55fd4c4cd5b0 | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37" | decode_to_chunk: output: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37 | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 " | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 | decode_to_chunk: ciphertext: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37" | decode_to_chunk: output: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37" | decode_to_chunk: output: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37 | decode_to_chunk: cipertext: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37" | decode_to_chunk: output: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37 | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 " | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x55fd4c44c080 | test_ctr_vector: Camellia: 16 bytes with 128-bit key passed Camellia: 16 bytes with 256-bit key | decode_to_chunk: raw_key: input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867620 | result: symkey-key@0x55fd4c4cd5b0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: CAMELLIA_CBC | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x55fd4c4cd5b0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867608 | result: symkey-key@0x55fd4c44c080 (32-bytes, CAMELLIA_CBC) | symkey: release tmp-key@0x55fd4c4cd5b0 | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D" | decode_to_chunk: output: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: ciphertext: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D" | decode_to_chunk: output: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D" | decode_to_chunk: output: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d | decode_to_chunk: cipertext: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D" | decode_to_chunk: output: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x55fd4c44c080 | test_ctr_vector: Camellia: 16 bytes with 256-bit key passed Camellia: 16 bytes with 256-bit key | decode_to_chunk: raw_key: input "0x00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF FF EE DD CC BB AA 99 88 77 66 55 44 33 22 11 00" | decode_to_chunk: output: | 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff | ff ee dd cc bb aa 99 88 77 66 55 44 33 22 11 00 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867620 | result: symkey-key@0x55fd4c4cd5b0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: CAMELLIA_CBC | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x55fd4c4cd5b0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867608 | result: symkey-key@0x55fd4c44c080 (32-bytes, CAMELLIA_CBC) | symkey: release tmp-key@0x55fd4c4cd5b0 | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 " | decode_to_chunk: output: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23 | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 | decode_to_chunk: ciphertext: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 " | decode_to_chunk: output: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 " | decode_to_chunk: output: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23 | decode_to_chunk: cipertext: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 " | decode_to_chunk: output: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23 | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x55fd4c44c080 | test_ctr_vector: Camellia: 16 bytes with 256-bit key passed testing AES_GCM_16: empty string | decode_to_chunk: raw_key: input "0xcf063a34d4a9a76c2c86787d3f96db71" | decode_to_chunk: output: | cf 06 3a 34 d4 a9 a7 6c 2c 86 78 7d 3f 96 db 71 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398675c0 | result: symkey-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_GCM | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398675a8 | result: symkey-key@0x55fd4c44c080 (16-bytes, AES_GCM) | symkey: release tmp-key@0x55fd4c4cd5b0 | decode_to_chunk: salted IV: input "0x113b9785971864c83b01c787" | decode_to_chunk: output: | 11 3b 97 85 97 18 64 c8 3b 01 c7 87 | decode_to_chunk: AAD: input "" | decode_to_chunk: output: | | decode_to_chunk: plaintext: input "" | decode_to_chunk: output: | | decode_to_chunk: ciphertext: input "" | decode_to_chunk: output: | | decode_to_chunk: tag: input "0x72ac8493e3a5228b5d130a69d2510e42" | decode_to_chunk: output: | 72 ac 84 93 e3 a5 22 8b 5d 13 0a 69 d2 51 0e 42 | test_gcm_vector: decrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=0 tag-size=16 | test_gcm_vector: text+tag on call | 72 ac 84 93 e3 a5 22 8b 5d 13 0a 69 d2 51 0e 42 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 72 ac 84 93 e3 a5 22 8b 5d 13 0a 69 d2 51 0e 42 | test_gcm_vector: encrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=0 tag-size=16 | test_gcm_vector: text+tag on call | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 72 ac 84 93 e3 a5 22 8b 5d 13 0a 69 d2 51 0e 42 | test_gcm_vector: release sym_key-key@0x55fd4c44c080 | test_gcm_vector: passed one block | decode_to_chunk: raw_key: input "0xe98b72a9881a84ca6b76e0f43e68647a" | decode_to_chunk: output: | e9 8b 72 a9 88 1a 84 ca 6b 76 e0 f4 3e 68 64 7a | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398675c0 | result: symkey-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_GCM | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398675a8 | result: symkey-key@0x55fd4c44c080 (16-bytes, AES_GCM) | symkey: release tmp-key@0x55fd4c4cd5b0 | decode_to_chunk: salted IV: input "0x8b23299fde174053f3d652ba" | decode_to_chunk: output: | 8b 23 29 9f de 17 40 53 f3 d6 52 ba | decode_to_chunk: AAD: input "" | decode_to_chunk: output: | | decode_to_chunk: plaintext: input "0x28286a321293253c3e0aa2704a278032" | decode_to_chunk: output: | 28 28 6a 32 12 93 25 3c 3e 0a a2 70 4a 27 80 32 | decode_to_chunk: ciphertext: input "0x5a3c1cf1985dbb8bed818036fdd5ab42" | decode_to_chunk: output: | 5a 3c 1c f1 98 5d bb 8b ed 81 80 36 fd d5 ab 42 | decode_to_chunk: tag: input "0x23c7ab0f952b7091cd324835043b5eb5" | decode_to_chunk: output: | 23 c7 ab 0f 95 2b 70 91 cd 32 48 35 04 3b 5e b5 | test_gcm_vector: decrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=16 tag-size=16 | test_gcm_vector: text+tag on call | 5a 3c 1c f1 98 5d bb 8b ed 81 80 36 fd d5 ab 42 | 23 c7 ab 0f 95 2b 70 91 cd 32 48 35 04 3b 5e b5 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 28 28 6a 32 12 93 25 3c 3e 0a a2 70 4a 27 80 32 | 23 c7 ab 0f 95 2b 70 91 cd 32 48 35 04 3b 5e b5 | test_gcm_vector: encrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=16 tag-size=16 | test_gcm_vector: text+tag on call | 28 28 6a 32 12 93 25 3c 3e 0a a2 70 4a 27 80 32 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 5a 3c 1c f1 98 5d bb 8b ed 81 80 36 fd d5 ab 42 | 23 c7 ab 0f 95 2b 70 91 cd 32 48 35 04 3b 5e b5 | test_gcm_vector: release sym_key-key@0x55fd4c44c080 | test_gcm_vector: passed two blocks | decode_to_chunk: raw_key: input "0xbfd414a6212958a607a0f5d3ab48471d" | decode_to_chunk: output: | bf d4 14 a6 21 29 58 a6 07 a0 f5 d3 ab 48 47 1d | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398675c0 | result: symkey-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_GCM | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398675a8 | result: symkey-key@0x55fd4c44c080 (16-bytes, AES_GCM) | symkey: release tmp-key@0x55fd4c4cd5b0 | decode_to_chunk: salted IV: input "0x86d8ea0ab8e40dcc481cd0e2" | decode_to_chunk: output: | 86 d8 ea 0a b8 e4 0d cc 48 1c d0 e2 | decode_to_chunk: AAD: input "" | decode_to_chunk: output: | | decode_to_chunk: plaintext: input "0xa6b76a066e63392c9443e60272ceaeb9d25c991b0f2e55e2804e168c05ea591a" | decode_to_chunk: output: | a6 b7 6a 06 6e 63 39 2c 94 43 e6 02 72 ce ae b9 | d2 5c 99 1b 0f 2e 55 e2 80 4e 16 8c 05 ea 59 1a | decode_to_chunk: ciphertext: input "0x62171db33193292d930bf6647347652c1ef33316d7feca99d54f1db4fcf513f8" | decode_to_chunk: output: | 62 17 1d b3 31 93 29 2d 93 0b f6 64 73 47 65 2c | 1e f3 33 16 d7 fe ca 99 d5 4f 1d b4 fc f5 13 f8 | decode_to_chunk: tag: input "0xc28280aa5c6c7a8bd366f28c1cfd1f6e" | decode_to_chunk: output: | c2 82 80 aa 5c 6c 7a 8b d3 66 f2 8c 1c fd 1f 6e | test_gcm_vector: decrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=32 tag-size=16 | test_gcm_vector: text+tag on call | 62 17 1d b3 31 93 29 2d 93 0b f6 64 73 47 65 2c | 1e f3 33 16 d7 fe ca 99 d5 4f 1d b4 fc f5 13 f8 | c2 82 80 aa 5c 6c 7a 8b d3 66 f2 8c 1c fd 1f 6e | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | a6 b7 6a 06 6e 63 39 2c 94 43 e6 02 72 ce ae b9 | d2 5c 99 1b 0f 2e 55 e2 80 4e 16 8c 05 ea 59 1a | c2 82 80 aa 5c 6c 7a 8b d3 66 f2 8c 1c fd 1f 6e | test_gcm_vector: encrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=32 tag-size=16 | test_gcm_vector: text+tag on call | a6 b7 6a 06 6e 63 39 2c 94 43 e6 02 72 ce ae b9 | d2 5c 99 1b 0f 2e 55 e2 80 4e 16 8c 05 ea 59 1a | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 62 17 1d b3 31 93 29 2d 93 0b f6 64 73 47 65 2c | 1e f3 33 16 d7 fe ca 99 d5 4f 1d b4 fc f5 13 f8 | c2 82 80 aa 5c 6c 7a 8b d3 66 f2 8c 1c fd 1f 6e | test_gcm_vector: release sym_key-key@0x55fd4c44c080 | test_gcm_vector: passed two blocks with associated data | decode_to_chunk: raw_key: input "0x006c458100fc5f4d62949d2c833b82d1" | decode_to_chunk: output: | 00 6c 45 81 00 fc 5f 4d 62 94 9d 2c 83 3b 82 d1 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398675c0 | result: symkey-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_GCM | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398675a8 | result: symkey-key@0x55fd4c44c080 (16-bytes, AES_GCM) | symkey: release tmp-key@0x55fd4c4cd5b0 | decode_to_chunk: salted IV: input "0xa4e9c4bc5725a21ff42c82b2" | decode_to_chunk: output: | a4 e9 c4 bc 57 25 a2 1f f4 2c 82 b2 | decode_to_chunk: AAD: input "0x2efb14fb3657cdd6b9a8ff1a5f5a39b9" | decode_to_chunk: output: | 2e fb 14 fb 36 57 cd d6 b9 a8 ff 1a 5f 5a 39 b9 | decode_to_chunk: plaintext: input "0xf381d3bfbee0a879f7a4e17b623278cedd6978053dd313530a18f1a836100950" | decode_to_chunk: output: | f3 81 d3 bf be e0 a8 79 f7 a4 e1 7b 62 32 78 ce | dd 69 78 05 3d d3 13 53 0a 18 f1 a8 36 10 09 50 | decode_to_chunk: ciphertext: input "0xf39b4db3542d8542fb73fd2d66be568f26d7f814b3f87d1eceac3dd09a8d697e" | decode_to_chunk: output: | f3 9b 4d b3 54 2d 85 42 fb 73 fd 2d 66 be 56 8f | 26 d7 f8 14 b3 f8 7d 1e ce ac 3d d0 9a 8d 69 7e | decode_to_chunk: tag: input "0x39f045cb23b698c925db134d56c5" | decode_to_chunk: output: | 39 f0 45 cb 23 b6 98 c9 25 db 13 4d 56 c5 | test_gcm_vector: decrypt: aad-size=16 salt-size=4 wire-IV-size=8 text-size=32 tag-size=14 | test_gcm_vector: text+tag on call | f3 9b 4d b3 54 2d 85 42 fb 73 fd 2d 66 be 56 8f | 26 d7 f8 14 b3 f8 7d 1e ce ac 3d d0 9a 8d 69 7e | 39 f0 45 cb 23 b6 98 c9 25 db 13 4d 56 c5 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | f3 81 d3 bf be e0 a8 79 f7 a4 e1 7b 62 32 78 ce | dd 69 78 05 3d d3 13 53 0a 18 f1 a8 36 10 09 50 | 39 f0 45 cb 23 b6 98 c9 25 db 13 4d 56 c5 | test_gcm_vector: encrypt: aad-size=16 salt-size=4 wire-IV-size=8 text-size=32 tag-size=14 | test_gcm_vector: text+tag on call | f3 81 d3 bf be e0 a8 79 f7 a4 e1 7b 62 32 78 ce | dd 69 78 05 3d d3 13 53 0a 18 f1 a8 36 10 09 50 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | f3 9b 4d b3 54 2d 85 42 fb 73 fd 2d 66 be 56 8f | 26 d7 f8 14 b3 f8 7d 1e ce ac 3d d0 9a 8d 69 7e | 39 f0 45 cb 23 b6 98 c9 25 db 13 4d 56 c5 | test_gcm_vector: release sym_key-key@0x55fd4c44c080 | test_gcm_vector: passed testing AES_CTR: Encrypting 16 octets using AES-CTR with 128-bit key | decode_to_chunk: raw_key: input "0x AE 68 52 F8 12 10 67 CC 4B F7 A5 76 55 77 F3 9E" | decode_to_chunk: output: | ae 68 52 f8 12 10 67 cc 4b f7 a5 76 55 77 f3 9e | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867620 | result: symkey-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867608 | result: symkey-key@0x55fd4c44c080 (16-bytes, AES_CTR) | symkey: release tmp-key@0x55fd4c4cd5b0 | decode_to_chunk: input counter-block: : input "0x 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01" | decode_to_chunk: output: | 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: Ciphertext: input "0x E4 09 5D 4F B7 A7 B3 79 2D 61 75 A3 26 13 11 B8" | decode_to_chunk: output: | e4 09 5d 4f b7 a7 b3 79 2d 61 75 a3 26 13 11 b8 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 02" | decode_to_chunk: output: | 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01" | decode_to_chunk: output: | 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x E4 09 5D 4F B7 A7 B3 79 2D 61 75 A3 26 13 11 B8" | decode_to_chunk: output: | e4 09 5d 4f b7 a7 b3 79 2d 61 75 a3 26 13 11 b8 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 02" | decode_to_chunk: output: | 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x55fd4c44c080 | test_ctr_vector: Encrypting 16 octets using AES-CTR with 128-bit key passed Encrypting 32 octets using AES-CTR with 128-bit key | decode_to_chunk: raw_key: input "0x 7E 24 06 78 17 FA E0 D7 43 D6 CE 1F 32 53 91 63" | decode_to_chunk: output: | 7e 24 06 78 17 fa e0 d7 43 d6 ce 1f 32 53 91 63 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867620 | result: symkey-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867608 | result: symkey-key@0x55fd4c44c080 (16-bytes, AES_CTR) | symkey: release tmp-key@0x55fd4c4cd5b0 | decode_to_chunk: input counter-block: : input "0x 00 6C B6 DB C0 54 3B 59 DA 48 D9 0B 00 00 00 01" | decode_to_chunk: output: | 00 6c b6 db c0 54 3b 59 da 48 d9 0b 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: Ciphertext: input "0x51 04 A1 06 16 8A 72 D9 79 0D 41 EE 8E DA D3 88EB 2E 1E FC 46 DA 57 C8 FC E6 30 DF 91 41 BE 28" | decode_to_chunk: output: | 51 04 a1 06 16 8a 72 d9 79 0d 41 ee 8e da d3 88 | eb 2e 1e fc 46 da 57 c8 fc e6 30 df 91 41 be 28 | decode_to_chunk: expected counter-block: : input "0x 00 6C B6 DB C0 54 3B 59 DA 48 D9 0B 00 00 00 03" | decode_to_chunk: output: | 00 6c b6 db c0 54 3b 59 da 48 d9 0b 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 6C B6 DB C0 54 3B 59 DA 48 D9 0B 00 00 00 01" | decode_to_chunk: output: | 00 6c b6 db c0 54 3b 59 da 48 d9 0b 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x51 04 A1 06 16 8A 72 D9 79 0D 41 EE 8E DA D3 88EB 2E 1E FC 46 DA 57 C8 FC E6 30 DF 91 41 BE 28" | decode_to_chunk: output: | 51 04 a1 06 16 8a 72 d9 79 0d 41 ee 8e da d3 88 | eb 2e 1e fc 46 da 57 c8 fc e6 30 df 91 41 be 28 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: expected counter-block: : input "0x 00 6C B6 DB C0 54 3B 59 DA 48 D9 0B 00 00 00 03" | decode_to_chunk: output: | 00 6c b6 db c0 54 3b 59 da 48 d9 0b 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x55fd4c44c080 | test_ctr_vector: Encrypting 32 octets using AES-CTR with 128-bit key passed Encrypting 36 octets using AES-CTR with 128-bit key | decode_to_chunk: raw_key: input "0x 76 91 BE 03 5E 50 20 A8 AC 6E 61 85 29 F9 A0 DC" | decode_to_chunk: output: | 76 91 be 03 5e 50 20 a8 ac 6e 61 85 29 f9 a0 dc | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867620 | result: symkey-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867608 | result: symkey-key@0x55fd4c44c080 (16-bytes, AES_CTR) | symkey: release tmp-key@0x55fd4c4cd5b0 | decode_to_chunk: input counter-block: : input "0x 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 01" | decode_to_chunk: output: | 00 e0 01 7b 27 77 7f 3f 4a 17 86 f0 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: Ciphertext: input "0xC1 CF 48 A8 9F 2F FD D9 CF 46 52 E9 EF DB 72 D745 40 A4 2B DE 6D 78 36 D5 9A 5C EA AE F3 10 5325 B2 07 2F" | decode_to_chunk: output: | c1 cf 48 a8 9f 2f fd d9 cf 46 52 e9 ef db 72 d7 | 45 40 a4 2b de 6d 78 36 d5 9a 5c ea ae f3 10 53 | 25 b2 07 2f | decode_to_chunk: expected counter-block: : input "0x 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 04" | decode_to_chunk: output: | 00 e0 01 7b 27 77 7f 3f 4a 17 86 f0 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 01" | decode_to_chunk: output: | 00 e0 01 7b 27 77 7f 3f 4a 17 86 f0 00 00 00 01 | decode_to_chunk: Ciphertext: input "0xC1 CF 48 A8 9F 2F FD D9 CF 46 52 E9 EF DB 72 D745 40 A4 2B DE 6D 78 36 D5 9A 5C EA AE F3 10 5325 B2 07 2F" | decode_to_chunk: output: | c1 cf 48 a8 9f 2f fd d9 cf 46 52 e9 ef db 72 d7 | 45 40 a4 2b de 6d 78 36 d5 9a 5c ea ae f3 10 53 | 25 b2 07 2f | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: expected counter-block: : input "0x 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 04" | decode_to_chunk: output: | 00 e0 01 7b 27 77 7f 3f 4a 17 86 f0 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x55fd4c44c080 | test_ctr_vector: Encrypting 36 octets using AES-CTR with 128-bit key passed Encrypting 16 octets using AES-CTR with 192-bit key | decode_to_chunk: raw_key: input "0x16 AF 5B 14 5F C9 F5 79 C1 75 F9 3E 3B FB 0E ED86 3D 06 CC FD B7 85 15" | decode_to_chunk: output: | 16 af 5b 14 5f c9 f5 79 c1 75 f9 3e 3b fb 0e ed | 86 3d 06 cc fd b7 85 15 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867620 | result: symkey-key@0x55fd4c4cd5b0 (40-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x55fd4c4cd5b0 (40-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867608 | result: symkey-key@0x55fd4c44c080 (24-bytes, AES_CTR) | symkey: release tmp-key@0x55fd4c4cd5b0 | decode_to_chunk: input counter-block: : input "0x 00 00 00 48 36 73 3C 14 7D 6D 93 CB 00 00 00 01" | decode_to_chunk: output: | 00 00 00 48 36 73 3c 14 7d 6d 93 cb 00 00 00 01 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: Ciphertext: input "0x 4B 55 38 4F E2 59 C9 C8 4E 79 35 A0 03 CB E9 28" | decode_to_chunk: output: | 4b 55 38 4f e2 59 c9 c8 4e 79 35 a0 03 cb e9 28 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 48 36 73 3C 14 7D 6D 93 CB 00 00 00 02" | decode_to_chunk: output: | 00 00 00 48 36 73 3c 14 7d 6d 93 cb 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 00 00 48 36 73 3C 14 7D 6D 93 CB 00 00 00 01" | decode_to_chunk: output: | 00 00 00 48 36 73 3c 14 7d 6d 93 cb 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x 4B 55 38 4F E2 59 C9 C8 4E 79 35 A0 03 CB E9 28" | decode_to_chunk: output: | 4b 55 38 4f e2 59 c9 c8 4e 79 35 a0 03 cb e9 28 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 48 36 73 3C 14 7D 6D 93 CB 00 00 00 02" | decode_to_chunk: output: | 00 00 00 48 36 73 3c 14 7d 6d 93 cb 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x55fd4c44c080 | test_ctr_vector: Encrypting 16 octets using AES-CTR with 192-bit key passed Encrypting 32 octets using AES-CTR with 192-bit key | decode_to_chunk: raw_key: input "0x7C 5C B2 40 1B 3D C3 3C 19 E7 34 08 19 E0 F6 9C67 8C 3D B8 E6 F6 A9 1A" | decode_to_chunk: output: | 7c 5c b2 40 1b 3d c3 3c 19 e7 34 08 19 e0 f6 9c | 67 8c 3d b8 e6 f6 a9 1a | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867620 | result: symkey-key@0x55fd4c4cd5b0 (40-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x55fd4c4cd5b0 (40-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867608 | result: symkey-key@0x55fd4c44c080 (24-bytes, AES_CTR) | symkey: release tmp-key@0x55fd4c4cd5b0 | decode_to_chunk: input counter-block: : input "0x 00 96 B0 3B 02 0C 6E AD C2 CB 50 0D 00 00 00 01" | decode_to_chunk: output: | 00 96 b0 3b 02 0c 6e ad c2 cb 50 0d 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: Ciphertext: input "0x45 32 43 FC 60 9B 23 32 7E DF AA FA 71 31 CD 9F84 90 70 1C 5A D4 A7 9C FC 1F E0 FF 42 F4 FB 00" | decode_to_chunk: output: | 45 32 43 fc 60 9b 23 32 7e df aa fa 71 31 cd 9f | 84 90 70 1c 5a d4 a7 9c fc 1f e0 ff 42 f4 fb 00 | decode_to_chunk: expected counter-block: : input "0x 00 96 B0 3B 02 0C 6E AD C2 CB 50 0D 00 00 00 03" | decode_to_chunk: output: | 00 96 b0 3b 02 0c 6e ad c2 cb 50 0d 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 96 B0 3B 02 0C 6E AD C2 CB 50 0D 00 00 00 01" | decode_to_chunk: output: | 00 96 b0 3b 02 0c 6e ad c2 cb 50 0d 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x45 32 43 FC 60 9B 23 32 7E DF AA FA 71 31 CD 9F84 90 70 1C 5A D4 A7 9C FC 1F E0 FF 42 F4 FB 00" | decode_to_chunk: output: | 45 32 43 fc 60 9b 23 32 7e df aa fa 71 31 cd 9f | 84 90 70 1c 5a d4 a7 9c fc 1f e0 ff 42 f4 fb 00 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: expected counter-block: : input "0x 00 96 B0 3B 02 0C 6E AD C2 CB 50 0D 00 00 00 03" | decode_to_chunk: output: | 00 96 b0 3b 02 0c 6e ad c2 cb 50 0d 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x55fd4c44c080 | test_ctr_vector: Encrypting 32 octets using AES-CTR with 192-bit key passed Encrypting 36 octets using AES-CTR with 192-bit key | decode_to_chunk: raw_key: input "0x02 BF 39 1E E8 EC B1 59 B9 59 61 7B 09 65 27 9BF5 9B 60 A7 86 D3 E0 FE" | decode_to_chunk: output: | 02 bf 39 1e e8 ec b1 59 b9 59 61 7b 09 65 27 9b | f5 9b 60 a7 86 d3 e0 fe | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867620 | result: symkey-key@0x55fd4c4cd5b0 (40-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x55fd4c4cd5b0 (40-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867608 | result: symkey-key@0x55fd4c44c080 (24-bytes, AES_CTR) | symkey: release tmp-key@0x55fd4c4cd5b0 | decode_to_chunk: input counter-block: : input "0x 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 01" | decode_to_chunk: output: | 00 07 bd fd 5c bd 60 27 8d cc 09 12 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: Ciphertext: input "0x96 89 3F C5 5E 5C 72 2F 54 0B 7D D1 DD F7 E7 58D2 88 BC 95 C6 91 65 88 45 36 C8 11 66 2F 21 88AB EE 09 35" | decode_to_chunk: output: | 96 89 3f c5 5e 5c 72 2f 54 0b 7d d1 dd f7 e7 58 | d2 88 bc 95 c6 91 65 88 45 36 c8 11 66 2f 21 88 | ab ee 09 35 | decode_to_chunk: expected counter-block: : input "0x 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 04" | decode_to_chunk: output: | 00 07 bd fd 5c bd 60 27 8d cc 09 12 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 01" | decode_to_chunk: output: | 00 07 bd fd 5c bd 60 27 8d cc 09 12 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x96 89 3F C5 5E 5C 72 2F 54 0B 7D D1 DD F7 E7 58D2 88 BC 95 C6 91 65 88 45 36 C8 11 66 2F 21 88AB EE 09 35" | decode_to_chunk: output: | 96 89 3f c5 5e 5c 72 2f 54 0b 7d d1 dd f7 e7 58 | d2 88 bc 95 c6 91 65 88 45 36 c8 11 66 2f 21 88 | ab ee 09 35 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: expected counter-block: : input "0x 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 04" | decode_to_chunk: output: | 00 07 bd fd 5c bd 60 27 8d cc 09 12 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x55fd4c44c080 | test_ctr_vector: Encrypting 36 octets using AES-CTR with 192-bit key passed Encrypting 16 octets using AES-CTR with 256-bit key | decode_to_chunk: raw_key: input "0x77 6B EF F2 85 1D B0 6F 4C 8A 05 42 C8 69 6F 6C6A 81 AF 1E EC 96 B4 D3 7F C1 D6 89 E6 C1 C1 04" | decode_to_chunk: output: | 77 6b ef f2 85 1d b0 6f 4c 8a 05 42 c8 69 6f 6c | 6a 81 af 1e ec 96 b4 d3 7f c1 d6 89 e6 c1 c1 04 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867620 | result: symkey-key@0x55fd4c4cd5b0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x55fd4c4cd5b0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867608 | result: symkey-key@0x55fd4c44c080 (32-bytes, AES_CTR) | symkey: release tmp-key@0x55fd4c4cd5b0 | decode_to_chunk: input counter-block: : input "0x 00 00 00 60 DB 56 72 C9 7A A8 F0 B2 00 00 00 01" | decode_to_chunk: output: | 00 00 00 60 db 56 72 c9 7a a8 f0 b2 00 00 00 01 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: Ciphertext: input "0x 14 5A D0 1D BF 82 4E C7 56 08 63 DC 71 E3 E0 C0" | decode_to_chunk: output: | 14 5a d0 1d bf 82 4e c7 56 08 63 dc 71 e3 e0 c0 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 60 DB 56 72 C9 7A A8 F0 B2 00 00 00 02" | decode_to_chunk: output: | 00 00 00 60 db 56 72 c9 7a a8 f0 b2 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 00 00 60 DB 56 72 C9 7A A8 F0 B2 00 00 00 01" | decode_to_chunk: output: | 00 00 00 60 db 56 72 c9 7a a8 f0 b2 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x 14 5A D0 1D BF 82 4E C7 56 08 63 DC 71 E3 E0 C0" | decode_to_chunk: output: | 14 5a d0 1d bf 82 4e c7 56 08 63 dc 71 e3 e0 c0 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 60 DB 56 72 C9 7A A8 F0 B2 00 00 00 02" | decode_to_chunk: output: | 00 00 00 60 db 56 72 c9 7a a8 f0 b2 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x55fd4c44c080 | test_ctr_vector: Encrypting 16 octets using AES-CTR with 256-bit key passed Encrypting 32 octets using AES-CTR with 256-bit key | decode_to_chunk: raw_key: input "0xF6 D6 6D 6B D5 2D 59 BB 07 96 36 58 79 EF F8 86C6 6D D5 1A 5B 6A 99 74 4B 50 59 0C 87 A2 38 84" | decode_to_chunk: output: | f6 d6 6d 6b d5 2d 59 bb 07 96 36 58 79 ef f8 86 | c6 6d d5 1a 5b 6a 99 74 4b 50 59 0c 87 a2 38 84 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867620 | result: symkey-key@0x55fd4c4cd5b0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x55fd4c4cd5b0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867608 | result: symkey-key@0x55fd4c44c080 (32-bytes, AES_CTR) | symkey: release tmp-key@0x55fd4c4cd5b0 | decode_to_chunk: input counter-block: : input "0x 00 FA AC 24 C1 58 5E F1 5A 43 D8 75 00 00 00 01" | decode_to_chunk: output: | 00 fa ac 24 c1 58 5e f1 5a 43 d8 75 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: Ciphertext: input "0xF0 5E 23 1B 38 94 61 2C 49 EE 00 0B 80 4E B2 A9B8 30 6B 50 8F 83 9D 6A 55 30 83 1D 93 44 AF 1C" | decode_to_chunk: output: | f0 5e 23 1b 38 94 61 2c 49 ee 00 0b 80 4e b2 a9 | b8 30 6b 50 8f 83 9d 6a 55 30 83 1d 93 44 af 1c | decode_to_chunk: expected counter-block: : input "0x 00 FA AC 24 C1 58 5E F1 5A 43 D8 75 00 00 00 03" | decode_to_chunk: output: | 00 fa ac 24 c1 58 5e f1 5a 43 d8 75 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 FA AC 24 C1 58 5E F1 5A 43 D8 75 00 00 00 01" | decode_to_chunk: output: | 00 fa ac 24 c1 58 5e f1 5a 43 d8 75 00 00 00 01 | decode_to_chunk: Ciphertext: input "0xF0 5E 23 1B 38 94 61 2C 49 EE 00 0B 80 4E B2 A9B8 30 6B 50 8F 83 9D 6A 55 30 83 1D 93 44 AF 1C" | decode_to_chunk: output: | f0 5e 23 1b 38 94 61 2c 49 ee 00 0b 80 4e b2 a9 | b8 30 6b 50 8f 83 9d 6a 55 30 83 1d 93 44 af 1c | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: expected counter-block: : input "0x 00 FA AC 24 C1 58 5E F1 5A 43 D8 75 00 00 00 03" | decode_to_chunk: output: | 00 fa ac 24 c1 58 5e f1 5a 43 d8 75 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x55fd4c44c080 | test_ctr_vector: Encrypting 32 octets using AES-CTR with 256-bit key passed Encrypting 36 octets using AES-CTR with 256-bit key | decode_to_chunk: raw_key: input "0xFF 7A 61 7C E6 91 48 E4 F1 72 6E 2F 43 58 1D E2AA 62 D9 F8 05 53 2E DF F1 EE D6 87 FB 54 15 3D" | decode_to_chunk: output: | ff 7a 61 7c e6 91 48 e4 f1 72 6e 2f 43 58 1d e2 | aa 62 d9 f8 05 53 2e df f1 ee d6 87 fb 54 15 3d | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867620 | result: symkey-key@0x55fd4c4cd5b0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x55fd4c4cd5b0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867608 | result: symkey-key@0x55fd4c44c080 (32-bytes, AES_CTR) | symkey: release tmp-key@0x55fd4c4cd5b0 | decode_to_chunk: input counter-block: : input "0x 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 01" | decode_to_chunk: output: | 00 1c c5 b7 51 a5 1d 70 a1 c1 11 48 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: Ciphertext: input "0xEB 6C 52 82 1D 0B BB F7 CE 75 94 46 2A CA 4F AAB4 07 DF 86 65 69 FD 07 F4 8C C0 B5 83 D6 07 1F1E C0 E6 B8" | decode_to_chunk: output: | eb 6c 52 82 1d 0b bb f7 ce 75 94 46 2a ca 4f aa | b4 07 df 86 65 69 fd 07 f4 8c c0 b5 83 d6 07 1f | 1e c0 e6 b8 | decode_to_chunk: expected counter-block: : input "0x 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 04" | decode_to_chunk: output: | 00 1c c5 b7 51 a5 1d 70 a1 c1 11 48 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 01" | decode_to_chunk: output: | 00 1c c5 b7 51 a5 1d 70 a1 c1 11 48 00 00 00 01 | decode_to_chunk: Ciphertext: input "0xEB 6C 52 82 1D 0B BB F7 CE 75 94 46 2A CA 4F AAB4 07 DF 86 65 69 FD 07 F4 8C C0 B5 83 D6 07 1F1E C0 E6 B8" | decode_to_chunk: output: | eb 6c 52 82 1d 0b bb f7 ce 75 94 46 2a ca 4f aa | b4 07 df 86 65 69 fd 07 f4 8c c0 b5 83 d6 07 1f | 1e c0 e6 b8 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: expected counter-block: : input "0x 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 04" | decode_to_chunk: output: | 00 1c c5 b7 51 a5 1d 70 a1 c1 11 48 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x55fd4c44c080 | test_ctr_vector: Encrypting 36 octets using AES-CTR with 256-bit key passed testing AES_CBC: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key | decode_to_chunk: raw_key: input "0x06a9214036b8a15b512e03d534120006" | decode_to_chunk: output: | 06 a9 21 40 36 b8 a1 5b 51 2e 03 d5 34 12 00 06 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867620 | result: symkey-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867608 | result: symkey-key@0x55fd4c44c080 (16-bytes, AES_CBC) | symkey: release tmp-key@0x55fd4c4cd5b0 | decode_to_chunk: IV: : input "0x3dafba429d9eb430b422da802c9fac41" | decode_to_chunk: output: | 3d af ba 42 9d 9e b4 30 b4 22 da 80 2c 9f ac 41 | decode_to_chunk: new IV: : input "0xe353779c1079aeb82708942dbe77181a" | decode_to_chunk: output: | e3 53 77 9c 10 79 ae b8 27 08 94 2d be 77 18 1a | decode_to_chunk: plaintext: : input "Single block msg" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: ciphertext: : input "0xe353779c1079aeb82708942dbe77181a" | decode_to_chunk: output: | e3 53 77 9c 10 79 ae b8 27 08 94 2d be 77 18 1a | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x3dafba429d9eb430b422da802c9fac41" | decode_to_chunk: output: | 3d af ba 42 9d 9e b4 30 b4 22 da 80 2c 9f ac 41 | decode_to_chunk: new IV: : input "0xe353779c1079aeb82708942dbe77181a" | decode_to_chunk: output: | e3 53 77 9c 10 79 ae b8 27 08 94 2d be 77 18 1a | decode_to_chunk: cipertext: : input "0xe353779c1079aeb82708942dbe77181a" | decode_to_chunk: output: | e3 53 77 9c 10 79 ae b8 27 08 94 2d be 77 18 1a | decode_to_chunk: plaintext: : input "Single block msg" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x55fd4c44c080 | test_ctr_vector: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key passed Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key | decode_to_chunk: raw_key: input "0xc286696d887c9aa0611bbb3e2025a45a" | decode_to_chunk: output: | c2 86 69 6d 88 7c 9a a0 61 1b bb 3e 20 25 a4 5a | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867620 | result: symkey-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867608 | result: symkey-key@0x55fd4c44c080 (16-bytes, AES_CBC) | symkey: release tmp-key@0x55fd4c4cd5b0 | decode_to_chunk: IV: : input "0x562e17996d093d28ddb3ba695a2e6f58" | decode_to_chunk: output: | 56 2e 17 99 6d 09 3d 28 dd b3 ba 69 5a 2e 6f 58 | decode_to_chunk: new IV: : input "0xd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1" | decode_to_chunk: output: | d2 96 cd 94 c2 cc cf 8a 3a 86 30 28 b5 e1 dc 0a | 75 86 60 2d 25 3c ff f9 1b 82 66 be a6 d6 1a b1 | decode_to_chunk: plaintext: : input "0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: ciphertext: : input "0xd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1" | decode_to_chunk: output: | d2 96 cd 94 c2 cc cf 8a 3a 86 30 28 b5 e1 dc 0a | 75 86 60 2d 25 3c ff f9 1b 82 66 be a6 d6 1a b1 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x562e17996d093d28ddb3ba695a2e6f58" | decode_to_chunk: output: | 56 2e 17 99 6d 09 3d 28 dd b3 ba 69 5a 2e 6f 58 | decode_to_chunk: new IV: : input "0xd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1" | decode_to_chunk: output: | d2 96 cd 94 c2 cc cf 8a 3a 86 30 28 b5 e1 dc 0a | 75 86 60 2d 25 3c ff f9 1b 82 66 be a6 d6 1a b1 | decode_to_chunk: cipertext: : input "0xd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1" | decode_to_chunk: output: | d2 96 cd 94 c2 cc cf 8a 3a 86 30 28 b5 e1 dc 0a | 75 86 60 2d 25 3c ff f9 1b 82 66 be a6 d6 1a b1 | decode_to_chunk: plaintext: : input "0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x55fd4c44c080 | test_ctr_vector: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key passed Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key | decode_to_chunk: raw_key: input "0x6c3ea0477630ce21a2ce334aa746c2cd" | decode_to_chunk: output: | 6c 3e a0 47 76 30 ce 21 a2 ce 33 4a a7 46 c2 cd | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867620 | result: symkey-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867608 | result: symkey-key@0x55fd4c44c080 (16-bytes, AES_CBC) | symkey: release tmp-key@0x55fd4c4cd5b0 | decode_to_chunk: IV: : input "0xc782dc4c098c66cbd9cd27d825682c81" | decode_to_chunk: output: | c7 82 dc 4c 09 8c 66 cb d9 cd 27 d8 25 68 2c 81 | decode_to_chunk: new IV: : input "0xd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684" | decode_to_chunk: output: | d0 a0 2b 38 36 45 17 53 d4 93 66 5d 33 f0 e8 86 | 2d ea 54 cd b2 93 ab c7 50 69 39 27 67 72 f8 d5 | 02 1c 19 21 6b ad 52 5c 85 79 69 5d 83 ba 26 84 | decode_to_chunk: plaintext: : input "This is a 48-byte message (exactly 3 AES blocks)" | decode_to_chunk: output: | 54 68 69 73 20 69 73 20 61 20 34 38 2d 62 79 74 | 65 20 6d 65 73 73 61 67 65 20 28 65 78 61 63 74 | 6c 79 20 33 20 41 45 53 20 62 6c 6f 63 6b 73 29 | decode_to_chunk: ciphertext: : input "0xd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684" | decode_to_chunk: output: | d0 a0 2b 38 36 45 17 53 d4 93 66 5d 33 f0 e8 86 | 2d ea 54 cd b2 93 ab c7 50 69 39 27 67 72 f8 d5 | 02 1c 19 21 6b ad 52 5c 85 79 69 5d 83 ba 26 84 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0xc782dc4c098c66cbd9cd27d825682c81" | decode_to_chunk: output: | c7 82 dc 4c 09 8c 66 cb d9 cd 27 d8 25 68 2c 81 | decode_to_chunk: new IV: : input "0xd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684" | decode_to_chunk: output: | d0 a0 2b 38 36 45 17 53 d4 93 66 5d 33 f0 e8 86 | 2d ea 54 cd b2 93 ab c7 50 69 39 27 67 72 f8 d5 | 02 1c 19 21 6b ad 52 5c 85 79 69 5d 83 ba 26 84 | decode_to_chunk: cipertext: : input "0xd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684" | decode_to_chunk: output: | d0 a0 2b 38 36 45 17 53 d4 93 66 5d 33 f0 e8 86 | 2d ea 54 cd b2 93 ab c7 50 69 39 27 67 72 f8 d5 | 02 1c 19 21 6b ad 52 5c 85 79 69 5d 83 ba 26 84 | decode_to_chunk: plaintext: : input "This is a 48-byte message (exactly 3 AES blocks)" | decode_to_chunk: output: | 54 68 69 73 20 69 73 20 61 20 34 38 2d 62 79 74 | 65 20 6d 65 73 73 61 67 65 20 28 65 78 61 63 74 | 6c 79 20 33 20 41 45 53 20 62 6c 6f 63 6b 73 29 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x55fd4c44c080 | test_ctr_vector: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key passed Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key | decode_to_chunk: raw_key: input "0x56e47a38c5598974bc46903dba290349" | decode_to_chunk: output: | 56 e4 7a 38 c5 59 89 74 bc 46 90 3d ba 29 03 49 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867620 | result: symkey-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867608 | result: symkey-key@0x55fd4c44c080 (16-bytes, AES_CBC) | symkey: release tmp-key@0x55fd4c4cd5b0 | decode_to_chunk: IV: : input "0x8ce82eefbea0da3c44699ed7db51b7d9" | decode_to_chunk: output: | 8c e8 2e ef be a0 da 3c 44 69 9e d7 db 51 b7 d9 | decode_to_chunk: new IV: : input "0xc30e32ffedc0774e6aff6af0869f71aa0f3af07a9a31a9c684db207eb0ef8e4e35907aa632c3ffdf868bb7b29d3d46ad83ce9f9a102ee99d49a53e87f4c3da55" | decode_to_chunk: output: | c3 0e 32 ff ed c0 77 4e 6a ff 6a f0 86 9f 71 aa | 0f 3a f0 7a 9a 31 a9 c6 84 db 20 7e b0 ef 8e 4e | 35 90 7a a6 32 c3 ff df 86 8b b7 b2 9d 3d 46 ad | 83 ce 9f 9a 10 2e e9 9d 49 a5 3e 87 f4 c3 da 55 | decode_to_chunk: plaintext: : input "0xa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedf" | decode_to_chunk: output: | a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 aa ab ac ad ae af | b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf | c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf | d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df | decode_to_chunk: ciphertext: : input "0xc30e32ffedc0774e6aff6af0869f71aa0f3af07a9a31a9c684db207eb0ef8e4e35907aa632c3ffdf868bb7b29d3d46ad83ce9f9a102ee99d49a53e87f4c3da55" | decode_to_chunk: output: | c3 0e 32 ff ed c0 77 4e 6a ff 6a f0 86 9f 71 aa | 0f 3a f0 7a 9a 31 a9 c6 84 db 20 7e b0 ef 8e 4e | 35 90 7a a6 32 c3 ff df 86 8b b7 b2 9d 3d 46 ad | 83 ce 9f 9a 10 2e e9 9d 49 a5 3e 87 f4 c3 da 55 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x8ce82eefbea0da3c44699ed7db51b7d9" | decode_to_chunk: output: | 8c e8 2e ef be a0 da 3c 44 69 9e d7 db 51 b7 d9 | decode_to_chunk: new IV: : input "0xc30e32ffedc0774e6aff6af0869f71aa0f3af07a9a31a9c684db207eb0ef8e4e35907aa632c3ffdf868bb7b29d3d46ad83ce9f9a102ee99d49a53e87f4c3da55" | decode_to_chunk: output: | c3 0e 32 ff ed c0 77 4e 6a ff 6a f0 86 9f 71 aa | 0f 3a f0 7a 9a 31 a9 c6 84 db 20 7e b0 ef 8e 4e | 35 90 7a a6 32 c3 ff df 86 8b b7 b2 9d 3d 46 ad | 83 ce 9f 9a 10 2e e9 9d 49 a5 3e 87 f4 c3 da 55 | decode_to_chunk: cipertext: : input "0xc30e32ffedc0774e6aff6af0869f71aa0f3af07a9a31a9c684db207eb0ef8e4e35907aa632c3ffdf868bb7b29d3d46ad83ce9f9a102ee99d49a53e87f4c3da55" | decode_to_chunk: output: | c3 0e 32 ff ed c0 77 4e 6a ff 6a f0 86 9f 71 aa | 0f 3a f0 7a 9a 31 a9 c6 84 db 20 7e b0 ef 8e 4e | 35 90 7a a6 32 c3 ff df 86 8b b7 b2 9d 3d 46 ad | 83 ce 9f 9a 10 2e e9 9d 49 a5 3e 87 f4 c3 da 55 | decode_to_chunk: plaintext: : input "0xa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedf" | decode_to_chunk: output: | a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 aa ab ac ad ae af | b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf | c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf | d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x55fd4c44c080 | test_ctr_vector: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key passed testing AES_XCBC: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "" | decode_to_chunk: output: | | decode_to_chunk: test_prf_vector: input "0x75f0251d528ac01c4573dfd584d79f29" | decode_to_chunk: output: | 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | PRF chunk interface PRF aes_xcbc init key-chunk@0x55fd4c4cf098 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398675a0 | result: key-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867588 | result: key-key@0x55fd4c44c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x55fd4c4cd5b0 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c44c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867568 | result: key-key@0x55fd4c4cd5b0 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x55fd4c44c080 | PRF chunk interface PRF aes_xcbc crypt-prf@0x55fd4c4ca5e8 | PRF chunk interface PRF aes_xcbc update message-bytes@0x55fd4c4cf148 (length 0) | | XCBC: data | K extracting all 16 bytes of key@0x55fd4c4cd5b0 | K: symkey-key@0x55fd4c4cd5b0 (16-bytes, AES_ECB) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55fd4c4cfe50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1272329104: 05 8e b2 0b e3 08 36 37 35 4a ba d1 8b 9d 75 b5 | K: release slot-key-key@0x55fd4c4cfe50 | K extracted len 16 bytes at 0x55fd4c4cfa48 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867500 | result: k1-key@0x55fd4c4d0030 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c4d0030 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398674e8 | result: k1-key@0x55fd4c44c080 (16-bytes, AES_ECB) | k1: release tmp-key@0x55fd4c4d0030 | Computing E[0] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] | XCBC: M[n] | XCBC: M[n]:80...^E[n-1]^K3 | 41 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: MAC 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | xcbc: release k1-key@0x55fd4c44c080 | PRF chunk interface: release key-key@0x55fd4c4cd5b0 | PRF chunk interface PRF aes_xcbc final-chunk@0x55fd4c4cf758 (length 16) | 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | chunk output 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | verify_chunk_data: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: ok | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867610 | result: key symkey-key@0x55fd4c44c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c44c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398675f8 | result: key symkey-key@0x55fd4c4cd5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55fd4c44c080 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x55fd4c4cd5b0 (size 16) | PRF symkey interface: key symkey-key@0x55fd4c4cd5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c4cd5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867598 | result: key symkey-key@0x55fd4c44c080 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x55fd4c4ca5e8 | PRF symkey interface PRF aes_xcbc update symkey message-key@(nil) (size 0) | PRF symkey interface: symkey message-key@NULL | symkey message NULL key has no bytes | XCBC: data | K extracting all 16 bytes of key@0x55fd4c44c080 | K: symkey-key@0x55fd4c44c080 (16-bytes, AES_ECB) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55fd4c4cfe50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1023: 05 8e b2 0b e3 08 36 37 35 4a ba d1 8b 9d 75 b5 | K: release slot-key-key@0x55fd4c4cfe50 | K extracted len 16 bytes at 0x55fd4c4cf058 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867520 | result: k1-key@0x55fd4c4d18b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c4d18b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867508 | result: k1-key@0x55fd4c4d0030 (16-bytes, AES_ECB) | k1: release tmp-key@0x55fd4c4d18b0 | Computing E[0] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] | XCBC: M[n] | XCBC: M[n]:80...^E[n-1]^K3 | 41 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: MAC 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | xcbc: release k1-key@0x55fd4c4d0030 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398675b0 | result: xcbc-key@0x55fd4c4d18b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c4d18b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867598 | result: xcbc-key@0x55fd4c4d0030 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x55fd4c4d18b0 | PRF symkey interface: release key-key@0x55fd4c44c080 | PRF symkey interface PRF aes_xcbc final-key@0x55fd4c4d0030 (size 16) | PRF symkey interface: key-key@0x55fd4c4d0030 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55fd4c4d0030 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input extracting all 16 bytes of key@0x55fd4c4d0030 | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: symkey-key@0x55fd4c4d0030 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: new slot-key@0x55fd4c4cfe50 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1272213354: 24 90 a1 3b 42 c9 58 80 3c 1b 5e 42 9b 65 e6 ef | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: release slot-key-key@0x55fd4c4cfe50 | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input extracted len 16 bytes at 0x55fd4c4cf718 | unwrapped: 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | verify_chunk_data: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: ok | test_prf_vector: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input passed | test_prf_vector: release symkey-key@0x55fd4c4d0030 | test_prf_vector: release message-key@NULL | test_prf_vector: release key-key@0x55fd4c4cd5b0 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102" | decode_to_chunk: output: | 00 01 02 | decode_to_chunk: test_prf_vector: input "0x5b376580ae2f19afe7219ceef172756f" | decode_to_chunk: output: | 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | PRF chunk interface PRF aes_xcbc init key-chunk@0x55fd4c4cf148 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398675a0 | result: key-key@0x55fd4c4d0030 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c4d0030 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867588 | result: key-key@0x55fd4c4cd5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x55fd4c4d0030 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c4cd5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867568 | result: key-key@0x55fd4c4d0030 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x55fd4c4cd5b0 | PRF chunk interface PRF aes_xcbc crypt-prf@0x55fd4c4ca5e8 | PRF chunk interface PRF aes_xcbc update message-bytes@0x55fd4c4cf718 (length 3) | 00 01 02 | XCBC: data 00 01 02 | K extracting all 16 bytes of key@0x55fd4c4d0030 | K: symkey-key@0x55fd4c4d0030 (16-bytes, AES_ECB) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55fd4c4cfe50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1272329104: 05 8e b2 0b e3 08 36 37 35 4a ba d1 8b 9d 75 b5 | K: release slot-key-key@0x55fd4c4cfe50 | K extracted len 16 bytes at 0x55fd4c4cfb68 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867500 | result: k1-key@0x55fd4c44c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c44c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398674e8 | result: k1-key@0x55fd4c4cd5b0 (16-bytes, AES_ECB) | k1: release tmp-key@0x55fd4c44c080 | Computing E[1] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 01 02 | XCBC: M[n] 00 01 02 | XCBC: M[n]:80...^E[n-1]^K3 | c1 a6 a9 21 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: MAC 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | xcbc: release k1-key@0x55fd4c4cd5b0 | PRF chunk interface: release key-key@0x55fd4c4d0030 | PRF chunk interface PRF aes_xcbc final-chunk@0x55fd4c4cfc08 (length 16) | 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | chunk output 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | verify_chunk_data: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: ok | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867610 | result: key symkey-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398675f8 | result: key symkey-key@0x55fd4c4d0030 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55fd4c4cd5b0 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x55fd4c4d0030 (size 16) | PRF symkey interface: key symkey-key@0x55fd4c4d0030 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c4d0030 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867598 | result: key symkey-key@0x55fd4c4cd5b0 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x55fd4c4ca5e8 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867610 | result: message symkey-key@0x55fd4c4d18b0 (19-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 3 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 3-bytes | base: base-key@0x55fd4c4d18b0 (19-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398675f8 | result: message symkey-key@0x55fd4c44c080 (3-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x55fd4c4d18b0 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x55fd4c44c080 (size 3) | PRF symkey interface: symkey message-key@0x55fd4c44c080 (3-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 3 bytes of key@0x55fd4c44c080 | symkey message: symkey-key@0x55fd4c44c080 (3-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x55fd4c4cfe50 (3-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1272213408: b1 96 60 47 f8 05 9a ec 9a 5d ff 18 51 66 cc 12 | symkey message: release slot-key-key@0x55fd4c4cfe50 | symkey message extracted len 16 bytes at 0x55fd4c4cf058 | unwrapped: 00 01 02 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 | K extracting all 16 bytes of key@0x55fd4c4cd5b0 | K: symkey-key@0x55fd4c4cd5b0 (16-bytes, AES_ECB) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55fd4c4cfe50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 05 8e b2 0b e3 08 36 37 35 4a ba d1 8b 9d 75 b5 | K: release slot-key-key@0x55fd4c4cfe50 | K extracted len 16 bytes at 0x55fd4c4cfa48 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867520 | result: k1-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867508 | result: k1-key@0x55fd4c4d18b0 (16-bytes, AES_ECB) | k1: release tmp-key@0x55fd4c4d3130 | Computing E[1] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 01 02 | XCBC: M[n] 00 01 02 | XCBC: M[n]:80...^E[n-1]^K3 | c1 a6 a9 21 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: MAC 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | xcbc: release k1-key@0x55fd4c4d18b0 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398675b0 | result: xcbc-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867598 | result: xcbc-key@0x55fd4c4d18b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x55fd4c4d3130 | PRF symkey interface: release key-key@0x55fd4c4cd5b0 | PRF symkey interface PRF aes_xcbc final-key@0x55fd4c4d18b0 (size 16) | PRF symkey interface: key-key@0x55fd4c4d18b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55fd4c4d18b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input extracting all 16 bytes of key@0x55fd4c4d18b0 | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: symkey-key@0x55fd4c4d18b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: new slot-key@0x55fd4c4cfe50 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1272213354: e2 29 ee 05 e2 17 ad fa 4e b4 c3 01 3d 82 40 48 | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: release slot-key-key@0x55fd4c4cfe50 | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input extracted len 16 bytes at 0x55fd4c4cf058 | unwrapped: 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | verify_chunk_data: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: ok | test_prf_vector: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input passed | test_prf_vector: release symkey-key@0x55fd4c4d18b0 | test_prf_vector: release message-key@0x55fd4c44c080 | test_prf_vector: release key-key@0x55fd4c4d0030 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0xd2a246fa349b68a79998a4394ff7a263" | decode_to_chunk: output: | d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | PRF chunk interface PRF aes_xcbc init key-chunk@0x55fd4c4cf718 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398675a0 | result: key-key@0x55fd4c44c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c44c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867588 | result: key-key@0x55fd4c4d0030 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x55fd4c44c080 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c4d0030 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867568 | result: key-key@0x55fd4c44c080 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x55fd4c4d0030 | PRF chunk interface PRF aes_xcbc crypt-prf@0x55fd4c4ca5e8 | PRF chunk interface PRF aes_xcbc update message-bytes@0x55fd4c4cf058 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | K extracting all 16 bytes of key@0x55fd4c44c080 | K: symkey-key@0x55fd4c44c080 (16-bytes, AES_ECB) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55fd4c4cfe50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: 05 8e b2 0b e3 08 36 37 35 4a ba d1 8b 9d 75 b5 | K: release slot-key-key@0x55fd4c4cfe50 | K extracted len 16 bytes at 0x55fd4c4cf188 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867500 | result: k1-key@0x55fd4c4d18b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c4d18b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398674e8 | result: k1-key@0x55fd4c4d0030 (16-bytes, AES_ECB) | k1: release tmp-key@0x55fd4c4d18b0 | XCBC: Computing E[1] using K2 | XCBC: K2 bd 86 2f fb 97 ad 2f b8 f8 b8 91 f6 03 2f 36 cb | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: M[n]^E[n-1]^K2 | bd 87 2d f8 93 a8 29 bf f0 b1 9b fd 0f 22 38 c4 | XCBC: MAC d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | xcbc: release k1-key@0x55fd4c4d0030 | PRF chunk interface: release key-key@0x55fd4c44c080 | PRF chunk interface PRF aes_xcbc final-chunk@0x55fd4c4cf098 (length 16) | d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | chunk output d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | verify_chunk_data: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: ok | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867610 | result: key symkey-key@0x55fd4c4d0030 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c4d0030 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398675f8 | result: key symkey-key@0x55fd4c44c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55fd4c4d0030 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x55fd4c44c080 (size 16) | PRF symkey interface: key symkey-key@0x55fd4c44c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c44c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867598 | result: key symkey-key@0x55fd4c4d0030 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x55fd4c4ca5e8 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867610 | result: message symkey-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398675f8 | result: message symkey-key@0x55fd4c4d18b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x55fd4c4cd5b0 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x55fd4c4d18b0 (size 16) | PRF symkey interface: symkey message-key@0x55fd4c4d18b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 16 bytes of key@0x55fd4c4d18b0 | symkey message: symkey-key@0x55fd4c4d18b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x55fd4c4cfe50 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1272213408: 05 8e b2 0b e3 08 36 37 35 4a ba d1 8b 9d 75 b5 | symkey message: release slot-key-key@0x55fd4c4cfe50 | symkey message extracted len 16 bytes at 0x55fd4c4cfa48 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | K extracting all 16 bytes of key@0x55fd4c4d0030 | K: symkey-key@0x55fd4c4d0030 (16-bytes, AES_ECB) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55fd4c4cfe50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 05 8e b2 0b e3 08 36 37 35 4a ba d1 8b 9d 75 b5 | K: release slot-key-key@0x55fd4c4cfe50 | K extracted len 16 bytes at 0x55fd4c4cfb68 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867520 | result: k1-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867508 | result: k1-key@0x55fd4c4cd5b0 (16-bytes, AES_ECB) | k1: release tmp-key@0x55fd4c4d3130 | XCBC: Computing E[1] using K2 | XCBC: K2 bd 86 2f fb 97 ad 2f b8 f8 b8 91 f6 03 2f 36 cb | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: M[n]^E[n-1]^K2 | bd 87 2d f8 93 a8 29 bf f0 b1 9b fd 0f 22 38 c4 | XCBC: MAC d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | xcbc: release k1-key@0x55fd4c4cd5b0 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398675b0 | result: xcbc-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867598 | result: xcbc-key@0x55fd4c4cd5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x55fd4c4d3130 | PRF symkey interface: release key-key@0x55fd4c4d0030 | PRF symkey interface PRF aes_xcbc final-key@0x55fd4c4cd5b0 (size 16) | PRF symkey interface: key-key@0x55fd4c4cd5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55fd4c4cd5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input extracting all 16 bytes of key@0x55fd4c4cd5b0 | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: symkey-key@0x55fd4c4cd5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: new slot-key@0x55fd4c4cfe50 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1272213354: bb 17 6b 50 57 ca 46 45 1b a9 e6 ad 23 63 82 9f | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: release slot-key-key@0x55fd4c4cfe50 | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input extracted len 16 bytes at 0x55fd4c4cfa48 | unwrapped: d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | verify_chunk_data: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: ok | test_prf_vector: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input passed | test_prf_vector: release symkey-key@0x55fd4c4cd5b0 | test_prf_vector: release message-key@0x55fd4c4d18b0 | test_prf_vector: release key-key@0x55fd4c44c080 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f10111213" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | decode_to_chunk: test_prf_vector: input "0x47f51b4564966215b8985c63055ed308" | decode_to_chunk: output: | 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | PRF chunk interface PRF aes_xcbc init key-chunk@0x55fd4c4cf058 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398675a0 | result: key-key@0x55fd4c4d18b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c4d18b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867588 | result: key-key@0x55fd4c44c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x55fd4c4d18b0 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c44c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867568 | result: key-key@0x55fd4c4d18b0 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x55fd4c44c080 | PRF chunk interface PRF aes_xcbc crypt-prf@0x55fd4c4cee58 | PRF chunk interface PRF aes_xcbc update message-bytes@0x55fd4c4ca5e8 (length 20) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x55fd4c4d18b0 | K: symkey-key@0x55fd4c4d18b0 (16-bytes, AES_ECB) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55fd4c4cfe50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: 05 8e b2 0b e3 08 36 37 35 4a ba d1 8b 9d 75 b5 | K: release slot-key-key@0x55fd4c4cfe50 | K extracted len 16 bytes at 0x55fd4c4cf148 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867500 | result: k1-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398674e8 | result: k1-key@0x55fd4c44c080 (16-bytes, AES_ECB) | k1: release tmp-key@0x55fd4c4cd5b0 | Computing E[2] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | cc b2 f1 48 ed 77 08 69 0d be 33 56 c1 6e ed dd | XCBC: MAC 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | xcbc: release k1-key@0x55fd4c44c080 | PRF chunk interface: release key-key@0x55fd4c4d18b0 | PRF chunk interface PRF aes_xcbc final-chunk@0x55fd4c4cf098 (length 16) | 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | chunk output 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | verify_chunk_data: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: ok | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867610 | result: key symkey-key@0x55fd4c44c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c44c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398675f8 | result: key symkey-key@0x55fd4c4d18b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55fd4c44c080 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x55fd4c4d18b0 (size 16) | PRF symkey interface: key symkey-key@0x55fd4c4d18b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c4d18b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867598 | result: key symkey-key@0x55fd4c44c080 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x55fd4c4cee58 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867610 | result: message symkey-key@0x55fd4c4d0030 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d0030 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398675f8 | result: message symkey-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x55fd4c4d0030 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x55fd4c4cd5b0 (size 20) | PRF symkey interface: symkey message-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 20 bytes of key@0x55fd4c4cd5b0 | symkey message: symkey-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272213408: 05 8e b2 0b e3 08 36 37 35 4a ba d1 8b 9d 75 b5 de 4d 8d 63 92 95 76 9d ea 1e eb a4 1b 9e cc f0 | symkey message: release slot-key-key@0x55fd4c4cfe50 | symkey message extracted len 32 bytes at 0x55fd4c4ceef8 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x55fd4c44c080 | K: symkey-key@0x55fd4c44c080 (16-bytes, AES_ECB) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55fd4c4cfe50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 05 8e b2 0b e3 08 36 37 35 4a ba d1 8b 9d 75 b5 | K: release slot-key-key@0x55fd4c4cfe50 | K extracted len 16 bytes at 0x55fd4c4cfb68 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867520 | result: k1-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867508 | result: k1-key@0x55fd4c4d0030 (16-bytes, AES_ECB) | k1: release tmp-key@0x55fd4c4d3130 | Computing E[2] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | cc b2 f1 48 ed 77 08 69 0d be 33 56 c1 6e ed dd | XCBC: MAC 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | xcbc: release k1-key@0x55fd4c4d0030 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398675b0 | result: xcbc-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867598 | result: xcbc-key@0x55fd4c4d0030 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x55fd4c4d3130 | PRF symkey interface: release key-key@0x55fd4c44c080 | PRF symkey interface PRF aes_xcbc final-key@0x55fd4c4d0030 (size 16) | PRF symkey interface: key-key@0x55fd4c4d0030 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55fd4c4d0030 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input extracting all 16 bytes of key@0x55fd4c4d0030 | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: symkey-key@0x55fd4c4d0030 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: new slot-key@0x55fd4c4cfe50 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1272213354: 13 b1 36 27 57 d4 5e 18 c8 b6 7c 11 e1 e7 9d e5 | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: release slot-key-key@0x55fd4c4cfe50 | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input extracted len 16 bytes at 0x55fd4c4cfb68 | unwrapped: 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | verify_chunk_data: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: ok | test_prf_vector: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input passed | test_prf_vector: release symkey-key@0x55fd4c4d0030 | test_prf_vector: release message-key@0x55fd4c4cd5b0 | test_prf_vector: release key-key@0x55fd4c4d18b0 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: test_prf_vector: input "0xf54f0ec8d2b9f3d36807734bd5283fd4" | decode_to_chunk: output: | f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | PRF chunk interface PRF aes_xcbc init key-chunk@0x55fd4c4cfa48 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398675a0 | result: key-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867588 | result: key-key@0x55fd4c4d18b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x55fd4c4cd5b0 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c4d18b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867568 | result: key-key@0x55fd4c4cd5b0 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x55fd4c4d18b0 | PRF chunk interface PRF aes_xcbc crypt-prf@0x55fd4c4cee58 | PRF chunk interface PRF aes_xcbc update message-bytes@0x55fd4c4ca5e8 (length 32) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | K extracting all 16 bytes of key@0x55fd4c4cd5b0 | K: symkey-key@0x55fd4c4cd5b0 (16-bytes, AES_ECB) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55fd4c4cfe50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540619040: 05 8e b2 0b e3 08 36 37 35 4a ba d1 8b 9d 75 b5 | K: release slot-key-key@0x55fd4c4cfe50 | K extracted len 16 bytes at 0x55fd4c4cf758 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867500 | result: k1-key@0x55fd4c4d0030 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c4d0030 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398674e8 | result: k1-key@0x55fd4c4d18b0 (16-bytes, AES_ECB) | k1: release tmp-key@0x55fd4c4d0030 | XCBC: Computing E[2] using K2 | XCBC: K2 bd 86 2f fb 97 ad 2f b8 f8 b8 91 f6 03 2f 36 cb | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: M[n]^E[n-1]^K2 | b0 93 75 12 4c f5 a5 c0 b5 18 18 37 16 b2 15 67 | XCBC: MAC f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | xcbc: release k1-key@0x55fd4c4d18b0 | PRF chunk interface: release key-key@0x55fd4c4cd5b0 | PRF chunk interface PRF aes_xcbc final-chunk@0x55fd4c4cfb68 (length 16) | f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | chunk output f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | verify_chunk_data: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: ok | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867610 | result: key symkey-key@0x55fd4c4d18b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c4d18b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398675f8 | result: key symkey-key@0x55fd4c4cd5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55fd4c4d18b0 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x55fd4c4cd5b0 (size 16) | PRF symkey interface: key symkey-key@0x55fd4c4cd5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c4cd5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867598 | result: key symkey-key@0x55fd4c4d18b0 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x55fd4c4cee58 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867610 | result: message symkey-key@0x55fd4c44c080 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x55fd4c44c080 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398675f8 | result: message symkey-key@0x55fd4c4d0030 (32-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x55fd4c44c080 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x55fd4c4d0030 (size 32) | PRF symkey interface: symkey message-key@0x55fd4c4d0030 (32-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 32 bytes of key@0x55fd4c4d0030 | symkey message: symkey-key@0x55fd4c4d0030 (32-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x55fd4c4cfe50 (32-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272213408: 05 8e b2 0b e3 08 36 37 35 4a ba d1 8b 9d 75 b5 55 cf 95 eb 0b 3e 20 76 74 07 2e 85 63 94 07 bd | symkey message: release slot-key-key@0x55fd4c4cfe50 | symkey message extracted len 32 bytes at 0x55fd4c4ceef8 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | K extracting all 16 bytes of key@0x55fd4c4d18b0 | K: symkey-key@0x55fd4c4d18b0 (16-bytes, AES_ECB) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55fd4c4cfe50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 05 8e b2 0b e3 08 36 37 35 4a ba d1 8b 9d 75 b5 | K: release slot-key-key@0x55fd4c4cfe50 | K extracted len 16 bytes at 0x55fd4c4cf098 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867520 | result: k1-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867508 | result: k1-key@0x55fd4c44c080 (16-bytes, AES_ECB) | k1: release tmp-key@0x55fd4c4d3130 | XCBC: Computing E[2] using K2 | XCBC: K2 bd 86 2f fb 97 ad 2f b8 f8 b8 91 f6 03 2f 36 cb | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: M[n]^E[n-1]^K2 | b0 93 75 12 4c f5 a5 c0 b5 18 18 37 16 b2 15 67 | XCBC: MAC f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | xcbc: release k1-key@0x55fd4c44c080 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398675b0 | result: xcbc-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867598 | result: xcbc-key@0x55fd4c44c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x55fd4c4d3130 | PRF symkey interface: release key-key@0x55fd4c4d18b0 | PRF symkey interface PRF aes_xcbc final-key@0x55fd4c44c080 (size 16) | PRF symkey interface: key-key@0x55fd4c44c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55fd4c44c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input extracting all 16 bytes of key@0x55fd4c44c080 | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: symkey-key@0x55fd4c44c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: new slot-key@0x55fd4c4cfe50 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1272213354: e4 09 90 f8 72 90 35 02 8c 40 26 14 57 1c ad b5 | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: release slot-key-key@0x55fd4c4cfe50 | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input extracted len 16 bytes at 0x55fd4c4cf098 | unwrapped: f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | verify_chunk_data: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: ok | test_prf_vector: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input passed | test_prf_vector: release symkey-key@0x55fd4c44c080 | test_prf_vector: release message-key@0x55fd4c4d0030 | test_prf_vector: release key-key@0x55fd4c4cd5b0 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f2021" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 | decode_to_chunk: test_prf_vector: input "0xbecbb3bccdb518a30677d5481fb6b4d8" | decode_to_chunk: output: | be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | PRF chunk interface PRF aes_xcbc init key-chunk@0x55fd4c4cf058 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398675a0 | result: key-key@0x55fd4c4d0030 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c4d0030 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867588 | result: key-key@0x55fd4c4cd5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x55fd4c4d0030 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c4cd5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867568 | result: key-key@0x55fd4c4d0030 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x55fd4c4cd5b0 | PRF chunk interface PRF aes_xcbc crypt-prf@0x55fd4c4ca5e8 | PRF chunk interface PRF aes_xcbc update message-bytes@0x55fd4c4cfba8 (length 34) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: data 20 21 | K extracting all 16 bytes of key@0x55fd4c4d0030 | K: symkey-key@0x55fd4c4d0030 (16-bytes, AES_ECB) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55fd4c4cfe50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540619040: 05 8e b2 0b e3 08 36 37 35 4a ba d1 8b 9d 75 b5 | K: release slot-key-key@0x55fd4c4cfe50 | K extracted len 16 bytes at 0x55fd4c4cf188 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867500 | result: k1-key@0x55fd4c44c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c44c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398674e8 | result: k1-key@0x55fd4c4cd5b0 (16-bytes, AES_ECB) | k1: release tmp-key@0x55fd4c44c080 | Computing E[3] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 09 02 5e 5a 67 25 20 72 44 14 5c 6b 80 66 85 79 | XCBC: M[n] 20 21 | XCBC: M[n] 20 21 | XCBC: M[n]:80...^E[n-1]^K3 | e8 84 75 fb c5 1f b4 74 1c 13 fc e7 48 88 55 17 | XCBC: MAC be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | xcbc: release k1-key@0x55fd4c4cd5b0 | PRF chunk interface: release key-key@0x55fd4c4d0030 | PRF chunk interface PRF aes_xcbc final-chunk@0x55fd4c4cf098 (length 16) | be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | chunk output be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | verify_chunk_data: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: ok | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867610 | result: key symkey-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398675f8 | result: key symkey-key@0x55fd4c4d0030 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55fd4c4cd5b0 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x55fd4c4d0030 (size 16) | PRF symkey interface: key symkey-key@0x55fd4c4d0030 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c4d0030 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867598 | result: key symkey-key@0x55fd4c4cd5b0 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x55fd4c4ca5e8 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867610 | result: message symkey-key@0x55fd4c4d18b0 (50-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 34 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 34-bytes | base: base-key@0x55fd4c4d18b0 (50-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398675f8 | result: message symkey-key@0x55fd4c44c080 (34-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x55fd4c4d18b0 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x55fd4c44c080 (size 34) | PRF symkey interface: symkey message-key@0x55fd4c44c080 (34-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 34 bytes of key@0x55fd4c44c080 | symkey message: symkey-key@0x55fd4c44c080 (34-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x55fd4c4cfe50 (34-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1272213408: 05 8e b2 0b e3 08 36 37 35 4a ba d1 8b 9d 75 b5 55 cf 95 eb 0b 3e 20 76 74 07 2e 85 63 94 07 bd c4 8c da 98 ba 70 e7 9f fe d6 5e ef 8d 79 62 0c | symkey message: release slot-key-key@0x55fd4c4cfe50 | symkey message extracted len 48 bytes at 0x55fd4c4cfda8 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | unwrapped: 20 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: data 20 21 | K extracting all 16 bytes of key@0x55fd4c4cd5b0 | K: symkey-key@0x55fd4c4cd5b0 (16-bytes, AES_ECB) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55fd4c4cfe50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 05 8e b2 0b e3 08 36 37 35 4a ba d1 8b 9d 75 b5 | K: release slot-key-key@0x55fd4c4cfe50 | K extracted len 16 bytes at 0x55fd4c4cf718 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867520 | result: k1-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867508 | result: k1-key@0x55fd4c4d18b0 (16-bytes, AES_ECB) | k1: release tmp-key@0x55fd4c4d3130 | Computing E[3] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 09 02 5e 5a 67 25 20 72 44 14 5c 6b 80 66 85 79 | XCBC: M[n] 20 21 | XCBC: M[n] 20 21 | XCBC: M[n]:80...^E[n-1]^K3 | e8 84 75 fb c5 1f b4 74 1c 13 fc e7 48 88 55 17 | XCBC: MAC be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | xcbc: release k1-key@0x55fd4c4d18b0 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398675b0 | result: xcbc-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867598 | result: xcbc-key@0x55fd4c4d18b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x55fd4c4d3130 | PRF symkey interface: release key-key@0x55fd4c4cd5b0 | PRF symkey interface PRF aes_xcbc final-key@0x55fd4c4d18b0 (size 16) | PRF symkey interface: key-key@0x55fd4c4d18b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55fd4c4d18b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input extracting all 16 bytes of key@0x55fd4c4d18b0 | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: symkey-key@0x55fd4c4d18b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: new slot-key@0x55fd4c4cfe50 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1272213354: 89 92 c0 85 49 84 84 7a 27 84 4d 25 65 2e 3b 99 | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: release slot-key-key@0x55fd4c4cfe50 | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input extracted len 16 bytes at 0x55fd4c4cf718 | unwrapped: be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | verify_chunk_data: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: ok | test_prf_vector: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input passed | test_prf_vector: release symkey-key@0x55fd4c4d18b0 | test_prf_vector: release message-key@0x55fd4c44c080 | test_prf_vector: release key-key@0x55fd4c4d0030 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0xf0dafee895db30253761103b5d84528f" | decode_to_chunk: output: | f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | PRF chunk interface PRF aes_xcbc init key-chunk@0x55fd4c4cf718 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398675a0 | result: key-key@0x55fd4c44c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c44c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867588 | result: key-key@0x55fd4c4d0030 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x55fd4c44c080 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c4d0030 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867568 | result: key-key@0x55fd4c44c080 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x55fd4c4d0030 | PRF chunk interface PRF aes_xcbc crypt-prf@0x55fd4c4ca5e8 | PRF chunk interface PRF aes_xcbc update message-bytes@0x55fd4c4d49d8 (length 1000) | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 | K extracting all 16 bytes of key@0x55fd4c44c080 | K: symkey-key@0x55fd4c44c080 (16-bytes, AES_ECB) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55fd4c4cfe50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540028960: 05 8e b2 0b e3 08 36 37 35 4a ba d1 8b 9d 75 b5 | K: release slot-key-key@0x55fd4c4cfe50 | K extracted len 16 bytes at 0x55fd4c4cf188 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867500 | result: k1-key@0x55fd4c4d18b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c4d18b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398674e8 | result: k1-key@0x55fd4c4d0030 (16-bytes, AES_ECB) | k1: release tmp-key@0x55fd4c4d18b0 | Computing E[63] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 5c 88 af cc 1e 1e 83 fc c4 2c 0c e4 12 12 f5 17 | XCBC: M[n] 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 00 00 00 00 00 00 00 | XCBC: M[n]:80...^E[n-1]^K3 | 9d 2f 04 6d bc 24 17 fa 1c 2b ac 68 da fc 25 79 | XCBC: MAC f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | xcbc: release k1-key@0x55fd4c4d0030 | PRF chunk interface: release key-key@0x55fd4c44c080 | PRF chunk interface PRF aes_xcbc final-chunk@0x55fd4c4cfb68 (length 16) | f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | chunk output f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | verify_chunk_data: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: ok | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867610 | result: key symkey-key@0x55fd4c4d0030 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c4d0030 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398675f8 | result: key symkey-key@0x55fd4c44c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55fd4c4d0030 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x55fd4c44c080 (size 16) | PRF symkey interface: key symkey-key@0x55fd4c44c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c44c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867598 | result: key symkey-key@0x55fd4c4d0030 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x55fd4c4ca5e8 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867610 | result: message symkey-key@0x55fd4c4cd5b0 (1016-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 1000 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 1000-bytes | base: base-key@0x55fd4c4cd5b0 (1016-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398675f8 | result: message symkey-key@0x55fd4c4d18b0 (1000-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x55fd4c4cd5b0 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x55fd4c4d18b0 (size 1000) | PRF symkey interface: symkey message-key@0x55fd4c4d18b0 (1000-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 1000 bytes of key@0x55fd4c4d18b0 | symkey message: symkey-key@0x55fd4c4d18b0 (1000-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x55fd4c4cfe50 (1000-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 1008 | wrapper: (SECItemType)1272213408: 59 56 7a 7e 4b d1 88 68 a1 6d 8e d0 80 cc 5d 80 59 56 7a 7e 4b d1 88 68 a1 6d 8e d0 80 cc 5d 80 59 56 7a 7e 4b d1 88 68 a1 6d 8e d0 80 cc 5d 80 59 56 7a 7e 4b d1 88 68 a1 6d 8e d0 80 cc 5d 80 59 56 7a 7e 4b d1 88 68 a1 6d 8e d0 80 cc 5d 80 59 56 7a 7e 4b d1 88 68 a1 6d 8e d0 80 cc 5d 80 59 56 7a 7e 4b d1 88 68 a1 6d 8e d0 80 cc 5d 80 59 56 7a 7e 4b d1 88 68 a1 6d 8e d0 80 cc 5d 80 59 56 7a 7e 4b d1 88 68 a1 6d 8e d0 80 cc 5d 80 59 56 7a 7e 4b d1 88 68 a1 6d 8e d0 80 cc 5d 80 59 56 7a 7e 4b d1 88 68 a1 6d 8e d0 80 cc 5d 80 59 56 7a 7e 4b d1 88 68 a1 6d 8e d0 80 cc 5d 80 59 56 7a 7e 4b d1 88 68 a1 6d 8e d0 80 cc 5d 80 59 56 7a 7e 4b d1 88 68 a1 6d 8e d0 80 cc 5d 80 59 56 7a 7e 4b d1 88 68 a1 6d 8e d0 80 cc 5d 80 59 56 7a 7e 4b d1 88 68 a1 6d 8e d0 80 cc 5d 80 59 56 7a 7e 4b d1 88 68 a1 6d 8e d0 80 cc 5d 80 59 56 7a 7e 4b d1 88 68 a1 6d 8e d0 80 cc 5d 80 59 56 7a 7e 4b d1 88 68 a1 6d 8e d0 80 cc 5d | symkey message: release slot-key-key@0x55fd4c4cfe50 | symkey message extracted len 1008 bytes at 0x55fd4c4d6fd8 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 | K extracting all 16 bytes of key@0x55fd4c4d0030 | K: symkey-key@0x55fd4c4d0030 (16-bytes, AES_ECB) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55fd4c4cfe50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 05 8e b2 0b e3 08 36 37 35 4a ba d1 8b 9d 75 b5 | K: release slot-key-key@0x55fd4c4cfe50 | K extracted len 16 bytes at 0x55fd4c4cf098 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867520 | result: k1-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867508 | result: k1-key@0x55fd4c4cd5b0 (16-bytes, AES_ECB) | k1: release tmp-key@0x55fd4c4d3130 | Computing E[63] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 5c 88 af cc 1e 1e 83 fc c4 2c 0c e4 12 12 f5 17 | XCBC: M[n] 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 00 00 00 00 00 00 00 | XCBC: M[n]:80...^E[n-1]^K3 | 9d 2f 04 6d bc 24 17 fa 1c 2b ac 68 da fc 25 79 | XCBC: MAC f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | xcbc: release k1-key@0x55fd4c4cd5b0 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398675b0 | result: xcbc-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867598 | result: xcbc-key@0x55fd4c4cd5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x55fd4c4d3130 | PRF symkey interface: release key-key@0x55fd4c4d0030 | PRF symkey interface PRF aes_xcbc final-key@0x55fd4c4cd5b0 (size 16) | PRF symkey interface: key-key@0x55fd4c4cd5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55fd4c4cd5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input extracting all 16 bytes of key@0x55fd4c4cd5b0 | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: symkey-key@0x55fd4c4cd5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: new slot-key@0x55fd4c4cfe50 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1272213354: 01 bd 95 b9 b3 28 c5 b4 0f be ee 83 9c fa 4d 26 | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: release slot-key-key@0x55fd4c4cfe50 | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input extracted len 16 bytes at 0x55fd4c4cf098 | unwrapped: f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | verify_chunk_data: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: ok | test_prf_vector: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input passed | test_prf_vector: release symkey-key@0x55fd4c4cd5b0 | test_prf_vector: release message-key@0x55fd4c4d18b0 | test_prf_vector: release key-key@0x55fd4c44c080 | test_prf_vector: release output-key@NULL RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f10111213" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | decode_to_chunk: test_prf_vector: input "0x47f51b4564966215b8985c63055ed308" | decode_to_chunk: output: | 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | PRF chunk interface PRF aes_xcbc init key-chunk@0x55fd4c4cfc08 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398675a0 | result: key-key@0x55fd4c4d18b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c4d18b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867588 | result: key-key@0x55fd4c44c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x55fd4c4d18b0 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c44c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867568 | result: key-key@0x55fd4c4d18b0 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x55fd4c44c080 | PRF chunk interface PRF aes_xcbc crypt-prf@0x55fd4c4cee58 | PRF chunk interface PRF aes_xcbc update message-bytes@0x55fd4c4ca5e8 (length 20) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x55fd4c4d18b0 | K: symkey-key@0x55fd4c4d18b0 (16-bytes, AES_ECB) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55fd4c4cfe50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: 05 8e b2 0b e3 08 36 37 35 4a ba d1 8b 9d 75 b5 | K: release slot-key-key@0x55fd4c4cfe50 | K extracted len 16 bytes at 0x55fd4c4cf758 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867500 | result: k1-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398674e8 | result: k1-key@0x55fd4c44c080 (16-bytes, AES_ECB) | k1: release tmp-key@0x55fd4c4cd5b0 | Computing E[2] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | cc b2 f1 48 ed 77 08 69 0d be 33 56 c1 6e ed dd | XCBC: MAC 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | xcbc: release k1-key@0x55fd4c44c080 | PRF chunk interface: release key-key@0x55fd4c4d18b0 | PRF chunk interface PRF aes_xcbc final-chunk@0x55fd4c4cf098 (length 16) | 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | chunk output 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): ok | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867610 | result: key symkey-key@0x55fd4c44c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c44c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398675f8 | result: key symkey-key@0x55fd4c4d18b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55fd4c44c080 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x55fd4c4d18b0 (size 16) | PRF symkey interface: key symkey-key@0x55fd4c4d18b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c4d18b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867598 | result: key symkey-key@0x55fd4c44c080 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x55fd4c4cee58 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867610 | result: message symkey-key@0x55fd4c4d0030 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d0030 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398675f8 | result: message symkey-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x55fd4c4d0030 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x55fd4c4cd5b0 (size 20) | PRF symkey interface: symkey message-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 20 bytes of key@0x55fd4c4cd5b0 | symkey message: symkey-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272213408: 05 8e b2 0b e3 08 36 37 35 4a ba d1 8b 9d 75 b5 de 4d 8d 63 92 95 76 9d ea 1e eb a4 1b 9e cc f0 | symkey message: release slot-key-key@0x55fd4c4cfe50 | symkey message extracted len 32 bytes at 0x55fd4c4ceef8 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x55fd4c44c080 | K: symkey-key@0x55fd4c44c080 (16-bytes, AES_ECB) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55fd4c4cfe50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 05 8e b2 0b e3 08 36 37 35 4a ba d1 8b 9d 75 b5 | K: release slot-key-key@0x55fd4c4cfe50 | K extracted len 16 bytes at 0x55fd4c4cfb68 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867520 | result: k1-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867508 | result: k1-key@0x55fd4c4d0030 (16-bytes, AES_ECB) | k1: release tmp-key@0x55fd4c4d3130 | Computing E[2] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | cc b2 f1 48 ed 77 08 69 0d be 33 56 c1 6e ed dd | XCBC: MAC 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | xcbc: release k1-key@0x55fd4c4d0030 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398675b0 | result: xcbc-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867598 | result: xcbc-key@0x55fd4c4d0030 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x55fd4c4d3130 | PRF symkey interface: release key-key@0x55fd4c44c080 | PRF symkey interface PRF aes_xcbc final-key@0x55fd4c4d0030 (size 16) | PRF symkey interface: key-key@0x55fd4c4d0030 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55fd4c4d0030 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) extracting all 16 bytes of key@0x55fd4c4d0030 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): symkey-key@0x55fd4c4d0030 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): new slot-key@0x55fd4c4cfe50 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1272213354: 13 b1 36 27 57 d4 5e 18 c8 b6 7c 11 e1 e7 9d e5 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): release slot-key-key@0x55fd4c4cfe50 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) extracted len 16 bytes at 0x55fd4c4cfb68 | unwrapped: 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): ok | test_prf_vector: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) passed | test_prf_vector: release symkey-key@0x55fd4c4d0030 | test_prf_vector: release message-key@0x55fd4c4cd5b0 | test_prf_vector: release key-key@0x55fd4c4d18b0 | test_prf_vector: release output-key@NULL RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) | decode_to_chunk: test_prf_vector: input "0x00010203040506070809" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f10111213" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | decode_to_chunk: test_prf_vector: input "0x0fa087af7d866e7653434e602fdde835" | decode_to_chunk: output: | 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | PRF chunk interface PRF aes_xcbc init key-chunk@0x55fd4c4cf718 (length 10) | 00 01 02 03 04 05 06 07 08 09 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398675a0 | result: key-key@0x55fd4c4cd5b0 (26-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 10 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 10-bytes | base: base-key@0x55fd4c4cd5b0 (26-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867588 | result: key-key@0x55fd4c4d18b0 (10-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x55fd4c4cd5b0 | XCBC: Key 10<16 too small, padding with zeros | xcbc: reference tmp-key@0x55fd4c4d18b0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d18b0 (10-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc39867540 | result: tmp+=0-key@0x55fd4c4cd5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55fd4c4d18b0 | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c4cd5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867568 | result: PRF chunk interface-key@0x55fd4c4d0030 (16-bytes, AES_ECB) | PRF chunk interface: release tmp-key@0x55fd4c4cd5b0 | PRF chunk interface: release clone-key@0x55fd4c4d18b0 | PRF chunk interface PRF aes_xcbc crypt-prf@0x55fd4c4cee58 | PRF chunk interface PRF aes_xcbc update message-bytes@0x55fd4c4ca5e8 (length 20) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x55fd4c4d0030 | K: symkey-key@0x55fd4c4d0030 (16-bytes, AES_ECB) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55fd4c4cfe50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: 02 06 a7 ff 9f d4 fa 1b cb 4d dd 8e 12 8d 90 cc | K: release slot-key-key@0x55fd4c4cfe50 | K extracted len 16 bytes at 0x55fd4c4cf148 | unwrapped: 00 01 02 03 04 05 06 07 08 09 00 00 00 00 00 00 | XCBC: K: 00 01 02 03 04 05 06 07 08 09 00 00 00 00 00 00 | XCBC: K1 50 ca b2 4d 03 34 45 5e 40 7b 25 0f dd 7c f8 d5 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867500 | result: k1-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398674e8 | result: k1-key@0x55fd4c4d18b0 (16-bytes, AES_ECB) | k1: release tmp-key@0x55fd4c4cd5b0 | Computing E[2] using K3 | XCBC: K3 8e f7 48 db 56 f1 f7 26 24 72 f2 c5 63 b0 3f 88 | XCBC: E[n-1] fe 1f 63 e9 65 1a 4b bb 3c cc cd 0d cc 83 e4 30 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | 60 f9 39 21 b3 eb bc 9d 18 be 3f c8 af 33 db b8 | XCBC: MAC 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | xcbc: release k1-key@0x55fd4c4d18b0 | PRF chunk interface: release key-key@0x55fd4c4d0030 | PRF chunk interface PRF aes_xcbc final-chunk@0x55fd4c4cfb68 (length 16) | 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | chunk output 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): ok | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867610 | result: key symkey-key@0x55fd4c4d18b0 (26-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 10 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 10-bytes | base: base-key@0x55fd4c4d18b0 (26-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398675f8 | result: key symkey-key@0x55fd4c4d0030 (10-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55fd4c4d18b0 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x55fd4c4d0030 (size 10) | PRF symkey interface: key symkey-key@0x55fd4c4d0030 (10-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 10<16 too small, padding with zeros | xcbc: reference tmp-key@0x55fd4c4d0030 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d0030 (10-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc39867570 | result: tmp+=0-key@0x55fd4c4d18b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55fd4c4d0030 | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c4d18b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867598 | result: PRF symkey interface-key@0x55fd4c4cd5b0 (16-bytes, AES_ECB) | PRF symkey interface: release tmp-key@0x55fd4c4d18b0 | PRF symkey interface PRF aes_xcbc crypt-prf@0x55fd4c4cee58 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867610 | result: message symkey-key@0x55fd4c44c080 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c44c080 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398675f8 | result: message symkey-key@0x55fd4c4d18b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x55fd4c44c080 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x55fd4c4d18b0 (size 20) | PRF symkey interface: symkey message-key@0x55fd4c4d18b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 20 bytes of key@0x55fd4c4d18b0 | symkey message: symkey-key@0x55fd4c4d18b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272213408: 05 8e b2 0b e3 08 36 37 35 4a ba d1 8b 9d 75 b5 de 4d 8d 63 92 95 76 9d ea 1e eb a4 1b 9e cc f0 | symkey message: release slot-key-key@0x55fd4c4cfe50 | symkey message extracted len 32 bytes at 0x55fd4c4ceef8 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x55fd4c4cd5b0 | K: symkey-key@0x55fd4c4cd5b0 (16-bytes, AES_ECB) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55fd4c4cfe50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 02 06 a7 ff 9f d4 fa 1b cb 4d dd 8e 12 8d 90 cc | K: release slot-key-key@0x55fd4c4cfe50 | K extracted len 16 bytes at 0x55fd4c4cf098 | unwrapped: 00 01 02 03 04 05 06 07 08 09 00 00 00 00 00 00 | XCBC: K: 00 01 02 03 04 05 06 07 08 09 00 00 00 00 00 00 | XCBC: K1 50 ca b2 4d 03 34 45 5e 40 7b 25 0f dd 7c f8 d5 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867520 | result: k1-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867508 | result: k1-key@0x55fd4c44c080 (16-bytes, AES_ECB) | k1: release tmp-key@0x55fd4c4d3130 | Computing E[2] using K3 | XCBC: K3 8e f7 48 db 56 f1 f7 26 24 72 f2 c5 63 b0 3f 88 | XCBC: E[n-1] fe 1f 63 e9 65 1a 4b bb 3c cc cd 0d cc 83 e4 30 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | 60 f9 39 21 b3 eb bc 9d 18 be 3f c8 af 33 db b8 | XCBC: MAC 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | xcbc: release k1-key@0x55fd4c44c080 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398675b0 | result: xcbc-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867598 | result: xcbc-key@0x55fd4c44c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x55fd4c4d3130 | PRF symkey interface: release key-key@0x55fd4c4cd5b0 | PRF symkey interface PRF aes_xcbc final-key@0x55fd4c44c080 (size 16) | PRF symkey interface: key-key@0x55fd4c44c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55fd4c44c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) extracting all 16 bytes of key@0x55fd4c44c080 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): symkey-key@0x55fd4c44c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): new slot-key@0x55fd4c4cfe50 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1272213354: 3a 5a cc e5 c9 b6 40 b2 57 e3 f6 fc 47 d2 b3 d0 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): release slot-key-key@0x55fd4c4cfe50 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) extracted len 16 bytes at 0x55fd4c4cf098 | unwrapped: 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): ok | test_prf_vector: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) passed | test_prf_vector: release symkey-key@0x55fd4c44c080 | test_prf_vector: release message-key@0x55fd4c4d18b0 | test_prf_vector: release key-key@0x55fd4c4d0030 | test_prf_vector: release output-key@NULL RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0fedcb" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | ed cb | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f10111213" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | decode_to_chunk: test_prf_vector: input "0x8cd3c93ae598a9803006ffb67c40e9e4" | decode_to_chunk: output: | 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | PRF chunk interface PRF aes_xcbc init key-chunk@0x55fd4c4ca5e8 (length 18) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | ed cb | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398675a0 | result: key-key@0x55fd4c4d18b0 (34-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 18 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 18-bytes | base: base-key@0x55fd4c4d18b0 (34-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867588 | result: key-key@0x55fd4c4d0030 (18-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x55fd4c4d18b0 | XCBC: Key 18>16 too big, rehashing to size | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867540 | result: key-key@0x55fd4c44c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c44c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867528 | result: key-key@0x55fd4c4d18b0 (16-bytes, AES_ECB) | key: release tmp-key@0x55fd4c44c080 | key extracting all 18 bytes of key@0x55fd4c4d0030 | key: symkey-key@0x55fd4c4d0030 (18-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | key: new slot-key@0x55fd4c4cfe50 (18-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1701522796: 05 8e b2 0b e3 08 36 37 35 4a ba d1 8b 9d 75 b5 ee 45 f9 ed a4 b2 dd 82 c9 c2 df 0c 7b 15 1b 5d | key: release slot-key-key@0x55fd4c4cfe50 | key extracted len 32 bytes at 0x55fd4c4ceef8 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: ed cb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data ed cb | K extracting all 16 bytes of key@0x55fd4c4d18b0 | K: symkey-key@0x55fd4c4d18b0 (16-bytes, AES_ECB) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55fd4c4cfe50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)808460336: 59 56 7a 7e 4b d1 88 68 a1 6d 8e d0 80 cc 5d 80 | K: release slot-key-key@0x55fd4c4cfe50 | K extracted len 16 bytes at 0x55fd4c4cf098 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: K: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: K1 e1 4d 5d 0e e2 77 15 df 08 b4 15 2b a2 3d a8 e0 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398674c0 | result: k1-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398674a8 | result: k1-key@0x55fd4c44c080 (16-bytes, AES_ECB) | k1: release tmp-key@0x55fd4c4cd5b0 | Computing E[2] using K3 | XCBC: K3 8d 34 ef cb 3b d5 45 ca 06 2a ec df ef 7c 0b fa | XCBC: E[n-1] 0b 72 b2 ae 0a 37 79 81 75 6a d5 9c 79 c0 e6 96 | XCBC: M[n] ed cb | XCBC: M[n] ed cb | XCBC: M[n]:80...^E[n-1]^K3 | 6b 8d dd 65 31 e2 3c 4b 73 40 39 43 96 bc ed 6c | XCBC: MAC 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | xcbc: release k1-key@0x55fd4c44c080 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867540 | result: key-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867528 | result: key-key@0x55fd4c44c080 (16-bytes, AES_ECB) | key: release tmp-key@0x55fd4c4cd5b0 | PRF chunk interface: release clone-key@0x55fd4c4d0030 | PRF chunk interface PRF aes_xcbc crypt-prf@0x55fd4c4ceef8 | PRF chunk interface PRF aes_xcbc update message-bytes@0x55fd4c4cee58 (length 20) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x55fd4c44c080 | K: symkey-key@0x55fd4c44c080 (16-bytes, AES_ECB) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55fd4c4cfe50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: 53 fd b9 d7 29 33 58 45 a5 9a 87 3b a6 b3 38 ef | K: release slot-key-key@0x55fd4c4cfe50 | K extracted len 16 bytes at 0x55fd4c4cf188 | unwrapped: 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | XCBC: K: 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | XCBC: K1 27 f3 88 2f b7 b9 4b a4 16 36 09 d5 d2 39 c5 7f | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867500 | result: k1-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398674e8 | result: k1-key@0x55fd4c4d0030 (16-bytes, AES_ECB) | k1: release tmp-key@0x55fd4c4cd5b0 | Computing E[2] using K3 | XCBC: K3 50 9e d8 ae 74 5a 75 4c 93 4d 6c 91 98 fe e2 1b | XCBC: E[n-1] ec 26 f6 dd e8 bb 1b d1 ec 76 c4 91 78 37 ca 4b | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | ac a9 3c 60 1c e1 6e 9d 7f 3b a8 00 e0 c9 28 50 | XCBC: MAC 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | xcbc: release k1-key@0x55fd4c4d0030 | PRF chunk interface: release key-key@0x55fd4c44c080 | PRF chunk interface PRF aes_xcbc final-chunk@0x55fd4c4cf718 (length 16) | 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | chunk output 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): ok | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867610 | result: key symkey-key@0x55fd4c4d0030 (34-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 18 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 18-bytes | base: base-key@0x55fd4c4d0030 (34-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398675f8 | result: key symkey-key@0x55fd4c44c080 (18-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55fd4c4d0030 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x55fd4c44c080 (size 18) | PRF symkey interface: key symkey-key@0x55fd4c44c080 (18-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 18>16 too big, rehashing to size | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867570 | result: key symkey-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867558 | result: key symkey-key@0x55fd4c4d0030 (16-bytes, AES_ECB) | key symkey: release tmp-key@0x55fd4c4cd5b0 | key symkey extracting all 18 bytes of key@0x55fd4c44c080 | key symkey: symkey-key@0x55fd4c44c080 (18-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | key symkey: new slot-key@0x55fd4c4cfe50 (18-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1701522796: 05 8e b2 0b e3 08 36 37 35 4a ba d1 8b 9d 75 b5 ee 45 f9 ed a4 b2 dd 82 c9 c2 df 0c 7b 15 1b 5d | key symkey: release slot-key-key@0x55fd4c4cfe50 | key symkey extracted len 32 bytes at 0x55fd4c4ceea8 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: ed cb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data ed cb | K extracting all 16 bytes of key@0x55fd4c4d0030 | K: symkey-key@0x55fd4c4d0030 (16-bytes, AES_ECB) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55fd4c4cfe50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)808460336: 59 56 7a 7e 4b d1 88 68 a1 6d 8e d0 80 cc 5d 80 | K: release slot-key-key@0x55fd4c4cfe50 | K extracted len 16 bytes at 0x55fd4c4cf098 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: K: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: K1 e1 4d 5d 0e e2 77 15 df 08 b4 15 2b a2 3d a8 e0 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398674f0 | result: k1-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398674d8 | result: k1-key@0x55fd4c4cd5b0 (16-bytes, AES_ECB) | k1: release tmp-key@0x55fd4c4d3130 | Computing E[2] using K3 | XCBC: K3 8d 34 ef cb 3b d5 45 ca 06 2a ec df ef 7c 0b fa | XCBC: E[n-1] 0b 72 b2 ae 0a 37 79 81 75 6a d5 9c 79 c0 e6 96 | XCBC: M[n] ed cb | XCBC: M[n] ed cb | XCBC: M[n]:80...^E[n-1]^K3 | 6b 8d dd 65 31 e2 3c 4b 73 40 39 43 96 bc ed 6c | XCBC: MAC 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | xcbc: release k1-key@0x55fd4c4cd5b0 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867570 | result: key symkey-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867558 | result: key symkey-key@0x55fd4c4cd5b0 (16-bytes, AES_ECB) | key symkey: release tmp-key@0x55fd4c4d3130 | PRF symkey interface PRF aes_xcbc crypt-prf@0x55fd4c4ceea8 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867610 | result: message symkey-key@0x55fd4c4d4be0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398675f8 | result: message symkey-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x55fd4c4d4be0 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x55fd4c4d3130 (size 20) | PRF symkey interface: symkey message-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 20 bytes of key@0x55fd4c4d3130 | symkey message: symkey-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272213408: 05 8e b2 0b e3 08 36 37 35 4a ba d1 8b 9d 75 b5 de 4d 8d 63 92 95 76 9d ea 1e eb a4 1b 9e cc f0 | symkey message: release slot-key-key@0x55fd4c4cfe50 | symkey message extracted len 32 bytes at 0x55fd4c4d4d88 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x55fd4c4cd5b0 | K: symkey-key@0x55fd4c4cd5b0 (16-bytes, AES_ECB) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55fd4c4cfe50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 53 fd b9 d7 29 33 58 45 a5 9a 87 3b a6 b3 38 ef | K: release slot-key-key@0x55fd4c4cfe50 | K extracted len 16 bytes at 0x55fd4c4cf098 | unwrapped: 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | XCBC: K: 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | XCBC: K1 27 f3 88 2f b7 b9 4b a4 16 36 09 d5 d2 39 c5 7f | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867520 | result: k1-key@0x55fd4c4d6640 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55fd4c4d6640 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867508 | result: k1-key@0x55fd4c4d4be0 (16-bytes, AES_ECB) | k1: release tmp-key@0x55fd4c4d6640 | Computing E[2] using K3 | XCBC: K3 50 9e d8 ae 74 5a 75 4c 93 4d 6c 91 98 fe e2 1b | XCBC: E[n-1] ec 26 f6 dd e8 bb 1b d1 ec 76 c4 91 78 37 ca 4b | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | ac a9 3c 60 1c e1 6e 9d 7f 3b a8 00 e0 c9 28 50 | XCBC: MAC 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | xcbc: release k1-key@0x55fd4c4d4be0 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398675b0 | result: xcbc-key@0x55fd4c4d6640 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c4d6640 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867598 | result: xcbc-key@0x55fd4c4d4be0 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x55fd4c4d6640 | PRF symkey interface: release key-key@0x55fd4c4cd5b0 | PRF symkey interface PRF aes_xcbc final-key@0x55fd4c4d4be0 (size 16) | PRF symkey interface: key-key@0x55fd4c4d4be0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55fd4c4d4be0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) extracting all 16 bytes of key@0x55fd4c4d4be0 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): symkey-key@0x55fd4c4d4be0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): new slot-key@0x55fd4c4cfe50 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1272213354: c3 f5 32 be 63 e2 47 37 1e ff d2 c3 24 23 0b 55 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): release slot-key-key@0x55fd4c4cfe50 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) extracted len 16 bytes at 0x55fd4c4cf098 | unwrapped: 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): ok | test_prf_vector: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) passed | test_prf_vector: release symkey-key@0x55fd4c4d4be0 | test_prf_vector: release message-key@0x55fd4c4d3130 | test_prf_vector: release key-key@0x55fd4c44c080 | test_prf_vector: release output-key@NULL testing HMAC_MD5: RFC 2104: MD5_HMAC test 1 | decode_to_chunk: test_prf_vector: input "0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b" | decode_to_chunk: output: | 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b | decode_to_chunk: test_prf_vector: input "Hi There" | decode_to_chunk: output: | 48 69 20 54 68 65 72 65 | decode_to_chunk: test_prf_vector: input "0x9294727a3638bb1c13f48ef8158bfc9d" | decode_to_chunk: output: | 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | PRF chunk interface PRF md5 init key-chunk@0x55fd4c4cfc08 (length 16) | 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867590 | result: PRF chunk interface-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867578 | result: PRF chunk interface-key@0x55fd4c44c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF chunk interface: release tmp-key@0x55fd4c4d3130 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c44c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc398674d0 | result: trimed key-key@0x55fd4c4d3130 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55fd4c44c080 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55fd4c4d3130 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc39867510 | result: result-key@0x55fd4c44c080 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF chunk interface PRF md5 crypt-prf@0x55fd4c4d4b58 | PRF chunk interface PRF md5 update message-bytes@0x55fd4c4cf098 (length 8) | 48 69 20 54 68 65 72 65 | CONCATENATE_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55fd4c44c080 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 16-bytes@0x7ffc39867600 | result: message-key@0x55fd4c4d4be0 (72-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_bytes: release lhs-key@0x55fd4c44c080 | PRF HMAC inner hash hash md5 inner-key@0x55fd4c4d4be0 (size 72) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x55fd4c4d4be0 (size 72) | PRF HMAC inner hash: inner-key@0x55fd4c4d4be0 (72-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x55fd4c4cf148 (length 16) | 90 1d 23 73 2e dc c0 f1 a1 06 53 2f 6b e5 ec eb | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867490 | result: PRF HMAC inner hash-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867478 | result: PRF HMAC inner hash-key@0x55fd4c44c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x55fd4c4cd5b0 | PRF chunk interface: release inner-key@0x55fd4c4d4be0 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55fd4c4d3130 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc39867500 | result: result-key@0x55fd4c4d4be0 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55fd4c4d4be0 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffc398674e8 | result: result-key@0x55fd4c4cd5b0 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x55fd4c4d4be0 | PRF chunk interface: release hashed-inner-key@0x55fd4c44c080 | PRF chunk interface: release key-key@0x55fd4c4d3130 | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x55fd4c4cd5b0 (size 80) | PRF HMAC outer hash: outer-key@0x55fd4c4cd5b0 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final bytes@0x55fd4c4cf188 (length 16) | 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | PRF chunk interface: release outer-key@0x55fd4c4cd5b0 | PRF chunk interface PRF md5 final-chunk@0x55fd4c4cf188 (length 16) | 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | chunk output 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | verify_chunk_data: RFC 2104: MD5_HMAC test 1: ok | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867610 | result: key symkey-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398675f8 | result: key symkey-key@0x55fd4c4cd5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55fd4c4d3130 | PRF symkey interface PRF md5 init key symkey-key@0x55fd4c4cd5b0 (size 16) | PRF symkey interface: key symkey-key@0x55fd4c4cd5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface: reference key-key@0x55fd4c4cd5b0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4cd5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc398674d0 | result: trimed key-key@0x55fd4c4d3130 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55fd4c4cd5b0 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55fd4c4d3130 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc39867510 | result: result-key@0x55fd4c44c080 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF symkey interface PRF md5 crypt-prf@0x55fd4c4d4d88 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867610 | result: message symkey-key@0x55fd4c4d6640 (24-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 8 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 8-bytes | base: base-key@0x55fd4c4d6640 (24-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398675f8 | result: message symkey-key@0x55fd4c4d4be0 (8-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x55fd4c4d6640 | PRF symkey interface PRF md5 update symkey message-key@0x55fd4c4d4be0 (size 8) | PRF symkey interface: symkey message-key@0x55fd4c4d4be0 (8-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55fd4c44c080 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffc39867628 | result: result-key@0x55fd4c4d6640 (72-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x55fd4c44c080 | PRF HMAC inner hash hash md5 inner-key@0x55fd4c4d6640 (size 72) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x55fd4c4d6640 (size 72) | PRF HMAC inner hash: inner-key@0x55fd4c4d6640 (72-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x55fd4c4cf188 (length 16) | 90 1d 23 73 2e dc c0 f1 a1 06 53 2f 6b e5 ec eb | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398674b0 | result: PRF HMAC inner hash-key@0x55fd4c4d6a20 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c4d6a20 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867498 | result: PRF HMAC inner hash-key@0x55fd4c44c080 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x55fd4c4d6a20 | PRF symkey interface: release inner-key@0x55fd4c4d6640 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55fd4c4d3130 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc39867520 | result: result-key@0x55fd4c4d6640 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55fd4c4d6640 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffc39867508 | result: result-key@0x55fd4c4d6a20 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x55fd4c4d6640 | PRF symkey interface: release hashed-inner-key@0x55fd4c44c080 | PRF symkey interface: release key-key@0x55fd4c4d3130 | PRF HMAC outer hash hash md5 outer-key@0x55fd4c4d6a20 (size 80) | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x55fd4c4d6a20 (size 80) | PRF HMAC outer hash: outer-key@0x55fd4c4d6a20 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final chunk@0x55fd4c4cf188 (length 16) | 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867570 | result: PRF HMAC outer hash-key@0x55fd4c44c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c44c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867558 | result: PRF HMAC outer hash-key@0x55fd4c4d3130 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC outer hash: release tmp-key@0x55fd4c44c080 | PRF symkey interface: release outer-key@0x55fd4c4d6a20 | : hashed-outer-key@0x55fd4c4d3130 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface PRF md5 final-key@0x55fd4c4d3130 (size 16) | PRF symkey interface: key-key@0x55fd4c4d3130 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55fd4c4d3130 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 2104: MD5_HMAC test 1 extracting all 16 bytes of key@0x55fd4c4d3130 | RFC 2104: MD5_HMAC test 1: symkey-key@0x55fd4c4d3130 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | RFC 2104: MD5_HMAC test 1: new slot-key@0x55fd4c4cfe50 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1272213354: c5 e9 fb c4 9d 46 66 84 5a 81 94 03 29 41 c6 83 | RFC 2104: MD5_HMAC test 1: release slot-key-key@0x55fd4c4cfe50 | RFC 2104: MD5_HMAC test 1 extracted len 16 bytes at 0x55fd4c4cf148 | unwrapped: 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | verify_chunk_data: RFC 2104: MD5_HMAC test 1: ok | test_prf_vector: RFC 2104: MD5_HMAC test 1 passed | test_prf_vector: release symkey-key@0x55fd4c4d3130 | test_prf_vector: release message-key@0x55fd4c4d4be0 | test_prf_vector: release key-key@0x55fd4c4cd5b0 | test_prf_vector: release output-key@NULL RFC 2104: MD5_HMAC test 2 | decode_to_chunk: test_prf_vector: input "Jefe" | decode_to_chunk: output: | 4a 65 66 65 | decode_to_chunk: test_prf_vector: input "what do ya want for nothing?" | decode_to_chunk: output: | 77 68 61 74 20 64 6f 20 79 61 20 77 61 6e 74 20 | 66 6f 72 20 6e 6f 74 68 69 6e 67 3f | decode_to_chunk: test_prf_vector: input "0x750c783e6ab0b503eaa86e310a5db738" | decode_to_chunk: output: | 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | PRF chunk interface PRF md5 init key-chunk@0x55fd4c4cf718 (length 4) | 4a 65 66 65 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867590 | result: PRF chunk interface-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 4 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 4-bytes | base: base-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867578 | result: PRF chunk interface-key@0x55fd4c4cd5b0 (4-bytes, EXTRACT_KEY_FROM_KEY) | PRF chunk interface: release tmp-key@0x55fd4c4d4be0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4cd5b0 (4-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc398674d0 | result: trimed key-key@0x55fd4c4d4be0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55fd4c4cd5b0 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55fd4c4d4be0 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc39867510 | result: result-key@0x55fd4c4cd5b0 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF chunk interface PRF md5 crypt-prf@0x55fd4c4d69a8 | PRF chunk interface PRF md5 update message-bytes@0x55fd4c4ca5e8 (length 28) | 77 68 61 74 20 64 6f 20 79 61 20 77 61 6e 74 20 | 66 6f 72 20 6e 6f 74 68 69 6e 67 3f | CONCATENATE_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55fd4c4cd5b0 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 16-bytes@0x7ffc39867600 | result: message-key@0x55fd4c4d3130 (92-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_bytes: release lhs-key@0x55fd4c4cd5b0 | PRF HMAC inner hash hash md5 inner-key@0x55fd4c4d3130 (size 92) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x55fd4c4d3130 (size 92) | PRF HMAC inner hash: inner-key@0x55fd4c4d3130 (92-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x55fd4c4cf148 (length 16) | c3 db 14 c0 65 f5 52 03 b0 33 c8 1a 69 7b 97 c5 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867490 | result: PRF HMAC inner hash-key@0x55fd4c4d6a20 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c4d6a20 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867478 | result: PRF HMAC inner hash-key@0x55fd4c4cd5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x55fd4c4d6a20 | PRF chunk interface: release inner-key@0x55fd4c4d3130 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55fd4c4d4be0 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc39867500 | result: result-key@0x55fd4c4d3130 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55fd4c4d3130 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffc398674e8 | result: result-key@0x55fd4c4d6a20 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x55fd4c4d3130 | PRF chunk interface: release hashed-inner-key@0x55fd4c4cd5b0 | PRF chunk interface: release key-key@0x55fd4c4d4be0 | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x55fd4c4d6a20 (size 80) | PRF HMAC outer hash: outer-key@0x55fd4c4d6a20 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final bytes@0x55fd4c4cf098 (length 16) | 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | PRF chunk interface: release outer-key@0x55fd4c4d6a20 | PRF chunk interface PRF md5 final-chunk@0x55fd4c4cf098 (length 16) | 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | chunk output 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | verify_chunk_data: RFC 2104: MD5_HMAC test 2: ok | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867610 | result: key symkey-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 4 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 4-bytes | base: base-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398675f8 | result: key symkey-key@0x55fd4c4d6a20 (4-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55fd4c4d4be0 | PRF symkey interface PRF md5 init key symkey-key@0x55fd4c4d6a20 (size 4) | PRF symkey interface: key symkey-key@0x55fd4c4d6a20 (4-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface: reference key-key@0x55fd4c4d6a20 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d6a20 (4-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc398674d0 | result: trimed key-key@0x55fd4c4d4be0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55fd4c4d6a20 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55fd4c4d4be0 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc39867510 | result: result-key@0x55fd4c4cd5b0 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF symkey interface PRF md5 crypt-prf@0x55fd4c4d4b58 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867610 | result: message symkey-key@0x55fd4c44c080 (44-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 28 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 28-bytes | base: base-key@0x55fd4c44c080 (44-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398675f8 | result: message symkey-key@0x55fd4c4d3130 (28-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x55fd4c44c080 | PRF symkey interface PRF md5 update symkey message-key@0x55fd4c4d3130 (size 28) | PRF symkey interface: symkey message-key@0x55fd4c4d3130 (28-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55fd4c4cd5b0 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffc39867628 | result: result-key@0x55fd4c44c080 (92-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x55fd4c4cd5b0 | PRF HMAC inner hash hash md5 inner-key@0x55fd4c44c080 (size 92) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x55fd4c44c080 (size 92) | PRF HMAC inner hash: inner-key@0x55fd4c44c080 (92-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x55fd4c4cf098 (length 16) | c3 db 14 c0 65 f5 52 03 b0 33 c8 1a 69 7b 97 c5 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398674b0 | result: PRF HMAC inner hash-key@0x55fd4c4d6640 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c4d6640 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867498 | result: PRF HMAC inner hash-key@0x55fd4c4cd5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x55fd4c4d6640 | PRF symkey interface: release inner-key@0x55fd4c44c080 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55fd4c4d4be0 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc39867520 | result: result-key@0x55fd4c44c080 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55fd4c44c080 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffc39867508 | result: result-key@0x55fd4c4d6640 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x55fd4c44c080 | PRF symkey interface: release hashed-inner-key@0x55fd4c4cd5b0 | PRF symkey interface: release key-key@0x55fd4c4d4be0 | PRF HMAC outer hash hash md5 outer-key@0x55fd4c4d6640 (size 80) | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x55fd4c4d6640 (size 80) | PRF HMAC outer hash: outer-key@0x55fd4c4d6640 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final chunk@0x55fd4c4cf098 (length 16) | 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867570 | result: PRF HMAC outer hash-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867558 | result: PRF HMAC outer hash-key@0x55fd4c4d4be0 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC outer hash: release tmp-key@0x55fd4c4cd5b0 | PRF symkey interface: release outer-key@0x55fd4c4d6640 | : hashed-outer-key@0x55fd4c4d4be0 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface PRF md5 final-key@0x55fd4c4d4be0 (size 16) | PRF symkey interface: key-key@0x55fd4c4d4be0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55fd4c4d4be0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 2104: MD5_HMAC test 2 extracting all 16 bytes of key@0x55fd4c4d4be0 | RFC 2104: MD5_HMAC test 2: symkey-key@0x55fd4c4d4be0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | RFC 2104: MD5_HMAC test 2: new slot-key@0x55fd4c4cfe50 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1272213354: 69 ff 27 14 c2 e1 4d 82 e4 63 7c 15 16 d1 f8 02 | RFC 2104: MD5_HMAC test 2: release slot-key-key@0x55fd4c4cfe50 | RFC 2104: MD5_HMAC test 2 extracted len 16 bytes at 0x55fd4c4cf148 | unwrapped: 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | verify_chunk_data: RFC 2104: MD5_HMAC test 2: ok | test_prf_vector: RFC 2104: MD5_HMAC test 2 passed | test_prf_vector: release symkey-key@0x55fd4c4d4be0 | test_prf_vector: release message-key@0x55fd4c4d3130 | test_prf_vector: release key-key@0x55fd4c4d6a20 | test_prf_vector: release output-key@NULL RFC 2104: MD5_HMAC test 3 | decode_to_chunk: test_prf_vector: input "0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" | decode_to_chunk: output: | aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa | decode_to_chunk: test_prf_vector: input "0xDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD" | decode_to_chunk: output: | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd | decode_to_chunk: test_prf_vector: input "0x56be34521d144c88dbb8c733f0e8b3f6" | decode_to_chunk: output: | 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | PRF chunk interface PRF md5 init key-chunk@0x55fd4c4cfc08 (length 16) | aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867590 | result: PRF chunk interface-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867578 | result: PRF chunk interface-key@0x55fd4c4d6a20 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF chunk interface: release tmp-key@0x55fd4c4d3130 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d6a20 (16-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc398674d0 | result: trimed key-key@0x55fd4c4d3130 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55fd4c4d6a20 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55fd4c4d3130 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc39867510 | result: result-key@0x55fd4c4d6a20 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF chunk interface PRF md5 crypt-prf@0x55fd4c4d69f8 | PRF chunk interface PRF md5 update message-bytes@0x55fd4c4cef48 (length 50) | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd | CONCATENATE_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55fd4c4d6a20 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 16-bytes@0x7ffc39867600 | result: message-key@0x55fd4c4d4be0 (114-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_bytes: release lhs-key@0x55fd4c4d6a20 | PRF HMAC inner hash hash md5 inner-key@0x55fd4c4d4be0 (size 114) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x55fd4c4d4be0 (size 114) | PRF HMAC inner hash: inner-key@0x55fd4c4d4be0 (114-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x55fd4c4cf098 (length 16) | 82 0a 6b 33 5d 18 7b 90 dc ba b1 7e f5 b4 26 ff | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867490 | result: PRF HMAC inner hash-key@0x55fd4c4d6640 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c4d6640 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867478 | result: PRF HMAC inner hash-key@0x55fd4c4d6a20 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x55fd4c4d6640 | PRF chunk interface: release inner-key@0x55fd4c4d4be0 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55fd4c4d3130 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc39867500 | result: result-key@0x55fd4c4d4be0 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55fd4c4d4be0 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffc398674e8 | result: result-key@0x55fd4c4d6640 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x55fd4c4d4be0 | PRF chunk interface: release hashed-inner-key@0x55fd4c4d6a20 | PRF chunk interface: release key-key@0x55fd4c4d3130 | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x55fd4c4d6640 (size 80) | PRF HMAC outer hash: outer-key@0x55fd4c4d6640 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final bytes@0x55fd4c4cf148 (length 16) | 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | PRF chunk interface: release outer-key@0x55fd4c4d6640 | PRF chunk interface PRF md5 final-chunk@0x55fd4c4cf148 (length 16) | 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | chunk output 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | verify_chunk_data: RFC 2104: MD5_HMAC test 3: ok | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867610 | result: key symkey-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398675f8 | result: key symkey-key@0x55fd4c4d6640 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55fd4c4d3130 | PRF symkey interface PRF md5 init key symkey-key@0x55fd4c4d6640 (size 16) | PRF symkey interface: key symkey-key@0x55fd4c4d6640 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface: reference key-key@0x55fd4c4d6640 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d6640 (16-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc398674d0 | result: trimed key-key@0x55fd4c4d3130 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55fd4c4d6640 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55fd4c4d3130 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc39867510 | result: result-key@0x55fd4c4d6a20 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF symkey interface PRF md5 crypt-prf@0x55fd4c4ceef8 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867610 | result: message symkey-key@0x55fd4c4cd5b0 (66-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 50 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 50-bytes | base: base-key@0x55fd4c4cd5b0 (66-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398675f8 | result: message symkey-key@0x55fd4c4d4be0 (50-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x55fd4c4cd5b0 | PRF symkey interface PRF md5 update symkey message-key@0x55fd4c4d4be0 (size 50) | PRF symkey interface: symkey message-key@0x55fd4c4d4be0 (50-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55fd4c4d6a20 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffc39867628 | result: result-key@0x55fd4c4cd5b0 (114-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x55fd4c4d6a20 | PRF HMAC inner hash hash md5 inner-key@0x55fd4c4cd5b0 (size 114) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x55fd4c4cd5b0 (size 114) | PRF HMAC inner hash: inner-key@0x55fd4c4cd5b0 (114-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x55fd4c4cf148 (length 16) | 82 0a 6b 33 5d 18 7b 90 dc ba b1 7e f5 b4 26 ff | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398674b0 | result: PRF HMAC inner hash-key@0x55fd4c44c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c44c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867498 | result: PRF HMAC inner hash-key@0x55fd4c4d6a20 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x55fd4c44c080 | PRF symkey interface: release inner-key@0x55fd4c4cd5b0 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55fd4c4d3130 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc39867520 | result: result-key@0x55fd4c4cd5b0 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55fd4c4cd5b0 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffc39867508 | result: result-key@0x55fd4c44c080 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x55fd4c4cd5b0 | PRF symkey interface: release hashed-inner-key@0x55fd4c4d6a20 | PRF symkey interface: release key-key@0x55fd4c4d3130 | PRF HMAC outer hash hash md5 outer-key@0x55fd4c44c080 (size 80) | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x55fd4c44c080 (size 80) | PRF HMAC outer hash: outer-key@0x55fd4c44c080 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final chunk@0x55fd4c4cf148 (length 16) | 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39867570 | result: PRF HMAC outer hash-key@0x55fd4c4d6a20 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55fd4c4d6a20 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39867558 | result: PRF HMAC outer hash-key@0x55fd4c4d3130 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC outer hash: release tmp-key@0x55fd4c4d6a20 | PRF symkey interface: release outer-key@0x55fd4c44c080 | : hashed-outer-key@0x55fd4c4d3130 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface PRF md5 final-key@0x55fd4c4d3130 (size 16) | PRF symkey interface: key-key@0x55fd4c4d3130 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55fd4c4d3130 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 2104: MD5_HMAC test 3 extracting all 16 bytes of key@0x55fd4c4d3130 | RFC 2104: MD5_HMAC test 3: symkey-key@0x55fd4c4d3130 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | RFC 2104: MD5_HMAC test 3: new slot-key@0x55fd4c4cfe50 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1272213354: 42 18 ee 6b 61 55 ab 4c f8 c8 ea b7 18 bd 82 8c | RFC 2104: MD5_HMAC test 3: release slot-key-key@0x55fd4c4cfe50 | RFC 2104: MD5_HMAC test 3 extracted len 16 bytes at 0x55fd4c4cf098 | unwrapped: 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | verify_chunk_data: RFC 2104: MD5_HMAC test 3: ok | test_prf_vector: RFC 2104: MD5_HMAC test 3 passed | test_prf_vector: release symkey-key@0x55fd4c4d3130 | test_prf_vector: release message-key@0x55fd4c4d4be0 | test_prf_vector: release key-key@0x55fd4c4d6640 | test_prf_vector: release output-key@NULL 8 CPU cores online starting up 7 crypto helpers started thread for crypto helper 0 started thread for crypto helper 1 | starting up helper thread 1 | status value returned by setting the priority of this thread (crypto helper 1) 22 started thread for crypto helper 2 | crypto helper 1 waiting (nothing to do) started thread for crypto helper 3 | starting up helper thread 3 | status value returned by setting the priority of this thread (crypto helper 3) 22 | crypto helper 3 waiting (nothing to do) started thread for crypto helper 4 started thread for crypto helper 5 | starting up helper thread 5 | status value returned by setting the priority of this thread (crypto helper 5) 22 | crypto helper 5 waiting (nothing to do) started thread for crypto helper 6 | checking IKEv1 state table | MAIN_R0: category: half-open IKE SA flags: 0: | -> MAIN_R1 EVENT_SO_DISCARD | MAIN_I1: category: half-open IKE SA flags: 0: | -> MAIN_I2 EVENT_RETRANSMIT | MAIN_R1: category: open IKE SA flags: 200: | -> MAIN_R2 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_I2: category: open IKE SA flags: 0: | -> MAIN_I3 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_R2: category: open IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | -> MAIN_R3 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_I3: category: open IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | -> MAIN_I4 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_R3: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | MAIN_I4: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | AGGR_R0: category: half-open IKE SA flags: 0: | -> AGGR_R1 EVENT_SO_DISCARD | AGGR_I1: category: half-open IKE SA flags: 0: | -> AGGR_I2 EVENT_SA_REPLACE | -> AGGR_I2 EVENT_SA_REPLACE | AGGR_R1: category: open IKE SA flags: 200: | -> AGGR_R2 EVENT_SA_REPLACE | -> AGGR_R2 EVENT_SA_REPLACE | AGGR_I2: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | AGGR_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | QUICK_R0: category: established CHILD SA flags: 0: | -> QUICK_R1 EVENT_RETRANSMIT | QUICK_I1: category: established CHILD SA flags: 0: | -> QUICK_I2 EVENT_SA_REPLACE | QUICK_R1: category: established CHILD SA flags: 0: | -> QUICK_R2 EVENT_SA_REPLACE | QUICK_I2: category: established CHILD SA flags: 200: | -> UNDEFINED EVENT_NULL | QUICK_R2: category: established CHILD SA flags: 0: | -> UNDEFINED EVENT_NULL | INFO: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | INFO_PROTECTED: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | XAUTH_R0: category: established IKE SA flags: 0: | -> XAUTH_R1 EVENT_NULL | XAUTH_R1: category: established IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | MODE_CFG_R0: category: informational flags: 0: | -> MODE_CFG_R1 EVENT_SA_REPLACE | MODE_CFG_R1: category: established IKE SA flags: 0: | -> MODE_CFG_R2 EVENT_SA_REPLACE | MODE_CFG_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | MODE_CFG_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | XAUTH_I0: category: established IKE SA flags: 0: | -> XAUTH_I1 EVENT_RETRANSMIT | XAUTH_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_RETRANSMIT | checking IKEv2 state table | PARENT_I0: category: ignore flags: 0: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) | PARENT_I1: category: half-open IKE SA flags: 0: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) | PARENT_I2: category: open IKE SA flags: 0: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) | PARENT_I3: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) | PARENT_R0: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) | PARENT_R1: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) | PARENT_R2: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) | V2_CREATE_I0: category: established IKE SA flags: 0: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) | V2_CREATE_I: category: established IKE SA flags: 0: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) | V2_REKEY_IKE_I: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: | V2_CREATE_R: category: established IKE SA flags: 0: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) | V2_REKEY_IKE_R: category: established IKE SA flags: 0: | starting up helper thread 0 | starting up helper thread 6 | status value returned by setting the priority of this thread (crypto helper 6) 22 | starting up helper thread 2 | status value returned by setting the priority of this thread (crypto helper 2) 22 | starting up helper thread 4 | status value returned by setting the priority of this thread (crypto helper 0) 22 | status value returned by setting the priority of this thread (crypto helper 4) 22 | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) | crypto helper 6 waiting (nothing to do) | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: | V2_IPSEC_I: category: established CHILD SA flags: 0: | V2_IPSEC_R: category: established CHILD SA flags: 0: | IKESA_DEL: category: established IKE SA flags: 0: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) | CHILDSA_DEL: category: informational flags: 0: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 | crypto helper 2 waiting (nothing to do) | crypto helper 0 waiting (nothing to do) | crypto helper 4 waiting (nothing to do) | Hard-wiring algorithms | adding AES_CCM_16 to kernel algorithm db | adding AES_CCM_12 to kernel algorithm db | adding AES_CCM_8 to kernel algorithm db | adding 3DES_CBC to kernel algorithm db | adding CAMELLIA_CBC to kernel algorithm db | adding AES_GCM_16 to kernel algorithm db | adding AES_GCM_12 to kernel algorithm db | adding AES_GCM_8 to kernel algorithm db | adding AES_CTR to kernel algorithm db | adding AES_CBC to kernel algorithm db | adding SERPENT_CBC to kernel algorithm db | adding TWOFISH_CBC to kernel algorithm db | adding NULL_AUTH_AES_GMAC to kernel algorithm db | adding NULL to kernel algorithm db | adding CHACHA20_POLY1305 to kernel algorithm db | adding HMAC_MD5_96 to kernel algorithm db | adding HMAC_SHA1_96 to kernel algorithm db | adding HMAC_SHA2_512_256 to kernel algorithm db | adding HMAC_SHA2_384_192 to kernel algorithm db | adding HMAC_SHA2_256_128 to kernel algorithm db | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db | adding AES_XCBC_96 to kernel algorithm db | adding AES_CMAC_96 to kernel algorithm db | adding NONE to kernel algorithm db | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds | setup kernel fd callback | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55fd4c4cef48 | libevent_malloc: new ptr-libevent@0x55fd4c4b34a8 size 128 | libevent_malloc: new ptr-libevent@0x55fd4c4cf718 size 16 | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55fd4c4cfa88 | libevent_malloc: new ptr-libevent@0x55fd4c471448 size 128 | libevent_malloc: new ptr-libevent@0x55fd4c4cfc08 size 16 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b20b (length 11) | 4b 41 4d 45 2f 72 61 63 6f 6f 6e | vendor id hash md5 final bytes@0x55fd4c4cf148 (length 16) | 70 03 cb c1 09 7d be 9c 26 00 ba 69 83 bc 8b 35 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6c000 (length 46) | 4e 4c 42 53 5f 50 52 45 53 45 4e 54 28 4e 4c 42 | 2f 4d 53 43 53 20 66 61 73 74 20 66 61 69 6c 6f | 76 65 72 20 73 75 70 70 6f 72 74 65 64 29 | vendor id hash md5 final bytes@0x55fd4c4cf188 (length 16) | ec 22 62 b5 12 32 63 83 67 12 3b ce 3d 37 3c 5e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6c030 (length 32) | 4d 53 2d 4d 61 6d 69 65 45 78 69 73 74 73 28 41 | 75 74 68 49 50 20 73 75 70 70 6f 72 74 65 64 29 | vendor id hash md5 final bytes@0x55fd4c4cfb68 (length 16) | 6f fe a4 ae ec 37 f4 9a 02 6f 97 cf b5 53 30 6d | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b38e (length 17) | 49 4b 45 20 43 47 41 20 76 65 72 73 69 6f 6e 20 | 31 | vendor id hash md5 final bytes@0x55fd4c4cf758 (length 16) | e3 a5 96 6a 76 37 9f e7 07 22 82 31 e5 ce 86 52 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6c058 (length 32) | 4d 53 2d 4e 65 67 6f 74 69 61 74 69 6f 6e 20 44 | 69 73 63 6f 76 65 72 79 20 43 61 70 61 62 6c 65 | vendor id hash md5 final bytes@0x55fd4c4cfc48 (length 16) | fb 1d e3 cd f3 41 b7 ea 16 b7 e5 be 08 55 f1 20 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b3a0 (length 23) | 4d 69 63 72 6f 73 6f 66 74 20 58 62 6f 78 20 4f | 6e 65 20 32 30 31 33 | vendor id hash md5 final bytes@0x55fd4c4cf058 (length 16) | 8a a3 94 cf 8a 55 77 dc 31 10 c1 13 b0 27 a4 f2 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b3b8 (length 22) | 58 62 6f 78 20 49 4b 45 76 32 20 4e 65 67 6f 74 | 69 61 74 69 6f 6e | vendor id hash md5 final bytes@0x55fd4c4cfa48 (length 16) | aa 28 1f cc d6 8c f8 a8 dc b8 5c c0 a7 10 40 2a | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b3cf (length 28) | 4d 53 46 54 20 49 50 73 65 63 20 53 65 63 75 72 | 69 74 79 20 52 65 61 6c 6d 20 49 64 | vendor id hash md5 final bytes@0x55fd4c4d6b88 (length 16) | 68 6a 8c bd fe 63 4b 40 51 46 fb 2b af 33 e9 e8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6c080 (length 39) | 41 20 47 53 53 2d 41 50 49 20 41 75 74 68 65 6e | 74 69 63 61 74 69 6f 6e 20 4d 65 74 68 6f 64 20 | 66 6f 72 20 49 4b 45 | vendor id hash md5 final bytes@0x55fd4c4dbee8 (length 16) | ad 2c 0d d0 b9 c3 20 83 cc ba 25 b8 86 1e c4 55 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b3ec (length 6) | 47 53 53 41 50 49 | vendor id hash md5 final bytes@0x55fd4c4dbf28 (length 16) | 62 1b 04 bb 09 88 2a c1 e1 59 35 fe fa 24 ae ee | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b3f3 (length 12) | 53 53 48 20 53 65 6e 74 69 6e 65 6c | vendor id hash md5 final bytes@0x55fd4c4dbf68 (length 16) | 05 41 82 a0 7c 7a e2 06 f9 d2 cf 9d 24 32 c4 82 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b400 (length 16) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 31 | vendor id hash md5 final bytes@0x55fd4c4dbfa8 (length 16) | b9 16 23 e6 93 ca 18 a5 4c 6a 27 78 55 23 05 e8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b411 (length 16) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 32 | vendor id hash md5 final bytes@0x55fd4c4dbfe8 (length 16) | 54 30 88 8d e0 1a 31 a6 fa 8f 60 22 4e 44 99 58 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b422 (length 16) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 33 | vendor id hash md5 final bytes@0x55fd4c4dc028 (length 16) | 7e e5 cb 85 f7 1c e2 59 c9 4a 5c 73 1e e4 e7 52 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b433 (length 16) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 34 | vendor id hash md5 final bytes@0x55fd4c4dc068 (length 16) | 63 d9 a1 a7 00 94 91 b5 a0 a6 fd eb 2a 82 84 f0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b444 (length 18) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 34 | 2e 31 | vendor id hash md5 final bytes@0x55fd4c4dc0a8 (length 16) | eb 4b 0d 96 27 6b 4e 22 0a d1 62 21 a7 b2 a5 e6 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6c0a8 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 31 2e 30 | vendor id hash md5 final bytes@0x55fd4c4dc0e8 (length 16) | fb f4 76 14 98 40 31 fa 8e 3b b6 19 80 89 b2 23 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6c0e0 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 31 2e 31 | vendor id hash md5 final bytes@0x55fd4c4dc128 (length 16) | 19 52 dc 91 ac 20 f6 46 fb 01 cf 42 a3 3a ee 30 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6c118 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 31 2e 32 | vendor id hash md5 final bytes@0x55fd4c4dc168 (length 16) | e8 bf fa 64 3e 5c 8f 2c d1 0f da 73 70 b6 eb e5 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6c150 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 32 2e 31 | vendor id hash md5 final bytes@0x55fd4c4dc1a8 (length 16) | c1 11 1b 2d ee 8c bc 3d 62 05 73 ec 57 aa b9 cb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6c188 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 32 2e 32 | vendor id hash md5 final bytes@0x55fd4c4dc1e8 (length 16) | 09 ec 27 bf bc 09 c7 58 23 cf ec bf fe 56 5a 2e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6c1c0 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 32 2e 30 2e 30 | vendor id hash md5 final bytes@0x55fd4c4dc228 (length 16) | 7f 21 a5 96 e4 e3 18 f0 b2 f4 94 4c 23 84 cb 84 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6c1f8 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 32 2e 31 2e 30 | vendor id hash md5 final bytes@0x55fd4c4dc268 (length 16) | 28 36 d1 fd 28 07 bc 9e 5a e3 07 86 32 04 51 ec | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6c230 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 32 2e 31 2e 31 | vendor id hash md5 final bytes@0x55fd4c4dc2a8 (length 16) | a6 8d e7 56 a9 c5 22 9b ae 66 49 80 40 95 1a d5 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6c268 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 32 2e 31 2e 32 | vendor id hash md5 final bytes@0x55fd4c4dc2e8 (length 16) | 3f 23 72 86 7e 23 7c 1c d8 25 0a 75 55 9c ae 20 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6c2a0 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 33 2e 30 2e 30 | vendor id hash md5 final bytes@0x55fd4c4dc328 (length 16) | 0e 58 d5 77 4d f6 02 00 7d 0b 02 44 36 60 f7 eb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6c2d8 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 33 2e 30 2e 31 | vendor id hash md5 final bytes@0x55fd4c4dc368 (length 16) | f5 ce 31 eb c2 10 f4 43 50 cf 71 26 5b 57 38 0f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6c310 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 34 2e 30 2e 30 | vendor id hash md5 final bytes@0x55fd4c4dc3a8 (length 16) | f6 42 60 af 2e 27 42 da dd d5 69 87 06 8a 99 a0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6c348 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 34 2e 30 2e 31 | vendor id hash md5 final bytes@0x55fd4c4dc3e8 (length 16) | 7a 54 d3 bd b3 b1 e6 d9 23 89 20 64 be 2d 98 1c | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6c380 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 34 2e 31 2e 30 | vendor id hash md5 final bytes@0x55fd4c4dc428 (length 16) | 9a a1 f3 b4 34 72 a4 5d 5f 50 6a eb 26 0c f2 14 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6c3b8 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 34 2e 32 2e 30 | vendor id hash md5 final bytes@0x55fd4c4dc468 (length 16) | 68 80 c7 d0 26 09 91 14 e4 86 c5 54 30 e7 ab ee | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6c3f0 (length 41) | 4c 69 6e 75 78 20 46 72 65 65 53 2f 57 41 4e 20 | 32 2e 30 30 20 50 4c 55 54 4f 5f 53 45 4e 44 53 | 5f 56 45 4e 44 4f 52 49 44 | vendor id hash md5 final bytes@0x7ffc398676f0 (length 16) | 44 76 1b d7 6b 80 85 41 74 87 ee 8a 51 cf fc f3 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6c420 (length 53) | 4c 69 6e 75 78 20 46 72 65 65 53 2f 57 41 4e 20 | 32 2e 30 30 20 58 2e 35 30 39 2d 31 2e 33 2e 31 | 20 50 4c 55 54 4f 5f 53 45 4e 44 53 5f 56 45 4e | 44 4f 52 49 44 | vendor id hash md5 final bytes@0x7ffc398676f0 (length 16) | b7 0e 8a c3 92 b1 6e 05 48 2f c4 dc 36 10 91 68 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6c458 (length 58) | 4c 69 6e 75 78 20 46 72 65 65 53 2f 57 41 4e 20 | 32 2e 30 30 20 58 2e 35 30 39 2d 31 2e 33 2e 31 | 20 4c 44 41 50 20 50 4c 55 54 4f 5f 53 45 4e 44 | 53 5f 56 45 4e 44 4f 52 49 44 | vendor id hash md5 final bytes@0x7ffc398676f0 (length 16) | 97 1d ea 93 c3 c2 06 74 f9 ae 35 40 83 de 3e 2f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b531 (length 14) | 4f 70 65 6e 73 77 61 6e 20 32 2e 32 2e 30 | vendor id hash md5 final bytes@0x7ffc398676f0 (length 16) | 08 72 0b ee 9e 28 95 3c e0 8f 0a 18 b6 e2 9d da | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6c4c0 (length 37) | 64 72 61 66 74 2d 73 74 65 6e 62 65 72 67 2d 69 | 70 73 65 63 2d 6e 61 74 2d 74 72 61 76 65 72 73 | 61 6c 2d 30 31 | vendor id hash md5 final bytes@0x55fd4c4dc628 (length 16) | 27 ba b5 dc 01 ea 07 60 ea 4e 31 90 ac 27 c0 d0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6c4e8 (length 37) | 64 72 61 66 74 2d 73 74 65 6e 62 65 72 67 2d 69 | 70 73 65 63 2d 6e 61 74 2d 74 72 61 76 65 72 73 | 61 6c 2d 30 32 | vendor id hash md5 final bytes@0x55fd4c4dc668 (length 16) | 61 05 c4 22 e7 68 47 e4 3f 96 84 80 12 92 ae cd | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b559 (length 10) | 45 53 50 54 68 72 75 4e 41 54 | vendor id hash md5 final bytes@0x55fd4c4dc6a8 (length 16) | 50 76 0f 62 4c 63 e5 c5 3e ea 38 6c 68 5c a0 83 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6c510 (length 38) | 64 72 61 66 74 2d 68 75 74 74 75 6e 65 6e 2d 69 | 70 73 65 63 2d 65 73 70 2d 69 6e 2d 75 64 70 2d | 30 30 2e 74 78 74 | vendor id hash md5 final bytes@0x55fd4c4dc6e8 (length 16) | 6a 74 34 c1 9d 7e 36 34 80 90 a0 23 34 c9 c8 05 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b564 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 30 | vendor id hash md5 final bytes@0x55fd4c4dc728 (length 16) | 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b582 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 31 | vendor id hash md5 final bytes@0x55fd4c4dc768 (length 16) | 16 f6 ca 16 e4 a4 06 6d 83 82 1a 0f 0a ea a8 62 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b5a0 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 32 | vendor id hash md5 final bytes@0x55fd4c4dc7a8 (length 16) | cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6c538 (length 30) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 32 0a | vendor id hash md5 final bytes@0x55fd4c4dc7e8 (length 16) | 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b5be (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 33 | vendor id hash md5 final bytes@0x55fd4c4dc828 (length 16) | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b5dc (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 34 | vendor id hash md5 final bytes@0x55fd4c4dc868 (length 16) | 99 09 b6 4e ed 93 7c 65 73 de 52 ac e9 52 fa 6b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b5fa (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 35 | vendor id hash md5 final bytes@0x55fd4c4dc8a8 (length 16) | 80 d0 bb 3d ef 54 56 5e e8 46 45 d4 c8 5c e3 ee | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b618 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 36 | vendor id hash md5 final bytes@0x55fd4c4dc8e8 (length 16) | 4d 1e 0e 13 6d ea fa 34 c4 f3 ea 9f 02 ec 72 85 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b636 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 37 | vendor id hash md5 final bytes@0x55fd4c4dc928 (length 16) | 43 9b 59 f8 ba 67 6c 4c 77 37 ae 22 ea b8 f5 82 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b654 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 38 | vendor id hash md5 final bytes@0x55fd4c4dc968 (length 16) | 8f 8d 83 82 6d 24 6b 6f c7 a8 a6 a4 28 c1 1d e8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b672 (length 26) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 | vendor id hash md5 final bytes@0x55fd4c4dc9a8 (length 16) | 4d f3 79 28 e9 fc 4f d1 b3 26 21 70 d5 15 c6 62 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b68d (length 8) | 52 46 43 20 33 39 34 37 | vendor id hash md5 final bytes@0x55fd4c4dc9e8 (length 16) | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd744f9 (length 13) | 46 52 41 47 4d 45 4e 54 41 54 49 4f 4e | vendor id hash md5 final bytes@0x55fd4c4dcaa8 (length 16) | 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b73d (length 19) | 56 69 64 2d 49 6e 69 74 69 61 6c 2d 43 6f 6e 74 | 61 63 74 | vendor id hash md5 final bytes@0x55fd4c4dcae8 (length 16) | 26 24 4d 38 ed db 61 b3 17 2a 36 e3 d0 cf b8 19 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6c058 (length 32) | 4d 53 2d 4e 65 67 6f 74 69 61 74 69 6f 6e 20 44 | 69 73 63 6f 76 65 72 79 20 43 61 70 61 62 6c 65 | vendor id hash md5 final bytes@0x55fd4c4dcb28 (length 16) | fb 1d e3 cd f3 41 b7 ea 16 b7 e5 be 08 55 f1 20 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b38e (length 17) | 49 4b 45 20 43 47 41 20 76 65 72 73 69 6f 6e 20 | 31 | vendor id hash md5 final bytes@0x55fd4c4dcb68 (length 16) | e3 a5 96 6a 76 37 9f e7 07 22 82 31 e5 ce 86 52 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b751 (length 14) | 4d 53 2d 4d 61 6d 69 65 45 78 69 73 74 73 | vendor id hash md5 final bytes@0x55fd4c4dcba8 (length 16) | 21 4c a4 fa ff a7 f3 2d 67 48 e5 30 33 95 ae 83 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd5a8dd (length 10) | 73 74 72 6f 6e 67 53 77 61 6e | vendor id hash md5 final bytes@0x55fd4c4dcbe8 (length 16) | 88 2f e5 6d 6f d2 0d bc 22 51 61 3b 2e be 5b eb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b760 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 30 | vendor id hash md5 final bytes@0x55fd4c4dcc28 (length 16) | 2c e9 c9 46 a4 c8 79 bf 11 b5 0b 76 cc 56 92 cb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b771 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 31 | vendor id hash md5 final bytes@0x55fd4c4dcc68 (length 16) | 9d bb af cf 1d b0 dd 59 5a e0 65 29 40 03 ad 3e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b782 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 32 | vendor id hash md5 final bytes@0x55fd4c4dcca8 (length 16) | 77 e8 ee a6 f5 56 a4 99 de 3f fe 7f 7f 95 66 1c | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b793 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 33 | vendor id hash md5 final bytes@0x55fd4c4dcce8 (length 16) | b1 81 b1 8e 11 4f c2 09 b3 c6 e2 6c 3a 80 71 8e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b7a4 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 34 | vendor id hash md5 final bytes@0x55fd4c4dcd28 (length 16) | 1e f2 83 f8 35 49 b5 ff 96 08 b6 d6 34 f8 4d 75 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b7b5 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 35 | vendor id hash md5 final bytes@0x55fd4c4dcd68 (length 16) | dd 18 0d 21 e5 ce 65 5a 76 8b a3 22 11 dd 8a d9 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b7c6 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 36 | vendor id hash md5 final bytes@0x55fd4c4dcda8 (length 16) | 4c 90 13 69 46 57 7b 51 91 9d 8d 9a 6b 8e 4a 9f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b7d7 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 37 | vendor id hash md5 final bytes@0x55fd4c4dcde8 (length 16) | ab 07 46 22 1c c8 fd 0d 52 38 f7 3a 9b 3d a5 57 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b7e8 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 30 | vendor id hash md5 final bytes@0x55fd4c4dce28 (length 16) | 47 94 ce f6 84 34 22 98 0d 1a 3d 06 af 41 c5 cd | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b7f9 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 31 | vendor id hash md5 final bytes@0x55fd4c4dce68 (length 16) | d3 f1 c4 88 c3 68 17 5d 5f 40 a8 f5 ca 5f 5e 12 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b80a (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 32 | vendor id hash md5 final bytes@0x55fd4c4dcea8 (length 16) | 15 a1 ac e7 ee 52 fd df ef 04 f9 28 db 2d d1 34 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b81b (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 33 | vendor id hash md5 final bytes@0x55fd4c4dcee8 (length 16) | 58 49 ab 6d 8b ea bd 6e 4d 09 e5 a3 b8 8c 08 9a | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b82c (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 34 | vendor id hash md5 final bytes@0x55fd4c4dcf28 (length 16) | 31 2f 9c b1 a6 b9 0e 19 de 75 28 c9 04 ac 30 87 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b83d (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 35 | vendor id hash md5 final bytes@0x55fd4c4dcf68 (length 16) | bf 0f bf 73 06 eb b7 82 70 42 d8 93 53 98 86 e2 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b84e (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 36 | vendor id hash md5 final bytes@0x55fd4c4dcfa8 (length 16) | d1 96 83 36 8a f4 b0 ed c2 1c cd e9 82 b1 d1 b0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b85f (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 37 | vendor id hash md5 final bytes@0x55fd4c4dcfe8 (length 16) | ea 84 0a a4 df c9 71 2d 6c 32 b5 a1 6e b3 29 a3 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b870 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 38 | vendor id hash md5 final bytes@0x55fd4c4dd028 (length 16) | 66 a2 04 55 07 c1 19 da 78 a4 66 62 59 cd ea 48 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b881 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 39 | vendor id hash md5 final bytes@0x55fd4c4dd068 (length 16) | 78 fd d2 87 de f0 1a 3f 07 4b 53 69 ea b4 fd 1c | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b892 (length 17) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 31 | 30 | vendor id hash md5 final bytes@0x55fd4c4dd0a8 (length 16) | bf 3a 89 ae 5b ef 8e 72 d4 4d ac 8b b8 8d 7d 5f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b8a4 (length 17) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 31 | 31 | vendor id hash md5 final bytes@0x55fd4c4dd0e8 (length 16) | b7 bd 9f 2f 97 8e 32 59 a7 aa 9f 7a 13 96 ad 6c | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b8b6 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 32 2e 30 | vendor id hash md5 final bytes@0x55fd4c4dd128 (length 16) | 9f 68 90 13 25 a9 72 89 43 35 30 2a 95 31 ab 9f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b8c7 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 32 2e 31 | vendor id hash md5 final bytes@0x55fd4c4dd168 (length 16) | ba b2 53 f4 cb 10 a8 10 8a 7c 92 7c 56 c8 78 86 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b8d8 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 32 2e 32 | vendor id hash md5 final bytes@0x55fd4c4dd1a8 (length 16) | 2a 51 7d 0d 23 c3 7d 08 bc e7 c2 92 a0 21 7b 39 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b8e9 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 32 2e 33 | vendor id hash md5 final bytes@0x55fd4c4dd1e8 (length 16) | 2d 1f 40 61 18 fb d5 d2 84 74 79 1f fa 00 48 8a | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b8fa (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 38 | vendor id hash md5 final bytes@0x55fd4c4dd228 (length 16) | 8c 4a 3b cb 72 9b 11 f7 03 d2 2a 5b 39 64 0c a8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b90b (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 37 | vendor id hash md5 final bytes@0x55fd4c4dd268 (length 16) | 3a 0d 4e 7c a4 e4 92 ed 4d fe 47 6d 1a c6 01 8b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b91c (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 36 | vendor id hash md5 final bytes@0x55fd4c4dd2a8 (length 16) | fe 3f 49 70 6e 26 a9 fb 36 a8 7b fc e9 ea 36 ce | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b92d (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 35 | vendor id hash md5 final bytes@0x55fd4c4dd2e8 (length 16) | 4c 7e fa 31 b3 9e 51 04 32 a3 17 57 0d 97 bb b9 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b93e (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 34 | vendor id hash md5 final bytes@0x55fd4c4dd328 (length 16) | 76 c7 2b fd 39 84 24 dd 00 1b 86 d0 01 2f e0 61 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b94f (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 33 | vendor id hash md5 final bytes@0x55fd4c4dd368 (length 16) | fb 46 41 ad 0e eb 2a 34 49 1d 15 f4 ef f5 10 63 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b960 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 32 | vendor id hash md5 final bytes@0x55fd4c4dd3a8 (length 16) | 29 99 32 27 7b 7d fe 38 2c e2 34 65 33 3a 7d 23 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b971 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 31 | vendor id hash md5 final bytes@0x55fd4c4dd3e8 (length 16) | e3 7f 2d 5b a8 9a 62 cd 20 2e e2 7d ac 06 c8 a8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b982 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 30 | vendor id hash md5 final bytes@0x55fd4c4dd428 (length 16) | 32 f0 e9 b9 c0 6d fe 8c 9a d5 59 9a 63 69 71 a1 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b993 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 37 2e 33 | vendor id hash md5 final bytes@0x55fd4c4dd468 (length 16) | 7f 50 cc 4e bf 04 c2 d9 da 73 ab fd 69 b7 7a a2 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b9a4 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 37 2e 32 | vendor id hash md5 final bytes@0x55fd4c4dd4a8 (length 16) | a1 94 e2 aa dd d0 ba fb 95 25 3d d9 6d c7 33 eb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b9b5 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 37 2e 31 | vendor id hash md5 final bytes@0x55fd4c4dd4e8 (length 16) | 81 34 87 85 82 12 17 85 ba 65 ea 34 5d 6b a7 24 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b9c6 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 37 2e 30 | vendor id hash md5 final bytes@0x55fd4c4dd528 (length 16) | 07 fa 12 8e 47 54 f9 44 7b 1d d4 63 74 ee f3 60 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b9d7 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 34 | vendor id hash md5 final bytes@0x55fd4c4dd568 (length 16) | b9 27 f9 52 19 a0 fe 36 00 db a3 c1 18 2a e5 5f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b9e8 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 33 | vendor id hash md5 final bytes@0x55fd4c4dd5a8 (length 16) | b2 86 0e 78 37 f7 11 be f3 d0 ee b1 06 87 2d ed | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6b9f9 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 32 | vendor id hash md5 final bytes@0x55fd4c4dd5e8 (length 16) | 5b 1c d6 fe 7d 05 0e da 6c 93 87 1c 10 7d b3 d2 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6ba0a (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 31 | vendor id hash md5 final bytes@0x55fd4c4dd628 (length 16) | 66 af bc 12 bb fe 6c e1 08 b1 f6 9f 4b c9 17 b7 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6ba1b (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 30 | vendor id hash md5 final bytes@0x55fd4c4dd668 (length 16) | 3f 32 66 49 9f fd bd 85 95 0e 70 22 98 06 28 44 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6ba2c (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 37 | vendor id hash md5 final bytes@0x55fd4c4dd6a8 (length 16) | 1f 44 42 29 6b 83 d7 e3 3a 8b 45 20 9b a0 e5 90 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6ba3d (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 36 | vendor id hash md5 final bytes@0x55fd4c4dd6e8 (length 16) | 3c 5e ba 3d 85 64 92 8e 32 ae 43 c3 d9 92 4d ee | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6ba4e (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 35 | vendor id hash md5 final bytes@0x55fd4c4dd728 (length 16) | 3f 26 7e d6 21 ad a7 ee 6c 7d 88 93 cc b0 b1 4b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6ba5f (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 34 | vendor id hash md5 final bytes@0x55fd4c4dd768 (length 16) | 7a 6b f5 b7 df 89 64 2a 75 a7 8e f7 d6 57 c1 c0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6ba70 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 33 | vendor id hash md5 final bytes@0x55fd4c4dd7a8 (length 16) | df 5b 1f 0f 1d 56 79 d9 f8 51 2b 16 c5 5a 60 65 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6ba81 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 32 | vendor id hash md5 final bytes@0x55fd4c4dd7e8 (length 16) | 86 1c e5 eb 72 16 4b 19 0e 9e 62 9a 31 cf 49 01 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6ba92 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 31 | vendor id hash md5 final bytes@0x55fd4c4dd828 (length 16) | 9a 4a 46 48 f6 0f 8e da 7c fc bf e2 71 ee 5b 7d | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6baa3 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 30 | vendor id hash md5 final bytes@0x55fd4c4dd868 (length 16) | 9e b3 d9 07 ed 7a da 4e 3c bc ac b9 17 ab c8 e4 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6bab4 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 34 | vendor id hash md5 final bytes@0x55fd4c4dd8a8 (length 16) | 48 5a 70 36 1b 44 33 b3 1d ea 1c 6b e0 df 24 3e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6bac5 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 33 | vendor id hash md5 final bytes@0x55fd4c4dd8e8 (length 16) | 98 2b 7a 06 3a 33 c1 43 a8 ea dc 88 24 9f 6b cc | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6bad6 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 32 | vendor id hash md5 final bytes@0x55fd4c4dd928 (length 16) | e7 a3 fd 0c 6d 77 1a 8f 1b 8a 86 a4 16 9c 9e a4 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6bae7 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 31 | vendor id hash md5 final bytes@0x55fd4c4dd968 (length 16) | 75 b0 65 3c b2 81 eb 26 d3 1e de 38 c8 e1 e2 28 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6baf8 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 30 | vendor id hash md5 final bytes@0x55fd4c4dd9a8 (length 16) | e8 29 c8 81 49 ba b3 c0 ce e8 5d a6 0e 18 ae 9b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6bb09 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 33 2e 32 | vendor id hash md5 final bytes@0x55fd4c4dd9e8 (length 16) | 42 a4 83 4c 92 ab 9a 77 77 06 3a fa 25 4b cb 69 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6bb1a (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 33 2e 31 | vendor id hash md5 final bytes@0x55fd4c4dda28 (length 16) | f6 97 c1 af cc 2e c8 dd cd f9 9d c7 af 03 a6 7f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6bb2b (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 33 2e 30 | vendor id hash md5 final bytes@0x55fd4c4dda68 (length 16) | b8 f9 2b 2f a2 d3 fe 5f e1 58 34 4b da 1c c6 ae | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6bb3c (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 32 2e 32 | vendor id hash md5 final bytes@0x55fd4c4ddaa8 (length 16) | 99 dc 7c c8 23 37 6b 3b 33 d0 43 57 89 6a e0 7b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6bb4d (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 32 2e 31 | vendor id hash md5 final bytes@0x55fd4c4ddae8 (length 16) | d9 11 8b 1e 9d e5 ef ce d9 cc 9d 88 3f 21 68 ff | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd6bb5e (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 32 2e 30 | vendor id hash md5 final bytes@0x55fd4c4ddb28 (length 16) | 85 b6 cb ec 48 0d 5c 8c d9 88 2c 82 5a c2 c2 44 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55fd4bd744f9 (length 13) | 46 52 41 47 4d 45 4e 54 41 54 49 4f 4e | vendor id hash md5 final bytes@0x55fd4c4ddb68 (length 16) | 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | global one-shot timer EVENT_CHECK_CRLS initialized selinux support is enabled. | unbound context created - setting debug level to 5 | /etc/hosts lookups activated | /etc/resolv.conf usage activated | outgoing-port-avoid set 0-65535 | outgoing-port-permit set 32768-60999 | Loading dnssec root key from:/var/lib/unbound/root.key | No additional dnssec trust anchors defined via dnssec-trusted= option | Setting up events, loop start | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55fd4c4cfaf8 | libevent_malloc: new ptr-libevent@0x55fd4c4dbe38 size 128 | libevent_malloc: new ptr-libevent@0x55fd4c4e7008 size 16 | libevent_realloc: new ptr-libevent@0x55fd4c4e7048 size 256 | libevent_malloc: new ptr-libevent@0x55fd4c4e7178 size 8 | libevent_realloc: new ptr-libevent@0x55fd4c4e71b8 size 144 | libevent_malloc: new ptr-libevent@0x55fd4c46efa8 size 152 | libevent_malloc: new ptr-libevent@0x55fd4c4e7278 size 16 | signal event handler PLUTO_SIGCHLD installed | libevent_malloc: new ptr-libevent@0x55fd4c4e72b8 size 8 | libevent_malloc: new ptr-libevent@0x55fd4c472f38 size 152 | signal event handler PLUTO_SIGTERM installed | libevent_malloc: new ptr-libevent@0x55fd4c4e72f8 size 8 | libevent_malloc: new ptr-libevent@0x55fd4c4e7338 size 152 | signal event handler PLUTO_SIGHUP installed | libevent_malloc: new ptr-libevent@0x55fd4c4e7408 size 8 | libevent_realloc: release ptr-libevent@0x55fd4c4e71b8 | libevent_realloc: new ptr-libevent@0x55fd4c4e7448 size 256 | libevent_malloc: new ptr-libevent@0x55fd4c4e7578 size 152 | signal event handler PLUTO_SIGSYS installed | created addconn helper (pid:7838) using fork+execve | forked child 7838 | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.1.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.45 Kernel supports NIC esp-hw-offload adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.45:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth1/eth1 192.1.2.45:4500 adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.1.254:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth0/eth0 192.0.1.254:4500 adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface lo/lo 127.0.0.1:4500 | no interfaces to sort | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | add_fd_read_event_handler: new ethX-pe@0x55fd4c4e7b58 | libevent_malloc: new ptr-libevent@0x55fd4c4dbd88 size 128 | libevent_malloc: new ptr-libevent@0x55fd4c4e7bc8 size 16 | setup callback for interface lo 127.0.0.1:4500 fd 22 | add_fd_read_event_handler: new ethX-pe@0x55fd4c4e7c08 | libevent_malloc: new ptr-libevent@0x55fd4c46f898 size 128 | libevent_malloc: new ptr-libevent@0x55fd4c4e7c78 size 16 | setup callback for interface lo 127.0.0.1:500 fd 21 | add_fd_read_event_handler: new ethX-pe@0x55fd4c4e7cb8 | libevent_malloc: new ptr-libevent@0x55fd4c471ed8 size 128 | libevent_malloc: new ptr-libevent@0x55fd4c4e7d28 size 16 | setup callback for interface eth0 192.0.1.254:4500 fd 20 | add_fd_read_event_handler: new ethX-pe@0x55fd4c4e7d68 | libevent_malloc: new ptr-libevent@0x55fd4c472aa8 size 128 | libevent_malloc: new ptr-libevent@0x55fd4c4e7dd8 size 16 | setup callback for interface eth0 192.0.1.254:500 fd 19 | add_fd_read_event_handler: new ethX-pe@0x55fd4c4e7e18 | libevent_malloc: new ptr-libevent@0x55fd4c4464e8 size 128 | libevent_malloc: new ptr-libevent@0x55fd4c4e7e88 size 16 | setup callback for interface eth1 192.1.2.45:4500 fd 18 | add_fd_read_event_handler: new ethX-pe@0x55fd4c4e7ec8 | libevent_malloc: new ptr-libevent@0x55fd4c4461d8 size 128 | libevent_malloc: new ptr-libevent@0x55fd4c4e7f38 size 16 | setup callback for interface eth1 192.1.2.45:500 fd 17 | certs and keys locked by 'free_preshared_secrets' | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | id type added to secret(0x55fd4c441b58) PKK_PSK: @west | id type added to secret(0x55fd4c441b58) PKK_PSK: @east | Processing PSK at line 1: passed | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.972 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.1.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.45 | no interfaces to sort | libevent_free: release ptr-libevent@0x55fd4c4dbd88 | free_event_entry: release EVENT_NULL-pe@0x55fd4c4e7b58 | add_fd_read_event_handler: new ethX-pe@0x55fd4c4e7b58 | libevent_malloc: new ptr-libevent@0x55fd4c4dbd88 size 128 | setup callback for interface lo 127.0.0.1:4500 fd 22 | libevent_free: release ptr-libevent@0x55fd4c46f898 | free_event_entry: release EVENT_NULL-pe@0x55fd4c4e7c08 | add_fd_read_event_handler: new ethX-pe@0x55fd4c4e7c08 | libevent_malloc: new ptr-libevent@0x55fd4c46f898 size 128 | setup callback for interface lo 127.0.0.1:500 fd 21 | libevent_free: release ptr-libevent@0x55fd4c471ed8 | free_event_entry: release EVENT_NULL-pe@0x55fd4c4e7cb8 | add_fd_read_event_handler: new ethX-pe@0x55fd4c4e7cb8 | libevent_malloc: new ptr-libevent@0x55fd4c471ed8 size 128 | setup callback for interface eth0 192.0.1.254:4500 fd 20 | libevent_free: release ptr-libevent@0x55fd4c472aa8 | free_event_entry: release EVENT_NULL-pe@0x55fd4c4e7d68 | add_fd_read_event_handler: new ethX-pe@0x55fd4c4e7d68 | libevent_malloc: new ptr-libevent@0x55fd4c472aa8 size 128 | setup callback for interface eth0 192.0.1.254:500 fd 19 | libevent_free: release ptr-libevent@0x55fd4c4464e8 | free_event_entry: release EVENT_NULL-pe@0x55fd4c4e7e18 | add_fd_read_event_handler: new ethX-pe@0x55fd4c4e7e18 | libevent_malloc: new ptr-libevent@0x55fd4c4464e8 size 128 | setup callback for interface eth1 192.1.2.45:4500 fd 18 | libevent_free: release ptr-libevent@0x55fd4c4461d8 | free_event_entry: release EVENT_NULL-pe@0x55fd4c4e7ec8 | add_fd_read_event_handler: new ethX-pe@0x55fd4c4e7ec8 | libevent_malloc: new ptr-libevent@0x55fd4c4461d8 size 128 | setup callback for interface eth1 192.1.2.45:500 fd 17 | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | id type added to secret(0x55fd4c441b58) PKK_PSK: @west | id type added to secret(0x55fd4c441b58) PKK_PSK: @east | Processing PSK at line 1: passed | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.216 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned pid 7838 (exited with status 0) | reaped addconn helper child (status 0) | waitpid returned ECHILD (no child processes left) | spent 0.0121 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + suppress-retransmits | base impairing = suppress-retransmits | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0549 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection aes128 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x55fd4c4e8e78 added connection description "aes128" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.126 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #1 at 0x55fd4c4e95b8 | State DB: adding IKEv2 state #1 in UNDEFINED | pstats #1 ikev2.ike started | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #1 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #1 "aes128" "aes128" #1: initiating v2 parent SA | constructing local IKE proposals for aes128 (IKE SA initiator selecting KE) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "aes128": constructed local IKE proposals for aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 1 for state #1 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55fd4c4e8fe8 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x55fd4c4e9058 size 128 | crypto helper 1 resuming | crypto helper 1 starting work-order 1 for state #1 | crypto helper 1 doing build KE and nonce (ikev2_outI1 KE); request ID 1 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f1620003a28: created | NSS: Local DH MODP2048 secret (pointer): 0x7f1620003a28 | NSS: Public DH wire value: | 18 1c 86 dc 75 25 e0 69 3b 21 99 4f b4 7e e7 cb | 80 98 55 00 1f d7 28 21 3f e8 85 47 60 ee de 0b | 99 a4 41 9b 7d a4 c3 89 ac 42 b2 76 30 d9 22 c3 | b6 b3 75 af 99 f1 85 f8 8c e9 e4 f6 09 4e e5 e3 | 3a 85 f4 f7 c6 a0 d1 bd ac f7 5e e1 5d 89 87 73 | c2 53 6f b3 92 51 5c 57 1e f2 b3 c1 a3 43 fe bb | 5d 28 9e 19 7d 41 86 0a 89 ca bc 6c 36 c1 94 6e | 88 62 d6 2d ea f8 cb 1a da 19 02 ba 62 f9 97 ea | cf 89 50 4d 83 48 f3 4e 93 66 77 25 b1 17 29 8f | fb d6 f5 cb fd 59 62 a1 c8 a4 8b 4a 15 96 a1 35 | af 45 0e bc 81 53 26 f9 ce f6 77 28 57 a6 df 5e | ae 69 4c d5 c7 18 48 79 d8 51 90 3c e7 fa 0d f2 | cb 31 e8 6d b6 79 7c ba fe ea 99 3e 89 3e f7 46 | 85 39 f2 29 fb 5f 4d e6 8a d1 58 48 de cc 11 02 | ed 8b b1 9d ab 3d aa d3 50 06 da cd 87 ef 4b 43 | 06 ed a1 a4 d9 42 43 3c 71 e6 84 c9 ba d7 5c 83 | Generated nonce: 3a 07 3c c2 6a 9c d3 17 d9 c8 ba 09 34 16 3d a5 | Generated nonce: c7 b7 80 9a 7d 44 84 29 28 03 47 a4 54 bd aa 69 | crypto helper 1 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.001262 seconds | (#1) spent 1.26 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) | crypto helper 1 sending results from work-order 1 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7f1620002888 size 128 | crypto helper 1 waiting (nothing to do) | #1 spent 0.143 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #1 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.208 milliseconds in whack | processing resume sending helper answer for #1 | start processing: state #1 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 1 | calling continuation function 0x55fd4bceeb50 | ikev2_parent_outI1_continue for #1 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f1620003a28: transferring ownership from helper KE to state #1 | **emit ISAKMP Message: | initiator cookie: | 7a e4 6e e4 f2 25 1d 04 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 18 1c 86 dc 75 25 e0 69 3b 21 99 4f b4 7e e7 cb | ikev2 g^x 80 98 55 00 1f d7 28 21 3f e8 85 47 60 ee de 0b | ikev2 g^x 99 a4 41 9b 7d a4 c3 89 ac 42 b2 76 30 d9 22 c3 | ikev2 g^x b6 b3 75 af 99 f1 85 f8 8c e9 e4 f6 09 4e e5 e3 | ikev2 g^x 3a 85 f4 f7 c6 a0 d1 bd ac f7 5e e1 5d 89 87 73 | ikev2 g^x c2 53 6f b3 92 51 5c 57 1e f2 b3 c1 a3 43 fe bb | ikev2 g^x 5d 28 9e 19 7d 41 86 0a 89 ca bc 6c 36 c1 94 6e | ikev2 g^x 88 62 d6 2d ea f8 cb 1a da 19 02 ba 62 f9 97 ea | ikev2 g^x cf 89 50 4d 83 48 f3 4e 93 66 77 25 b1 17 29 8f | ikev2 g^x fb d6 f5 cb fd 59 62 a1 c8 a4 8b 4a 15 96 a1 35 | ikev2 g^x af 45 0e bc 81 53 26 f9 ce f6 77 28 57 a6 df 5e | ikev2 g^x ae 69 4c d5 c7 18 48 79 d8 51 90 3c e7 fa 0d f2 | ikev2 g^x cb 31 e8 6d b6 79 7c ba fe ea 99 3e 89 3e f7 46 | ikev2 g^x 85 39 f2 29 fb 5f 4d e6 8a d1 58 48 de cc 11 02 | ikev2 g^x ed 8b b1 9d ab 3d aa d3 50 06 da cd 87 ef 4b 43 | ikev2 g^x 06 ed a1 a4 d9 42 43 3c 71 e6 84 c9 ba d7 5c 83 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 3a 07 3c c2 6a 9c d3 17 d9 c8 ba 09 34 16 3d a5 | IKEv2 nonce c7 b7 80 9a 7d 44 84 29 28 03 47 a4 54 bd aa 69 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865e90 (length 8) | 7a e4 6e e4 f2 25 1d 04 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865e98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffc39865dc4 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffc39865db6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865e40 (length 20) | a0 7e 6c d2 97 f4 e4 ea a0 a0 91 8d 69 6a b0 2f | 45 96 9e 0e | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= 7a e4 6e e4 f2 25 1d 04 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= a0 7e 6c d2 97 f4 e4 ea a0 a0 91 8d 69 6a b0 2f | natd_hash: hash= 45 96 9e 0e | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data a0 7e 6c d2 97 f4 e4 ea a0 a0 91 8d 69 6a b0 2f | Notify data 45 96 9e 0e | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865e90 (length 8) | 7a e4 6e e4 f2 25 1d 04 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865e98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffc39865dc4 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffc39865db6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865e40 (length 20) | ca 66 fd 2d f0 2d 36 04 e9 a2 5c 99 4d 23 22 c8 | e1 0a 18 d3 | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= 7a e4 6e e4 f2 25 1d 04 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= ca 66 fd 2d f0 2d 36 04 e9 a2 5c 99 4d 23 22 c8 | natd_hash: hash= e1 0a 18 d3 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data ca 66 fd 2d f0 2d 36 04 e9 a2 5c 99 4d 23 22 c8 | Notify data e1 0a 18 d3 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #1 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #1 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #1 to 4294967295 after switching state | Message ID: IKE #1 skipping update_recv as MD is fake | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | 7a e4 6e e4 f2 25 1d 04 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 18 1c 86 dc 75 25 e0 69 3b 21 99 4f | b4 7e e7 cb 80 98 55 00 1f d7 28 21 3f e8 85 47 | 60 ee de 0b 99 a4 41 9b 7d a4 c3 89 ac 42 b2 76 | 30 d9 22 c3 b6 b3 75 af 99 f1 85 f8 8c e9 e4 f6 | 09 4e e5 e3 3a 85 f4 f7 c6 a0 d1 bd ac f7 5e e1 | 5d 89 87 73 c2 53 6f b3 92 51 5c 57 1e f2 b3 c1 | a3 43 fe bb 5d 28 9e 19 7d 41 86 0a 89 ca bc 6c | 36 c1 94 6e 88 62 d6 2d ea f8 cb 1a da 19 02 ba | 62 f9 97 ea cf 89 50 4d 83 48 f3 4e 93 66 77 25 | b1 17 29 8f fb d6 f5 cb fd 59 62 a1 c8 a4 8b 4a | 15 96 a1 35 af 45 0e bc 81 53 26 f9 ce f6 77 28 | 57 a6 df 5e ae 69 4c d5 c7 18 48 79 d8 51 90 3c | e7 fa 0d f2 cb 31 e8 6d b6 79 7c ba fe ea 99 3e | 89 3e f7 46 85 39 f2 29 fb 5f 4d e6 8a d1 58 48 | de cc 11 02 ed 8b b1 9d ab 3d aa d3 50 06 da cd | 87 ef 4b 43 06 ed a1 a4 d9 42 43 3c 71 e6 84 c9 | ba d7 5c 83 29 00 00 24 3a 07 3c c2 6a 9c d3 17 | d9 c8 ba 09 34 16 3d a5 c7 b7 80 9a 7d 44 84 29 | 28 03 47 a4 54 bd aa 69 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 a0 7e 6c d2 97 f4 e4 ea | a0 a0 91 8d 69 6a b0 2f 45 96 9e 0e 00 00 00 1c | 00 00 40 05 ca 66 fd 2d f0 2d 36 04 e9 a2 5c 99 | 4d 23 22 c8 e1 0a 18 d3 | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55fd4c4e9058 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55fd4c4e8fe8 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "aes128" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x55fd4c4e8fe8 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x55fd4c4e9058 size 128 | #1 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29298.033963 | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD | #1 spent 0.537 milliseconds in resume sending helper answer | stop processing: state #1 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f1620002888 | spent 0.00295 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 b9 3b 0d 6f 2c 02 5c e2 2e 62 89 76 | 9b 10 d3 b9 5d 95 29 7b b4 3d 98 d4 e1 68 36 57 | f1 3a 39 b8 f2 f3 29 ec 08 36 79 28 62 56 c6 fd | 76 14 9b 52 84 73 03 c1 bf 47 b9 49 78 32 1e 3e | 4f aa 16 9c dd c8 d5 70 55 ec 83 91 2c 7e 8f 3f | 5f 15 f7 94 3d 12 86 78 b2 00 f5 bb 87 96 9d 4e | 40 ef aa e6 31 1e e2 ea 6e 16 0b c1 75 ea 26 fd | 59 3c 0e c1 89 9f 34 8d c8 c7 6c 32 43 77 01 07 | f0 8f 27 cd 7b bc 4c 06 46 09 49 12 cb f9 71 f1 | 89 2c 2b 60 9e 95 ff 83 3e 2c c0 0f 18 51 1a 6d | 51 29 dc f1 7e 87 61 ba 52 ed 72 94 21 9b c9 5d | 66 99 c8 b5 43 73 02 e5 c1 18 20 b4 b0 b8 b7 56 | 80 07 78 0d ac 19 dd 7c b5 d3 9a 4e f6 61 27 ab | c4 aa ea ec 5d 94 31 8e c3 33 16 09 2f 64 25 3e | a6 c6 20 61 98 58 6e 84 71 eb 8d 13 fb 3b 98 77 | 09 7d 15 43 68 3c f7 07 2a 98 2c 95 97 78 0a 34 | b9 6a b6 08 29 00 00 24 04 5b 12 9b fc d7 31 c0 | 7b 49 97 4c 74 b8 c1 57 64 a0 d4 c0 72 78 5a 2e | 50 43 d4 47 be bf 97 d1 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 18 4f 9d c4 c9 64 02 fa | 0b fc 56 ca 01 0d e6 34 98 48 56 47 00 00 00 1c | 00 00 40 05 18 40 c9 a4 29 af af b9 2f 4d 1f 6e | b6 d6 a1 d8 b3 b6 05 07 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 7a e4 6e e4 f2 25 1d 04 | responder cookie: | d9 00 2b 22 79 6a 05 0a | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #1 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #1 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #1 is idle | #1 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] | #1 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | DH public value received: | b9 3b 0d 6f 2c 02 5c e2 2e 62 89 76 9b 10 d3 b9 | 5d 95 29 7b b4 3d 98 d4 e1 68 36 57 f1 3a 39 b8 | f2 f3 29 ec 08 36 79 28 62 56 c6 fd 76 14 9b 52 | 84 73 03 c1 bf 47 b9 49 78 32 1e 3e 4f aa 16 9c | dd c8 d5 70 55 ec 83 91 2c 7e 8f 3f 5f 15 f7 94 | 3d 12 86 78 b2 00 f5 bb 87 96 9d 4e 40 ef aa e6 | 31 1e e2 ea 6e 16 0b c1 75 ea 26 fd 59 3c 0e c1 | 89 9f 34 8d c8 c7 6c 32 43 77 01 07 f0 8f 27 cd | 7b bc 4c 06 46 09 49 12 cb f9 71 f1 89 2c 2b 60 | 9e 95 ff 83 3e 2c c0 0f 18 51 1a 6d 51 29 dc f1 | 7e 87 61 ba 52 ed 72 94 21 9b c9 5d 66 99 c8 b5 | 43 73 02 e5 c1 18 20 b4 b0 b8 b7 56 80 07 78 0d | ac 19 dd 7c b5 d3 9a 4e f6 61 27 ab c4 aa ea ec | 5d 94 31 8e c3 33 16 09 2f 64 25 3e a6 c6 20 61 | 98 58 6e 84 71 eb 8d 13 fb 3b 98 77 09 7d 15 43 | 68 3c f7 07 2a 98 2c 95 97 78 0a 34 b9 6a b6 08 | using existing local IKE proposals for connection aes128 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE initiator (accepting) 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865950 (length 8) | 7a e4 6e e4 f2 25 1d 04 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865958 (length 8) | d9 00 2b 22 79 6a 05 0a | NATD hash sha digest IP addr-bytes@0x7ffc398658e4 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffc398658d6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865960 (length 20) | 18 40 c9 a4 29 af af b9 2f 4d 1f 6e b6 d6 a1 d8 | b3 b6 05 07 | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= 7a e4 6e e4 f2 25 1d 04 | natd_hash: rcookie= d9 00 2b 22 79 6a 05 0a | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 18 40 c9 a4 29 af af b9 2f 4d 1f 6e b6 d6 a1 d8 | natd_hash: hash= b3 b6 05 07 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865950 (length 8) | 7a e4 6e e4 f2 25 1d 04 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865958 (length 8) | d9 00 2b 22 79 6a 05 0a | NATD hash sha digest IP addr-bytes@0x7ffc398658e4 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffc398658d6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865980 (length 20) | 18 4f 9d c4 c9 64 02 fa 0b fc 56 ca 01 0d e6 34 | 98 48 56 47 | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= 7a e4 6e e4 f2 25 1d 04 | natd_hash: rcookie= d9 00 2b 22 79 6a 05 0a | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 18 4f 9d c4 c9 64 02 fa 0b fc 56 ca 01 0d e6 34 | natd_hash: hash= 98 48 56 47 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f1620003a28: transferring ownership from state #1 to helper IKEv2 DH | adding ikev2_inR1outI2 KE work-order 2 for state #1 | state #1 requesting EVENT_RETRANSMIT to be deleted | #1 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x55fd4c4e9058 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55fd4c4e8fe8 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55fd4c4e8fe8 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x55fd4c4eae68 size 128 | #1 spent 0.235 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | [RE]START processing: state #1 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | crypto helper 3 resuming | suspending state #1 and saving MD | #1 is busy; has a suspended MD | crypto helper 3 starting work-order 2 for state #1 | [RE]START processing: state #1 connection "aes128" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) | "aes128" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | crypto helper 3 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 | stop processing: state #1 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | peer's g: b9 3b 0d 6f 2c 02 5c e2 2e 62 89 76 9b 10 d3 b9 | peer's g: 5d 95 29 7b b4 3d 98 d4 e1 68 36 57 f1 3a 39 b8 | peer's g: f2 f3 29 ec 08 36 79 28 62 56 c6 fd 76 14 9b 52 | peer's g: 84 73 03 c1 bf 47 b9 49 78 32 1e 3e 4f aa 16 9c | peer's g: dd c8 d5 70 55 ec 83 91 2c 7e 8f 3f 5f 15 f7 94 | peer's g: 3d 12 86 78 b2 00 f5 bb 87 96 9d 4e 40 ef aa e6 | peer's g: 31 1e e2 ea 6e 16 0b c1 75 ea 26 fd 59 3c 0e c1 | #1 spent 0.466 milliseconds in ikev2_process_packet() | peer's g: 89 9f 34 8d c8 c7 6c 32 43 77 01 07 f0 8f 27 cd | peer's g: 7b bc 4c 06 46 09 49 12 cb f9 71 f1 89 2c 2b 60 | peer's g: 9e 95 ff 83 3e 2c c0 0f 18 51 1a 6d 51 29 dc f1 | peer's g: 7e 87 61 ba 52 ed 72 94 21 9b c9 5d 66 99 c8 b5 | peer's g: 43 73 02 e5 c1 18 20 b4 b0 b8 b7 56 80 07 78 0d | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | peer's g: ac 19 dd 7c b5 d3 9a 4e f6 61 27 ab c4 aa ea ec | spent 0.504 milliseconds in comm_handle_cb() reading and processing packet | peer's g: 5d 94 31 8e c3 33 16 09 2f 64 25 3e a6 c6 20 61 | peer's g: 98 58 6e 84 71 eb 8d 13 fb 3b 98 77 09 7d 15 43 | peer's g: 68 3c f7 07 2a 98 2c 95 97 78 0a 34 b9 6a b6 08 | Started DH shared-secret computation in NSS: | new : g_ir-key@0x55fd4c4d6640 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f1620003a28: computed shared DH secret key@0x55fd4c4d6640 | dh-shared : g^ir-key@0x55fd4c4d6640 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f1618001f18 (length 64) | 3a 07 3c c2 6a 9c d3 17 d9 c8 ba 09 34 16 3d a5 | c7 b7 80 9a 7d 44 84 29 28 03 47 a4 54 bd aa 69 | 04 5b 12 9b fc d7 31 c0 7b 49 97 4c 74 b8 c1 57 | 64 a0 d4 c0 72 78 5a 2e 50 43 d4 47 be bf 97 d1 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162962f6e0 | result: Ni | Nr-key@0x55fd4c4d3130 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x55fd4c4d3130 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162962f6c8 | result: Ni | Nr-key@0x55fd4c4d4be0 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x55fd4c4d3130 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f1618002fa0 from Ni | Nr-key@0x55fd4c4d4be0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f1618002fa0 from Ni | Nr-key@0x55fd4c4d4be0 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x55fd4c4d4be0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f1618003a78 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x55fd4c4d6640 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x55fd4c4d6640 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x55fd4c4d6640 | nss hmac digest hack: symkey-key@0x55fd4c4d6640 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)1272357058: df 85 13 6b fb 06 8f 18 46 6c 23 51 1a 14 75 26 c5 71 3f 66 06 ed e6 a7 7c cb f9 0a 28 50 2a 66 46 ce 50 a9 07 46 f3 41 15 26 fc 17 1f 54 f0 dd bc 54 80 07 76 54 36 32 07 b6 7e ff 58 c7 25 d4 c6 ad ab 21 ec 65 cf 6f 61 ad 9f 6c 0c b6 c5 40 25 9c 87 02 6f d2 26 2a fd 16 23 c5 cc 3c 5b b2 04 6e 85 10 44 b8 0f 0d e2 ec a1 73 45 5e a0 b8 e7 5e ff fe 46 6d ab 68 30 e0 94 62 08 dc df 13 c0 a5 c8 16 71 e2 6b 9c 98 70 9a 40 bc 65 89 67 e8 66 28 62 2f e7 bc de a9 1b c1 7d 5b 09 ef e0 b5 d9 23 22 68 ca 73 98 5c 0a 55 94 e1 5f 56 c0 ed 20 1a 85 34 2d 25 d2 01 c4 67 c3 b6 c9 91 f3 25 32 9c b5 4e a1 b9 a7 06 2f 80 f6 1b 94 19 6f a4 d3 ab d9 d9 ea e2 19 93 3f 5e c4 bd 96 ce 61 c6 b5 72 81 10 f8 b2 12 1c c4 f8 7a 08 ea 9f e4 1a 36 66 25 9f dc ea 95 2f 16 e4 9d a3 c2 26 ad | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 256 bytes at 0x7f1618003fa8 | unwrapped: 44 c9 bc ef a7 f2 6c 15 7e e9 f6 4d 0b d4 db 62 | unwrapped: bc ba 97 56 db f0 b2 cc 6a 3e 2c 66 d4 cf 52 1a | unwrapped: e5 69 96 dd dc fa 3d ab d0 3d d0 04 d0 3c 6c 0a | unwrapped: 5a 82 e1 97 f2 0a b9 6c a9 66 67 4a 53 dc 3f d1 | unwrapped: d2 1e 62 5e 6c d0 64 20 05 ca 20 db 3b b3 14 68 | unwrapped: 58 b1 39 5d 47 d5 f2 32 41 08 96 20 00 4e df 16 | unwrapped: 60 cb d7 cf 9a 8c f2 d3 96 11 a5 f8 49 9a 96 68 | unwrapped: 0f c5 58 a3 40 eb 08 f1 aa 88 87 09 52 ae bf 26 | unwrapped: b9 bd 22 dc 6e ad bf 3c 18 93 12 a0 d9 97 1a 36 | unwrapped: 50 5c de fc 30 25 98 10 94 a7 64 e6 3f be 31 bd | unwrapped: 9a 40 6f 51 77 04 4e 6e 09 d9 c2 c4 50 f3 5d 9e | unwrapped: 2f 64 9b 65 eb 80 3f 7c 94 58 68 de 1b cb 1c 82 | unwrapped: 33 8d 3c c6 ae c0 d4 7d 34 0f 1a 8e a5 7d a4 18 | unwrapped: ed a2 fb d4 80 a5 80 f3 d0 d3 b3 e9 21 c1 4d 30 | unwrapped: c2 21 ff 9b 80 07 f6 47 ad b1 93 e8 e7 57 c5 17 | unwrapped: 34 b0 99 96 2b 39 43 b0 a3 d4 96 da 48 ce f4 29 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162962f700 | result: final-key@0x55fd4c4d3130 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d3130 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162962f6e8 | result: final-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4d3130 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x55fd4c4d4be0 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162962f670 | result: data=Ni-key@0x55fd4c44c080 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x55fd4c44c080 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162962f658 | result: data=Ni-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x55fd4c44c080 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f162962f660 | result: data+=Nr-key@0x55fd4c44c080 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55fd4c4d3130 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c44c080 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f162962f660 | result: data+=SPIi-key@0x55fd4c4d3130 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55fd4c44c080 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d3130 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f162962f660 | result: data+=SPIr-key@0x55fd4c44c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55fd4c4d3130 | prf+0 PRF sha init key-key@0x55fd4c4d4be0 (size 20) | prf+0: key-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162962f588 | result: clone-key@0x55fd4c4d3130 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f1618002fa0 from key-key@0x55fd4c4d3130 | prf+0 prf: begin sha with context 0x7f1618002fa0 from key-key@0x55fd4c4d3130 | prf+0: release clone-key@0x55fd4c4d3130 | prf+0 PRF sha crypt-prf@0x7f1618002f78 | prf+0 PRF sha update seed-key@0x55fd4c44c080 (size 80) | prf+0: seed-key@0x55fd4c44c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c44c080 | nss hmac digest hack: symkey-key@0x55fd4c44c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 09 31 9a 67 4f 8b 91 76 bc dd 6c 12 ff c8 f2 08 3f cd 4e 9f 9d 17 33 89 02 01 80 9e 9c 1c aa 40 1f 32 d3 58 76 82 09 86 73 fa 92 b4 2c 21 0e bc 98 7e e2 f7 49 f9 f3 b1 02 6e 1e 52 76 df b8 9c e3 7f 58 19 95 e4 b3 30 5c a8 44 6c e7 d5 da 00 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f16180069d8 | unwrapped: 3a 07 3c c2 6a 9c d3 17 d9 c8 ba 09 34 16 3d a5 | unwrapped: c7 b7 80 9a 7d 44 84 29 28 03 47 a4 54 bd aa 69 | unwrapped: 04 5b 12 9b fc d7 31 c0 7b 49 97 4c 74 b8 c1 57 | unwrapped: 64 a0 d4 c0 72 78 5a 2e 50 43 d4 47 be bf 97 d1 | unwrapped: 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162962f590 | result: final-key@0x55fd4c4d6a20 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d6a20 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162962f578 | result: final-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4d6a20 | prf+0 PRF sha final-key@0x55fd4c4d3130 (size 20) | prf+0: key-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x55fd4c4d3130 | prf+N PRF sha init key-key@0x55fd4c4d4be0 (size 20) | prf+N: key-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162962f588 | result: clone-key@0x55fd4c4d6a20 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f1618002fa0 from key-key@0x55fd4c4d6a20 | prf+N prf: begin sha with context 0x7f1618002fa0 from key-key@0x55fd4c4d6a20 | prf+N: release clone-key@0x55fd4c4d6a20 | prf+N PRF sha crypt-prf@0x7f16180030d8 | prf+N PRF sha update old_t-key@0x55fd4c4d3130 (size 20) | prf+N: old_t-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4d3130 | nss hmac digest hack: symkey-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 0f b8 a9 b8 88 bc 7b 06 b8 e6 67 34 87 55 7d c0 80 f3 16 9a 7f 55 a6 25 6a fd 1b bb 6c 31 0b 1a | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f1618002f28 | unwrapped: 20 ca 9e 11 1a 1a c0 43 47 84 25 bd 78 11 2a f9 | unwrapped: c1 ed 28 ba 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c44c080 (size 80) | prf+N: seed-key@0x55fd4c44c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c44c080 | nss hmac digest hack: symkey-key@0x55fd4c44c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 09 31 9a 67 4f 8b 91 76 bc dd 6c 12 ff c8 f2 08 3f cd 4e 9f 9d 17 33 89 02 01 80 9e 9c 1c aa 40 1f 32 d3 58 76 82 09 86 73 fa 92 b4 2c 21 0e bc 98 7e e2 f7 49 f9 f3 b1 02 6e 1e 52 76 df b8 9c e3 7f 58 19 95 e4 b3 30 5c a8 44 6c e7 d5 da 00 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f1618006958 | unwrapped: 3a 07 3c c2 6a 9c d3 17 d9 c8 ba 09 34 16 3d a5 | unwrapped: c7 b7 80 9a 7d 44 84 29 28 03 47 a4 54 bd aa 69 | unwrapped: 04 5b 12 9b fc d7 31 c0 7b 49 97 4c 74 b8 c1 57 | unwrapped: 64 a0 d4 c0 72 78 5a 2e 50 43 d4 47 be bf 97 d1 | unwrapped: 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162962f590 | result: final-key@0x55fd4c4cd5b0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4cd5b0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162962f578 | result: final-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4cd5b0 | prf+N PRF sha final-key@0x55fd4c4d6a20 (size 20) | prf+N: key-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f162962f608 | result: result-key@0x55fd4c4cd5b0 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4d3130 | prfplus: release old_t[N]-key@0x55fd4c4d3130 | prf+N PRF sha init key-key@0x55fd4c4d4be0 (size 20) | prf+N: key-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162962f588 | result: clone-key@0x55fd4c4d3130 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f1618002fa0 from key-key@0x55fd4c4d3130 | prf+N prf: begin sha with context 0x7f1618002fa0 from key-key@0x55fd4c4d3130 | prf+N: release clone-key@0x55fd4c4d3130 | prf+N PRF sha crypt-prf@0x7f1618002f78 | prf+N PRF sha update old_t-key@0x55fd4c4d6a20 (size 20) | prf+N: old_t-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4d6a20 | nss hmac digest hack: symkey-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 3c b1 9b b0 d3 00 0a d8 b8 75 de 78 fa 8b 2d ca 8d 25 a7 61 51 6b 8b f2 2d fc bb 00 24 b7 0e 57 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f1618003a78 | unwrapped: 3f 57 4f b4 b2 31 d1 c0 a6 d5 ac b8 ab e2 c0 2a | unwrapped: a1 eb 05 4c 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c44c080 (size 80) | prf+N: seed-key@0x55fd4c44c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c44c080 | nss hmac digest hack: symkey-key@0x55fd4c44c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 09 31 9a 67 4f 8b 91 76 bc dd 6c 12 ff c8 f2 08 3f cd 4e 9f 9d 17 33 89 02 01 80 9e 9c 1c aa 40 1f 32 d3 58 76 82 09 86 73 fa 92 b4 2c 21 0e bc 98 7e e2 f7 49 f9 f3 b1 02 6e 1e 52 76 df b8 9c e3 7f 58 19 95 e4 b3 30 5c a8 44 6c e7 d5 da 00 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f16180069d8 | unwrapped: 3a 07 3c c2 6a 9c d3 17 d9 c8 ba 09 34 16 3d a5 | unwrapped: c7 b7 80 9a 7d 44 84 29 28 03 47 a4 54 bd aa 69 | unwrapped: 04 5b 12 9b fc d7 31 c0 7b 49 97 4c 74 b8 c1 57 | unwrapped: 64 a0 d4 c0 72 78 5a 2e 50 43 d4 47 be bf 97 d1 | unwrapped: 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162962f590 | result: final-key@0x7f1618006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f1618006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162962f578 | result: final-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f1618006bb0 | prf+N PRF sha final-key@0x55fd4c4d3130 (size 20) | prf+N: key-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4cd5b0 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f162962f608 | result: result-key@0x7f1618006bb0 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4cd5b0 | prfplus: release old_t[N]-key@0x55fd4c4d6a20 | prf+N PRF sha init key-key@0x55fd4c4d4be0 (size 20) | prf+N: key-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162962f588 | result: clone-key@0x55fd4c4d6a20 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f1618002fa0 from key-key@0x55fd4c4d6a20 | prf+N prf: begin sha with context 0x7f1618002fa0 from key-key@0x55fd4c4d6a20 | prf+N: release clone-key@0x55fd4c4d6a20 | prf+N PRF sha crypt-prf@0x7f1618002f28 | prf+N PRF sha update old_t-key@0x55fd4c4d3130 (size 20) | prf+N: old_t-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4d3130 | nss hmac digest hack: symkey-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 8f f6 32 41 63 c8 01 0f 23 a2 d5 f0 aa 97 23 be f5 93 3d 88 e4 b2 4e 52 7f 14 f9 51 ff 2b 18 14 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f161800a408 | unwrapped: 95 87 45 1c 46 29 c3 82 9e b9 4d 29 84 f2 09 41 | unwrapped: 54 a5 06 ba 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c44c080 (size 80) | prf+N: seed-key@0x55fd4c44c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c44c080 | nss hmac digest hack: symkey-key@0x55fd4c44c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 09 31 9a 67 4f 8b 91 76 bc dd 6c 12 ff c8 f2 08 3f cd 4e 9f 9d 17 33 89 02 01 80 9e 9c 1c aa 40 1f 32 d3 58 76 82 09 86 73 fa 92 b4 2c 21 0e bc 98 7e e2 f7 49 f9 f3 b1 02 6e 1e 52 76 df b8 9c e3 7f 58 19 95 e4 b3 30 5c a8 44 6c e7 d5 da 00 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f1618006958 | unwrapped: 3a 07 3c c2 6a 9c d3 17 d9 c8 ba 09 34 16 3d a5 | unwrapped: c7 b7 80 9a 7d 44 84 29 28 03 47 a4 54 bd aa 69 | unwrapped: 04 5b 12 9b fc d7 31 c0 7b 49 97 4c 74 b8 c1 57 | unwrapped: 64 a0 d4 c0 72 78 5a 2e 50 43 d4 47 be bf 97 d1 | unwrapped: 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162962f590 | result: final-key@0x55fd4c4cd5b0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4cd5b0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162962f578 | result: final-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4cd5b0 | prf+N PRF sha final-key@0x55fd4c4d6a20 (size 20) | prf+N: key-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f1618006bb0 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f162962f608 | result: result-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f1618006bb0 | prfplus: release old_t[N]-key@0x55fd4c4d3130 | prf+N PRF sha init key-key@0x55fd4c4d4be0 (size 20) | prf+N: key-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162962f588 | result: clone-key@0x55fd4c4d3130 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f1618002fa0 from key-key@0x55fd4c4d3130 | prf+N prf: begin sha with context 0x7f1618002fa0 from key-key@0x55fd4c4d3130 | prf+N: release clone-key@0x55fd4c4d3130 | prf+N PRF sha crypt-prf@0x7f16180030d8 | prf+N PRF sha update old_t-key@0x55fd4c4d6a20 (size 20) | prf+N: old_t-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4d6a20 | nss hmac digest hack: symkey-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 53 ae 31 d2 68 bb c8 c3 f0 78 76 9b b4 84 23 f5 c4 4e f3 fa 40 89 f9 dd 21 fb 52 41 56 7f 92 f5 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f1618003a78 | unwrapped: 07 fb 22 75 8e 80 30 cf 25 bf ef 24 26 ee 87 77 | unwrapped: 68 d0 c6 d5 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c44c080 (size 80) | prf+N: seed-key@0x55fd4c44c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c44c080 | nss hmac digest hack: symkey-key@0x55fd4c44c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 09 31 9a 67 4f 8b 91 76 bc dd 6c 12 ff c8 f2 08 3f cd 4e 9f 9d 17 33 89 02 01 80 9e 9c 1c aa 40 1f 32 d3 58 76 82 09 86 73 fa 92 b4 2c 21 0e bc 98 7e e2 f7 49 f9 f3 b1 02 6e 1e 52 76 df b8 9c e3 7f 58 19 95 e4 b3 30 5c a8 44 6c e7 d5 da 00 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f16180069d8 | unwrapped: 3a 07 3c c2 6a 9c d3 17 d9 c8 ba 09 34 16 3d a5 | unwrapped: c7 b7 80 9a 7d 44 84 29 28 03 47 a4 54 bd aa 69 | unwrapped: 04 5b 12 9b fc d7 31 c0 7b 49 97 4c 74 b8 c1 57 | unwrapped: 64 a0 d4 c0 72 78 5a 2e 50 43 d4 47 be bf 97 d1 | unwrapped: 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162962f590 | result: final-key@0x7f1618006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f1618006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162962f578 | result: final-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f1618006bb0 | prf+N PRF sha final-key@0x55fd4c4d3130 (size 20) | prf+N: key-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f162962f608 | result: result-key@0x7f1618006bb0 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4cd5b0 | prfplus: release old_t[N]-key@0x55fd4c4d6a20 | prf+N PRF sha init key-key@0x55fd4c4d4be0 (size 20) | prf+N: key-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162962f588 | result: clone-key@0x55fd4c4d6a20 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f161800a070 from key-key@0x55fd4c4d6a20 | prf+N prf: begin sha with context 0x7f161800a070 from key-key@0x55fd4c4d6a20 | prf+N: release clone-key@0x55fd4c4d6a20 | prf+N PRF sha crypt-prf@0x7f1618002f78 | prf+N PRF sha update old_t-key@0x55fd4c4d3130 (size 20) | prf+N: old_t-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4d3130 | nss hmac digest hack: symkey-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: e2 e5 3a 5a 6b f4 ac 3d fe 31 56 55 9d e3 30 ed 24 9e d1 32 a9 01 23 9d 11 bf a6 86 40 cd 65 86 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f1618002f28 | unwrapped: 9d 98 c2 ef 12 16 cf fe 0f 03 55 df 1b 54 03 c2 | unwrapped: 0b c8 6b e3 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c44c080 (size 80) | prf+N: seed-key@0x55fd4c44c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c44c080 | nss hmac digest hack: symkey-key@0x55fd4c44c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 09 31 9a 67 4f 8b 91 76 bc dd 6c 12 ff c8 f2 08 3f cd 4e 9f 9d 17 33 89 02 01 80 9e 9c 1c aa 40 1f 32 d3 58 76 82 09 86 73 fa 92 b4 2c 21 0e bc 98 7e e2 f7 49 f9 f3 b1 02 6e 1e 52 76 df b8 9c e3 7f 58 19 95 e4 b3 30 5c a8 44 6c e7 d5 da 00 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f1618006958 | unwrapped: 3a 07 3c c2 6a 9c d3 17 d9 c8 ba 09 34 16 3d a5 | unwrapped: c7 b7 80 9a 7d 44 84 29 28 03 47 a4 54 bd aa 69 | unwrapped: 04 5b 12 9b fc d7 31 c0 7b 49 97 4c 74 b8 c1 57 | unwrapped: 64 a0 d4 c0 72 78 5a 2e 50 43 d4 47 be bf 97 d1 | unwrapped: 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162962f590 | result: final-key@0x55fd4c4cd5b0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4cd5b0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162962f578 | result: final-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4cd5b0 | prf+N PRF sha final-key@0x55fd4c4d6a20 (size 20) | prf+N: key-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f1618006bb0 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f162962f608 | result: result-key@0x55fd4c4cd5b0 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f1618006bb0 | prfplus: release old_t[N]-key@0x55fd4c4d3130 | prf+N PRF sha init key-key@0x55fd4c4d4be0 (size 20) | prf+N: key-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162962f588 | result: clone-key@0x55fd4c4d3130 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f1618002fa0 from key-key@0x55fd4c4d3130 | prf+N prf: begin sha with context 0x7f1618002fa0 from key-key@0x55fd4c4d3130 | prf+N: release clone-key@0x55fd4c4d3130 | prf+N PRF sha crypt-prf@0x7f16180030d8 | prf+N PRF sha update old_t-key@0x55fd4c4d6a20 (size 20) | prf+N: old_t-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4d6a20 | nss hmac digest hack: symkey-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 33 a3 47 7f f4 97 9b 68 5f 35 2f 6d 8d 1c c3 94 84 17 2c 57 d2 f2 b6 0d 5c 7d 26 29 1e e5 77 60 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f1618003a78 | unwrapped: a0 63 35 5f 11 a9 0b c7 88 cc 51 46 63 07 3f 65 | unwrapped: b9 67 cb d5 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c44c080 (size 80) | prf+N: seed-key@0x55fd4c44c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c44c080 | nss hmac digest hack: symkey-key@0x55fd4c44c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 09 31 9a 67 4f 8b 91 76 bc dd 6c 12 ff c8 f2 08 3f cd 4e 9f 9d 17 33 89 02 01 80 9e 9c 1c aa 40 1f 32 d3 58 76 82 09 86 73 fa 92 b4 2c 21 0e bc 98 7e e2 f7 49 f9 f3 b1 02 6e 1e 52 76 df b8 9c e3 7f 58 19 95 e4 b3 30 5c a8 44 6c e7 d5 da 00 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f161800aa08 | unwrapped: 3a 07 3c c2 6a 9c d3 17 d9 c8 ba 09 34 16 3d a5 | unwrapped: c7 b7 80 9a 7d 44 84 29 28 03 47 a4 54 bd aa 69 | unwrapped: 04 5b 12 9b fc d7 31 c0 7b 49 97 4c 74 b8 c1 57 | unwrapped: 64 a0 d4 c0 72 78 5a 2e 50 43 d4 47 be bf 97 d1 | unwrapped: 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162962f590 | result: final-key@0x7f1618006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f1618006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162962f578 | result: final-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f1618006bb0 | prf+N PRF sha final-key@0x55fd4c4d3130 (size 20) | prf+N: key-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4cd5b0 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f162962f608 | result: result-key@0x7f1618006bb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4cd5b0 | prfplus: release old_t[N]-key@0x55fd4c4d6a20 | prfplus: release old_t[final]-key@0x55fd4c4d3130 | ike_sa_keymat: release data-key@0x55fd4c44c080 | calc_skeyseed_v2: release skeyseed_k-key@0x55fd4c4d4be0 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f1618006bb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162962f7a8 | result: result-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f1618006bb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162962f7a8 | result: result-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f1618006bb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162962f7a8 | result: result-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f1618006bb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162962f7b8 | result: SK_ei_k-key@0x55fd4c4d6a20 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f1618006bb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162962f7b8 | result: SK_er_k-key@0x55fd4c4cd5b0 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f1618006bb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162962f7b8 | result: result-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x7f161800a0e0 | chunk_SK_pi: symkey-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: 2a 3c 68 df b2 d8 67 f5 0d 8d c0 02 39 0c b3 8b 40 d7 af bf b4 97 d2 91 c6 1f 87 35 2b 59 b8 d8 | chunk_SK_pi: release slot-key-key@0x55fd4c4cfe50 | chunk_SK_pi extracted len 32 bytes at 0x7f1618002f78 | unwrapped: 1b 54 03 c2 0b c8 6b e3 a0 63 35 5f 11 a9 0b c7 | unwrapped: 88 cc 51 46 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f1618006bb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162962f7b8 | result: result-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x7f161800d840 | chunk_SK_pr: symkey-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: dc df 0b 8d 1b 1d eb 3e f6 1a 0a 59 eb bb 25 cc e4 fb d7 59 db c0 02 05 74 50 4e ef a2 27 c2 2b | chunk_SK_pr: release slot-key-key@0x55fd4c4cfe50 | chunk_SK_pr extracted len 32 bytes at 0x7f1618003a78 | unwrapped: 63 07 3f 65 b9 67 cb d5 7e 5d 19 2e 02 37 3e ee | unwrapped: 32 9b a8 d1 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x7f1618006bb0 | calc_skeyseed_v2 pointers: shared-key@0x55fd4c4d6640, SK_d-key@0x55fd4c4d4be0, SK_ai-key@0x55fd4c44c080, SK_ar-key@0x55fd4c4d3130, SK_ei-key@0x55fd4c4d6a20, SK_er-key@0x55fd4c4cd5b0, SK_pi-key@0x7f161800a0e0, SK_pr-key@0x7f161800d840 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | 1b 54 03 c2 0b c8 6b e3 a0 63 35 5f 11 a9 0b c7 | 88 cc 51 46 | calc_skeyseed_v2 SK_pr | 63 07 3f 65 b9 67 cb d5 7e 5d 19 2e 02 37 3e ee | 32 9b a8 d1 | crypto helper 3 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.002562 seconds | (#1) spent 2.53 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) | crypto helper 3 sending results from work-order 2 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7f1618005088 size 128 | crypto helper 3 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 2 | calling continuation function 0x55fd4bceeb50 | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 | DH secret MODP2048@0x7f1620003a28: transferring ownership from helper IKEv2 DH to state #1 | finish_dh_v2: release st_shared_nss-key@NULL | creating state object #2 at 0x55fd4c4ed878 | State DB: adding IKEv2 state #2 in UNDEFINED | pstats #2 ikev2.child started | duplicating state object #1 "aes128" as #2 for IPSEC SA | #2 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x55fd4c4d4be0 | duplicate_state: reference st_skey_ai_nss-key@0x55fd4c44c080 | duplicate_state: reference st_skey_ar_nss-key@0x55fd4c4d3130 | duplicate_state: reference st_skey_ei_nss-key@0x55fd4c4d6a20 | duplicate_state: reference st_skey_er_nss-key@0x55fd4c4cd5b0 | duplicate_state: reference st_skey_pi_nss-key@0x7f161800a0e0 | duplicate_state: reference st_skey_pr_nss-key@0x7f161800d840 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55fd4c4eae68 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55fd4c4e8fe8 | event_schedule: new EVENT_SA_REPLACE-pe@0x55fd4c4e8fe8 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x55fd4c4eae68 size 128 | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | 7a e4 6e e4 f2 25 1d 04 | responder cookie: | d9 00 2b 22 79 6a 05 0a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | IDr payload will be sent | hmac PRF sha init symkey-key@0x7f161800a0e0 (size 20) | hmac: symkey-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398659e8 | result: clone-key@0x7f1618006bb0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f1620002b50 from symkey-key@0x7f1618006bb0 | hmac prf: begin sha with context 0x7f1620002b50 from symkey-key@0x7f1618006bb0 | hmac: release clone-key@0x7f1618006bb0 | hmac PRF sha crypt-prf@0x55fd4c4eb258 | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 77 65 73 74 | emitting length of IKEv2 Identification - Initiator - Payload: 12 | idhash calc I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x55fd4bdec8f4 (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7ffc39865d80 (length 20) | 58 57 f3 92 2f 57 f6 7f 6e 7a 94 63 b2 1b e1 4f | 3c e6 ee dc | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload | IDr 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x55fd4c441b58 (line=1) | concluding with best_match=014 best=0x55fd4c441b58 (lineno=1) | inputs to hash1 (first packet) | 7a e4 6e e4 f2 25 1d 04 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 18 1c 86 dc 75 25 e0 69 3b 21 99 4f | b4 7e e7 cb 80 98 55 00 1f d7 28 21 3f e8 85 47 | 60 ee de 0b 99 a4 41 9b 7d a4 c3 89 ac 42 b2 76 | 30 d9 22 c3 b6 b3 75 af 99 f1 85 f8 8c e9 e4 f6 | 09 4e e5 e3 3a 85 f4 f7 c6 a0 d1 bd ac f7 5e e1 | 5d 89 87 73 c2 53 6f b3 92 51 5c 57 1e f2 b3 c1 | a3 43 fe bb 5d 28 9e 19 7d 41 86 0a 89 ca bc 6c | 36 c1 94 6e 88 62 d6 2d ea f8 cb 1a da 19 02 ba | 62 f9 97 ea cf 89 50 4d 83 48 f3 4e 93 66 77 25 | b1 17 29 8f fb d6 f5 cb fd 59 62 a1 c8 a4 8b 4a | 15 96 a1 35 af 45 0e bc 81 53 26 f9 ce f6 77 28 | 57 a6 df 5e ae 69 4c d5 c7 18 48 79 d8 51 90 3c | e7 fa 0d f2 cb 31 e8 6d b6 79 7c ba fe ea 99 3e | 89 3e f7 46 85 39 f2 29 fb 5f 4d e6 8a d1 58 48 | de cc 11 02 ed 8b b1 9d ab 3d aa d3 50 06 da cd | 87 ef 4b 43 06 ed a1 a4 d9 42 43 3c 71 e6 84 c9 | ba d7 5c 83 29 00 00 24 3a 07 3c c2 6a 9c d3 17 | d9 c8 ba 09 34 16 3d a5 c7 b7 80 9a 7d 44 84 29 | 28 03 47 a4 54 bd aa 69 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 a0 7e 6c d2 97 f4 e4 ea | a0 a0 91 8d 69 6a b0 2f 45 96 9e 0e 00 00 00 1c | 00 00 40 05 ca 66 fd 2d f0 2d 36 04 e9 a2 5c 99 | 4d 23 22 c8 e1 0a 18 d3 | create: initiator inputs to hash2 (responder nonce) | 04 5b 12 9b fc d7 31 c0 7b 49 97 4c 74 b8 c1 57 | 64 a0 d4 c0 72 78 5a 2e 50 43 d4 47 be bf 97 d1 | idhash 58 57 f3 92 2f 57 f6 7f 6e 7a 94 63 b2 1b e1 4f | idhash 3c e6 ee dc | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x55fd4c4cfda8 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398657d0 | result: shared secret-key@0x55fd4c4e7620 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x55fd4c4e7620 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398657b8 | result: shared secret-key@0x7f1618006bb0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x55fd4c4e7620 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f1620002b50 from shared secret-key@0x7f1618006bb0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f1620002b50 from shared secret-key@0x7f1618006bb0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f1618006bb0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x55fd4c4eb208 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x55fd4bd814d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398657f0 | result: final-key@0x55fd4c4e7620 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4e7620 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398657d8 | result: final-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4e7620 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f1618006bb0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f1618006bb0 (size 20) | = prf(, ): -key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398657e8 | result: clone-key@0x55fd4c4e7620 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f1620002b50 from -key@0x55fd4c4e7620 | = prf(, ) prf: begin sha with context 0x7f1620002b50 from -key@0x55fd4c4e7620 | = prf(, ): release clone-key@0x55fd4c4e7620 | = prf(, ) PRF sha crypt-prf@0x55fd4c4eb258 | = prf(, ) PRF sha update first-packet-bytes@0x55fd4c4eb4b8 (length 440) | 7a e4 6e e4 f2 25 1d 04 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 18 1c 86 dc 75 25 e0 69 3b 21 99 4f | b4 7e e7 cb 80 98 55 00 1f d7 28 21 3f e8 85 47 | 60 ee de 0b 99 a4 41 9b 7d a4 c3 89 ac 42 b2 76 | 30 d9 22 c3 b6 b3 75 af 99 f1 85 f8 8c e9 e4 f6 | 09 4e e5 e3 3a 85 f4 f7 c6 a0 d1 bd ac f7 5e e1 | 5d 89 87 73 c2 53 6f b3 92 51 5c 57 1e f2 b3 c1 | a3 43 fe bb 5d 28 9e 19 7d 41 86 0a 89 ca bc 6c | 36 c1 94 6e 88 62 d6 2d ea f8 cb 1a da 19 02 ba | 62 f9 97 ea cf 89 50 4d 83 48 f3 4e 93 66 77 25 | b1 17 29 8f fb d6 f5 cb fd 59 62 a1 c8 a4 8b 4a | 15 96 a1 35 af 45 0e bc 81 53 26 f9 ce f6 77 28 | 57 a6 df 5e ae 69 4c d5 c7 18 48 79 d8 51 90 3c | e7 fa 0d f2 cb 31 e8 6d b6 79 7c ba fe ea 99 3e | 89 3e f7 46 85 39 f2 29 fb 5f 4d e6 8a d1 58 48 | de cc 11 02 ed 8b b1 9d ab 3d aa d3 50 06 da cd | 87 ef 4b 43 06 ed a1 a4 d9 42 43 3c 71 e6 84 c9 | ba d7 5c 83 29 00 00 24 3a 07 3c c2 6a 9c d3 17 | d9 c8 ba 09 34 16 3d a5 c7 b7 80 9a 7d 44 84 29 | 28 03 47 a4 54 bd aa 69 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 a0 7e 6c d2 97 f4 e4 ea | a0 a0 91 8d 69 6a b0 2f 45 96 9e 0e 00 00 00 1c | 00 00 40 05 ca 66 fd 2d f0 2d 36 04 e9 a2 5c 99 | 4d 23 22 c8 e1 0a 18 d3 | = prf(, ) PRF sha update nonce-bytes@0x55fd4c4eb468 (length 32) | 04 5b 12 9b fc d7 31 c0 7b 49 97 4c 74 b8 c1 57 | 64 a0 d4 c0 72 78 5a 2e 50 43 d4 47 be bf 97 d1 | = prf(, ) PRF sha update hash-bytes@0x7ffc39865d80 (length 20) | 58 57 f3 92 2f 57 f6 7f 6e 7a 94 63 b2 1b e1 4f | 3c e6 ee dc | = prf(, ) PRF sha final-chunk@0x55fd4c4ee6c8 (length 20) | 6f e0 77 8a c8 0f 6f 52 7f 7c 91 0d 65 68 9f 0a | ae 39 1e cf | psk_auth: release prf-psk-key@0x7f1618006bb0 | PSK auth octets 6f e0 77 8a c8 0f 6f 52 7f 7c 91 0d 65 68 9f 0a | PSK auth octets ae 39 1e cf | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth 6f e0 77 8a c8 0f 6f 52 7f 7c 91 0d 65 68 9f 0a | PSK auth ae 39 1e cf | emitting length of IKEv2 Authentication Payload: 28 | getting first pending from state #1 | netlink_get_spi: allocated 0xfc438d24 for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for aes128 (IKE SA initiator emitting ESP/AH proposals) | converting proposal AES_CBC_128-HMAC_SHA1_96-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED "aes128": constructed local ESP/AH proposals for aes128 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi fc 43 8d 24 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 01 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 02 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 16 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0e repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0f repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 192 | emitting length of ISAKMP Message: 220 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 70 ac f5 20 7c 57 94 c5 77 4b ce 33 42 5c fd 0d | data before encryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | 6f e0 77 8a c8 0f 6f 52 7f 7c 91 0d 65 68 9f 0a | ae 39 1e cf 2c 00 00 2c 00 00 00 28 01 03 04 03 | fc 43 8d 24 03 00 00 0c 01 00 00 0c 80 0e 00 80 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 35 1b 0f f7 10 a5 89 0f 1f 2d e4 97 b1 ca a3 4f | 94 25 4b 85 8f ff 59 36 17 ad 82 ec 2e 55 a9 32 | b2 7b 2d ee 01 8e 11 52 31 86 ef f8 cf cb 6e b4 | 16 b3 cc 97 a7 ef bb d6 18 dc 4a 8b 8f b4 a8 96 | 85 ab aa 01 10 0a 78 74 ac 1d c3 24 c1 7b ba 1a | 18 a2 16 d7 a4 96 e4 a0 21 35 42 5d 04 7f 2e 95 | 36 49 e6 86 95 e2 4b 77 bb 8a 76 a4 98 e3 45 76 | 53 c4 29 07 40 1c 92 60 28 fe 9d 42 2a d4 9d e2 | ba 2c 54 64 ff 63 8e 22 5f 47 79 e4 19 a6 7d a9 | ab fb c6 e5 87 07 68 0c e4 02 24 73 e5 72 2c 08 | hmac PRF sha init symkey-key@0x55fd4c44c080 (size 20) | hmac: symkey-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398658f8 | result: clone-key@0x7f1618006bb0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f1620002b50 from symkey-key@0x7f1618006bb0 | hmac prf: begin sha with context 0x7f1620002b50 from symkey-key@0x7f1618006bb0 | hmac: release clone-key@0x7f1618006bb0 | hmac PRF sha crypt-prf@0x55fd4c4eb208 | hmac PRF sha update data-bytes@0x55fd4bdec8c0 (length 208) | 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 70 ac f5 20 7c 57 94 c5 77 4b ce 33 42 5c fd 0d | 35 1b 0f f7 10 a5 89 0f 1f 2d e4 97 b1 ca a3 4f | 94 25 4b 85 8f ff 59 36 17 ad 82 ec 2e 55 a9 32 | b2 7b 2d ee 01 8e 11 52 31 86 ef f8 cf cb 6e b4 | 16 b3 cc 97 a7 ef bb d6 18 dc 4a 8b 8f b4 a8 96 | 85 ab aa 01 10 0a 78 74 ac 1d c3 24 c1 7b ba 1a | 18 a2 16 d7 a4 96 e4 a0 21 35 42 5d 04 7f 2e 95 | 36 49 e6 86 95 e2 4b 77 bb 8a 76 a4 98 e3 45 76 | 53 c4 29 07 40 1c 92 60 28 fe 9d 42 2a d4 9d e2 | ba 2c 54 64 ff 63 8e 22 5f 47 79 e4 19 a6 7d a9 | ab fb c6 e5 87 07 68 0c e4 02 24 73 e5 72 2c 08 | hmac PRF sha final-bytes@0x55fd4bdec990 (length 20) | 0f 44 e2 8e 3b 51 5e 15 44 97 b6 22 71 70 50 e3 | 7b cd 27 cf | data being hmac: 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | data being hmac: 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | data being hmac: 70 ac f5 20 7c 57 94 c5 77 4b ce 33 42 5c fd 0d | data being hmac: 35 1b 0f f7 10 a5 89 0f 1f 2d e4 97 b1 ca a3 4f | data being hmac: 94 25 4b 85 8f ff 59 36 17 ad 82 ec 2e 55 a9 32 | data being hmac: b2 7b 2d ee 01 8e 11 52 31 86 ef f8 cf cb 6e b4 | data being hmac: 16 b3 cc 97 a7 ef bb d6 18 dc 4a 8b 8f b4 a8 96 | data being hmac: 85 ab aa 01 10 0a 78 74 ac 1d c3 24 c1 7b ba 1a | data being hmac: 18 a2 16 d7 a4 96 e4 a0 21 35 42 5d 04 7f 2e 95 | data being hmac: 36 49 e6 86 95 e2 4b 77 bb 8a 76 a4 98 e3 45 76 | data being hmac: 53 c4 29 07 40 1c 92 60 28 fe 9d 42 2a d4 9d e2 | data being hmac: ba 2c 54 64 ff 63 8e 22 5f 47 79 e4 19 a6 7d a9 | data being hmac: ab fb c6 e5 87 07 68 0c e4 02 24 73 e5 72 2c 08 | out calculated auth: | 0f 44 e2 8e 3b 51 5e 15 44 97 b6 22 | suspend processing: state #1 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | start processing: state #2 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #2 to 0 after switching state | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "aes128" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 220 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 70 ac f5 20 7c 57 94 c5 77 4b ce 33 42 5c fd 0d | 35 1b 0f f7 10 a5 89 0f 1f 2d e4 97 b1 ca a3 4f | 94 25 4b 85 8f ff 59 36 17 ad 82 ec 2e 55 a9 32 | b2 7b 2d ee 01 8e 11 52 31 86 ef f8 cf cb 6e b4 | 16 b3 cc 97 a7 ef bb d6 18 dc 4a 8b 8f b4 a8 96 | 85 ab aa 01 10 0a 78 74 ac 1d c3 24 c1 7b ba 1a | 18 a2 16 d7 a4 96 e4 a0 21 35 42 5d 04 7f 2e 95 | 36 49 e6 86 95 e2 4b 77 bb 8a 76 a4 98 e3 45 76 | 53 c4 29 07 40 1c 92 60 28 fe 9d 42 2a d4 9d e2 | ba 2c 54 64 ff 63 8e 22 5f 47 79 e4 19 a6 7d a9 | ab fb c6 e5 87 07 68 0c e4 02 24 73 e5 72 2c 08 | 0f 44 e2 8e 3b 51 5e 15 44 97 b6 22 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "aes128" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x7f1620002b78 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x55fd4c4ee448 size 128 | #2 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29298.03987 | resume sending helper answer for #1 suppresed complete_v2_state_transition() | #1 spent 0.839 milliseconds in resume sending helper answer | stop processing: state #2 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f1618005088 | spent 0.00287 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 204 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | 61 bb d1 4e 3a 5e 32 f3 1c a0 85 8a d5 94 fd 3c | 42 8b 7e e8 2d b3 1e e7 3f f4 a2 41 2e 00 25 1f | 48 da 8e f8 f8 fc 16 58 db 1b e2 c5 e9 ea 4f 31 | d8 50 de dc 4e b4 d5 36 a9 0b 4b 3f 14 cf 00 8b | 87 ef 97 ee bf cc cf a0 d0 fa fe ac 11 a1 aa cd | ce 50 d4 2a de b6 24 41 7b 57 6d 3c 96 77 ba 27 | 1e 5b d5 6a 48 b1 db 78 62 8e 24 50 9d 91 2a 6c | e3 7e 2d fb 60 f0 d4 30 1e bc 2b 8c 58 60 af 95 | b3 4c ce c0 2c cd aa 1f 13 b8 19 32 da dc 08 94 | 2e 8d 28 d7 14 f7 0b 43 e3 2e 40 a7 62 2f cf ea | 7c 40 18 03 5f 64 94 39 6e c2 de d3 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 7a e4 6e e4 f2 25 1d 04 | responder cookie: | d9 00 2b 22 79 6a 05 0a | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 204 (0xcc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) | start processing: state #1 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #1 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | start processing: state #2 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #2 is idle | #2 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 176 (0xb0) | processing payload: ISAKMP_NEXT_v2SK (len=172) | #2 in state PARENT_I2: sent v2I2, expected v2R2 | hmac PRF sha init symkey-key@0x55fd4c4d3130 (size 20) | hmac: symkey-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865748 | result: clone-key@0x7f1618006bb0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x55fd4c4e9130 from symkey-key@0x7f1618006bb0 | hmac prf: begin sha with context 0x55fd4c4e9130 from symkey-key@0x7f1618006bb0 | hmac: release clone-key@0x7f1618006bb0 | hmac PRF sha crypt-prf@0x55fd4c4eb258 | hmac PRF sha update data-bytes@0x55fd4c47b368 (length 192) | 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | 61 bb d1 4e 3a 5e 32 f3 1c a0 85 8a d5 94 fd 3c | 42 8b 7e e8 2d b3 1e e7 3f f4 a2 41 2e 00 25 1f | 48 da 8e f8 f8 fc 16 58 db 1b e2 c5 e9 ea 4f 31 | d8 50 de dc 4e b4 d5 36 a9 0b 4b 3f 14 cf 00 8b | 87 ef 97 ee bf cc cf a0 d0 fa fe ac 11 a1 aa cd | ce 50 d4 2a de b6 24 41 7b 57 6d 3c 96 77 ba 27 | 1e 5b d5 6a 48 b1 db 78 62 8e 24 50 9d 91 2a 6c | e3 7e 2d fb 60 f0 d4 30 1e bc 2b 8c 58 60 af 95 | b3 4c ce c0 2c cd aa 1f 13 b8 19 32 da dc 08 94 | 2e 8d 28 d7 14 f7 0b 43 e3 2e 40 a7 62 2f cf ea | hmac PRF sha final-bytes@0x7ffc39865910 (length 20) | 7c 40 18 03 5f 64 94 39 6e c2 de d3 d6 c5 12 af | 30 04 78 fa | data for hmac: 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | data for hmac: 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | data for hmac: 61 bb d1 4e 3a 5e 32 f3 1c a0 85 8a d5 94 fd 3c | data for hmac: 42 8b 7e e8 2d b3 1e e7 3f f4 a2 41 2e 00 25 1f | data for hmac: 48 da 8e f8 f8 fc 16 58 db 1b e2 c5 e9 ea 4f 31 | data for hmac: d8 50 de dc 4e b4 d5 36 a9 0b 4b 3f 14 cf 00 8b | data for hmac: 87 ef 97 ee bf cc cf a0 d0 fa fe ac 11 a1 aa cd | data for hmac: ce 50 d4 2a de b6 24 41 7b 57 6d 3c 96 77 ba 27 | data for hmac: 1e 5b d5 6a 48 b1 db 78 62 8e 24 50 9d 91 2a 6c | data for hmac: e3 7e 2d fb 60 f0 d4 30 1e bc 2b 8c 58 60 af 95 | data for hmac: b3 4c ce c0 2c cd aa 1f 13 b8 19 32 da dc 08 94 | data for hmac: 2e 8d 28 d7 14 f7 0b 43 e3 2e 40 a7 62 2f cf ea | calculated auth: 7c 40 18 03 5f 64 94 39 6e c2 de d3 | provided auth: 7c 40 18 03 5f 64 94 39 6e c2 de d3 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 61 bb d1 4e 3a 5e 32 f3 1c a0 85 8a d5 94 fd 3c | payload before decryption: | 42 8b 7e e8 2d b3 1e e7 3f f4 a2 41 2e 00 25 1f | 48 da 8e f8 f8 fc 16 58 db 1b e2 c5 e9 ea 4f 31 | d8 50 de dc 4e b4 d5 36 a9 0b 4b 3f 14 cf 00 8b | 87 ef 97 ee bf cc cf a0 d0 fa fe ac 11 a1 aa cd | ce 50 d4 2a de b6 24 41 7b 57 6d 3c 96 77 ba 27 | 1e 5b d5 6a 48 b1 db 78 62 8e 24 50 9d 91 2a 6c | e3 7e 2d fb 60 f0 d4 30 1e bc 2b 8c 58 60 af 95 | b3 4c ce c0 2c cd aa 1f 13 b8 19 32 da dc 08 94 | 2e 8d 28 d7 14 f7 0b 43 e3 2e 40 a7 62 2f cf ea | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 a0 a4 28 74 c9 3c ff 47 8e be 5a e9 | e5 7a c2 9b d3 f0 05 76 2c 00 00 2c 00 00 00 28 | 01 03 04 03 1e 6a ea 36 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 03 00 00 02 00 00 00 08 | 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 01 00 c0 00 01 ff 00 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 | c0 00 02 ff 00 01 02 03 04 05 06 07 08 09 0a 0b | stripping 12 octets as pad | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Initiator: process IKE_AUTH response | Now let's proceed with state specific processing | calling processor Initiator: process IKE_AUTH response | offered CA: '%none' "aes128" #2: IKEv2 mode peer ID is ID_FQDN: '@east' | hmac PRF sha init symkey-key@0x7f161800d840 (size 20) | hmac: symkey-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865878 | result: clone-key@0x7f1618006bb0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x55fd4c4e9130 from symkey-key@0x7f1618006bb0 | hmac prf: begin sha with context 0x55fd4c4e9130 from symkey-key@0x7f1618006bb0 | hmac: release clone-key@0x7f1618006bb0 | hmac PRF sha crypt-prf@0x55fd4c4eb208 | idhash auth R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x55fd4c47b39c (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7ffc398659d0 (length 20) | fb 86 ef 59 65 61 f6 b5 ad a7 2a d0 e5 49 1a 22 | d4 07 0a bc | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x55fd4c441b58 (line=1) | concluding with best_match=014 best=0x55fd4c441b58 (lineno=1) | inputs to hash1 (first packet) | 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 b9 3b 0d 6f 2c 02 5c e2 2e 62 89 76 | 9b 10 d3 b9 5d 95 29 7b b4 3d 98 d4 e1 68 36 57 | f1 3a 39 b8 f2 f3 29 ec 08 36 79 28 62 56 c6 fd | 76 14 9b 52 84 73 03 c1 bf 47 b9 49 78 32 1e 3e | 4f aa 16 9c dd c8 d5 70 55 ec 83 91 2c 7e 8f 3f | 5f 15 f7 94 3d 12 86 78 b2 00 f5 bb 87 96 9d 4e | 40 ef aa e6 31 1e e2 ea 6e 16 0b c1 75 ea 26 fd | 59 3c 0e c1 89 9f 34 8d c8 c7 6c 32 43 77 01 07 | f0 8f 27 cd 7b bc 4c 06 46 09 49 12 cb f9 71 f1 | 89 2c 2b 60 9e 95 ff 83 3e 2c c0 0f 18 51 1a 6d | 51 29 dc f1 7e 87 61 ba 52 ed 72 94 21 9b c9 5d | 66 99 c8 b5 43 73 02 e5 c1 18 20 b4 b0 b8 b7 56 | 80 07 78 0d ac 19 dd 7c b5 d3 9a 4e f6 61 27 ab | c4 aa ea ec 5d 94 31 8e c3 33 16 09 2f 64 25 3e | a6 c6 20 61 98 58 6e 84 71 eb 8d 13 fb 3b 98 77 | 09 7d 15 43 68 3c f7 07 2a 98 2c 95 97 78 0a 34 | b9 6a b6 08 29 00 00 24 04 5b 12 9b fc d7 31 c0 | 7b 49 97 4c 74 b8 c1 57 64 a0 d4 c0 72 78 5a 2e | 50 43 d4 47 be bf 97 d1 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 18 4f 9d c4 c9 64 02 fa | 0b fc 56 ca 01 0d e6 34 98 48 56 47 00 00 00 1c | 00 00 40 05 18 40 c9 a4 29 af af b9 2f 4d 1f 6e | b6 d6 a1 d8 b3 b6 05 07 | verify: initiator inputs to hash2 (initiator nonce) | 3a 07 3c c2 6a 9c d3 17 d9 c8 ba 09 34 16 3d a5 | c7 b7 80 9a 7d 44 84 29 28 03 47 a4 54 bd aa 69 | idhash fb 86 ef 59 65 61 f6 b5 ad a7 2a d0 e5 49 1a 22 | idhash d4 07 0a bc | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x55fd4c4cfda8 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39865670 | result: shared secret-key@0x55fd4c4e7620 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x55fd4c4e7620 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865658 | result: shared secret-key@0x7f1618006bb0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x55fd4c4e7620 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x55fd4c4e9130 from shared secret-key@0x7f1618006bb0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x55fd4c4e9130 from shared secret-key@0x7f1618006bb0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f1618006bb0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x55fd4c4eb258 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x55fd4bd814d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39865690 | result: final-key@0x55fd4c4e7620 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4e7620 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865678 | result: final-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4e7620 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f1618006bb0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f1618006bb0 (size 20) | = prf(, ): -key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865688 | result: clone-key@0x55fd4c4e7620 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x55fd4c4e9130 from -key@0x55fd4c4e7620 | = prf(, ) prf: begin sha with context 0x55fd4c4e9130 from -key@0x55fd4c4e7620 | = prf(, ): release clone-key@0x55fd4c4e7620 | = prf(, ) PRF sha crypt-prf@0x55fd4c4eb208 | = prf(, ) PRF sha update first-packet-bytes@0x55fd4c4eaf68 (length 440) | 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 b9 3b 0d 6f 2c 02 5c e2 2e 62 89 76 | 9b 10 d3 b9 5d 95 29 7b b4 3d 98 d4 e1 68 36 57 | f1 3a 39 b8 f2 f3 29 ec 08 36 79 28 62 56 c6 fd | 76 14 9b 52 84 73 03 c1 bf 47 b9 49 78 32 1e 3e | 4f aa 16 9c dd c8 d5 70 55 ec 83 91 2c 7e 8f 3f | 5f 15 f7 94 3d 12 86 78 b2 00 f5 bb 87 96 9d 4e | 40 ef aa e6 31 1e e2 ea 6e 16 0b c1 75 ea 26 fd | 59 3c 0e c1 89 9f 34 8d c8 c7 6c 32 43 77 01 07 | f0 8f 27 cd 7b bc 4c 06 46 09 49 12 cb f9 71 f1 | 89 2c 2b 60 9e 95 ff 83 3e 2c c0 0f 18 51 1a 6d | 51 29 dc f1 7e 87 61 ba 52 ed 72 94 21 9b c9 5d | 66 99 c8 b5 43 73 02 e5 c1 18 20 b4 b0 b8 b7 56 | 80 07 78 0d ac 19 dd 7c b5 d3 9a 4e f6 61 27 ab | c4 aa ea ec 5d 94 31 8e c3 33 16 09 2f 64 25 3e | a6 c6 20 61 98 58 6e 84 71 eb 8d 13 fb 3b 98 77 | 09 7d 15 43 68 3c f7 07 2a 98 2c 95 97 78 0a 34 | b9 6a b6 08 29 00 00 24 04 5b 12 9b fc d7 31 c0 | 7b 49 97 4c 74 b8 c1 57 64 a0 d4 c0 72 78 5a 2e | 50 43 d4 47 be bf 97 d1 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 18 4f 9d c4 c9 64 02 fa | 0b fc 56 ca 01 0d e6 34 98 48 56 47 00 00 00 1c | 00 00 40 05 18 40 c9 a4 29 af af b9 2f 4d 1f 6e | b6 d6 a1 d8 b3 b6 05 07 | = prf(, ) PRF sha update nonce-bytes@0x7f1620001278 (length 32) | 3a 07 3c c2 6a 9c d3 17 d9 c8 ba 09 34 16 3d a5 | c7 b7 80 9a 7d 44 84 29 28 03 47 a4 54 bd aa 69 | = prf(, ) PRF sha update hash-bytes@0x7ffc398659d0 (length 20) | fb 86 ef 59 65 61 f6 b5 ad a7 2a d0 e5 49 1a 22 | d4 07 0a bc | = prf(, ) PRF sha final-chunk@0x55fd4c4ee618 (length 20) | a0 a4 28 74 c9 3c ff 47 8e be 5a e9 e5 7a c2 9b | d3 f0 05 76 | psk_auth: release prf-psk-key@0x7f1618006bb0 | Received PSK auth octets | a0 a4 28 74 c9 3c ff 47 8e be 5a e9 e5 7a c2 9b | d3 f0 05 76 | Calculated PSK auth octets | a0 a4 28 74 c9 3c ff 47 8e be 5a e9 e5 7a c2 9b | d3 f0 05 76 "aes128" #2: Authenticated using authby=secret | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) | state #1 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x55fd4c4eae68 | free_event_entry: release EVENT_SA_REPLACE-pe@0x55fd4c4e8fe8 | event_schedule: new EVENT_SA_REKEY-pe@0x55fd4c4e8fe8 | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 | libevent_malloc: new ptr-libevent@0x7f1618005088 size 128 | pstats #1 ikev2.ike established | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | evaluating our conn="aes128" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found an acceptable TSi/TSr Traffic Selector | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | using existing local ESP/AH proposals for aes128 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI 1e 6a ea 36 | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | *****parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=1e6aea36;ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | integ=sha: .key_size=20 encrypt=aes: .key_size=16 .salt_size=0 keymat_len=36 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39865760 | result: data=Ni-key@0x55fd4c4e7620 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x55fd4c4e7620 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865748 | result: data=Ni-key@0x7f1618006bb0 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x55fd4c4e7620 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f1618006bb0 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc39865750 | result: data+=Nr-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f1618006bb0 | prf+0 PRF sha init key-key@0x55fd4c4d4be0 (size 20) | prf+0: key-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865678 | result: clone-key@0x7f1618006bb0 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x55fd4c4e9130 from key-key@0x7f1618006bb0 | prf+0 prf: begin sha with context 0x55fd4c4e9130 from key-key@0x7f1618006bb0 | prf+0: release clone-key@0x7f1618006bb0 | prf+0 PRF sha crypt-prf@0x55fd4c4ee668 | prf+0 PRF sha update seed-key@0x55fd4c4e7620 (size 64) | prf+0: seed-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55fd4c4e7620 | nss hmac digest hack: symkey-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1272451581: 09 31 9a 67 4f 8b 91 76 bc dd 6c 12 ff c8 f2 08 3f cd 4e 9f 9d 17 33 89 02 01 80 9e 9c 1c aa 40 1f 32 d3 58 76 82 09 86 73 fa 92 b4 2c 21 0e bc 98 7e e2 f7 49 f9 f3 b1 02 6e 1e 52 76 df b8 9c | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 64 bytes at 0x55fd4c4ed418 | unwrapped: 3a 07 3c c2 6a 9c d3 17 d9 c8 ba 09 34 16 3d a5 | unwrapped: c7 b7 80 9a 7d 44 84 29 28 03 47 a4 54 bd aa 69 | unwrapped: 04 5b 12 9b fc d7 31 c0 7b 49 97 4c 74 b8 c1 57 | unwrapped: 64 a0 d4 c0 72 78 5a 2e 50 43 d4 47 be bf 97 d1 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39865680 | result: final-key@0x55fd4c4ee4d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4ee4d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865668 | result: final-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4ee4d0 | prf+0 PRF sha final-key@0x7f1618006bb0 (size 20) | prf+0: key-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x7f1618006bb0 | prf+N PRF sha init key-key@0x55fd4c4d4be0 (size 20) | prf+N: key-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865678 | result: clone-key@0x55fd4c4ee4d0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x55fd4c4e9130 from key-key@0x55fd4c4ee4d0 | prf+N prf: begin sha with context 0x55fd4c4e9130 from key-key@0x55fd4c4ee4d0 | prf+N: release clone-key@0x55fd4c4ee4d0 | prf+N PRF sha crypt-prf@0x55fd4c4ee5a8 | prf+N PRF sha update old_t-key@0x7f1618006bb0 (size 20) | prf+N: old_t-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f1618006bb0 | nss hmac digest hack: symkey-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: d1 f7 6d da 8b 26 b0 cc eb 78 cc e2 c6 68 b7 73 ff 6e 1e 2d 1e 62 20 b3 3d d7 56 f3 0b a8 79 88 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x55fd4c4ed818 | unwrapped: 4f 63 16 3d 05 d6 65 35 1b 61 6f 13 5d 3b dc 2f | unwrapped: 40 c7 ee 02 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4e7620 (size 64) | prf+N: seed-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55fd4c4e7620 | nss hmac digest hack: symkey-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1272451581: 09 31 9a 67 4f 8b 91 76 bc dd 6c 12 ff c8 f2 08 3f cd 4e 9f 9d 17 33 89 02 01 80 9e 9c 1c aa 40 1f 32 d3 58 76 82 09 86 73 fa 92 b4 2c 21 0e bc 98 7e e2 f7 49 f9 f3 b1 02 6e 1e 52 76 df b8 9c | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 64 bytes at 0x55fd4c4ed3a8 | unwrapped: 3a 07 3c c2 6a 9c d3 17 d9 c8 ba 09 34 16 3d a5 | unwrapped: c7 b7 80 9a 7d 44 84 29 28 03 47 a4 54 bd aa 69 | unwrapped: 04 5b 12 9b fc d7 31 c0 7b 49 97 4c 74 b8 c1 57 | unwrapped: 64 a0 d4 c0 72 78 5a 2e 50 43 d4 47 be bf 97 d1 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39865680 | result: final-key@0x55fd4c4ecc80 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4ecc80 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865668 | result: final-key@0x55fd4c4ee4d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4ecc80 | prf+N PRF sha final-key@0x55fd4c4ee4d0 (size 20) | prf+N: key-key@0x55fd4c4ee4d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffc398656f8 | result: result-key@0x55fd4c4ecc80 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f1618006bb0 | prfplus: release old_t[N]-key@0x7f1618006bb0 | prf+N PRF sha init key-key@0x55fd4c4d4be0 (size 20) | prf+N: key-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865678 | result: clone-key@0x7f1618006bb0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x55fd4c4e9130 from key-key@0x7f1618006bb0 | prf+N prf: begin sha with context 0x55fd4c4e9130 from key-key@0x7f1618006bb0 | prf+N: release clone-key@0x7f1618006bb0 | prf+N PRF sha crypt-prf@0x55fd4c4eb258 | prf+N PRF sha update old_t-key@0x55fd4c4ee4d0 (size 20) | prf+N: old_t-key@0x55fd4c4ee4d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4ee4d0 | nss hmac digest hack: symkey-key@0x55fd4c4ee4d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: ca 12 2e 7f b5 96 e5 02 7d 7c 74 59 eb 57 dd 0c 81 e7 ff d7 ac 89 94 63 51 60 66 10 5c 06 74 6b | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x55fd4c4f18d8 | unwrapped: b7 23 16 1b c7 0e fc 59 da 86 e4 4f 8e f7 f5 68 | unwrapped: 7e 7b 60 99 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4e7620 (size 64) | prf+N: seed-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55fd4c4e7620 | nss hmac digest hack: symkey-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1272451581: 09 31 9a 67 4f 8b 91 76 bc dd 6c 12 ff c8 f2 08 3f cd 4e 9f 9d 17 33 89 02 01 80 9e 9c 1c aa 40 1f 32 d3 58 76 82 09 86 73 fa 92 b4 2c 21 0e bc 98 7e e2 f7 49 f9 f3 b1 02 6e 1e 52 76 df b8 9c | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 64 bytes at 0x55fd4c4ed418 | unwrapped: 3a 07 3c c2 6a 9c d3 17 d9 c8 ba 09 34 16 3d a5 | unwrapped: c7 b7 80 9a 7d 44 84 29 28 03 47 a4 54 bd aa 69 | unwrapped: 04 5b 12 9b fc d7 31 c0 7b 49 97 4c 74 b8 c1 57 | unwrapped: 64 a0 d4 c0 72 78 5a 2e 50 43 d4 47 be bf 97 d1 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39865680 | result: final-key@0x55fd4c4ed620 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4ed620 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865668 | result: final-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4ed620 | prf+N PRF sha final-key@0x7f1618006bb0 (size 20) | prf+N: key-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4ecc80 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffc398656f8 | result: result-key@0x55fd4c4ed620 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4ecc80 | prfplus: release old_t[N]-key@0x55fd4c4ee4d0 | prf+N PRF sha init key-key@0x55fd4c4d4be0 (size 20) | prf+N: key-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865678 | result: clone-key@0x55fd4c4ee4d0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x55fd4c4e9130 from key-key@0x55fd4c4ee4d0 | prf+N prf: begin sha with context 0x55fd4c4e9130 from key-key@0x55fd4c4ee4d0 | prf+N: release clone-key@0x55fd4c4ee4d0 | prf+N PRF sha crypt-prf@0x55fd4c4ed358 | prf+N PRF sha update old_t-key@0x7f1618006bb0 (size 20) | prf+N: old_t-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f1618006bb0 | nss hmac digest hack: symkey-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 21 43 66 ab ca 7b dd 7f ca 97 05 72 d4 09 b9 ae 92 cb 18 4c e9 8f 07 df 49 63 03 da 50 85 f0 2a | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x55fd4c4f34a8 | unwrapped: dd af de 86 ae 3c a6 d5 05 50 01 17 70 44 ed 14 | unwrapped: cd 15 15 a1 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4e7620 (size 64) | prf+N: seed-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55fd4c4e7620 | nss hmac digest hack: symkey-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1272451581: 09 31 9a 67 4f 8b 91 76 bc dd 6c 12 ff c8 f2 08 3f cd 4e 9f 9d 17 33 89 02 01 80 9e 9c 1c aa 40 1f 32 d3 58 76 82 09 86 73 fa 92 b4 2c 21 0e bc 98 7e e2 f7 49 f9 f3 b1 02 6e 1e 52 76 df b8 9c | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 64 bytes at 0x55fd4c4ed3a8 | unwrapped: 3a 07 3c c2 6a 9c d3 17 d9 c8 ba 09 34 16 3d a5 | unwrapped: c7 b7 80 9a 7d 44 84 29 28 03 47 a4 54 bd aa 69 | unwrapped: 04 5b 12 9b fc d7 31 c0 7b 49 97 4c 74 b8 c1 57 | unwrapped: 64 a0 d4 c0 72 78 5a 2e 50 43 d4 47 be bf 97 d1 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39865680 | result: final-key@0x55fd4c4ecc80 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4ecc80 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865668 | result: final-key@0x55fd4c4ee4d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4ecc80 | prf+N PRF sha final-key@0x55fd4c4ee4d0 (size 20) | prf+N: key-key@0x55fd4c4ee4d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4ed620 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffc398656f8 | result: result-key@0x55fd4c4ecc80 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4ed620 | prfplus: release old_t[N]-key@0x7f1618006bb0 | prfplus: release old_t[final]-key@0x55fd4c4ee4d0 | child_sa_keymat: release data-key@0x55fd4c4e7620 | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x55fd4c4ecc80 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398657d8 | result: result-key@0x55fd4c4e7620 (36-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 36 bytes of key@0x55fd4c4e7620 | initiator to responder keys: symkey-key@0x55fd4c4e7620 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x55fd4c4cfe50 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1713387878: d1 f7 6d da 8b 26 b0 cc eb 78 cc e2 c6 68 b7 73 f5 9b 54 9e df 2e 31 16 70 06 2d c1 fd 13 7e 88 ae f8 05 aa 69 0f d4 07 bf 2c a0 90 40 3c af f1 | initiator to responder keys: release slot-key-key@0x55fd4c4cfe50 | initiator to responder keys extracted len 48 bytes at 0x55fd4c4e93f8 | unwrapped: 4f 63 16 3d 05 d6 65 35 1b 61 6f 13 5d 3b dc 2f | unwrapped: 40 c7 ee 02 b7 23 16 1b c7 0e fc 59 da 86 e4 4f | unwrapped: 8e f7 f5 68 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x55fd4c4e7620 | key-offset: 36, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x55fd4c4ecc80 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398657d8 | result: result-key@0x55fd4c4e7620 (36-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 36 bytes of key@0x55fd4c4e7620 | responder to initiator keys:: symkey-key@0x55fd4c4e7620 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x55fd4c4cfe50 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1713387878: 73 d5 c7 ad 5e ed f7 50 0c e2 1a d6 90 70 d2 eb a8 9a ea 80 af 80 11 08 83 5c 5c d6 4f 04 7f 07 54 be 7b a9 cc 7d 92 fd 32 51 5d c4 c9 f5 ef e8 | responder to initiator keys:: release slot-key-key@0x55fd4c4cfe50 | responder to initiator keys: extracted len 48 bytes at 0x55fd4c446918 | unwrapped: 7e 7b 60 99 dd af de 86 ae 3c a6 d5 05 50 01 17 | unwrapped: 70 44 ed 14 cd 15 15 a1 d5 16 da c6 4a 09 c9 ed | unwrapped: a9 e7 2e 47 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x55fd4c4e7620 | ikev2_derive_child_keys: release keymat-key@0x55fd4c4ecc80 | #1 spent 1.85 milliseconds | install_ipsec_sa() for #2: inbound and outbound | could_route called for aes128 (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn aes128 mark 0/00000000, 0/00000000 vs | conn aes128 mark 0/00000000, 0/00000000 | route owner of "aes128" unrouted: NULL; eroute owner: NULL | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'aes128' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.1e6aea36@192.1.2.23 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'aes128' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.fc438d24@192.1.2.45 included non-error error | priority calculation of connection "aes128" is 0xfe7e7 | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #2: unrouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn aes128 mark 0/00000000, 0/00000000 vs | conn aes128 mark 0/00000000, 0/00000000 | route owner of "aes128" unrouted: NULL; eroute owner: NULL | route_and_eroute with c: aes128 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 | priority calculation of connection "aes128" is 0xfe7e7 | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x1e6aea36 SPI_OUT= | popen cmd is 1025 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west: | cmd( 160):' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+U: | cmd( 640):P+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' : | cmd( 720):PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_D: | cmd( 800):NS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' P: | cmd( 880):LUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SH: | cmd( 960):ARED='no' SPI_IN=0x1e6aea36 SPI_OUT=0xfc438d24 ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | running updown command "ipsec _updown" for verb prepare | command executing prepare-client | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x1e6aea3 | popen cmd is 1030 chars long | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_: | cmd( 80):INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID=': | cmd( 160):@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_C: | cmd( 240):LIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQI: | cmd( 320):D='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUT: | cmd( 400):O_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT: | cmd( 480):_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=: | cmd( 560):'' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+: | cmd( 640):PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMAN: | cmd( 720):ENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_P: | cmd( 800):EER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER=: | cmd( 880):'0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' V: | cmd( 960):TI_SHARED='no' SPI_IN=0x1e6aea36 SPI_OUT=0xfc438d24 ipsec _updown 2>&1: | running updown command "ipsec _updown" for verb route | command executing route-client | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x1e6aea36 SP | popen cmd is 1028 chars long | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_IN: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@w: | cmd( 160):est' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLI: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: | cmd( 320):'16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_: | cmd( 400):PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_M: | cmd( 480):ASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='': | cmd( 560): PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PF: | cmd( 640):S+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANEN: | cmd( 720):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: | cmd( 800):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: | cmd( 880):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: | cmd( 960):_SHARED='no' SPI_IN=0x1e6aea36 SPI_OUT=0xfc438d24 ipsec _updown 2>&1: | route_and_eroute: instance "aes128", setting eroute_owner {spd=0x55fd4c4e85b8,sr=0x55fd4c4e85b8} to #2 (was #0) (newest_ipsec_sa=#0) | #1 spent 1.5 milliseconds in install_ipsec_sa() | inR2: instance aes128[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 | state #2 requesting EVENT_RETRANSMIT to be deleted | #2 STATE_PARENT_I2: retransmits: cleared | libevent_free: release ptr-libevent@0x55fd4c4ee448 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f1620002b78 | #2 spent 3.15 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() | [RE]START processing: state #2 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) | Message ID: updating counters for #2 to 1 after switching state | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 | pstats #2 ikev2.child established "aes128" #2: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] | NAT-T: encaps is 'auto' "aes128" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x1e6aea36 <0xfc438d24 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | releasing whack for #2 (sock=fd@25) | close_any(fd@25) (in release_whack() at state.c:654) | releasing whack and unpending for parent #1 | unpending state #1 connection "aes128" | delete from pending Child SA with 192.1.2.23 "aes128" | removing pending policy for no connection {0x55fd4c4db198} | close_any(fd@24) (in release_whack() at state.c:654) | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x7f1620002b78 | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 | libevent_malloc: new ptr-libevent@0x55fd4c4eae68 size 128 | stop processing: state #2 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #1 spent 3.5 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 3.51 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.0107 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00315 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00287 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | get_sa_info esp.fc438d24@192.1.2.45 | get_sa_info esp.1e6aea36@192.1.2.23 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.059 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | FOR_EACH_STATE_... in shared_phase1_connection | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #2 | suspend processing: connection "aes128" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #2 connection "aes128" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #2 ikev2.child deleted completed | #2 spent 3.15 milliseconds in total | [RE]START processing: state #2 connection "aes128" from 192.1.2.23 (in delete_state() at state.c:879) "aes128" #2: deleting state (STATE_V2_IPSEC_I) aged 0.100s and sending notification | child state #2: V2_IPSEC_I(established CHILD SA) => delete | get_sa_info esp.1e6aea36@192.1.2.23 | get_sa_info esp.fc438d24@192.1.2.45 "aes128" #2: ESP traffic information: in=84B out=84B | #2 send IKEv2 delete notification for STATE_V2_IPSEC_I | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | 7a e4 6e e4 f2 25 1d 04 | responder cookie: | d9 00 2b 22 79 6a 05 0a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting 4 raw bytes of local spis into IKEv2 Delete Payload | local spis fc 43 8d 24 | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 2c 56 c2 b5 2e a4 8e 9a 0c 8e 20 32 d6 d9 97 f0 | data before encryption: | 00 00 00 0c 03 04 00 01 fc 43 8d 24 00 01 02 03 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | be 2d 66 71 33 9b 99 5a 56 2f 3d 60 a7 6a e3 6c | hmac PRF sha init symkey-key@0x55fd4c44c080 (size 20) | hmac: symkey-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39862628 | result: clone-key@0x55fd4c4ecc80 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x55fd4c4e9130 from symkey-key@0x55fd4c4ecc80 | hmac prf: begin sha with context 0x55fd4c4e9130 from symkey-key@0x55fd4c4ecc80 | hmac: release clone-key@0x55fd4c4ecc80 | hmac PRF sha crypt-prf@0x55fd4c4eb258 | hmac PRF sha update data-bytes@0x7ffc39862a00 (length 64) | 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | 2c 56 c2 b5 2e a4 8e 9a 0c 8e 20 32 d6 d9 97 f0 | be 2d 66 71 33 9b 99 5a 56 2f 3d 60 a7 6a e3 6c | hmac PRF sha final-bytes@0x7ffc39862a40 (length 20) | 7f c7 5e 44 09 05 af 32 fa 37 80 44 a2 ec 75 ae | 21 52 74 8e | data being hmac: 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | data being hmac: 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | data being hmac: 2c 56 c2 b5 2e a4 8e 9a 0c 8e 20 32 d6 d9 97 f0 | data being hmac: be 2d 66 71 33 9b 99 5a 56 2f 3d 60 a7 6a e3 6c | out calculated auth: | 7f c7 5e 44 09 05 af 32 fa 37 80 44 | sending 76 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #2) | 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | 2c 56 c2 b5 2e a4 8e 9a 0c 8e 20 32 d6 d9 97 f0 | be 2d 66 71 33 9b 99 5a 56 2f 3d 60 a7 6a e3 6c | 7f c7 5e 44 09 05 af 32 fa 37 80 44 | Message ID: IKE #1 sender #2 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 | Message ID: IKE #1 sender #2 in send_delete hacking around record ' send | Message ID: sent #1 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->2 wip.responder=-1 | state #2 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x55fd4c4eae68 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f1620002b78 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844012' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x1e6aea3 | popen cmd is 1033 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INT: | cmd( 80):ERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@we: | cmd( 160):st' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIE: | cmd( 240):NT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=': | cmd( 320):16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_P: | cmd( 400):EER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MA: | cmd( 480):SK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' : | cmd( 560):PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844012' PLUTO_CONN_POLICY='PSK+ENCRYPT+T: | cmd( 640):UNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PER: | cmd( 720):MANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUT: | cmd( 800):O_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERV: | cmd( 880):ER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no: | cmd( 960):' VTI_SHARED='no' SPI_IN=0x1e6aea36 SPI_OUT=0xfc438d24 ipsec _updown 2>&1: | shunt_eroute() called for connection 'aes128' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "aes128" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.1e6aea36@192.1.2.23 | netlink response for Del SA esp.1e6aea36@192.1.2.23 included non-error error | priority calculation of connection "aes128" is 0xfe7e7 | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | delete esp.fc438d24@192.1.2.45 | netlink response for Del SA esp.fc438d24@192.1.2.45 included non-error error | stop processing: connection "aes128" (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #2 in V2_IPSEC_I | child state #2: V2_IPSEC_I(established CHILD SA) => UNDEFINED(ignore) | stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x55fd4c4d4be0 | delete_state: release st->st_skey_ai_nss-key@0x55fd4c44c080 | delete_state: release st->st_skey_ar_nss-key@0x55fd4c4d3130 | delete_state: release st->st_skey_ei_nss-key@0x55fd4c4d6a20 | delete_state: release st->st_skey_er_nss-key@0x55fd4c4cd5b0 | delete_state: release st->st_skey_pi_nss-key@0x7f161800a0e0 | delete_state: release st->st_skey_pr_nss-key@0x7f161800d840 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #1 | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #1 | start processing: state #1 connection "aes128" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #1 ikev2.ike deleted completed | #1 spent 9.28 milliseconds in total | [RE]START processing: state #1 connection "aes128" from 192.1.2.23 (in delete_state() at state.c:879) "aes128" #1: deleting state (STATE_PARENT_I3) aged 0.115s and sending notification | parent state #1: PARENT_I3(established IKE SA) => delete | #1 send IKEv2 delete notification for STATE_PARENT_I3 | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | 7a e4 6e e4 f2 25 1d 04 | responder cookie: | d9 00 2b 22 79 6a 05 0a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting length of IKEv2 Delete Payload: 8 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 3e ce 86 de e3 59 21 1a 56 d6 6c 1a 20 bc eb 01 | data before encryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | c4 d0 c6 3e 7b 31 8c 89 37 0f fa 85 a2 a4 67 13 | hmac PRF sha init symkey-key@0x55fd4c44c080 (size 20) | hmac: symkey-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39862628 | result: clone-key@0x55fd4c4ecc80 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f1620002b50 from symkey-key@0x55fd4c4ecc80 | hmac prf: begin sha with context 0x7f1620002b50 from symkey-key@0x55fd4c4ecc80 | hmac: release clone-key@0x55fd4c4ecc80 | hmac PRF sha crypt-prf@0x55fd4c4eb208 | hmac PRF sha update data-bytes@0x7ffc39862a00 (length 64) | 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | 3e ce 86 de e3 59 21 1a 56 d6 6c 1a 20 bc eb 01 | c4 d0 c6 3e 7b 31 8c 89 37 0f fa 85 a2 a4 67 13 | hmac PRF sha final-bytes@0x7ffc39862a40 (length 20) | a8 9e 94 6d 36 eb 39 9b 88 55 37 2c d8 38 a4 32 | c5 bb d9 c5 | data being hmac: 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | data being hmac: 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | data being hmac: 3e ce 86 de e3 59 21 1a 56 d6 6c 1a 20 bc eb 01 | data being hmac: c4 d0 c6 3e 7b 31 8c 89 37 0f fa 85 a2 a4 67 13 | out calculated auth: | a8 9e 94 6d 36 eb 39 9b 88 55 37 2c | sending 76 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | 3e ce 86 de e3 59 21 1a 56 d6 6c 1a 20 bc eb 01 | c4 d0 c6 3e 7b 31 8c 89 37 0f fa 85 a2 a4 67 13 | a8 9e 94 6d 36 eb 39 9b 88 55 37 2c | Message ID: IKE #1 sender #1 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 | Message ID: IKE #1 sender #1 in send_delete hacking around record ' send | Message ID: #1 XXX: expecting sender.wip.initiator 2 == -1 - suspect record'n'send out-of-order?); initiator.sent=3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=3 wip.responder=-1 | Message ID: sent #1 request 3; ike: initiator.sent=2->3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=2->3 wip.responder=-1 | state #1 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7f1618005088 | free_event_entry: release EVENT_SA_REKEY-pe@0x55fd4c4e8fe8 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #1 in PARENT_I3 | parent state #1: PARENT_I3(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f1620003a28: destroyed | stop processing: state #1 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x55fd4c4d6640 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x55fd4c4d4be0 | delete_state: release st->st_skey_ai_nss-key@0x55fd4c44c080 | delete_state: release st->st_skey_ar_nss-key@0x55fd4c4d3130 | delete_state: release st->st_skey_ei_nss-key@0x55fd4c4d6a20 | delete_state: release st->st_skey_er_nss-key@0x55fd4c4cd5b0 | delete_state: release st->st_skey_pi_nss-key@0x7f161800a0e0 | delete_state: release st->st_skey_pr_nss-key@0x7f161800d840 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.71 milliseconds in whack | spent 0.00163 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | 4a 8a 72 e7 54 77 c5 40 74 3c da 41 d8 aa 35 fb | 65 fd 1e d1 f6 0c a2 6d 49 56 b7 9c 1a 98 a2 cb | ab 25 82 43 24 79 66 16 0b 1e 14 9c | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 7a e4 6e e4 f2 25 1d 04 | responder cookie: | d9 00 2b 22 79 6a 05 0a | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.045 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00445 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00211 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 7a e4 6e e4 f2 25 1d 04 d9 00 2b 22 79 6a 05 0a | 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | af 11 f3 d8 61 9e a3 d0 14 bf bb 7a e0 78 7a 3f | 43 86 3c 3d c6 29 65 f9 a9 26 38 ba fb b9 77 57 | 34 10 2d 47 a3 53 a3 4f ef 15 b1 b8 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 7a e4 6e e4 f2 25 1d 04 | responder cookie: | d9 00 2b 22 79 6a 05 0a | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0557 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | stop processing: connection "aes128" (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | shunt_eroute() called for connection 'aes128' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "aes128" is 0xfe7e7 | priority calculation of connection "aes128" is 0xfe7e7 | FOR_EACH_CONNECTION_... in route_owner | conn aes128 mark 0/00000000, 0/00000000 vs | conn aes128 mark 0/00000000, 0/00000000 | route owner of "aes128" unrouted: NULL | running updown command "ipsec _updown" for verb unroute | command executing unroute-client | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT | popen cmd is 1014 chars long | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_: | cmd( 80):INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID=': | cmd( 160):@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_C: | cmd( 240):LIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQI: | cmd( 320):D='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLU: | cmd( 400):TO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIEN: | cmd( 480):T_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA: | cmd( 560):='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL: | cmd( 640):+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANEN: | cmd( 720):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: | cmd( 800):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: | cmd( 880):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: | cmd( 960):_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. | free hp@0x55fd4c4e8e78 | flush revival: connection 'aes128' wasn't on the list | stop processing: connection "aes128" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.819 milliseconds in whack | kernel_process_msg_cb process netlink message | netlink_get: XFRM_MSG_UPDPOLICY message | spent 0.00624 milliseconds in kernel message | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00408 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing suppress-retransmits + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0736 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + delete-on-retransmit | base impairing = delete-on-retransmit | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0466 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | ike-key-length-attribute:0 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.287 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection aes128 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x55fd4c4e8e78 added connection description "aes128" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.132 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #3 at 0x55fd4c4ed878 | State DB: adding IKEv2 state #3 in UNDEFINED | pstats #3 ikev2.ike started | Message ID: init #3: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #3: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #3; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #3 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #3 "aes128" "aes128" #3: initiating v2 parent SA | constructing local IKE proposals for aes128 (IKE SA initiator selecting KE) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "aes128": constructed local IKE proposals for aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 3 for state #3 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55fd4c4e8fe8 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 | libevent_malloc: new ptr-libevent@0x55fd4c4f19d8 size 128 | #3 spent 0.116 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #3 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 5 resuming | crypto helper 5 starting work-order 3 for state #3 | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 5 doing build KE and nonce (ikev2_outI1 KE); request ID 3 | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.216 milliseconds in whack | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f161c003a28: created | NSS: Local DH MODP2048 secret (pointer): 0x7f161c003a28 | NSS: Public DH wire value: | 64 5a 91 34 27 0d 26 53 cb f0 fa 8e d7 6e 11 c0 | ad af 22 c2 b2 8c 2c 16 eb 37 62 d0 62 89 c1 bc | 9d a3 ef 7b a0 23 30 17 51 08 8f db 32 d9 d0 62 | ff 67 e2 6f 42 79 08 a7 d6 e9 0d 38 89 57 fc 65 | 15 53 9d 8f ed 44 11 d8 b4 83 29 8d 83 69 7a c9 | d4 4f 18 9a b2 0c cf 23 f2 31 1e 0e 00 48 60 53 | 17 fe 2f 94 9e f1 ae 27 fa 1f 1f 14 2f 1b c6 c3 | c1 37 33 19 3d 5d 3f b8 ae cc 29 32 fc 16 cf 1a | 77 60 15 48 0a 1e 8c 2f 5e 87 d2 ad 2a 14 fe 19 | e9 ff c8 e7 6a 8f f3 0f 24 42 ff 50 9c 8b fb 08 | e1 4b 60 74 a9 77 d9 12 8e bd e9 ee 7a cb 21 58 | ed 0e 19 25 dd de 2c 5c 43 17 c0 57 2c 4e 01 dd | 44 9f f3 ce 21 24 06 d5 99 8e bc 82 0e 54 a0 45 | 8d 26 27 e6 95 c1 db 38 7c 63 ab b1 e2 4f 45 ef | c1 f1 57 a6 a2 c7 ac d7 88 88 94 18 24 35 2a 18 | 95 07 3a 49 2f 84 42 7f ea 0f 9a 37 52 7d 8f c8 | Generated nonce: 81 51 26 a2 56 b8 2f a3 ce 8f f7 ed b4 70 a4 d6 | Generated nonce: 13 6e 98 a0 1e 2c e2 14 bc b1 2a c4 17 d3 82 05 | crypto helper 5 finished build KE and nonce (ikev2_outI1 KE); request ID 3 time elapsed 0.000696 seconds | (#3) spent 0.664 milliseconds in crypto helper computing work-order 3: ikev2_outI1 KE (pcr) | crypto helper 5 sending results from work-order 3 for state #3 to event queue | scheduling resume sending helper answer for #3 | libevent_malloc: new ptr-libevent@0x7f161c002888 size 128 | crypto helper 5 waiting (nothing to do) | processing resume sending helper answer for #3 | start processing: state #3 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 5 replies to request ID 3 | calling continuation function 0x55fd4bceeb50 | ikev2_parent_outI1_continue for #3 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f161c003a28: transferring ownership from helper KE to state #3 | **emit ISAKMP Message: | initiator cookie: | 82 28 3e ad e8 c3 cf fc | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #3: IMPAIR: emitting fixed-length key-length attribute with 0 key | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 0 (0x0) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 64 5a 91 34 27 0d 26 53 cb f0 fa 8e d7 6e 11 c0 | ikev2 g^x ad af 22 c2 b2 8c 2c 16 eb 37 62 d0 62 89 c1 bc | ikev2 g^x 9d a3 ef 7b a0 23 30 17 51 08 8f db 32 d9 d0 62 | ikev2 g^x ff 67 e2 6f 42 79 08 a7 d6 e9 0d 38 89 57 fc 65 | ikev2 g^x 15 53 9d 8f ed 44 11 d8 b4 83 29 8d 83 69 7a c9 | ikev2 g^x d4 4f 18 9a b2 0c cf 23 f2 31 1e 0e 00 48 60 53 | ikev2 g^x 17 fe 2f 94 9e f1 ae 27 fa 1f 1f 14 2f 1b c6 c3 | ikev2 g^x c1 37 33 19 3d 5d 3f b8 ae cc 29 32 fc 16 cf 1a | ikev2 g^x 77 60 15 48 0a 1e 8c 2f 5e 87 d2 ad 2a 14 fe 19 | ikev2 g^x e9 ff c8 e7 6a 8f f3 0f 24 42 ff 50 9c 8b fb 08 | ikev2 g^x e1 4b 60 74 a9 77 d9 12 8e bd e9 ee 7a cb 21 58 | ikev2 g^x ed 0e 19 25 dd de 2c 5c 43 17 c0 57 2c 4e 01 dd | ikev2 g^x 44 9f f3 ce 21 24 06 d5 99 8e bc 82 0e 54 a0 45 | ikev2 g^x 8d 26 27 e6 95 c1 db 38 7c 63 ab b1 e2 4f 45 ef | ikev2 g^x c1 f1 57 a6 a2 c7 ac d7 88 88 94 18 24 35 2a 18 | ikev2 g^x 95 07 3a 49 2f 84 42 7f ea 0f 9a 37 52 7d 8f c8 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 81 51 26 a2 56 b8 2f a3 ce 8f f7 ed b4 70 a4 d6 | IKEv2 nonce 13 6e 98 a0 1e 2c e2 14 bc b1 2a c4 17 d3 82 05 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865e90 (length 8) | 82 28 3e ad e8 c3 cf fc | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865e98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffc39865dc4 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffc39865db6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865e40 (length 20) | e3 ab 2b 67 ca 42 39 5e d9 b8 2f 5d 45 c9 57 7c | 3c 30 eb 47 | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= 82 28 3e ad e8 c3 cf fc | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= e3 ab 2b 67 ca 42 39 5e d9 b8 2f 5d 45 c9 57 7c | natd_hash: hash= 3c 30 eb 47 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data e3 ab 2b 67 ca 42 39 5e d9 b8 2f 5d 45 c9 57 7c | Notify data 3c 30 eb 47 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865e90 (length 8) | 82 28 3e ad e8 c3 cf fc | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865e98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffc39865dc4 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffc39865db6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865e40 (length 20) | 1f a0 f3 4e fa e4 4b c4 99 b6 cb 89 5a 50 26 78 | 0a 97 a7 20 | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= 82 28 3e ad e8 c3 cf fc | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 1f a0 f3 4e fa e4 4b c4 99 b6 cb 89 5a 50 26 78 | natd_hash: hash= 0a 97 a7 20 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 1f a0 f3 4e fa e4 4b c4 99 b6 cb 89 5a 50 26 78 | Notify data 0a 97 a7 20 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #3 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #3 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #3 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #3: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #3 to 4294967295 after switching state | Message ID: IKE #3 skipping update_recv as MD is fake | Message ID: sent #3 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #3: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #3) | 82 28 3e ad e8 c3 cf fc 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 64 5a 91 34 27 0d 26 53 cb f0 fa 8e | d7 6e 11 c0 ad af 22 c2 b2 8c 2c 16 eb 37 62 d0 | 62 89 c1 bc 9d a3 ef 7b a0 23 30 17 51 08 8f db | 32 d9 d0 62 ff 67 e2 6f 42 79 08 a7 d6 e9 0d 38 | 89 57 fc 65 15 53 9d 8f ed 44 11 d8 b4 83 29 8d | 83 69 7a c9 d4 4f 18 9a b2 0c cf 23 f2 31 1e 0e | 00 48 60 53 17 fe 2f 94 9e f1 ae 27 fa 1f 1f 14 | 2f 1b c6 c3 c1 37 33 19 3d 5d 3f b8 ae cc 29 32 | fc 16 cf 1a 77 60 15 48 0a 1e 8c 2f 5e 87 d2 ad | 2a 14 fe 19 e9 ff c8 e7 6a 8f f3 0f 24 42 ff 50 | 9c 8b fb 08 e1 4b 60 74 a9 77 d9 12 8e bd e9 ee | 7a cb 21 58 ed 0e 19 25 dd de 2c 5c 43 17 c0 57 | 2c 4e 01 dd 44 9f f3 ce 21 24 06 d5 99 8e bc 82 | 0e 54 a0 45 8d 26 27 e6 95 c1 db 38 7c 63 ab b1 | e2 4f 45 ef c1 f1 57 a6 a2 c7 ac d7 88 88 94 18 | 24 35 2a 18 95 07 3a 49 2f 84 42 7f ea 0f 9a 37 | 52 7d 8f c8 29 00 00 24 81 51 26 a2 56 b8 2f a3 | ce 8f f7 ed b4 70 a4 d6 13 6e 98 a0 1e 2c e2 14 | bc b1 2a c4 17 d3 82 05 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 e3 ab 2b 67 ca 42 39 5e | d9 b8 2f 5d 45 c9 57 7c 3c 30 eb 47 00 00 00 1c | 00 00 40 05 1f a0 f3 4e fa e4 4b c4 99 b6 cb 89 | 5a 50 26 78 0a 97 a7 20 | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55fd4c4f19d8 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55fd4c4e8fe8 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x55fd4c4e8fe8 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #3 | libevent_malloc: new ptr-libevent@0x55fd4c4ee448 size 128 | #3 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29298.596931 | resume sending helper answer for #3 suppresed complete_v2_state_transition() and stole MD | #3 spent 0.543 milliseconds in resume sending helper answer | stop processing: state #3 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f161c002888 | spent 0.002 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 82 28 3e ad e8 c3 cf fc 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 82 28 3e ad e8 c3 cf fc | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #3 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #3 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #3 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #3 is idle | #3 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #3 IKE SPIi and SPI[ir] | #3 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "aes128" #3: STATE_PARENT_I1: received unauthenticated v2N_NO_PROPOSAL_CHOSEN - ignored | #3 spent 0.00858 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #3 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #3 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #3 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #3 spent 0.169 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.18 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x55fd4c4e8fe8 | handling event EVENT_RETRANSMIT for parent state #3 | start processing: state #3 connection "aes128" from 192.1.2.23 (in timer_event_cb() at timer.c:250) | IKEv2 retransmit event | [RE]START processing: state #3 connection "aes128" from 192.1.2.23 (in retransmit_v2_msg() at retry.c:144) | handling event EVENT_RETRANSMIT for 192.1.2.23 "aes128" #3 attempt 2 of 0 | and parent for 192.1.2.23 "aes128" #3 keying attempt 1 of 0; retransmit 1 "aes128" #3: IMPAIR: retransmit so deleting SA | maximum number of keyingtries reached - deleting state | [RE]START processing: state #3 connection "aes128" from 192.1.2.23 (in retransmit_v2_msg() at retry.c:234) | pstats #3 ikev2.ike failed too-many-retransmits | pstats #3 ikev2.ike deleted too-many-retransmits | #3 spent 1.49 milliseconds in total | [RE]START processing: state #3 connection "aes128" from 192.1.2.23 (in delete_state() at state.c:879) "aes128" #3: deleting state (STATE_PARENT_I1) aged 0.501s and NOT sending notification | parent state #3: PARENT_I1(half-open IKE SA) => delete | in connection_discard for connection aes128 | close_any(fd@25) (in delete_pending() at pending.c:244) | removing pending policy for "aes128" {0x55fd4c4db198} | State DB: IKEv2 state not found (flush_incomplete_children) | picked newest_isakmp_sa #0 for #3 "aes128" #3: deleting IKE SA for connection 'aes128' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS | add revival: connection 'aes128' added to the list and scheduled for 0 seconds | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #3 in PARENT_I1 | parent state #3: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | close_any(fd@24) (in release_whack() at state.c:654) | DH secret MODP2048@0x7f161c003a28: destroyed | stop processing: state #3 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | libevent_free: release ptr-libevent@0x55fd4c4ee448 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55fd4c4e8fe8 | in statetime_stop() and could not find #3 | processing: STOP state #0 (in timer_event_cb() at timer.c:557) | processing global timer EVENT_REVIVE_CONNS Initiating connection aes128 which received a Delete/Notify but must remain up per local policy | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #4 at 0x55fd4c4ed878 | State DB: adding IKEv2 state #4 in UNDEFINED | pstats #4 ikev2.ike started | Message ID: init #4: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #4: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #4; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #4 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #4 "aes128" "aes128" #4: initiating v2 parent SA | using existing local IKE proposals for connection aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 4 for state #4 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55fd4c4e8fe8 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 | libevent_malloc: new ptr-libevent@0x7f161c002888 size 128 | #4 spent 0.0817 milliseconds in ikev2_parent_outI1() | RESET processing: state #4 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 6 resuming | crypto helper 6 starting work-order 4 for state #4 | crypto helper 6 doing build KE and nonce (ikev2_outI1 KE); request ID 4 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | spent 0.108 milliseconds in global timer EVENT_REVIVE_CONNS | DH secret MODP2048@0x7f1610003a28: created | NSS: Local DH MODP2048 secret (pointer): 0x7f1610003a28 | NSS: Public DH wire value: | 9c a6 dd 9e c8 95 98 dc 1c 6a 80 4a fd 4a 55 b8 | 3a bc d8 4d 4d 48 13 80 9b b4 02 b1 68 95 64 26 | 75 92 fa 3e 3a c9 4b b0 9a 77 49 2a 9e 66 f4 9b | 2f 39 2d 2c 16 3a 88 84 74 d1 31 41 db 0a c9 61 | 67 95 31 be 32 9a 88 12 bf 7d e2 ab 09 a0 c6 08 | 9f b9 9f 4a 4c 69 ca b2 91 22 ba ef 2d cf 6a 99 | 78 64 7b ba 31 dd 00 e4 73 58 23 02 cc 63 f0 71 | 14 a2 2e 41 06 2f 39 e6 47 3e 94 ec a7 36 92 ef | 51 b8 d8 12 8a 24 db bf e3 35 2f 79 bb 9a 0e b3 | dd 48 e2 e3 8c 34 a6 13 9f 85 fe a8 2b d6 0d c5 | 2d 1d a7 b2 9f 56 04 16 33 42 6d ad b1 41 b2 d5 | 84 86 33 c5 3f 4a 47 4c 34 7c 2b 04 72 fb 83 0c | f1 4d 68 34 34 ab 97 b0 cb 90 9f 8a bd 40 e2 8a | 07 02 a3 bf 7c 9d b9 79 a4 7e e7 19 56 97 7e a3 | e3 0e da 44 39 c9 77 bc b7 a1 e8 3a e7 5e 0d 81 | ae 17 d6 e2 a7 ca 5f 70 c5 06 14 e5 63 01 56 1c | Generated nonce: 08 86 d4 5d c3 57 77 6d 33 69 89 67 2f 87 00 0c | Generated nonce: 2c 23 cd 62 e7 3e ad 2f 2f 86 e4 21 76 31 07 a6 | crypto helper 6 finished build KE and nonce (ikev2_outI1 KE); request ID 4 time elapsed 0.000976 seconds | (#4) spent 0.963 milliseconds in crypto helper computing work-order 4: ikev2_outI1 KE (pcr) | crypto helper 6 sending results from work-order 4 for state #4 to event queue | scheduling resume sending helper answer for #4 | libevent_malloc: new ptr-libevent@0x7f1610002888 size 128 | crypto helper 6 waiting (nothing to do) | processing resume sending helper answer for #4 | start processing: state #4 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 6 replies to request ID 4 | calling continuation function 0x55fd4bceeb50 | ikev2_parent_outI1_continue for #4 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f1610003a28: transferring ownership from helper KE to state #4 | **emit ISAKMP Message: | initiator cookie: | 03 43 05 7a 31 c6 33 e9 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #4: IMPAIR: emitting fixed-length key-length attribute with 0 key | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 0 (0x0) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 9c a6 dd 9e c8 95 98 dc 1c 6a 80 4a fd 4a 55 b8 | ikev2 g^x 3a bc d8 4d 4d 48 13 80 9b b4 02 b1 68 95 64 26 | ikev2 g^x 75 92 fa 3e 3a c9 4b b0 9a 77 49 2a 9e 66 f4 9b | ikev2 g^x 2f 39 2d 2c 16 3a 88 84 74 d1 31 41 db 0a c9 61 | ikev2 g^x 67 95 31 be 32 9a 88 12 bf 7d e2 ab 09 a0 c6 08 | ikev2 g^x 9f b9 9f 4a 4c 69 ca b2 91 22 ba ef 2d cf 6a 99 | ikev2 g^x 78 64 7b ba 31 dd 00 e4 73 58 23 02 cc 63 f0 71 | ikev2 g^x 14 a2 2e 41 06 2f 39 e6 47 3e 94 ec a7 36 92 ef | ikev2 g^x 51 b8 d8 12 8a 24 db bf e3 35 2f 79 bb 9a 0e b3 | ikev2 g^x dd 48 e2 e3 8c 34 a6 13 9f 85 fe a8 2b d6 0d c5 | ikev2 g^x 2d 1d a7 b2 9f 56 04 16 33 42 6d ad b1 41 b2 d5 | ikev2 g^x 84 86 33 c5 3f 4a 47 4c 34 7c 2b 04 72 fb 83 0c | ikev2 g^x f1 4d 68 34 34 ab 97 b0 cb 90 9f 8a bd 40 e2 8a | ikev2 g^x 07 02 a3 bf 7c 9d b9 79 a4 7e e7 19 56 97 7e a3 | ikev2 g^x e3 0e da 44 39 c9 77 bc b7 a1 e8 3a e7 5e 0d 81 | ikev2 g^x ae 17 d6 e2 a7 ca 5f 70 c5 06 14 e5 63 01 56 1c | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 08 86 d4 5d c3 57 77 6d 33 69 89 67 2f 87 00 0c | IKEv2 nonce 2c 23 cd 62 e7 3e ad 2f 2f 86 e4 21 76 31 07 a6 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865e90 (length 8) | 03 43 05 7a 31 c6 33 e9 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865e98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffc39865dc4 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffc39865db6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865e40 (length 20) | 69 5a 9d 9e 4c 35 b6 47 1e 52 bd 10 06 2f b9 7e | de 7d 0b ed | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= 03 43 05 7a 31 c6 33 e9 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 69 5a 9d 9e 4c 35 b6 47 1e 52 bd 10 06 2f b9 7e | natd_hash: hash= de 7d 0b ed | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 69 5a 9d 9e 4c 35 b6 47 1e 52 bd 10 06 2f b9 7e | Notify data de 7d 0b ed | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865e90 (length 8) | 03 43 05 7a 31 c6 33 e9 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865e98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffc39865dc4 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffc39865db6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865e40 (length 20) | 79 5e 49 5c 9b 6d bd 4d 3b d5 a7 a1 4d d6 f4 8c | 82 98 ec 4f | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= 03 43 05 7a 31 c6 33 e9 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 79 5e 49 5c 9b 6d bd 4d 3b d5 a7 a1 4d d6 f4 8c | natd_hash: hash= 82 98 ec 4f | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 79 5e 49 5c 9b 6d bd 4d 3b d5 a7 a1 4d d6 f4 8c | Notify data 82 98 ec 4f | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #4 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #4 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #4 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #4: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #4 to 4294967295 after switching state | Message ID: IKE #4 skipping update_recv as MD is fake | Message ID: sent #4 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #4: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #4) | 03 43 05 7a 31 c6 33 e9 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 9c a6 dd 9e c8 95 98 dc 1c 6a 80 4a | fd 4a 55 b8 3a bc d8 4d 4d 48 13 80 9b b4 02 b1 | 68 95 64 26 75 92 fa 3e 3a c9 4b b0 9a 77 49 2a | 9e 66 f4 9b 2f 39 2d 2c 16 3a 88 84 74 d1 31 41 | db 0a c9 61 67 95 31 be 32 9a 88 12 bf 7d e2 ab | 09 a0 c6 08 9f b9 9f 4a 4c 69 ca b2 91 22 ba ef | 2d cf 6a 99 78 64 7b ba 31 dd 00 e4 73 58 23 02 | cc 63 f0 71 14 a2 2e 41 06 2f 39 e6 47 3e 94 ec | a7 36 92 ef 51 b8 d8 12 8a 24 db bf e3 35 2f 79 | bb 9a 0e b3 dd 48 e2 e3 8c 34 a6 13 9f 85 fe a8 | 2b d6 0d c5 2d 1d a7 b2 9f 56 04 16 33 42 6d ad | b1 41 b2 d5 84 86 33 c5 3f 4a 47 4c 34 7c 2b 04 | 72 fb 83 0c f1 4d 68 34 34 ab 97 b0 cb 90 9f 8a | bd 40 e2 8a 07 02 a3 bf 7c 9d b9 79 a4 7e e7 19 | 56 97 7e a3 e3 0e da 44 39 c9 77 bc b7 a1 e8 3a | e7 5e 0d 81 ae 17 d6 e2 a7 ca 5f 70 c5 06 14 e5 | 63 01 56 1c 29 00 00 24 08 86 d4 5d c3 57 77 6d | 33 69 89 67 2f 87 00 0c 2c 23 cd 62 e7 3e ad 2f | 2f 86 e4 21 76 31 07 a6 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 69 5a 9d 9e 4c 35 b6 47 | 1e 52 bd 10 06 2f b9 7e de 7d 0b ed 00 00 00 1c | 00 00 40 05 79 5e 49 5c 9b 6d bd 4d 3b d5 a7 a1 | 4d d6 f4 8c 82 98 ec 4f | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f161c002888 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55fd4c4e8fe8 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x55fd4c4e8fe8 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #4 | libevent_malloc: new ptr-libevent@0x55fd4c4ee448 size 128 | #4 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29299.09856 | resume sending helper answer for #4 suppresed complete_v2_state_transition() and stole MD | #4 spent 0.483 milliseconds in resume sending helper answer | stop processing: state #4 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f1610002888 | spent 0.00227 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 03 43 05 7a 31 c6 33 e9 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 03 43 05 7a 31 c6 33 e9 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #4 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #4 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #4 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #4 is idle | #4 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #4 IKE SPIi and SPI[ir] | #4 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "aes128" #4: STATE_PARENT_I1: received unauthenticated v2N_NO_PROPOSAL_CHOSEN - ignored | #4 spent 0.00378 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #4 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #4 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #4 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #4 spent 0.109 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.122 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0429 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | removing pending policy for no connection {0x55fd4c4db198} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #4 | suspend processing: connection "aes128" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #4 connection "aes128" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #4 ikev2.ike deleted other | #4 spent 1.64 milliseconds in total | [RE]START processing: state #4 connection "aes128" from 192.1.2.23 (in delete_state() at state.c:879) "aes128" #4: deleting state (STATE_PARENT_I1) aged 0.015s and NOT sending notification | parent state #4: PARENT_I1(half-open IKE SA) => delete | state #4 requesting EVENT_RETRANSMIT to be deleted | #4 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x55fd4c4ee448 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55fd4c4e8fe8 | State DB: IKEv2 state not found (flush_incomplete_children) | stop processing: connection "aes128" (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #4 in PARENT_I1 | parent state #4: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f1610003a28: destroyed | stop processing: state #4 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x55fd4c4e8e78 | flush revival: connection 'aes128' wasn't on the list | stop processing: connection "aes128" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.206 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | ike-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.061 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + delete-on-retransmit | base impairing = delete-on-retransmit | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0481 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | child-key-length-attribute:0 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0509 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection aes128 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x55fd4c4e8e78 added connection description "aes128" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.142 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #5 at 0x55fd4c4ed878 | State DB: adding IKEv2 state #5 in UNDEFINED | pstats #5 ikev2.ike started | Message ID: init #5: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #5: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #5; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #5 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #5 "aes128" "aes128" #5: initiating v2 parent SA | constructing local IKE proposals for aes128 (IKE SA initiator selecting KE) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "aes128": constructed local IKE proposals for aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 5 for state #5 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55fd4c4e8fe8 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 | libevent_malloc: new ptr-libevent@0x7f1610002888 size 128 | crypto helper 2 resuming | crypto helper 2 starting work-order 5 for state #5 | crypto helper 2 doing build KE and nonce (ikev2_outI1 KE); request ID 5 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f1614003a28: created | NSS: Local DH MODP2048 secret (pointer): 0x7f1614003a28 | NSS: Public DH wire value: | 76 25 40 60 88 f0 91 4a 25 73 cf 71 42 3d 73 01 | 73 5d 31 8e 30 3d 99 e6 3f 06 ac c2 24 de a3 0b | 4c 6c 05 61 3a b7 0a 27 8b d7 75 f2 a7 a1 64 fa | 2a 65 e3 a3 ef da 3e 80 fe 85 53 b5 af eb bb 4f | 41 66 77 26 3f 5d 7f 1b 7b 36 28 fe 25 73 f2 c2 | 52 ea a5 d6 66 05 87 d9 0a 1c c8 3d 47 ae 33 78 | 3e 14 a6 ed a8 1d 52 26 cd 5b a0 02 89 bc fb 14 | e1 08 ec 82 ac 14 b7 e4 92 83 83 6f 6e 2a 18 9a | 40 25 fd 0f 5b 16 1e 57 e9 59 17 80 7d 2b 12 65 | 27 9e bc 56 15 62 0d 2a 4e 89 f6 8d 11 43 c7 fa | ed 55 72 49 54 6a 5c c0 0e 5d d7 38 b3 b7 8c df | c4 90 5b cf 5c 40 42 28 22 5f 6d 18 b3 93 b0 ee | 4a cd 42 f4 ee 0f 83 7e 93 b5 11 83 6d e0 9c 22 | 9b ad a2 54 33 7b 6c e8 98 e5 28 b9 25 6f cc ac | 74 11 86 c2 53 ab 8a 19 ce 40 92 bc 7f bc 42 37 | 8c 7b 4a 28 59 4a 12 12 bc 42 a6 e1 c5 0c 75 c0 | Generated nonce: 56 45 09 29 a3 ec b6 99 2e ae d5 79 53 4a 0c 25 | Generated nonce: 6f f7 0b 53 ad c4 ce c5 f5 f9 8b d9 b1 ad 5a 15 | crypto helper 2 finished build KE and nonce (ikev2_outI1 KE); request ID 5 time elapsed 0.001068 seconds | (#5) spent 1.06 milliseconds in crypto helper computing work-order 5: ikev2_outI1 KE (pcr) | crypto helper 2 sending results from work-order 5 for state #5 to event queue | scheduling resume sending helper answer for #5 | libevent_malloc: new ptr-libevent@0x7f1614002888 size 128 | crypto helper 2 waiting (nothing to do) | #5 spent 0.11 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #5 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.172 milliseconds in whack | processing resume sending helper answer for #5 | start processing: state #5 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 2 replies to request ID 5 | calling continuation function 0x55fd4bceeb50 | ikev2_parent_outI1_continue for #5 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f1614003a28: transferring ownership from helper KE to state #5 | **emit ISAKMP Message: | initiator cookie: | 26 fd 91 00 6e 77 b5 b1 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 76 25 40 60 88 f0 91 4a 25 73 cf 71 42 3d 73 01 | ikev2 g^x 73 5d 31 8e 30 3d 99 e6 3f 06 ac c2 24 de a3 0b | ikev2 g^x 4c 6c 05 61 3a b7 0a 27 8b d7 75 f2 a7 a1 64 fa | ikev2 g^x 2a 65 e3 a3 ef da 3e 80 fe 85 53 b5 af eb bb 4f | ikev2 g^x 41 66 77 26 3f 5d 7f 1b 7b 36 28 fe 25 73 f2 c2 | ikev2 g^x 52 ea a5 d6 66 05 87 d9 0a 1c c8 3d 47 ae 33 78 | ikev2 g^x 3e 14 a6 ed a8 1d 52 26 cd 5b a0 02 89 bc fb 14 | ikev2 g^x e1 08 ec 82 ac 14 b7 e4 92 83 83 6f 6e 2a 18 9a | ikev2 g^x 40 25 fd 0f 5b 16 1e 57 e9 59 17 80 7d 2b 12 65 | ikev2 g^x 27 9e bc 56 15 62 0d 2a 4e 89 f6 8d 11 43 c7 fa | ikev2 g^x ed 55 72 49 54 6a 5c c0 0e 5d d7 38 b3 b7 8c df | ikev2 g^x c4 90 5b cf 5c 40 42 28 22 5f 6d 18 b3 93 b0 ee | ikev2 g^x 4a cd 42 f4 ee 0f 83 7e 93 b5 11 83 6d e0 9c 22 | ikev2 g^x 9b ad a2 54 33 7b 6c e8 98 e5 28 b9 25 6f cc ac | ikev2 g^x 74 11 86 c2 53 ab 8a 19 ce 40 92 bc 7f bc 42 37 | ikev2 g^x 8c 7b 4a 28 59 4a 12 12 bc 42 a6 e1 c5 0c 75 c0 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 56 45 09 29 a3 ec b6 99 2e ae d5 79 53 4a 0c 25 | IKEv2 nonce 6f f7 0b 53 ad c4 ce c5 f5 f9 8b d9 b1 ad 5a 15 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865e90 (length 8) | 26 fd 91 00 6e 77 b5 b1 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865e98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffc39865dc4 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffc39865db6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865e40 (length 20) | 45 a7 e4 78 31 16 fa fe 01 bd e3 af 4d 54 92 4f | f0 57 65 c9 | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= 26 fd 91 00 6e 77 b5 b1 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 45 a7 e4 78 31 16 fa fe 01 bd e3 af 4d 54 92 4f | natd_hash: hash= f0 57 65 c9 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 45 a7 e4 78 31 16 fa fe 01 bd e3 af 4d 54 92 4f | Notify data f0 57 65 c9 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865e90 (length 8) | 26 fd 91 00 6e 77 b5 b1 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865e98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffc39865dc4 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffc39865db6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865e40 (length 20) | 5c 18 0e 7e 7d d0 ec 68 7f 98 d2 e1 4a 4d bf 5f | e4 2b e9 1a | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= 26 fd 91 00 6e 77 b5 b1 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 5c 18 0e 7e 7d d0 ec 68 7f 98 d2 e1 4a 4d bf 5f | natd_hash: hash= e4 2b e9 1a | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 5c 18 0e 7e 7d d0 ec 68 7f 98 d2 e1 4a 4d bf 5f | Notify data e4 2b e9 1a | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #5 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #5 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #5 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #5: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #5 to 4294967295 after switching state | Message ID: IKE #5 skipping update_recv as MD is fake | Message ID: sent #5 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #5: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #5) | 26 fd 91 00 6e 77 b5 b1 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 76 25 40 60 88 f0 91 4a 25 73 cf 71 | 42 3d 73 01 73 5d 31 8e 30 3d 99 e6 3f 06 ac c2 | 24 de a3 0b 4c 6c 05 61 3a b7 0a 27 8b d7 75 f2 | a7 a1 64 fa 2a 65 e3 a3 ef da 3e 80 fe 85 53 b5 | af eb bb 4f 41 66 77 26 3f 5d 7f 1b 7b 36 28 fe | 25 73 f2 c2 52 ea a5 d6 66 05 87 d9 0a 1c c8 3d | 47 ae 33 78 3e 14 a6 ed a8 1d 52 26 cd 5b a0 02 | 89 bc fb 14 e1 08 ec 82 ac 14 b7 e4 92 83 83 6f | 6e 2a 18 9a 40 25 fd 0f 5b 16 1e 57 e9 59 17 80 | 7d 2b 12 65 27 9e bc 56 15 62 0d 2a 4e 89 f6 8d | 11 43 c7 fa ed 55 72 49 54 6a 5c c0 0e 5d d7 38 | b3 b7 8c df c4 90 5b cf 5c 40 42 28 22 5f 6d 18 | b3 93 b0 ee 4a cd 42 f4 ee 0f 83 7e 93 b5 11 83 | 6d e0 9c 22 9b ad a2 54 33 7b 6c e8 98 e5 28 b9 | 25 6f cc ac 74 11 86 c2 53 ab 8a 19 ce 40 92 bc | 7f bc 42 37 8c 7b 4a 28 59 4a 12 12 bc 42 a6 e1 | c5 0c 75 c0 29 00 00 24 56 45 09 29 a3 ec b6 99 | 2e ae d5 79 53 4a 0c 25 6f f7 0b 53 ad c4 ce c5 | f5 f9 8b d9 b1 ad 5a 15 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 45 a7 e4 78 31 16 fa fe | 01 bd e3 af 4d 54 92 4f f0 57 65 c9 00 00 00 1c | 00 00 40 05 5c 18 0e 7e 7d d0 ec 68 7f 98 d2 e1 | 4a 4d bf 5f e4 2b e9 1a | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f1610002888 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55fd4c4e8fe8 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x55fd4c4e8fe8 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #5 | libevent_malloc: new ptr-libevent@0x55fd4c4ee448 size 128 | #5 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29299.468617 | resume sending helper answer for #5 suppresed complete_v2_state_transition() and stole MD | #5 spent 0.482 milliseconds in resume sending helper answer | stop processing: state #5 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f1614002888 | spent 0.00276 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 26 fd 91 00 6e 77 b5 b1 21 84 58 56 c8 5b a4 f1 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 a7 c3 4b 5e cf 59 0f d4 54 4d 31 1e | db 41 7b 06 85 78 e0 f6 eb 96 b8 92 8d 7e a3 d2 | d3 a6 5c 5c 32 c0 19 bf 12 7f 14 15 e6 dc 4a 4e | 72 de e1 1c 45 e2 f8 c7 6d 87 28 a8 5e cb 24 08 | 68 56 0f 84 8d f1 0c ce dd b7 3f 95 0c 51 96 ae | 06 45 2a 11 6f dd 8a f9 8a 67 a9 00 25 b9 00 03 | ba c7 a9 55 e8 39 f9 78 59 b1 d5 09 76 64 9c 39 | 61 d5 62 74 15 38 53 ae b4 63 7a 95 ab 50 58 9b | f9 de 7c 82 5b 3d d9 9a a0 6e 4a e1 1d dd 6b 12 | 14 2c c6 33 18 8b 50 88 d3 10 5f df e2 b6 93 cf | 33 14 1e 1d 09 c3 15 36 fa c3 05 c1 a9 09 9d 2c | ae c2 4b 64 08 67 10 92 5a dd 26 87 2f 22 86 bc | 30 67 fa 8d 91 92 a1 a3 65 af 5e 72 6d 6a 59 c9 | 59 8e e7 c6 d7 71 15 3e b7 2e 8c 25 8f 61 c5 5e | eb b9 76 ce 8e 0e d9 09 8d 42 78 d3 5b 8e ac 4c | cd 48 c2 0d 2a 95 fd 58 3e 44 ae fc 23 ab 8e af | 0b fa 0c 6c 29 00 00 24 8d 5a 72 e2 b7 f4 83 ec | 25 06 0c 51 30 66 64 f6 98 0f 71 31 55 8b 3e 11 | 2b ef 04 ec a4 c2 0f 26 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 8b 4d 51 cd 49 d8 d4 bd | e2 ec cd 5b 65 a4 b1 9d f8 81 a5 0f 00 00 00 1c | 00 00 40 05 6b 3a 6e 4f ad db ef 57 0b 07 89 fc | 76 30 00 24 42 09 04 41 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 26 fd 91 00 6e 77 b5 b1 | responder cookie: | 21 84 58 56 c8 5b a4 f1 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #5 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #5 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #5 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #5 is idle | #5 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | State DB: re-hashing IKEv2 state #5 IKE SPIi and SPI[ir] | #5 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | DH public value received: | a7 c3 4b 5e cf 59 0f d4 54 4d 31 1e db 41 7b 06 | 85 78 e0 f6 eb 96 b8 92 8d 7e a3 d2 d3 a6 5c 5c | 32 c0 19 bf 12 7f 14 15 e6 dc 4a 4e 72 de e1 1c | 45 e2 f8 c7 6d 87 28 a8 5e cb 24 08 68 56 0f 84 | 8d f1 0c ce dd b7 3f 95 0c 51 96 ae 06 45 2a 11 | 6f dd 8a f9 8a 67 a9 00 25 b9 00 03 ba c7 a9 55 | e8 39 f9 78 59 b1 d5 09 76 64 9c 39 61 d5 62 74 | 15 38 53 ae b4 63 7a 95 ab 50 58 9b f9 de 7c 82 | 5b 3d d9 9a a0 6e 4a e1 1d dd 6b 12 14 2c c6 33 | 18 8b 50 88 d3 10 5f df e2 b6 93 cf 33 14 1e 1d | 09 c3 15 36 fa c3 05 c1 a9 09 9d 2c ae c2 4b 64 | 08 67 10 92 5a dd 26 87 2f 22 86 bc 30 67 fa 8d | 91 92 a1 a3 65 af 5e 72 6d 6a 59 c9 59 8e e7 c6 | d7 71 15 3e b7 2e 8c 25 8f 61 c5 5e eb b9 76 ce | 8e 0e d9 09 8d 42 78 d3 5b 8e ac 4c cd 48 c2 0d | 2a 95 fd 58 3e 44 ae fc 23 ab 8e af 0b fa 0c 6c | using existing local IKE proposals for connection aes128 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE initiator (accepting) 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865950 (length 8) | 26 fd 91 00 6e 77 b5 b1 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865958 (length 8) | 21 84 58 56 c8 5b a4 f1 | NATD hash sha digest IP addr-bytes@0x7ffc398658e4 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffc398658d6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865960 (length 20) | 6b 3a 6e 4f ad db ef 57 0b 07 89 fc 76 30 00 24 | 42 09 04 41 | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= 26 fd 91 00 6e 77 b5 b1 | natd_hash: rcookie= 21 84 58 56 c8 5b a4 f1 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 6b 3a 6e 4f ad db ef 57 0b 07 89 fc 76 30 00 24 | natd_hash: hash= 42 09 04 41 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865950 (length 8) | 26 fd 91 00 6e 77 b5 b1 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865958 (length 8) | 21 84 58 56 c8 5b a4 f1 | NATD hash sha digest IP addr-bytes@0x7ffc398658e4 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffc398658d6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865980 (length 20) | 8b 4d 51 cd 49 d8 d4 bd e2 ec cd 5b 65 a4 b1 9d | f8 81 a5 0f | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= 26 fd 91 00 6e 77 b5 b1 | natd_hash: rcookie= 21 84 58 56 c8 5b a4 f1 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 8b 4d 51 cd 49 d8 d4 bd e2 ec cd 5b 65 a4 b1 9d | natd_hash: hash= f8 81 a5 0f | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f1614003a28: transferring ownership from state #5 to helper IKEv2 DH | adding ikev2_inR1outI2 KE work-order 6 for state #5 | state #5 requesting EVENT_RETRANSMIT to be deleted | #5 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x55fd4c4ee448 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55fd4c4e8fe8 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f1614002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 | libevent_malloc: new ptr-libevent@0x7f1614002888 size 128 | #5 spent 0.271 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | [RE]START processing: state #5 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #5 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #5 and saving MD | #5 is busy; has a suspended MD | [RE]START processing: state #5 connection "aes128" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) | "aes128" #5 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | crypto helper 0 resuming | crypto helper 0 starting work-order 6 for state #5 | crypto helper 0 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 6 | peer's g: a7 c3 4b 5e cf 59 0f d4 54 4d 31 1e db 41 7b 06 | peer's g: 85 78 e0 f6 eb 96 b8 92 8d 7e a3 d2 d3 a6 5c 5c | peer's g: 32 c0 19 bf 12 7f 14 15 e6 dc 4a 4e 72 de e1 1c | peer's g: 45 e2 f8 c7 6d 87 28 a8 5e cb 24 08 68 56 0f 84 | peer's g: 8d f1 0c ce dd b7 3f 95 0c 51 96 ae 06 45 2a 11 | peer's g: 6f dd 8a f9 8a 67 a9 00 25 b9 00 03 ba c7 a9 55 | peer's g: e8 39 f9 78 59 b1 d5 09 76 64 9c 39 61 d5 62 74 | peer's g: 15 38 53 ae b4 63 7a 95 ab 50 58 9b f9 de 7c 82 | peer's g: 5b 3d d9 9a a0 6e 4a e1 1d dd 6b 12 14 2c c6 33 | peer's g: 18 8b 50 88 d3 10 5f df e2 b6 93 cf 33 14 1e 1d | peer's g: 09 c3 15 36 fa c3 05 c1 a9 09 9d 2c ae c2 4b 64 | peer's g: 08 67 10 92 5a dd 26 87 2f 22 86 bc 30 67 fa 8d | peer's g: 91 92 a1 a3 65 af 5e 72 6d 6a 59 c9 59 8e e7 c6 | peer's g: d7 71 15 3e b7 2e 8c 25 8f 61 c5 5e eb b9 76 ce | peer's g: 8e 0e d9 09 8d 42 78 d3 5b 8e ac 4c cd 48 c2 0d | peer's g: 2a 95 fd 58 3e 44 ae fc 23 ab 8e af 0b fa 0c 6c | Started DH shared-secret computation in NSS: | new : g_ir-key@0x7f161800d840 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f1614003a28: computed shared DH secret key@0x7f161800d840 | dh-shared : g^ir-key@0x7f161800d840 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f1608001f18 (length 64) | 56 45 09 29 a3 ec b6 99 2e ae d5 79 53 4a 0c 25 | 6f f7 0b 53 ad c4 ce c5 f5 f9 8b d9 b1 ad 5a 15 | 8d 5a 72 e2 b7 f4 83 ec 25 06 0c 51 30 66 64 f6 | 98 0f 71 31 55 8b 3e 11 2b ef 04 ec a4 c2 0f 26 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162ae326e0 | result: Ni | Nr-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae326c8 | result: Ni | Nr-key@0x7f161800a0e0 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x55fd4c4cd5b0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f1608002fa0 from Ni | Nr-key@0x7f161800a0e0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f1608002fa0 from Ni | Nr-key@0x7f161800a0e0 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x7f161800a0e0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f1608003a78 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x7f161800d840 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x7f161800d840 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x7f161800d840 | nss hmac digest hack: symkey-key@0x7f161800d840 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)1272357058: f0 40 61 d4 b3 5e 2d 1d 29 6d 32 2e d7 ac e9 14 83 0d d8 61 1a c1 3b d0 83 06 c7 66 9c 62 10 2f e1 1e b5 47 dd 01 ac e1 60 d2 b4 e3 6f b8 90 2b b1 86 a2 57 72 ac c2 a9 18 6d 35 ac 93 f5 3f c3 01 0e 81 65 2b c2 d1 26 48 26 d4 60 1c 68 74 25 b1 76 64 e6 67 42 60 e2 d9 eb 20 5e 7b d0 6c 6a 93 80 78 1f 53 1f 28 e5 80 56 63 e1 19 c9 21 53 8c 3b 4e 32 7a 23 93 d6 79 b0 28 ff 39 bf 6e 99 42 64 56 c3 6a 4a 36 1f 74 b2 4a 27 fa f1 30 17 2b 73 33 a6 16 e8 7a 3e 0e 99 c4 b3 a9 42 73 09 4b 10 86 3a c0 73 82 2d e8 03 f2 a2 f1 65 f8 4f 1a 1a b7 6d 74 44 9f 8b dd 28 26 c9 0d e7 4a f2 26 2a dd 94 36 e4 0c 2c 55 f0 6d 86 fd e4 5d 3e 76 0f dc ca a5 a5 d5 2c ab e0 16 92 0e 3e 87 97 1f 26 98 95 09 5c 57 2a 48 eb 02 48 61 91 16 ea 45 4c 4a 79 f8 b2 8e 76 ed a6 82 f2 81 84 17 b8 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 256 bytes at 0x7f1608003fa8 | unwrapped: 99 6c bc c5 ec 62 d8 9e 38 70 d4 55 86 36 8f fb | unwrapped: 7b 49 a3 5e 9b 22 64 41 75 6b 47 37 f1 4c 94 b6 | unwrapped: ad ec 00 cf 2d 39 5b 7a e5 85 9f 8d 2f 4b 9a 76 | unwrapped: ea ea 0a 4a 33 09 ee dd 71 88 e3 59 dd 9f cb 0a | unwrapped: 20 39 b7 a4 37 b3 26 52 04 a8 ec 95 76 51 5b 8c | unwrapped: 3f f9 cd 11 ea ad 8a cc de 1c a3 c9 5f 7b e6 12 | unwrapped: c7 28 1d 49 76 f7 3d f0 0f ce dd 7d a5 a3 84 97 | unwrapped: 1f 15 eb 69 0c 07 4a 1f 63 18 22 3b 4c 6c 4f cb | unwrapped: 04 90 25 ee 3a 24 60 c2 60 54 42 4d 85 96 8e 1c | unwrapped: 0e 58 ef 05 a5 22 5c 4f ba 30 be fd 9e fb 40 2f | unwrapped: 69 d4 b5 45 31 7e 0e bb 0b 32 a9 24 3a 4e 65 c2 | unwrapped: 4d ab a1 26 33 e0 d5 d7 ac 93 ca 3b d7 6e e7 ec | unwrapped: 42 af eb c3 fe f6 f3 3b f2 71 f0 fc 3a 68 16 58 | unwrapped: d5 21 dd 49 20 dc af bb 28 cd 13 be 35 76 2b 1b | unwrapped: a5 17 1d a3 d4 55 d0 e3 8b 09 0e 91 a0 02 a3 b8 | unwrapped: 16 33 ed 8f 09 be 20 28 6c cb ab 14 57 6a f1 63 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162ae32700 | result: final-key@0x55fd4c4cd5b0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4cd5b0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae326e8 | result: final-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4cd5b0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x7f161800a0e0 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162ae32670 | result: data=Ni-key@0x55fd4c4d6a20 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x55fd4c4d6a20 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae32658 | result: data=Ni-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x55fd4c4d6a20 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f162ae32660 | result: data+=Nr-key@0x55fd4c4d6a20 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55fd4c4cd5b0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d6a20 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f162ae32660 | result: data+=SPIi-key@0x55fd4c4cd5b0 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55fd4c4d6a20 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4cd5b0 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f162ae32660 | result: data+=SPIr-key@0x55fd4c4d6a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55fd4c4cd5b0 | prf+0 PRF sha init key-key@0x7f161800a0e0 (size 20) | prf+0: key-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae32588 | result: clone-key@0x55fd4c4cd5b0 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f1608002fa0 from key-key@0x55fd4c4cd5b0 | prf+0 prf: begin sha with context 0x7f1608002fa0 from key-key@0x55fd4c4cd5b0 | prf+0: release clone-key@0x55fd4c4cd5b0 | prf+0 PRF sha crypt-prf@0x7f1608002f78 | prf+0 PRF sha update seed-key@0x55fd4c4d6a20 (size 80) | prf+0: seed-key@0x55fd4c4d6a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c4d6a20 | nss hmac digest hack: symkey-key@0x55fd4c4d6a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 08 6c 43 8e 8f e4 1d 6b 59 97 28 2e 71 98 7f 97 62 35 34 04 4b fe 94 db 0d 08 1c d9 53 83 d4 93 a5 73 a4 fb 52 7c 62 77 d1 9c 6b 0f a3 99 8c ea dc 53 5d 93 d6 87 de 8b 87 25 d8 af 25 59 8b 32 05 ff 6a eb ee b9 20 eb b2 f2 53 f0 77 d4 48 e2 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f1608005338 | unwrapped: 56 45 09 29 a3 ec b6 99 2e ae d5 79 53 4a 0c 25 | unwrapped: 6f f7 0b 53 ad c4 ce c5 f5 f9 8b d9 b1 ad 5a 15 | unwrapped: 8d 5a 72 e2 b7 f4 83 ec 25 06 0c 51 30 66 64 f6 | unwrapped: 98 0f 71 31 55 8b 3e 11 2b ef 04 ec a4 c2 0f 26 | unwrapped: 26 fd 91 00 6e 77 b5 b1 21 84 58 56 c8 5b a4 f1 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162ae32590 | result: final-key@0x55fd4c4d3130 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d3130 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae32578 | result: final-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4d3130 | prf+0 PRF sha final-key@0x55fd4c4cd5b0 (size 20) | prf+0: key-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x55fd4c4cd5b0 | prf+N PRF sha init key-key@0x7f161800a0e0 (size 20) | prf+N: key-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae32588 | result: clone-key@0x55fd4c4d3130 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f1608002fa0 from key-key@0x55fd4c4d3130 | prf+N prf: begin sha with context 0x7f1608002fa0 from key-key@0x55fd4c4d3130 | prf+N: release clone-key@0x55fd4c4d3130 | prf+N PRF sha crypt-prf@0x7f16080030d8 | prf+N PRF sha update old_t-key@0x55fd4c4cd5b0 (size 20) | prf+N: old_t-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4cd5b0 | nss hmac digest hack: symkey-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: ac 75 54 32 bf 91 48 a8 ce 50 52 ef 17 50 04 41 55 58 31 16 fb 32 62 1a 93 59 3e 5b e9 e6 08 6c | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f1608002f28 | unwrapped: 64 f3 53 dc 3a 24 53 b8 3d a4 0f 03 e7 04 7c 63 | unwrapped: 1d 34 27 c6 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4d6a20 (size 80) | prf+N: seed-key@0x55fd4c4d6a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c4d6a20 | nss hmac digest hack: symkey-key@0x55fd4c4d6a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 08 6c 43 8e 8f e4 1d 6b 59 97 28 2e 71 98 7f 97 62 35 34 04 4b fe 94 db 0d 08 1c d9 53 83 d4 93 a5 73 a4 fb 52 7c 62 77 d1 9c 6b 0f a3 99 8c ea dc 53 5d 93 d6 87 de 8b 87 25 d8 af 25 59 8b 32 05 ff 6a eb ee b9 20 eb b2 f2 53 f0 77 d4 48 e2 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f16080052b8 | unwrapped: 56 45 09 29 a3 ec b6 99 2e ae d5 79 53 4a 0c 25 | unwrapped: 6f f7 0b 53 ad c4 ce c5 f5 f9 8b d9 b1 ad 5a 15 | unwrapped: 8d 5a 72 e2 b7 f4 83 ec 25 06 0c 51 30 66 64 f6 | unwrapped: 98 0f 71 31 55 8b 3e 11 2b ef 04 ec a4 c2 0f 26 | unwrapped: 26 fd 91 00 6e 77 b5 b1 21 84 58 56 c8 5b a4 f1 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162ae32590 | result: final-key@0x55fd4c44c080 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c44c080 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae32578 | result: final-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c44c080 | prf+N PRF sha final-key@0x55fd4c4d3130 (size 20) | prf+N: key-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f162ae32608 | result: result-key@0x55fd4c44c080 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4cd5b0 | prfplus: release old_t[N]-key@0x55fd4c4cd5b0 | prf+N PRF sha init key-key@0x7f161800a0e0 (size 20) | prf+N: key-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae32588 | result: clone-key@0x55fd4c4cd5b0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f1608002fa0 from key-key@0x55fd4c4cd5b0 | prf+N prf: begin sha with context 0x7f1608002fa0 from key-key@0x55fd4c4cd5b0 | prf+N: release clone-key@0x55fd4c4cd5b0 | prf+N PRF sha crypt-prf@0x7f1608002f78 | prf+N PRF sha update old_t-key@0x55fd4c4d3130 (size 20) | prf+N: old_t-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4d3130 | nss hmac digest hack: symkey-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 2f 8c 54 dd e6 03 06 35 8a df 7a 3d e9 f8 c5 d1 f9 5b 7a fe bb 5c 7e f2 78 4f 11 43 b6 df 81 ec | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f1608003a78 | unwrapped: ca d1 2d dc 30 51 a9 b7 19 e4 18 47 8e 04 76 b7 | unwrapped: e4 2c df 4b 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4d6a20 (size 80) | prf+N: seed-key@0x55fd4c4d6a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c4d6a20 | nss hmac digest hack: symkey-key@0x55fd4c4d6a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 08 6c 43 8e 8f e4 1d 6b 59 97 28 2e 71 98 7f 97 62 35 34 04 4b fe 94 db 0d 08 1c d9 53 83 d4 93 a5 73 a4 fb 52 7c 62 77 d1 9c 6b 0f a3 99 8c ea dc 53 5d 93 d6 87 de 8b 87 25 d8 af 25 59 8b 32 05 ff 6a eb ee b9 20 eb b2 f2 53 f0 77 d4 48 e2 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f1608005338 | unwrapped: 56 45 09 29 a3 ec b6 99 2e ae d5 79 53 4a 0c 25 | unwrapped: 6f f7 0b 53 ad c4 ce c5 f5 f9 8b d9 b1 ad 5a 15 | unwrapped: 8d 5a 72 e2 b7 f4 83 ec 25 06 0c 51 30 66 64 f6 | unwrapped: 98 0f 71 31 55 8b 3e 11 2b ef 04 ec a4 c2 0f 26 | unwrapped: 26 fd 91 00 6e 77 b5 b1 21 84 58 56 c8 5b a4 f1 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162ae32590 | result: final-key@0x55fd4c4d4be0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae32578 | result: final-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4d4be0 | prf+N PRF sha final-key@0x55fd4c4cd5b0 (size 20) | prf+N: key-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c44c080 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f162ae32608 | result: result-key@0x55fd4c4d4be0 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c44c080 | prfplus: release old_t[N]-key@0x55fd4c4d3130 | prf+N PRF sha init key-key@0x7f161800a0e0 (size 20) | prf+N: key-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae32588 | result: clone-key@0x55fd4c4d3130 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f1608002fa0 from key-key@0x55fd4c4d3130 | prf+N prf: begin sha with context 0x7f1608002fa0 from key-key@0x55fd4c4d3130 | prf+N: release clone-key@0x55fd4c4d3130 | prf+N PRF sha crypt-prf@0x7f1608002f28 | prf+N PRF sha update old_t-key@0x55fd4c4cd5b0 (size 20) | prf+N: old_t-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4cd5b0 | nss hmac digest hack: symkey-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 63 ea c1 8f 2f ca ce 58 90 52 e4 55 82 c3 03 87 16 f3 55 99 99 58 50 8b 41 af 82 0a 23 a3 77 f9 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f1608005e88 | unwrapped: 66 ec 52 e2 70 79 fe 8d a9 60 ee 53 c9 b4 84 32 | unwrapped: 06 f3 53 ac 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4d6a20 (size 80) | prf+N: seed-key@0x55fd4c4d6a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c4d6a20 | nss hmac digest hack: symkey-key@0x55fd4c4d6a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 08 6c 43 8e 8f e4 1d 6b 59 97 28 2e 71 98 7f 97 62 35 34 04 4b fe 94 db 0d 08 1c d9 53 83 d4 93 a5 73 a4 fb 52 7c 62 77 d1 9c 6b 0f a3 99 8c ea dc 53 5d 93 d6 87 de 8b 87 25 d8 af 25 59 8b 32 05 ff 6a eb ee b9 20 eb b2 f2 53 f0 77 d4 48 e2 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f16080052b8 | unwrapped: 56 45 09 29 a3 ec b6 99 2e ae d5 79 53 4a 0c 25 | unwrapped: 6f f7 0b 53 ad c4 ce c5 f5 f9 8b d9 b1 ad 5a 15 | unwrapped: 8d 5a 72 e2 b7 f4 83 ec 25 06 0c 51 30 66 64 f6 | unwrapped: 98 0f 71 31 55 8b 3e 11 2b ef 04 ec a4 c2 0f 26 | unwrapped: 26 fd 91 00 6e 77 b5 b1 21 84 58 56 c8 5b a4 f1 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162ae32590 | result: final-key@0x55fd4c44c080 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c44c080 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae32578 | result: final-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c44c080 | prf+N PRF sha final-key@0x55fd4c4d3130 (size 20) | prf+N: key-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d4be0 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f162ae32608 | result: result-key@0x55fd4c44c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4d4be0 | prfplus: release old_t[N]-key@0x55fd4c4cd5b0 | prf+N PRF sha init key-key@0x7f161800a0e0 (size 20) | prf+N: key-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae32588 | result: clone-key@0x55fd4c4cd5b0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f1608002fa0 from key-key@0x55fd4c4cd5b0 | prf+N prf: begin sha with context 0x7f1608002fa0 from key-key@0x55fd4c4cd5b0 | prf+N: release clone-key@0x55fd4c4cd5b0 | prf+N PRF sha crypt-prf@0x7f16080030d8 | prf+N PRF sha update old_t-key@0x55fd4c4d3130 (size 20) | prf+N: old_t-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4d3130 | nss hmac digest hack: symkey-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 51 06 9b bb 5e b3 2c 76 32 08 8d 74 3d 42 cb 87 5d 4f 00 84 3e f5 42 7c 4b 14 cf a6 02 d2 93 b4 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f1608003a78 | unwrapped: 3e f1 a5 e7 63 f5 a4 f3 1b 63 b7 bf 82 b9 9a ab | unwrapped: 66 1b 56 f3 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4d6a20 (size 80) | prf+N: seed-key@0x55fd4c4d6a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c4d6a20 | nss hmac digest hack: symkey-key@0x55fd4c4d6a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 08 6c 43 8e 8f e4 1d 6b 59 97 28 2e 71 98 7f 97 62 35 34 04 4b fe 94 db 0d 08 1c d9 53 83 d4 93 a5 73 a4 fb 52 7c 62 77 d1 9c 6b 0f a3 99 8c ea dc 53 5d 93 d6 87 de 8b 87 25 d8 af 25 59 8b 32 05 ff 6a eb ee b9 20 eb b2 f2 53 f0 77 d4 48 e2 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f1608005338 | unwrapped: 56 45 09 29 a3 ec b6 99 2e ae d5 79 53 4a 0c 25 | unwrapped: 6f f7 0b 53 ad c4 ce c5 f5 f9 8b d9 b1 ad 5a 15 | unwrapped: 8d 5a 72 e2 b7 f4 83 ec 25 06 0c 51 30 66 64 f6 | unwrapped: 98 0f 71 31 55 8b 3e 11 2b ef 04 ec a4 c2 0f 26 | unwrapped: 26 fd 91 00 6e 77 b5 b1 21 84 58 56 c8 5b a4 f1 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162ae32590 | result: final-key@0x55fd4c4d4be0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae32578 | result: final-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4d4be0 | prf+N PRF sha final-key@0x55fd4c4cd5b0 (size 20) | prf+N: key-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c44c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f162ae32608 | result: result-key@0x55fd4c4d4be0 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c44c080 | prfplus: release old_t[N]-key@0x55fd4c4d3130 | prf+N PRF sha init key-key@0x7f161800a0e0 (size 20) | prf+N: key-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae32588 | result: clone-key@0x55fd4c4d3130 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f1608005510 from key-key@0x55fd4c4d3130 | prf+N prf: begin sha with context 0x7f1608005510 from key-key@0x55fd4c4d3130 | prf+N: release clone-key@0x55fd4c4d3130 | prf+N PRF sha crypt-prf@0x7f1608002f78 | prf+N PRF sha update old_t-key@0x55fd4c4cd5b0 (size 20) | prf+N: old_t-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4cd5b0 | nss hmac digest hack: symkey-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 27 6a d8 a1 da f3 34 dc f7 ff ee ad de 9a b6 db bc e3 f3 f2 a7 f0 99 28 df d8 aa bf ea f9 c9 a2 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f1608002f28 | unwrapped: d6 ee 1e 68 9c d7 41 b6 29 e7 f4 08 19 e8 15 40 | unwrapped: ed ea 36 3d 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4d6a20 (size 80) | prf+N: seed-key@0x55fd4c4d6a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c4d6a20 | nss hmac digest hack: symkey-key@0x55fd4c4d6a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 08 6c 43 8e 8f e4 1d 6b 59 97 28 2e 71 98 7f 97 62 35 34 04 4b fe 94 db 0d 08 1c d9 53 83 d4 93 a5 73 a4 fb 52 7c 62 77 d1 9c 6b 0f a3 99 8c ea dc 53 5d 93 d6 87 de 8b 87 25 d8 af 25 59 8b 32 05 ff 6a eb ee b9 20 eb b2 f2 53 f0 77 d4 48 e2 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f16080052b8 | unwrapped: 56 45 09 29 a3 ec b6 99 2e ae d5 79 53 4a 0c 25 | unwrapped: 6f f7 0b 53 ad c4 ce c5 f5 f9 8b d9 b1 ad 5a 15 | unwrapped: 8d 5a 72 e2 b7 f4 83 ec 25 06 0c 51 30 66 64 f6 | unwrapped: 98 0f 71 31 55 8b 3e 11 2b ef 04 ec a4 c2 0f 26 | unwrapped: 26 fd 91 00 6e 77 b5 b1 21 84 58 56 c8 5b a4 f1 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162ae32590 | result: final-key@0x55fd4c44c080 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c44c080 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae32578 | result: final-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c44c080 | prf+N PRF sha final-key@0x55fd4c4d3130 (size 20) | prf+N: key-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d4be0 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f162ae32608 | result: result-key@0x55fd4c44c080 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4d4be0 | prfplus: release old_t[N]-key@0x55fd4c4cd5b0 | prf+N PRF sha init key-key@0x7f161800a0e0 (size 20) | prf+N: key-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae32588 | result: clone-key@0x55fd4c4cd5b0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f1608002fa0 from key-key@0x55fd4c4cd5b0 | prf+N prf: begin sha with context 0x7f1608002fa0 from key-key@0x55fd4c4cd5b0 | prf+N: release clone-key@0x55fd4c4cd5b0 | prf+N PRF sha crypt-prf@0x7f16080030d8 | prf+N PRF sha update old_t-key@0x55fd4c4d3130 (size 20) | prf+N: old_t-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4d3130 | nss hmac digest hack: symkey-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 2a c1 7e ca 83 6e 5f 99 f7 db 12 8e 87 df 62 ce a7 08 20 bd d8 ee 4b 65 5f 8a 61 a5 0d 7e b9 d8 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f1608003a78 | unwrapped: ae 16 96 ab b7 f4 0f f0 29 a3 3a ec b7 48 34 2a | unwrapped: ef 5b 26 45 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4d6a20 (size 80) | prf+N: seed-key@0x55fd4c4d6a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c4d6a20 | nss hmac digest hack: symkey-key@0x55fd4c4d6a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 08 6c 43 8e 8f e4 1d 6b 59 97 28 2e 71 98 7f 97 62 35 34 04 4b fe 94 db 0d 08 1c d9 53 83 d4 93 a5 73 a4 fb 52 7c 62 77 d1 9c 6b 0f a3 99 8c ea dc 53 5d 93 d6 87 de 8b 87 25 d8 af 25 59 8b 32 05 ff 6a eb ee b9 20 eb b2 f2 53 f0 77 d4 48 e2 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f16080064e8 | unwrapped: 56 45 09 29 a3 ec b6 99 2e ae d5 79 53 4a 0c 25 | unwrapped: 6f f7 0b 53 ad c4 ce c5 f5 f9 8b d9 b1 ad 5a 15 | unwrapped: 8d 5a 72 e2 b7 f4 83 ec 25 06 0c 51 30 66 64 f6 | unwrapped: 98 0f 71 31 55 8b 3e 11 2b ef 04 ec a4 c2 0f 26 | unwrapped: 26 fd 91 00 6e 77 b5 b1 21 84 58 56 c8 5b a4 f1 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162ae32590 | result: final-key@0x55fd4c4d4be0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae32578 | result: final-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4d4be0 | prf+N PRF sha final-key@0x55fd4c4cd5b0 (size 20) | prf+N: key-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c44c080 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f162ae32608 | result: result-key@0x55fd4c4d4be0 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c44c080 | prfplus: release old_t[N]-key@0x55fd4c4d3130 | prfplus: release old_t[final]-key@0x55fd4c4cd5b0 | ike_sa_keymat: release data-key@0x55fd4c4d6a20 | calc_skeyseed_v2: release skeyseed_k-key@0x7f161800a0e0 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae327a8 | result: result-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae327a8 | result: result-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae327a8 | result: result-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55fd4c4d4be0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae327b8 | result: SK_ei_k-key@0x55fd4c4d3130 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55fd4c4d4be0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae327b8 | result: SK_er_k-key@0x55fd4c44c080 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae327b8 | result: result-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x55fd4c4d6640 | chunk_SK_pi: symkey-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: d9 ae e7 54 c2 9a 00 b5 4c 2a ac 91 da 0c ce b2 8f 80 f0 b0 01 b2 cd 3a d6 51 c5 64 b5 4b 1c ee | chunk_SK_pi: release slot-key-key@0x55fd4c4cfe50 | chunk_SK_pi extracted len 32 bytes at 0x7f1608002f78 | unwrapped: 19 e8 15 40 ed ea 36 3d ae 16 96 ab b7 f4 0f f0 | unwrapped: 29 a3 3a ec 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae327b8 | result: result-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x55fd4c4ecc80 | chunk_SK_pr: symkey-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: 92 04 89 52 09 d6 a3 e5 42 f6 d1 cd 43 a1 84 07 87 0a ff c4 50 f2 96 a8 b0 37 8f d8 b9 b1 cb cf | chunk_SK_pr: release slot-key-key@0x55fd4c4cfe50 | chunk_SK_pr extracted len 32 bytes at 0x7f1608003a78 | unwrapped: b7 48 34 2a ef 5b 26 45 59 5e 7c 45 97 2c 8e 73 | unwrapped: 92 73 54 17 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x55fd4c4d4be0 | calc_skeyseed_v2 pointers: shared-key@0x7f161800d840, SK_d-key@0x7f161800a0e0, SK_ai-key@0x55fd4c4d6a20, SK_ar-key@0x55fd4c4cd5b0, SK_ei-key@0x55fd4c4d3130, SK_er-key@0x55fd4c44c080, SK_pi-key@0x55fd4c4d6640, SK_pr-key@0x55fd4c4ecc80 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | 19 e8 15 40 ed ea 36 3d ae 16 96 ab b7 f4 0f f0 | 29 a3 3a ec | calc_skeyseed_v2 SK_pr | b7 48 34 2a ef 5b 26 45 59 5e 7c 45 97 2c 8e 73 | 92 73 54 17 | crypto helper 0 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 6 time elapsed 0.003072 seconds | (#5) spent 3.07 milliseconds in crypto helper computing work-order 6: ikev2_inR1outI2 KE (pcr) | crypto helper 0 sending results from work-order 6 for state #5 to event queue | scheduling resume sending helper answer for #5 | libevent_malloc: new ptr-libevent@0x7f1608005088 size 128 | crypto helper 0 waiting (nothing to do) | stop processing: state #5 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #5 spent 0.527 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.542 milliseconds in comm_handle_cb() reading and processing packet | processing resume sending helper answer for #5 | start processing: state #5 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 6 | calling continuation function 0x55fd4bceeb50 | ikev2_parent_inR1outI2_continue for #5: calculating g^{xy}, sending I2 | DH secret MODP2048@0x7f1614003a28: transferring ownership from helper IKEv2 DH to state #5 | finish_dh_v2: release st_shared_nss-key@NULL | creating state object #6 at 0x55fd4c4f34a8 | State DB: adding IKEv2 state #6 in UNDEFINED | pstats #6 ikev2.child started | duplicating state object #5 "aes128" as #6 for IPSEC SA | #6 setting local endpoint to 192.1.2.45:500 from #5.st_localport (in duplicate_state() at state.c:1484) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x7f161800a0e0 | duplicate_state: reference st_skey_ai_nss-key@0x55fd4c4d6a20 | duplicate_state: reference st_skey_ar_nss-key@0x55fd4c4cd5b0 | duplicate_state: reference st_skey_ei_nss-key@0x55fd4c4d3130 | duplicate_state: reference st_skey_er_nss-key@0x55fd4c44c080 | duplicate_state: reference st_skey_pi_nss-key@0x55fd4c4d6640 | duplicate_state: reference st_skey_pr_nss-key@0x55fd4c4ecc80 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #5.#6; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #5 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #5.#6 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f1614002888 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f1614002b78 | event_schedule: new EVENT_SA_REPLACE-pe@0x7f1614002b78 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #5 | libevent_malloc: new ptr-libevent@0x7f1614002888 size 128 | parent state #5: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | 26 fd 91 00 6e 77 b5 b1 | responder cookie: | 21 84 58 56 c8 5b a4 f1 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | IDr payload will be sent | hmac PRF sha init symkey-key@0x55fd4c4d6640 (size 20) | hmac: symkey-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398659e8 | result: clone-key@0x55fd4c4d4be0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f1610002b50 from symkey-key@0x55fd4c4d4be0 | hmac prf: begin sha with context 0x7f1610002b50 from symkey-key@0x55fd4c4d4be0 | hmac: release clone-key@0x55fd4c4d4be0 | hmac PRF sha crypt-prf@0x55fd4c4e8c48 | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 77 65 73 74 | emitting length of IKEv2 Identification - Initiator - Payload: 12 | idhash calc I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x55fd4bdec8f4 (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7ffc39865d80 (length 20) | f3 6e 06 b6 0f 7b eb f4 07 e5 10 b7 2a aa 4a 14 | ea 05 40 50 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload | IDr 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x55fd4c441b58 (line=1) | concluding with best_match=014 best=0x55fd4c441b58 (lineno=1) | inputs to hash1 (first packet) | 26 fd 91 00 6e 77 b5 b1 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 76 25 40 60 88 f0 91 4a 25 73 cf 71 | 42 3d 73 01 73 5d 31 8e 30 3d 99 e6 3f 06 ac c2 | 24 de a3 0b 4c 6c 05 61 3a b7 0a 27 8b d7 75 f2 | a7 a1 64 fa 2a 65 e3 a3 ef da 3e 80 fe 85 53 b5 | af eb bb 4f 41 66 77 26 3f 5d 7f 1b 7b 36 28 fe | 25 73 f2 c2 52 ea a5 d6 66 05 87 d9 0a 1c c8 3d | 47 ae 33 78 3e 14 a6 ed a8 1d 52 26 cd 5b a0 02 | 89 bc fb 14 e1 08 ec 82 ac 14 b7 e4 92 83 83 6f | 6e 2a 18 9a 40 25 fd 0f 5b 16 1e 57 e9 59 17 80 | 7d 2b 12 65 27 9e bc 56 15 62 0d 2a 4e 89 f6 8d | 11 43 c7 fa ed 55 72 49 54 6a 5c c0 0e 5d d7 38 | b3 b7 8c df c4 90 5b cf 5c 40 42 28 22 5f 6d 18 | b3 93 b0 ee 4a cd 42 f4 ee 0f 83 7e 93 b5 11 83 | 6d e0 9c 22 9b ad a2 54 33 7b 6c e8 98 e5 28 b9 | 25 6f cc ac 74 11 86 c2 53 ab 8a 19 ce 40 92 bc | 7f bc 42 37 8c 7b 4a 28 59 4a 12 12 bc 42 a6 e1 | c5 0c 75 c0 29 00 00 24 56 45 09 29 a3 ec b6 99 | 2e ae d5 79 53 4a 0c 25 6f f7 0b 53 ad c4 ce c5 | f5 f9 8b d9 b1 ad 5a 15 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 45 a7 e4 78 31 16 fa fe | 01 bd e3 af 4d 54 92 4f f0 57 65 c9 00 00 00 1c | 00 00 40 05 5c 18 0e 7e 7d d0 ec 68 7f 98 d2 e1 | 4a 4d bf 5f e4 2b e9 1a | create: initiator inputs to hash2 (responder nonce) | 8d 5a 72 e2 b7 f4 83 ec 25 06 0c 51 30 66 64 f6 | 98 0f 71 31 55 8b 3e 11 2b ef 04 ec a4 c2 0f 26 | idhash f3 6e 06 b6 0f 7b eb f4 07 e5 10 b7 2a aa 4a 14 | idhash ea 05 40 50 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x55fd4c4cfda8 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398657d0 | result: shared secret-key@0x55fd4c4e7620 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x55fd4c4e7620 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398657b8 | result: shared secret-key@0x55fd4c4d4be0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x55fd4c4e7620 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f1610002b50 from shared secret-key@0x55fd4c4d4be0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f1610002b50 from shared secret-key@0x55fd4c4d4be0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x55fd4c4d4be0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x55fd4c4e8bf8 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x55fd4bd814d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398657f0 | result: final-key@0x55fd4c4e7620 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4e7620 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398657d8 | result: final-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4e7620 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x55fd4c4d4be0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x55fd4c4d4be0 (size 20) | = prf(, ): -key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398657e8 | result: clone-key@0x55fd4c4e7620 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f1610002b50 from -key@0x55fd4c4e7620 | = prf(, ) prf: begin sha with context 0x7f1610002b50 from -key@0x55fd4c4e7620 | = prf(, ): release clone-key@0x55fd4c4e7620 | = prf(, ) PRF sha crypt-prf@0x55fd4c4e8c48 | = prf(, ) PRF sha update first-packet-bytes@0x55fd4c4eaf68 (length 440) | 26 fd 91 00 6e 77 b5 b1 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 76 25 40 60 88 f0 91 4a 25 73 cf 71 | 42 3d 73 01 73 5d 31 8e 30 3d 99 e6 3f 06 ac c2 | 24 de a3 0b 4c 6c 05 61 3a b7 0a 27 8b d7 75 f2 | a7 a1 64 fa 2a 65 e3 a3 ef da 3e 80 fe 85 53 b5 | af eb bb 4f 41 66 77 26 3f 5d 7f 1b 7b 36 28 fe | 25 73 f2 c2 52 ea a5 d6 66 05 87 d9 0a 1c c8 3d | 47 ae 33 78 3e 14 a6 ed a8 1d 52 26 cd 5b a0 02 | 89 bc fb 14 e1 08 ec 82 ac 14 b7 e4 92 83 83 6f | 6e 2a 18 9a 40 25 fd 0f 5b 16 1e 57 e9 59 17 80 | 7d 2b 12 65 27 9e bc 56 15 62 0d 2a 4e 89 f6 8d | 11 43 c7 fa ed 55 72 49 54 6a 5c c0 0e 5d d7 38 | b3 b7 8c df c4 90 5b cf 5c 40 42 28 22 5f 6d 18 | b3 93 b0 ee 4a cd 42 f4 ee 0f 83 7e 93 b5 11 83 | 6d e0 9c 22 9b ad a2 54 33 7b 6c e8 98 e5 28 b9 | 25 6f cc ac 74 11 86 c2 53 ab 8a 19 ce 40 92 bc | 7f bc 42 37 8c 7b 4a 28 59 4a 12 12 bc 42 a6 e1 | c5 0c 75 c0 29 00 00 24 56 45 09 29 a3 ec b6 99 | 2e ae d5 79 53 4a 0c 25 6f f7 0b 53 ad c4 ce c5 | f5 f9 8b d9 b1 ad 5a 15 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 45 a7 e4 78 31 16 fa fe | 01 bd e3 af 4d 54 92 4f f0 57 65 c9 00 00 00 1c | 00 00 40 05 5c 18 0e 7e 7d d0 ec 68 7f 98 d2 e1 | 4a 4d bf 5f e4 2b e9 1a | = prf(, ) PRF sha update nonce-bytes@0x55fd4c4eb468 (length 32) | 8d 5a 72 e2 b7 f4 83 ec 25 06 0c 51 30 66 64 f6 | 98 0f 71 31 55 8b 3e 11 2b ef 04 ec a4 c2 0f 26 | = prf(, ) PRF sha update hash-bytes@0x7ffc39865d80 (length 20) | f3 6e 06 b6 0f 7b eb f4 07 e5 10 b7 2a aa 4a 14 | ea 05 40 50 | = prf(, ) PRF sha final-chunk@0x55fd4c4eaf18 (length 20) | 46 93 8c 97 fa fb 71 7e da aa 54 22 a3 25 2b d6 | 91 fc da 0d | psk_auth: release prf-psk-key@0x55fd4c4d4be0 | PSK auth octets 46 93 8c 97 fa fb 71 7e da aa 54 22 a3 25 2b d6 | PSK auth octets 91 fc da 0d | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth 46 93 8c 97 fa fb 71 7e da aa 54 22 a3 25 2b d6 | PSK auth 91 fc da 0d | emitting length of IKEv2 Authentication Payload: 28 | getting first pending from state #5 | netlink_get_spi: allocated 0x11cf2124 for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for aes128 (IKE SA initiator emitting ESP/AH proposals) | converting proposal AES_CBC_128-HMAC_SHA1_96-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED "aes128": constructed local ESP/AH proposals for aes128 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 11 cf 21 24 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #5: IMPAIR: emitting fixed-length key-length attribute with 0 key | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 0 (0x0) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 01 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 02 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 16 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0e repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0f repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 192 | emitting length of ISAKMP Message: 220 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 1c 2b 25 01 e4 9d b9 e7 62 6b 86 f7 3e 67 4b 6b | data before encryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | 46 93 8c 97 fa fb 71 7e da aa 54 22 a3 25 2b d6 | 91 fc da 0d 2c 00 00 2c 00 00 00 28 01 03 04 03 | 11 cf 21 24 03 00 00 0c 01 00 00 0c 80 0e 00 00 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 60 58 a2 0f b9 f7 71 e9 5d 1e b9 10 dc 0a 5d 73 | ae 39 85 0f e1 a8 09 0d 1b 8d 2d 74 8d 61 44 c8 | 70 e6 b8 46 c2 87 69 0e 8e ba e7 29 0a 6b 8b b3 | 7b 05 3c 68 fb ad 01 d9 e0 e0 30 70 92 63 05 1c | 69 93 6b 53 ae c1 66 3c ee ec 28 06 4a 46 5d 94 | b7 9e 16 64 f3 c3 1f 6a 46 ad 7c 62 80 80 f3 a0 | 5c ab db 6c 4f 7a 36 40 23 a5 8e 36 3b 1a d2 ed | 1a e3 d6 ad 42 61 be dc 14 d9 0f df 9d 1a b7 a2 | 74 fe 64 c0 41 b5 6d 1f ab 69 28 6e ed 2a 0f 26 | 1c f7 d3 92 aa 7c a2 7d d5 41 20 b0 54 8d c3 b3 | hmac PRF sha init symkey-key@0x55fd4c4d6a20 (size 20) | hmac: symkey-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398658f8 | result: clone-key@0x55fd4c4d4be0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f1610002b50 from symkey-key@0x55fd4c4d4be0 | hmac prf: begin sha with context 0x7f1610002b50 from symkey-key@0x55fd4c4d4be0 | hmac: release clone-key@0x55fd4c4d4be0 | hmac PRF sha crypt-prf@0x55fd4c4e8bf8 | hmac PRF sha update data-bytes@0x55fd4bdec8c0 (length 208) | 26 fd 91 00 6e 77 b5 b1 21 84 58 56 c8 5b a4 f1 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 1c 2b 25 01 e4 9d b9 e7 62 6b 86 f7 3e 67 4b 6b | 60 58 a2 0f b9 f7 71 e9 5d 1e b9 10 dc 0a 5d 73 | ae 39 85 0f e1 a8 09 0d 1b 8d 2d 74 8d 61 44 c8 | 70 e6 b8 46 c2 87 69 0e 8e ba e7 29 0a 6b 8b b3 | 7b 05 3c 68 fb ad 01 d9 e0 e0 30 70 92 63 05 1c | 69 93 6b 53 ae c1 66 3c ee ec 28 06 4a 46 5d 94 | b7 9e 16 64 f3 c3 1f 6a 46 ad 7c 62 80 80 f3 a0 | 5c ab db 6c 4f 7a 36 40 23 a5 8e 36 3b 1a d2 ed | 1a e3 d6 ad 42 61 be dc 14 d9 0f df 9d 1a b7 a2 | 74 fe 64 c0 41 b5 6d 1f ab 69 28 6e ed 2a 0f 26 | 1c f7 d3 92 aa 7c a2 7d d5 41 20 b0 54 8d c3 b3 | hmac PRF sha final-bytes@0x55fd4bdec990 (length 20) | 71 5b 21 f1 7b 3f 93 cf f6 28 a7 38 17 76 4d 14 | e7 36 8e 5a | data being hmac: 26 fd 91 00 6e 77 b5 b1 21 84 58 56 c8 5b a4 f1 | data being hmac: 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | data being hmac: 1c 2b 25 01 e4 9d b9 e7 62 6b 86 f7 3e 67 4b 6b | data being hmac: 60 58 a2 0f b9 f7 71 e9 5d 1e b9 10 dc 0a 5d 73 | data being hmac: ae 39 85 0f e1 a8 09 0d 1b 8d 2d 74 8d 61 44 c8 | data being hmac: 70 e6 b8 46 c2 87 69 0e 8e ba e7 29 0a 6b 8b b3 | data being hmac: 7b 05 3c 68 fb ad 01 d9 e0 e0 30 70 92 63 05 1c | data being hmac: 69 93 6b 53 ae c1 66 3c ee ec 28 06 4a 46 5d 94 | data being hmac: b7 9e 16 64 f3 c3 1f 6a 46 ad 7c 62 80 80 f3 a0 | data being hmac: 5c ab db 6c 4f 7a 36 40 23 a5 8e 36 3b 1a d2 ed | data being hmac: 1a e3 d6 ad 42 61 be dc 14 d9 0f df 9d 1a b7 a2 | data being hmac: 74 fe 64 c0 41 b5 6d 1f ab 69 28 6e ed 2a 0f 26 | data being hmac: 1c f7 d3 92 aa 7c a2 7d d5 41 20 b0 54 8d c3 b3 | out calculated auth: | 71 5b 21 f1 7b 3f 93 cf f6 28 a7 38 | suspend processing: state #5 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | start processing: state #6 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #6 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #6: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #6 to 0 after switching state | Message ID: recv #5.#6 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #5.#6 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "aes128" #6: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 220 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #5) | 26 fd 91 00 6e 77 b5 b1 21 84 58 56 c8 5b a4 f1 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 1c 2b 25 01 e4 9d b9 e7 62 6b 86 f7 3e 67 4b 6b | 60 58 a2 0f b9 f7 71 e9 5d 1e b9 10 dc 0a 5d 73 | ae 39 85 0f e1 a8 09 0d 1b 8d 2d 74 8d 61 44 c8 | 70 e6 b8 46 c2 87 69 0e 8e ba e7 29 0a 6b 8b b3 | 7b 05 3c 68 fb ad 01 d9 e0 e0 30 70 92 63 05 1c | 69 93 6b 53 ae c1 66 3c ee ec 28 06 4a 46 5d 94 | b7 9e 16 64 f3 c3 1f 6a 46 ad 7c 62 80 80 f3 a0 | 5c ab db 6c 4f 7a 36 40 23 a5 8e 36 3b 1a d2 ed | 1a e3 d6 ad 42 61 be dc 14 d9 0f df 9d 1a b7 a2 | 74 fe 64 c0 41 b5 6d 1f ab 69 28 6e ed 2a 0f 26 | 1c f7 d3 92 aa 7c a2 7d d5 41 20 b0 54 8d c3 b3 | 71 5b 21 f1 7b 3f 93 cf f6 28 a7 38 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x7f1610002b78 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #6 | libevent_malloc: new ptr-libevent@0x55fd4c4eae68 size 128 | #6 STATE_PARENT_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29299.481068 | resume sending helper answer for #5 suppresed complete_v2_state_transition() | #5 spent 1.13 milliseconds in resume sending helper answer | stop processing: state #6 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f1608005088 | spent 0.00284 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 26 fd 91 00 6e 77 b5 b1 21 84 58 56 c8 5b a4 f1 | 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | b5 e3 e7 fe 0b d1 3c 5a 43 99 f8 e8 e0 55 3c 53 | 82 3a b7 2f 29 80 1d 82 4b de 47 1b 3d f3 53 2e | 10 0b 30 1e bb f6 84 97 da 03 b6 e8 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 26 fd 91 00 6e 77 b5 b1 | responder cookie: | 21 84 58 56 c8 5b a4 f1 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #5 in PARENT_I2 (find_v2_ike_sa) | start processing: state #5 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #6 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #5 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | start processing: state #6 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #6 is idle | #6 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SK (len=44) | #6 in state PARENT_I2: sent v2I2, expected v2R2 | hmac PRF sha init symkey-key@0x55fd4c4cd5b0 (size 20) | hmac: symkey-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865748 | result: clone-key@0x55fd4c4d4be0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f161c002b50 from symkey-key@0x55fd4c4d4be0 | hmac prf: begin sha with context 0x7f161c002b50 from symkey-key@0x55fd4c4d4be0 | hmac: release clone-key@0x55fd4c4d4be0 | hmac PRF sha crypt-prf@0x55fd4c4e8c48 | hmac PRF sha update data-bytes@0x55fd4c4db218 (length 64) | 26 fd 91 00 6e 77 b5 b1 21 84 58 56 c8 5b a4 f1 | 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | b5 e3 e7 fe 0b d1 3c 5a 43 99 f8 e8 e0 55 3c 53 | 82 3a b7 2f 29 80 1d 82 4b de 47 1b 3d f3 53 2e | hmac PRF sha final-bytes@0x7ffc39865910 (length 20) | 10 0b 30 1e bb f6 84 97 da 03 b6 e8 31 14 ee b3 | 3d ea a2 57 | data for hmac: 26 fd 91 00 6e 77 b5 b1 21 84 58 56 c8 5b a4 f1 | data for hmac: 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | data for hmac: b5 e3 e7 fe 0b d1 3c 5a 43 99 f8 e8 e0 55 3c 53 | data for hmac: 82 3a b7 2f 29 80 1d 82 4b de 47 1b 3d f3 53 2e | calculated auth: 10 0b 30 1e bb f6 84 97 da 03 b6 e8 | provided auth: 10 0b 30 1e bb f6 84 97 da 03 b6 e8 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | b5 e3 e7 fe 0b d1 3c 5a 43 99 f8 e8 e0 55 3c 53 | payload before decryption: | 82 3a b7 2f 29 80 1d 82 4b de 47 1b 3d f3 53 2e | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 00 00 00 08 00 00 00 0e 00 01 02 03 04 05 06 07 | stripping 8 octets as pad | #6 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2N) | **parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | processing payload: ISAKMP_NEXT_v2N (len=0) | selected state microcode IKE SA: process IKE_AUTH response containing unknown notification | Now let's proceed with state specific processing | calling processor IKE SA: process IKE_AUTH response containing unknown notification "aes128" #6: IKE_AUTH response contained the error notification NO_PROPOSAL_CHOSEN "aes128" #6: scheduling retry attempt 1 of an unlimited number, but releasing whack | release_pending_whacks: state #6 fd@25 .st_dev=9 .st_ino=10147878 | close_any(fd@25) (in release_whack() at state.c:654) | close_any(fd@24) (in release_whack() at state.c:654) | release_pending_whacks: IKE SA #5 fd@-1 has pending CHILD SA with socket fd@25 | libevent_free: release ptr-libevent@0x55fd4c4eae68 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f1610002b78 | event_schedule: new EVENT_RETRANSMIT-pe@0x7f1610002b78 | inserting event EVENT_RETRANSMIT, timeout in 59.994253 seconds for #6 | libevent_malloc: new ptr-libevent@0x7f1608005088 size 128 "aes128" #6: STATE_PARENT_I2: suppressing retransmits; will wait 59.994253 seconds for retry | #6 spent 0.112 milliseconds in processing: IKE SA: process IKE_AUTH response containing unknown notification in ikev2_process_state_packet() | [RE]START processing: state #6 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #6 complete_v2_state_transition() PARENT_I2->PARENT_I2 with status STF_IGNORE | stop processing: state #6 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #5 spent 0.357 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.369 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0416 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | close_any(fd@25) Errno 9: Bad file descriptor (in delete_pending() at pending.c:244) | removing pending policy for no connection {0x55fd4c4db198} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #6 | suspend processing: connection "aes128" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #6 connection "aes128" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #6 ikev2.child deleted other | #6 spent 0.112 milliseconds in total | [RE]START processing: state #6 connection "aes128" from 192.1.2.23 (in delete_state() at state.c:879) "aes128" #6: deleting state (STATE_PARENT_I2) aged 0.040s and NOT sending notification | child state #6: PARENT_I2(open IKE SA) => delete | child state #6: PARENT_I2(open IKE SA) => CHILDSA_DEL(informational) | state #6 requesting EVENT_RETRANSMIT to be deleted | #6 STATE_CHILDSA_DEL: retransmits: cleared | libevent_free: release ptr-libevent@0x7f1608005088 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f1610002b78 | priority calculation of connection "aes128" is 0xfe7e7 | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | stop processing: connection "aes128" (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #6 in CHILDSA_DEL | child state #6: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #6 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f161800a0e0 | delete_state: release st->st_skey_ai_nss-key@0x55fd4c4d6a20 | delete_state: release st->st_skey_ar_nss-key@0x55fd4c4cd5b0 | delete_state: release st->st_skey_ei_nss-key@0x55fd4c4d3130 | delete_state: release st->st_skey_er_nss-key@0x55fd4c44c080 | delete_state: release st->st_skey_pi_nss-key@0x55fd4c4d6640 | delete_state: release st->st_skey_pr_nss-key@0x55fd4c4ecc80 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #5 | start processing: state #5 connection "aes128" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #5 ikev2.ike deleted other | #5 spent 6.74 milliseconds in total | [RE]START processing: state #5 connection "aes128" from 192.1.2.23 (in delete_state() at state.c:879) "aes128" #5: deleting state (STATE_PARENT_I2) aged 0.053s and NOT sending notification | parent state #5: PARENT_I2(open IKE SA) => delete | state #5 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f1614002888 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f1614002b78 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #5 in PARENT_I2 | parent state #5: PARENT_I2(open IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f1614003a28: destroyed | stop processing: state #5 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x7f161800d840 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f161800a0e0 | delete_state: release st->st_skey_ai_nss-key@0x55fd4c4d6a20 | delete_state: release st->st_skey_ar_nss-key@0x55fd4c4cd5b0 | delete_state: release st->st_skey_ei_nss-key@0x55fd4c4d3130 | delete_state: release st->st_skey_er_nss-key@0x55fd4c44c080 | delete_state: release st->st_skey_pi_nss-key@0x55fd4c4d6640 | delete_state: release st->st_skey_pr_nss-key@0x55fd4c4ecc80 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x55fd4c4e8e78 | flush revival: connection 'aes128' wasn't on the list | stop processing: connection "aes128" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.39 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | child-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0632 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + suppress-retransmits | base impairing = suppress-retransmits | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0478 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing suppress-retransmits + none | base impairing = suppress-retransmits | ike-key-length-attribute:DUPLICATE | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0473 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection aes128 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x55fd4c4e8e78 added connection description "aes128" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.144 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #7 at 0x55fd4c4ed878 | State DB: adding IKEv2 state #7 in UNDEFINED | pstats #7 ikev2.ike started | Message ID: init #7: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #7: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #7; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #7 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #7 "aes128" "aes128" #7: initiating v2 parent SA | constructing local IKE proposals for aes128 (IKE SA initiator selecting KE) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "aes128": constructed local IKE proposals for aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 7 for state #7 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f1614002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #7 | libevent_malloc: new ptr-libevent@0x7f1608005088 size 128 | #7 spent 0.109 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 4 resuming | crypto helper 4 starting work-order 7 for state #7 | crypto helper 4 doing build KE and nonce (ikev2_outI1 KE); request ID 7 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f160c003618: created | NSS: Local DH MODP2048 secret (pointer): 0x7f160c003618 | NSS: Public DH wire value: | fd 47 99 1a d7 91 0c f2 7d 9a 26 9e 9b fa 6f 30 | a1 19 e8 ab b6 c4 a3 39 15 d1 32 45 a6 a4 cd 11 | 3c b9 89 a2 2f da e3 ce be 2c 5d d0 cc 7e 9f 2c | e9 8d a2 6a 40 71 c8 ad c5 10 97 e3 94 d4 4d 0c | 9f 33 5b 79 2b 33 6a 74 47 30 8b f3 0f 63 18 7c | 72 ad 8d cd 7d a9 93 7f 2c 80 ef 27 ab a4 50 da | 47 ff 59 7e 8d 01 ef 45 a9 60 c9 f5 91 14 bb df | 71 c0 f0 c3 02 93 a3 23 47 56 8d 91 dc 22 3d 81 | 90 41 b2 5e 67 6f 4b a5 8d cc 2d b7 9b 9a a1 56 | fa d6 6f 01 f2 d6 15 e2 8d c6 9c a6 21 f9 e9 3c | a8 da f3 f2 19 ec a2 8d 0f 6b 75 9c 38 6c 0e a8 | 15 83 e5 7c 23 6b 53 85 4e 8e 22 0c 6f 9e 31 df | 96 f1 8d 04 3d 32 45 07 86 ba 43 cd 36 29 78 3d | dd be 87 bb 13 d3 48 bf c6 db dc 85 61 46 23 c7 | 7d 21 6b 2a 42 97 7d 63 83 23 08 83 53 0f a0 99 | 52 79 5a 36 35 e9 ca e7 88 08 93 b3 61 bc 67 60 | Generated nonce: 92 ef 82 bd 0c d7 8f 7c 41 43 4e d9 41 6a 23 fe | Generated nonce: e0 f2 06 cc a6 d8 8f eb 1e 37 f7 23 bd 87 4c 4f | crypto helper 4 finished build KE and nonce (ikev2_outI1 KE); request ID 7 time elapsed 0.001075 seconds | (#7) spent 1.06 milliseconds in crypto helper computing work-order 7: ikev2_outI1 KE (pcr) | crypto helper 4 sending results from work-order 7 for state #7 to event queue | scheduling resume sending helper answer for #7 | libevent_malloc: new ptr-libevent@0x7f160c002888 size 128 | crypto helper 4 waiting (nothing to do) | RESET processing: state #7 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.181 milliseconds in whack | processing resume sending helper answer for #7 | start processing: state #7 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 4 replies to request ID 7 | calling continuation function 0x55fd4bceeb50 | ikev2_parent_outI1_continue for #7 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f160c003618: transferring ownership from helper KE to state #7 | **emit ISAKMP Message: | initiator cookie: | bb df d5 b9 5d 96 13 d2 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #7: IMPAIR: duplicating key-length attribute | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 16 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 52 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x fd 47 99 1a d7 91 0c f2 7d 9a 26 9e 9b fa 6f 30 | ikev2 g^x a1 19 e8 ab b6 c4 a3 39 15 d1 32 45 a6 a4 cd 11 | ikev2 g^x 3c b9 89 a2 2f da e3 ce be 2c 5d d0 cc 7e 9f 2c | ikev2 g^x e9 8d a2 6a 40 71 c8 ad c5 10 97 e3 94 d4 4d 0c | ikev2 g^x 9f 33 5b 79 2b 33 6a 74 47 30 8b f3 0f 63 18 7c | ikev2 g^x 72 ad 8d cd 7d a9 93 7f 2c 80 ef 27 ab a4 50 da | ikev2 g^x 47 ff 59 7e 8d 01 ef 45 a9 60 c9 f5 91 14 bb df | ikev2 g^x 71 c0 f0 c3 02 93 a3 23 47 56 8d 91 dc 22 3d 81 | ikev2 g^x 90 41 b2 5e 67 6f 4b a5 8d cc 2d b7 9b 9a a1 56 | ikev2 g^x fa d6 6f 01 f2 d6 15 e2 8d c6 9c a6 21 f9 e9 3c | ikev2 g^x a8 da f3 f2 19 ec a2 8d 0f 6b 75 9c 38 6c 0e a8 | ikev2 g^x 15 83 e5 7c 23 6b 53 85 4e 8e 22 0c 6f 9e 31 df | ikev2 g^x 96 f1 8d 04 3d 32 45 07 86 ba 43 cd 36 29 78 3d | ikev2 g^x dd be 87 bb 13 d3 48 bf c6 db dc 85 61 46 23 c7 | ikev2 g^x 7d 21 6b 2a 42 97 7d 63 83 23 08 83 53 0f a0 99 | ikev2 g^x 52 79 5a 36 35 e9 ca e7 88 08 93 b3 61 bc 67 60 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 92 ef 82 bd 0c d7 8f 7c 41 43 4e d9 41 6a 23 fe | IKEv2 nonce e0 f2 06 cc a6 d8 8f eb 1e 37 f7 23 bd 87 4c 4f | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865e90 (length 8) | bb df d5 b9 5d 96 13 d2 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865e98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffc39865dc4 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffc39865db6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865e40 (length 20) | ff 1c d9 29 3e 89 4d 45 e0 6c 20 72 6b 9a 2e cb | 83 65 87 8a | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= bb df d5 b9 5d 96 13 d2 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= ff 1c d9 29 3e 89 4d 45 e0 6c 20 72 6b 9a 2e cb | natd_hash: hash= 83 65 87 8a | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data ff 1c d9 29 3e 89 4d 45 e0 6c 20 72 6b 9a 2e cb | Notify data 83 65 87 8a | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865e90 (length 8) | bb df d5 b9 5d 96 13 d2 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865e98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffc39865dc4 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffc39865db6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865e40 (length 20) | fc 3e 35 bb a6 99 ca f9 7e 1a 28 5d 52 fc 92 7d | 0a 8a 60 e2 | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= bb df d5 b9 5d 96 13 d2 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= fc 3e 35 bb a6 99 ca f9 7e 1a 28 5d 52 fc 92 7d | natd_hash: hash= 0a 8a 60 e2 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data fc 3e 35 bb a6 99 ca f9 7e 1a 28 5d 52 fc 92 7d | Notify data 0a 8a 60 e2 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 444 | stop processing: state #7 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #7 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #7 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #7: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #7 to 4294967295 after switching state | Message ID: IKE #7 skipping update_recv as MD is fake | Message ID: sent #7 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #7: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 444 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #7) | bb df d5 b9 5d 96 13 d2 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 bc 22 00 00 34 | 00 00 00 30 01 01 00 04 03 00 00 10 01 00 00 0c | 80 0e 00 80 80 0e 00 80 03 00 00 08 02 00 00 02 | 03 00 00 08 03 00 00 02 00 00 00 08 04 00 00 0e | 28 00 01 08 00 0e 00 00 fd 47 99 1a d7 91 0c f2 | 7d 9a 26 9e 9b fa 6f 30 a1 19 e8 ab b6 c4 a3 39 | 15 d1 32 45 a6 a4 cd 11 3c b9 89 a2 2f da e3 ce | be 2c 5d d0 cc 7e 9f 2c e9 8d a2 6a 40 71 c8 ad | c5 10 97 e3 94 d4 4d 0c 9f 33 5b 79 2b 33 6a 74 | 47 30 8b f3 0f 63 18 7c 72 ad 8d cd 7d a9 93 7f | 2c 80 ef 27 ab a4 50 da 47 ff 59 7e 8d 01 ef 45 | a9 60 c9 f5 91 14 bb df 71 c0 f0 c3 02 93 a3 23 | 47 56 8d 91 dc 22 3d 81 90 41 b2 5e 67 6f 4b a5 | 8d cc 2d b7 9b 9a a1 56 fa d6 6f 01 f2 d6 15 e2 | 8d c6 9c a6 21 f9 e9 3c a8 da f3 f2 19 ec a2 8d | 0f 6b 75 9c 38 6c 0e a8 15 83 e5 7c 23 6b 53 85 | 4e 8e 22 0c 6f 9e 31 df 96 f1 8d 04 3d 32 45 07 | 86 ba 43 cd 36 29 78 3d dd be 87 bb 13 d3 48 bf | c6 db dc 85 61 46 23 c7 7d 21 6b 2a 42 97 7d 63 | 83 23 08 83 53 0f a0 99 52 79 5a 36 35 e9 ca e7 | 88 08 93 b3 61 bc 67 60 29 00 00 24 92 ef 82 bd | 0c d7 8f 7c 41 43 4e d9 41 6a 23 fe e0 f2 06 cc | a6 d8 8f eb 1e 37 f7 23 bd 87 4c 4f 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 ff 1c d9 29 | 3e 89 4d 45 e0 6c 20 72 6b 9a 2e cb 83 65 87 8a | 00 00 00 1c 00 00 40 05 fc 3e 35 bb a6 99 ca f9 | 7e 1a 28 5d 52 fc 92 7d 0a 8a 60 e2 | state #7 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f1608005088 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f1614002b78 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "aes128" #7: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x7f1614002b78 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #7 | libevent_malloc: new ptr-libevent@0x55fd4c4ee448 size 128 | #7 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29299.967433 | resume sending helper answer for #7 suppresed complete_v2_state_transition() and stole MD | #7 spent 0.536 milliseconds in resume sending helper answer | stop processing: state #7 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f160c002888 | spent 0.00335 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 6e 43 2b ae 1a 0e f4 a7 5e 7e e3 29 | ca a8 1f 3f 96 9d c3 fd 27 2c 02 66 51 d5 e3 69 | d7 1e 3e 39 7d 66 cc f5 1f 1e 47 72 20 b9 0f 61 | c9 7d e5 b5 bb 53 2d 25 21 86 f2 3c 5a 72 c5 18 | e0 32 8c e4 8b 72 3d a8 24 16 6a b0 15 2c b4 34 | 2a ef d1 85 f2 9f 46 8b bc b1 28 b6 f5 47 b9 35 | 6d 29 b0 22 88 42 63 14 c0 f1 53 28 7a de 84 f6 | bf 78 53 e6 d6 f0 d1 a6 41 fc e4 4b 7c 56 8d a1 | c1 f3 0c ee 84 e6 ec 21 0b 98 66 4a ea ef 87 e0 | e6 8a 94 7f 72 62 cd 27 48 78 e4 ca 12 91 62 2b | 3b 5b 27 fc c2 f0 dc 1b 57 61 89 80 97 86 c6 60 | 61 bc cf aa 42 2d 0a 85 9a 15 78 4f 4b cf 78 53 | 12 0b c7 c6 3e 51 75 be a1 f7 04 eb 27 9f a0 ad | 96 6c 3b 63 e5 15 b7 e9 6e 2d 9c 5f 90 94 57 7a | ca 1e 8b a4 3a 54 6c 5f 95 07 83 fc cb 16 dd 63 | 36 fa 0d 45 67 c0 fc 51 6f a5 54 68 d1 13 e9 de | 10 d5 a3 fd 29 00 00 24 f8 e5 a8 5a 64 ce df e7 | 5b 55 db dc eb ce 00 21 58 d7 46 86 ab 5b 18 06 | 89 53 bc bf ea a5 8e 9e 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 b5 7a 3e 8e 7b 38 0a 5c | 97 d5 2c 94 46 65 11 8b 94 b1 83 0e 00 00 00 1c | 00 00 40 05 0a e1 9b ab 31 3b 40 52 ee 6a 13 ae | 19 97 d4 38 a8 1d 3f 84 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | bb df d5 b9 5d 96 13 d2 | responder cookie: | d3 db 59 3f cd 74 e9 39 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #7 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #7 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #7 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #7 is idle | #7 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | State DB: re-hashing IKEv2 state #7 IKE SPIi and SPI[ir] | #7 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | DH public value received: | 6e 43 2b ae 1a 0e f4 a7 5e 7e e3 29 ca a8 1f 3f | 96 9d c3 fd 27 2c 02 66 51 d5 e3 69 d7 1e 3e 39 | 7d 66 cc f5 1f 1e 47 72 20 b9 0f 61 c9 7d e5 b5 | bb 53 2d 25 21 86 f2 3c 5a 72 c5 18 e0 32 8c e4 | 8b 72 3d a8 24 16 6a b0 15 2c b4 34 2a ef d1 85 | f2 9f 46 8b bc b1 28 b6 f5 47 b9 35 6d 29 b0 22 | 88 42 63 14 c0 f1 53 28 7a de 84 f6 bf 78 53 e6 | d6 f0 d1 a6 41 fc e4 4b 7c 56 8d a1 c1 f3 0c ee | 84 e6 ec 21 0b 98 66 4a ea ef 87 e0 e6 8a 94 7f | 72 62 cd 27 48 78 e4 ca 12 91 62 2b 3b 5b 27 fc | c2 f0 dc 1b 57 61 89 80 97 86 c6 60 61 bc cf aa | 42 2d 0a 85 9a 15 78 4f 4b cf 78 53 12 0b c7 c6 | 3e 51 75 be a1 f7 04 eb 27 9f a0 ad 96 6c 3b 63 | e5 15 b7 e9 6e 2d 9c 5f 90 94 57 7a ca 1e 8b a4 | 3a 54 6c 5f 95 07 83 fc cb 16 dd 63 36 fa 0d 45 | 67 c0 fc 51 6f a5 54 68 d1 13 e9 de 10 d5 a3 fd | using existing local IKE proposals for connection aes128 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE initiator (accepting) 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865950 (length 8) | bb df d5 b9 5d 96 13 d2 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865958 (length 8) | d3 db 59 3f cd 74 e9 39 | NATD hash sha digest IP addr-bytes@0x7ffc398658e4 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffc398658d6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865960 (length 20) | 0a e1 9b ab 31 3b 40 52 ee 6a 13 ae 19 97 d4 38 | a8 1d 3f 84 | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= bb df d5 b9 5d 96 13 d2 | natd_hash: rcookie= d3 db 59 3f cd 74 e9 39 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 0a e1 9b ab 31 3b 40 52 ee 6a 13 ae 19 97 d4 38 | natd_hash: hash= a8 1d 3f 84 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865950 (length 8) | bb df d5 b9 5d 96 13 d2 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865958 (length 8) | d3 db 59 3f cd 74 e9 39 | NATD hash sha digest IP addr-bytes@0x7ffc398658e4 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffc398658d6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865980 (length 20) | b5 7a 3e 8e 7b 38 0a 5c 97 d5 2c 94 46 65 11 8b | 94 b1 83 0e | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= bb df d5 b9 5d 96 13 d2 | natd_hash: rcookie= d3 db 59 3f cd 74 e9 39 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= b5 7a 3e 8e 7b 38 0a 5c 97 d5 2c 94 46 65 11 8b | natd_hash: hash= 94 b1 83 0e | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f160c003618: transferring ownership from state #7 to helper IKEv2 DH | adding ikev2_inR1outI2 KE work-order 8 for state #7 | state #7 requesting EVENT_RETRANSMIT to be deleted | #7 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x55fd4c4ee448 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f1614002b78 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f160c002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #7 | libevent_malloc: new ptr-libevent@0x7f160c002888 size 128 | #7 spent 0.264 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | crypto helper 1 resuming | crypto helper 1 starting work-order 8 for state #7 | crypto helper 1 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 8 | peer's g: 6e 43 2b ae 1a 0e f4 a7 5e 7e e3 29 ca a8 1f 3f | peer's g: 96 9d c3 fd 27 2c 02 66 51 d5 e3 69 d7 1e 3e 39 | peer's g: 7d 66 cc f5 1f 1e 47 72 20 b9 0f 61 c9 7d e5 b5 | peer's g: bb 53 2d 25 21 86 f2 3c 5a 72 c5 18 e0 32 8c e4 | peer's g: 8b 72 3d a8 24 16 6a b0 15 2c b4 34 2a ef d1 85 | peer's g: f2 9f 46 8b bc b1 28 b6 f5 47 b9 35 6d 29 b0 22 | peer's g: 88 42 63 14 c0 f1 53 28 7a de 84 f6 bf 78 53 e6 | peer's g: d6 f0 d1 a6 41 fc e4 4b 7c 56 8d a1 c1 f3 0c ee | peer's g: 84 e6 ec 21 0b 98 66 4a ea ef 87 e0 e6 8a 94 7f | peer's g: 72 62 cd 27 48 78 e4 ca 12 91 62 2b 3b 5b 27 fc | peer's g: c2 f0 dc 1b 57 61 89 80 97 86 c6 60 61 bc cf aa | peer's g: 42 2d 0a 85 9a 15 78 4f 4b cf 78 53 12 0b c7 c6 | peer's g: 3e 51 75 be a1 f7 04 eb 27 9f a0 ad 96 6c 3b 63 | peer's g: e5 15 b7 e9 6e 2d 9c 5f 90 94 57 7a ca 1e 8b a4 | peer's g: 3a 54 6c 5f 95 07 83 fc cb 16 dd 63 36 fa 0d 45 | peer's g: 67 c0 fc 51 6f a5 54 68 d1 13 e9 de 10 d5 a3 fd | Started DH shared-secret computation in NSS: | new : g_ir-key@0x55fd4c4ecc80 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f160c003618: computed shared DH secret key@0x55fd4c4ecc80 | dh-shared : g^ir-key@0x55fd4c4ecc80 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f1620003b28 (length 64) | 92 ef 82 bd 0c d7 8f 7c 41 43 4e d9 41 6a 23 fe | e0 f2 06 cc a6 d8 8f eb 1e 37 f7 23 bd 87 4c 4f | [RE]START processing: state #7 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | f8 e5 a8 5a 64 ce df e7 5b 55 db dc eb ce 00 21 | 58 d7 46 86 ab 5b 18 06 89 53 bc bf ea a5 8e 9e | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162a6316e0 | result: Ni | Nr-key@0x55fd4c44c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x55fd4c44c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a6316c8 | result: Ni | Nr-key@0x55fd4c4d6640 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x55fd4c44c080 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f16200014c0 from Ni | Nr-key@0x55fd4c4d6640 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f16200014c0 from Ni | Nr-key@0x55fd4c4d6640 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x55fd4c4d6640 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f1620001278 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x55fd4c4ecc80 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x55fd4c4ecc80 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x55fd4c4ecc80 | nss hmac digest hack: symkey-key@0x55fd4c4ecc80 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)1272357058: f6 09 98 5a 8e 6f 35 2b 9a a9 1e 86 ec 65 bc 45 fe 60 2a 86 c4 64 0d dc 4c 28 0c d7 67 da d0 8d 3d 16 a7 7b 71 5c a3 ab 28 49 db 7d cd c0 38 fc fe 34 74 b7 10 ad b5 e1 6e 26 ef d9 a5 8d a2 c4 19 3e 6b 46 00 69 21 18 eb 17 6f 59 f8 2a b7 0a b4 fc 8a 2d da 0d a5 81 00 c1 d8 da 99 15 13 3b 44 9c 46 38 3b 00 16 ce 42 ee 4e c3 3a 89 b6 80 60 d9 8c 97 dc e1 52 e5 c4 7b 2a 3e 7c c8 5b 68 88 5b d8 56 fd d3 fd 34 2a f9 78 39 da 06 c4 4e aa e0 0f 13 02 00 7e 70 37 b2 5f 3d 0f 4d b4 24 8e 5d ef 1a cd 2f 9d 0b 9b 03 47 1e 73 aa 2f 31 e7 92 97 45 64 78 48 74 7d 49 37 a3 ef 12 86 5d b7 88 f4 82 53 79 ca 19 28 b1 db 00 fb 83 42 df 23 1c 8b de f2 c4 d6 07 c5 9a 55 a5 1f c3 65 a8 04 90 a9 f0 2d ad 1f d8 71 bf 71 67 24 a1 ab f5 19 53 c9 1c 39 34 42 0a 61 98 d8 92 3f ef c3 e3 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 256 bytes at 0x7f16200048f8 | unwrapped: 5f f1 d9 03 4d 9b 0a 99 2a 8f f8 56 08 a3 df 0c | unwrapped: 82 19 e8 07 09 f0 4f 3f 0d 99 62 77 35 64 44 35 | unwrapped: 69 59 80 ca b7 70 91 ab 18 eb 3f 7d e8 0c 4e 4e | unwrapped: 8e 88 8f d4 2e 63 ac b7 04 d4 67 c9 d4 50 ae bd | unwrapped: 3c df 42 1f 0b 78 1f 1e 8b a5 88 bb 49 5d 18 2e | unwrapped: 32 2f d0 e0 8b 4d 5e 23 7d 35 bf 13 84 9f 91 57 | unwrapped: 71 bb 18 8f 7a ba c5 f9 1d 12 40 9d f6 47 d2 69 | unwrapped: 06 68 de 4f 69 a0 05 4f a6 ce 23 8f c7 1d 96 13 | unwrapped: 91 99 ea 41 2a 0c a9 82 fc d2 20 ba de 21 97 11 | unwrapped: 29 4d e1 b8 0c ba 82 a0 ee c1 9c 22 ff 65 d2 c1 | unwrapped: 40 84 23 1d de 9a 66 03 a2 aa a6 4c 97 cf 01 05 | unwrapped: f4 3a 84 60 c6 94 74 90 b5 a1 a0 f5 01 15 d5 f7 | unwrapped: 34 69 80 fc bc c1 b9 66 ab 33 0b ec 13 7e 1b 55 | unwrapped: 11 98 8b a5 82 f8 9f 34 a7 1f 2f 64 0c 56 e3 14 | unwrapped: ce db 04 68 98 25 8a f7 fb fa 72 71 8b 52 c8 3a | unwrapped: 78 d2 14 63 9c bb 67 72 25 21 41 48 ad 38 90 45 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162a631700 | result: final-key@0x55fd4c44c080 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c44c080 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a6316e8 | result: final-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c44c080 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x55fd4c4d6640 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162a631670 | result: data=Ni-key@0x55fd4c4d3130 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x55fd4c4d3130 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a631658 | result: data=Ni-key@0x55fd4c44c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x55fd4c4d3130 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c44c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f162a631660 | result: data+=Nr-key@0x55fd4c4d3130 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55fd4c44c080 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d3130 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f162a631660 | result: data+=SPIi-key@0x55fd4c44c080 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55fd4c4d3130 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c44c080 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f162a631660 | result: data+=SPIr-key@0x55fd4c4d3130 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55fd4c44c080 | prf+0 PRF sha init key-key@0x55fd4c4d6640 (size 20) | prf+0: key-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a631588 | result: clone-key@0x55fd4c44c080 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f16200014c0 from key-key@0x55fd4c44c080 | prf+0 prf: begin sha with context 0x7f16200014c0 from key-key@0x55fd4c44c080 | prf+0: release clone-key@0x55fd4c44c080 | prf+0 PRF sha crypt-prf@0x7f1620002168 | prf+0 PRF sha update seed-key@0x55fd4c4d3130 (size 80) | prf+0: seed-key@0x55fd4c4d3130 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c4d3130 | nss hmac digest hack: symkey-key@0x55fd4c4d3130 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 16 f6 6f ac 42 ec ef 64 e0 2d ae c3 db 32 0d 60 71 7a 93 13 f0 05 3a f1 c5 23 86 aa bf 87 23 b2 9a f5 d2 e1 70 82 54 f0 4d fe a7 ae fe 8a ec 96 ed 6e 50 a4 ed a2 51 b3 5c ce 66 5f b5 10 21 61 e5 9d ce 7c a9 81 8c e8 6b 56 0b 6f 2b 3e c9 5e | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f1620005ab8 | unwrapped: 92 ef 82 bd 0c d7 8f 7c 41 43 4e d9 41 6a 23 fe | unwrapped: e0 f2 06 cc a6 d8 8f eb 1e 37 f7 23 bd 87 4c 4f | unwrapped: f8 e5 a8 5a 64 ce df e7 5b 55 db dc eb ce 00 21 | unwrapped: 58 d7 46 86 ab 5b 18 06 89 53 bc bf ea a5 8e 9e | unwrapped: bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162a631590 | result: final-key@0x55fd4c4cd5b0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4cd5b0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a631578 | result: final-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4cd5b0 | prf+0 PRF sha final-key@0x55fd4c44c080 (size 20) | prf+0: key-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x55fd4c44c080 | prf+N PRF sha init key-key@0x55fd4c4d6640 (size 20) | prf+N: key-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a631588 | result: clone-key@0x55fd4c4cd5b0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f16200014c0 from key-key@0x55fd4c4cd5b0 | prf+N prf: begin sha with context 0x7f16200014c0 from key-key@0x55fd4c4cd5b0 | prf+N: release clone-key@0x55fd4c4cd5b0 | prf+N PRF sha crypt-prf@0x7f1620004c28 | prf+N PRF sha update old_t-key@0x55fd4c44c080 (size 20) | prf+N: old_t-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c44c080 | nss hmac digest hack: symkey-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 4a c8 78 ee b6 af 14 3e 7e 62 05 5d 1c 69 b4 05 38 26 fa 6d 38 0d f4 0e c7 2f ab 5c e7 6c 8b 04 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f1620002b28 | unwrapped: 06 c7 92 6e 12 a6 ac c5 df da 77 0a a7 cd ef ea | unwrapped: 1a c0 18 db 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4d3130 (size 80) | prf+N: seed-key@0x55fd4c4d3130 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c4d3130 | nss hmac digest hack: symkey-key@0x55fd4c4d3130 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 16 f6 6f ac 42 ec ef 64 e0 2d ae c3 db 32 0d 60 71 7a 93 13 f0 05 3a f1 c5 23 86 aa bf 87 23 b2 9a f5 d2 e1 70 82 54 f0 4d fe a7 ae fe 8a ec 96 ed 6e 50 a4 ed a2 51 b3 5c ce 66 5f b5 10 21 61 e5 9d ce 7c a9 81 8c e8 6b 56 0b 6f 2b 3e c9 5e | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f1620005a38 | unwrapped: 92 ef 82 bd 0c d7 8f 7c 41 43 4e d9 41 6a 23 fe | unwrapped: e0 f2 06 cc a6 d8 8f eb 1e 37 f7 23 bd 87 4c 4f | unwrapped: f8 e5 a8 5a 64 ce df e7 5b 55 db dc eb ce 00 21 | unwrapped: 58 d7 46 86 ab 5b 18 06 89 53 bc bf ea a5 8e 9e | unwrapped: bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162a631590 | result: final-key@0x55fd4c4d6a20 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d6a20 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a631578 | result: final-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4d6a20 | prf+N PRF sha final-key@0x55fd4c4cd5b0 (size 20) | prf+N: key-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f162a631608 | result: result-key@0x55fd4c4d6a20 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c44c080 | prfplus: release old_t[N]-key@0x55fd4c44c080 | prf+N PRF sha init key-key@0x55fd4c4d6640 (size 20) | prf+N: key-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a631588 | result: clone-key@0x55fd4c44c080 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f16200014c0 from key-key@0x55fd4c44c080 | prf+N prf: begin sha with context 0x7f16200014c0 from key-key@0x55fd4c44c080 | prf+N: release clone-key@0x55fd4c44c080 | prf+N PRF sha crypt-prf@0x7f1620002168 | prf+N PRF sha update old_t-key@0x55fd4c4cd5b0 (size 20) | prf+N: old_t-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4cd5b0 | nss hmac digest hack: symkey-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 63 6d 9b ce 98 e1 3a 7c f0 d3 26 6c be 8b 00 63 3d 0f 74 87 55 06 f6 76 95 cc 39 ad 13 c1 b9 27 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f1620001278 | unwrapped: 37 0a d1 85 1e d0 bf 54 8b 00 d8 33 4d ee 8b 74 | unwrapped: 3e 21 19 3e 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4d3130 (size 80) | prf+N: seed-key@0x55fd4c4d3130 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c4d3130 | nss hmac digest hack: symkey-key@0x55fd4c4d3130 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 16 f6 6f ac 42 ec ef 64 e0 2d ae c3 db 32 0d 60 71 7a 93 13 f0 05 3a f1 c5 23 86 aa bf 87 23 b2 9a f5 d2 e1 70 82 54 f0 4d fe a7 ae fe 8a ec 96 ed 6e 50 a4 ed a2 51 b3 5c ce 66 5f b5 10 21 61 e5 9d ce 7c a9 81 8c e8 6b 56 0b 6f 2b 3e c9 5e | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f1620005ab8 | unwrapped: 92 ef 82 bd 0c d7 8f 7c 41 43 4e d9 41 6a 23 fe | unwrapped: e0 f2 06 cc a6 d8 8f eb 1e 37 f7 23 bd 87 4c 4f | unwrapped: f8 e5 a8 5a 64 ce df e7 5b 55 db dc eb ce 00 21 | unwrapped: 58 d7 46 86 ab 5b 18 06 89 53 bc bf ea a5 8e 9e | unwrapped: bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162a631590 | result: final-key@0x7f161800a0e0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f161800a0e0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a631578 | result: final-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f161800a0e0 | prf+N PRF sha final-key@0x55fd4c44c080 (size 20) | prf+N: key-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d6a20 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f162a631608 | result: result-key@0x7f161800a0e0 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4d6a20 | prfplus: release old_t[N]-key@0x55fd4c4cd5b0 | prf+N PRF sha init key-key@0x55fd4c4d6640 (size 20) | prf+N: key-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a631588 | result: clone-key@0x55fd4c4cd5b0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f16200014c0 from key-key@0x55fd4c4cd5b0 | prf+N prf: begin sha with context 0x7f16200014c0 from key-key@0x55fd4c4cd5b0 | prf+N: release clone-key@0x55fd4c4cd5b0 | prf+N PRF sha crypt-prf@0x7f1620002b28 | prf+N PRF sha update old_t-key@0x55fd4c44c080 (size 20) | prf+N: old_t-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c44c080 | nss hmac digest hack: symkey-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 79 a7 62 52 5d 69 e8 f6 b7 17 83 84 d0 3e 01 60 c0 bd 61 7b eb a4 78 e5 a9 5b 03 f0 8c 43 5c f1 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f1620005d08 | unwrapped: b2 7c c8 59 51 6a c9 42 c8 68 4d 46 0b 0c a1 c2 | unwrapped: 24 bf b4 18 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4d3130 (size 80) | prf+N: seed-key@0x55fd4c4d3130 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c4d3130 | nss hmac digest hack: symkey-key@0x55fd4c4d3130 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 16 f6 6f ac 42 ec ef 64 e0 2d ae c3 db 32 0d 60 71 7a 93 13 f0 05 3a f1 c5 23 86 aa bf 87 23 b2 9a f5 d2 e1 70 82 54 f0 4d fe a7 ae fe 8a ec 96 ed 6e 50 a4 ed a2 51 b3 5c ce 66 5f b5 10 21 61 e5 9d ce 7c a9 81 8c e8 6b 56 0b 6f 2b 3e c9 5e | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f1620005a38 | unwrapped: 92 ef 82 bd 0c d7 8f 7c 41 43 4e d9 41 6a 23 fe | unwrapped: e0 f2 06 cc a6 d8 8f eb 1e 37 f7 23 bd 87 4c 4f | unwrapped: f8 e5 a8 5a 64 ce df e7 5b 55 db dc eb ce 00 21 | unwrapped: 58 d7 46 86 ab 5b 18 06 89 53 bc bf ea a5 8e 9e | unwrapped: bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162a631590 | result: final-key@0x55fd4c4d6a20 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d6a20 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a631578 | result: final-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4d6a20 | prf+N PRF sha final-key@0x55fd4c4cd5b0 (size 20) | prf+N: key-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f161800a0e0 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f162a631608 | result: result-key@0x55fd4c4d6a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f161800a0e0 | prfplus: release old_t[N]-key@0x55fd4c44c080 | prf+N PRF sha init key-key@0x55fd4c4d6640 (size 20) | prf+N: key-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a631588 | result: clone-key@0x55fd4c44c080 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f16200014c0 from key-key@0x55fd4c44c080 | prf+N prf: begin sha with context 0x7f16200014c0 from key-key@0x55fd4c44c080 | prf+N: release clone-key@0x55fd4c44c080 | prf+N PRF sha crypt-prf@0x7f1620004c28 | prf+N PRF sha update old_t-key@0x55fd4c4cd5b0 (size 20) | prf+N: old_t-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4cd5b0 | nss hmac digest hack: symkey-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 47 7c a2 76 c3 07 ec a1 35 52 ce af 30 cc 2f 28 f8 41 21 2e ff 07 a3 7d a9 73 50 35 69 28 9f 7c | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f1620001278 | unwrapped: 60 7b b4 97 b8 44 1c 10 76 5f 5c ce e4 66 a5 e5 | unwrapped: 86 7a 4a 82 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4d3130 (size 80) | prf+N: seed-key@0x55fd4c4d3130 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c4d3130 | nss hmac digest hack: symkey-key@0x55fd4c4d3130 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 16 f6 6f ac 42 ec ef 64 e0 2d ae c3 db 32 0d 60 71 7a 93 13 f0 05 3a f1 c5 23 86 aa bf 87 23 b2 9a f5 d2 e1 70 82 54 f0 4d fe a7 ae fe 8a ec 96 ed 6e 50 a4 ed a2 51 b3 5c ce 66 5f b5 10 21 61 e5 9d ce 7c a9 81 8c e8 6b 56 0b 6f 2b 3e c9 5e | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f1620005ab8 | unwrapped: 92 ef 82 bd 0c d7 8f 7c 41 43 4e d9 41 6a 23 fe | unwrapped: e0 f2 06 cc a6 d8 8f eb 1e 37 f7 23 bd 87 4c 4f | unwrapped: f8 e5 a8 5a 64 ce df e7 5b 55 db dc eb ce 00 21 | #7 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #7 and saving MD | #7 is busy; has a suspended MD | [RE]START processing: state #7 connection "aes128" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) | "aes128" #7 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | stop processing: state #7 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | unwrapped: 58 d7 46 86 ab 5b 18 06 89 53 bc bf ea a5 8e 9e | #7 spent 0.49 milliseconds in ikev2_process_packet() | unwrapped: bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | prf+N PRF sha update N++-byte@0x5 (5) | 05 | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | spent 0.511 milliseconds in comm_handle_cb() reading and processing packet | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162a631590 | result: final-key@0x7f161800a0e0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f161800a0e0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a631578 | result: final-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f161800a0e0 | prf+N PRF sha final-key@0x55fd4c44c080 (size 20) | prf+N: key-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d6a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f162a631608 | result: result-key@0x7f161800a0e0 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4d6a20 | prfplus: release old_t[N]-key@0x55fd4c4cd5b0 | prf+N PRF sha init key-key@0x55fd4c4d6640 (size 20) | prf+N: key-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a631588 | result: clone-key@0x55fd4c4cd5b0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f1620001530 from key-key@0x55fd4c4cd5b0 | prf+N prf: begin sha with context 0x7f1620001530 from key-key@0x55fd4c4cd5b0 | prf+N: release clone-key@0x55fd4c4cd5b0 | prf+N PRF sha crypt-prf@0x7f1620002168 | prf+N PRF sha update old_t-key@0x55fd4c44c080 (size 20) | prf+N: old_t-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c44c080 | nss hmac digest hack: symkey-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 9d 36 05 8d 81 f4 e2 70 2d e1 b1 6f 76 24 ed 53 ee a4 c2 f8 0f 7c 0a 3f 44 63 a4 ae 9f f0 01 e0 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f1620002b28 | unwrapped: 74 49 eb ef 0c 0e 12 66 8a 2c 62 3a 10 88 dd dd | unwrapped: fa 3f 4d fc 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4d3130 (size 80) | prf+N: seed-key@0x55fd4c4d3130 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c4d3130 | nss hmac digest hack: symkey-key@0x55fd4c4d3130 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 16 f6 6f ac 42 ec ef 64 e0 2d ae c3 db 32 0d 60 71 7a 93 13 f0 05 3a f1 c5 23 86 aa bf 87 23 b2 9a f5 d2 e1 70 82 54 f0 4d fe a7 ae fe 8a ec 96 ed 6e 50 a4 ed a2 51 b3 5c ce 66 5f b5 10 21 61 e5 9d ce 7c a9 81 8c e8 6b 56 0b 6f 2b 3e c9 5e | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f1620005a38 | unwrapped: 92 ef 82 bd 0c d7 8f 7c 41 43 4e d9 41 6a 23 fe | unwrapped: e0 f2 06 cc a6 d8 8f eb 1e 37 f7 23 bd 87 4c 4f | unwrapped: f8 e5 a8 5a 64 ce df e7 5b 55 db dc eb ce 00 21 | unwrapped: 58 d7 46 86 ab 5b 18 06 89 53 bc bf ea a5 8e 9e | unwrapped: bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162a631590 | result: final-key@0x55fd4c4d6a20 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d6a20 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a631578 | result: final-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4d6a20 | prf+N PRF sha final-key@0x55fd4c4cd5b0 (size 20) | prf+N: key-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f161800a0e0 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f162a631608 | result: result-key@0x55fd4c4d6a20 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f161800a0e0 | prfplus: release old_t[N]-key@0x55fd4c44c080 | prf+N PRF sha init key-key@0x55fd4c4d6640 (size 20) | prf+N: key-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a631588 | result: clone-key@0x55fd4c44c080 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f16200014c0 from key-key@0x55fd4c44c080 | prf+N prf: begin sha with context 0x7f16200014c0 from key-key@0x55fd4c44c080 | prf+N: release clone-key@0x55fd4c44c080 | prf+N PRF sha crypt-prf@0x7f1620004c28 | prf+N PRF sha update old_t-key@0x55fd4c4cd5b0 (size 20) | prf+N: old_t-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4cd5b0 | nss hmac digest hack: symkey-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: f2 b1 73 6c bf 66 3f 5c fb 7c af 89 54 4b 0a 94 af a5 fd 98 b2 ec cc f5 41 41 ee 3c 76 30 6c 49 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f1620001278 | unwrapped: c2 2b ef 31 ad 02 cd 2e 62 33 55 ce 9c 3c e2 e5 | unwrapped: 6d 65 24 e2 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4d3130 (size 80) | prf+N: seed-key@0x55fd4c4d3130 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c4d3130 | nss hmac digest hack: symkey-key@0x55fd4c4d3130 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 16 f6 6f ac 42 ec ef 64 e0 2d ae c3 db 32 0d 60 71 7a 93 13 f0 05 3a f1 c5 23 86 aa bf 87 23 b2 9a f5 d2 e1 70 82 54 f0 4d fe a7 ae fe 8a ec 96 ed 6e 50 a4 ed a2 51 b3 5c ce 66 5f b5 10 21 61 e5 9d ce 7c a9 81 8c e8 6b 56 0b 6f 2b 3e c9 5e | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f1620006aa8 | unwrapped: 92 ef 82 bd 0c d7 8f 7c 41 43 4e d9 41 6a 23 fe | unwrapped: e0 f2 06 cc a6 d8 8f eb 1e 37 f7 23 bd 87 4c 4f | unwrapped: f8 e5 a8 5a 64 ce df e7 5b 55 db dc eb ce 00 21 | unwrapped: 58 d7 46 86 ab 5b 18 06 89 53 bc bf ea a5 8e 9e | unwrapped: bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162a631590 | result: final-key@0x7f161800a0e0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f161800a0e0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a631578 | result: final-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f161800a0e0 | prf+N PRF sha final-key@0x55fd4c44c080 (size 20) | prf+N: key-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d6a20 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f162a631608 | result: result-key@0x7f161800a0e0 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4d6a20 | prfplus: release old_t[N]-key@0x55fd4c4cd5b0 | prfplus: release old_t[final]-key@0x55fd4c44c080 | ike_sa_keymat: release data-key@0x55fd4c4d3130 | calc_skeyseed_v2: release skeyseed_k-key@0x55fd4c4d6640 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f161800a0e0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a6317a8 | result: result-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f161800a0e0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a6317a8 | result: result-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f161800a0e0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a6317a8 | result: result-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f161800a0e0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a6317b8 | result: SK_ei_k-key@0x55fd4c4cd5b0 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f161800a0e0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a6317b8 | result: SK_er_k-key@0x55fd4c4d6a20 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f161800a0e0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a6317b8 | result: result-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x7f161800d840 | chunk_SK_pi: symkey-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: a5 58 1e 76 4b 67 bc e5 ef bd fa 59 43 f3 49 31 e7 aa 3a f7 42 40 2b 88 0f 25 35 49 60 60 f3 27 | chunk_SK_pi: release slot-key-key@0x55fd4c4cfe50 | chunk_SK_pi extracted len 32 bytes at 0x7f1620002168 | unwrapped: 10 88 dd dd fa 3f 4d fc c2 2b ef 31 ad 02 cd 2e | unwrapped: 62 33 55 ce 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f161800a0e0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a6317b8 | result: result-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x55fd4c4d4be0 | chunk_SK_pr: symkey-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: 44 7e eb 90 79 39 4f 5c 3b 3d ba aa 04 ee 93 04 cf b8 05 a4 6b da 34 4e 11 8a 03 72 3c ed 80 45 | chunk_SK_pr: release slot-key-key@0x55fd4c4cfe50 | chunk_SK_pr extracted len 32 bytes at 0x7f1620001278 | unwrapped: 9c 3c e2 e5 6d 65 24 e2 c4 4a 48 2c dd 13 79 2a | unwrapped: bb 64 ea 9c 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x7f161800a0e0 | calc_skeyseed_v2 pointers: shared-key@0x55fd4c4ecc80, SK_d-key@0x55fd4c4d6640, SK_ai-key@0x55fd4c4d3130, SK_ar-key@0x55fd4c44c080, SK_ei-key@0x55fd4c4cd5b0, SK_er-key@0x55fd4c4d6a20, SK_pi-key@0x7f161800d840, SK_pr-key@0x55fd4c4d4be0 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | 10 88 dd dd fa 3f 4d fc c2 2b ef 31 ad 02 cd 2e | 62 33 55 ce | calc_skeyseed_v2 SK_pr | 9c 3c e2 e5 6d 65 24 e2 c4 4a 48 2c dd 13 79 2a | bb 64 ea 9c | crypto helper 1 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 8 time elapsed 0.00253 seconds | (#7) spent 2.49 milliseconds in crypto helper computing work-order 8: ikev2_inR1outI2 KE (pcr) | crypto helper 1 sending results from work-order 8 for state #7 to event queue | scheduling resume sending helper answer for #7 | libevent_malloc: new ptr-libevent@0x7f1620004628 size 128 | crypto helper 1 waiting (nothing to do) | processing resume sending helper answer for #7 | start processing: state #7 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 8 | calling continuation function 0x55fd4bceeb50 | ikev2_parent_inR1outI2_continue for #7: calculating g^{xy}, sending I2 | DH secret MODP2048@0x7f160c003618: transferring ownership from helper IKEv2 DH to state #7 | finish_dh_v2: release st_shared_nss-key@NULL | creating state object #8 at 0x55fd4c4f34a8 | State DB: adding IKEv2 state #8 in UNDEFINED | pstats #8 ikev2.child started | duplicating state object #7 "aes128" as #8 for IPSEC SA | #8 setting local endpoint to 192.1.2.45:500 from #7.st_localport (in duplicate_state() at state.c:1484) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x55fd4c4d6640 | duplicate_state: reference st_skey_ai_nss-key@0x55fd4c4d3130 | duplicate_state: reference st_skey_ar_nss-key@0x55fd4c44c080 | duplicate_state: reference st_skey_ei_nss-key@0x55fd4c4cd5b0 | duplicate_state: reference st_skey_er_nss-key@0x55fd4c4d6a20 | duplicate_state: reference st_skey_pi_nss-key@0x7f161800d840 | duplicate_state: reference st_skey_pr_nss-key@0x55fd4c4d4be0 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #7.#8; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #7 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #7.#8 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #7 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f160c002888 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f160c002b78 | event_schedule: new EVENT_SA_REPLACE-pe@0x7f160c002b78 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #7 | libevent_malloc: new ptr-libevent@0x7f160c002888 size 128 | parent state #7: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | bb df d5 b9 5d 96 13 d2 | responder cookie: | d3 db 59 3f cd 74 e9 39 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | IDr payload will be sent | hmac PRF sha init symkey-key@0x7f161800d840 (size 20) | hmac: symkey-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398659e8 | result: clone-key@0x7f161800a0e0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f1610002b50 from symkey-key@0x7f161800a0e0 | hmac prf: begin sha with context 0x7f1610002b50 from symkey-key@0x7f161800a0e0 | hmac: release clone-key@0x7f161800a0e0 | hmac PRF sha crypt-prf@0x55fd4c445e38 | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 77 65 73 74 | emitting length of IKEv2 Identification - Initiator - Payload: 12 | idhash calc I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x55fd4bdec8f4 (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7ffc39865d80 (length 20) | 2e 01 f3 b0 c4 06 ee e7 eb 46 b6 78 ae 71 0f 15 | 95 98 4e 31 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload | IDr 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x55fd4c441b58 (line=1) | concluding with best_match=014 best=0x55fd4c441b58 (lineno=1) | inputs to hash1 (first packet) | bb df d5 b9 5d 96 13 d2 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 bc 22 00 00 34 | 00 00 00 30 01 01 00 04 03 00 00 10 01 00 00 0c | 80 0e 00 80 80 0e 00 80 03 00 00 08 02 00 00 02 | 03 00 00 08 03 00 00 02 00 00 00 08 04 00 00 0e | 28 00 01 08 00 0e 00 00 fd 47 99 1a d7 91 0c f2 | 7d 9a 26 9e 9b fa 6f 30 a1 19 e8 ab b6 c4 a3 39 | 15 d1 32 45 a6 a4 cd 11 3c b9 89 a2 2f da e3 ce | be 2c 5d d0 cc 7e 9f 2c e9 8d a2 6a 40 71 c8 ad | c5 10 97 e3 94 d4 4d 0c 9f 33 5b 79 2b 33 6a 74 | 47 30 8b f3 0f 63 18 7c 72 ad 8d cd 7d a9 93 7f | 2c 80 ef 27 ab a4 50 da 47 ff 59 7e 8d 01 ef 45 | a9 60 c9 f5 91 14 bb df 71 c0 f0 c3 02 93 a3 23 | 47 56 8d 91 dc 22 3d 81 90 41 b2 5e 67 6f 4b a5 | 8d cc 2d b7 9b 9a a1 56 fa d6 6f 01 f2 d6 15 e2 | 8d c6 9c a6 21 f9 e9 3c a8 da f3 f2 19 ec a2 8d | 0f 6b 75 9c 38 6c 0e a8 15 83 e5 7c 23 6b 53 85 | 4e 8e 22 0c 6f 9e 31 df 96 f1 8d 04 3d 32 45 07 | 86 ba 43 cd 36 29 78 3d dd be 87 bb 13 d3 48 bf | c6 db dc 85 61 46 23 c7 7d 21 6b 2a 42 97 7d 63 | 83 23 08 83 53 0f a0 99 52 79 5a 36 35 e9 ca e7 | 88 08 93 b3 61 bc 67 60 29 00 00 24 92 ef 82 bd | 0c d7 8f 7c 41 43 4e d9 41 6a 23 fe e0 f2 06 cc | a6 d8 8f eb 1e 37 f7 23 bd 87 4c 4f 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 ff 1c d9 29 | 3e 89 4d 45 e0 6c 20 72 6b 9a 2e cb 83 65 87 8a | 00 00 00 1c 00 00 40 05 fc 3e 35 bb a6 99 ca f9 | 7e 1a 28 5d 52 fc 92 7d 0a 8a 60 e2 | create: initiator inputs to hash2 (responder nonce) | f8 e5 a8 5a 64 ce df e7 5b 55 db dc eb ce 00 21 | 58 d7 46 86 ab 5b 18 06 89 53 bc bf ea a5 8e 9e | idhash 2e 01 f3 b0 c4 06 ee e7 eb 46 b6 78 ae 71 0f 15 | idhash 95 98 4e 31 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x55fd4c4cfda8 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398657d0 | result: shared secret-key@0x55fd4c4e7620 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x55fd4c4e7620 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398657b8 | result: shared secret-key@0x7f161800a0e0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x55fd4c4e7620 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f1610002b50 from shared secret-key@0x7f161800a0e0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f1610002b50 from shared secret-key@0x7f161800a0e0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f161800a0e0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x55fd4c4eae68 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x55fd4bd814d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398657f0 | result: final-key@0x55fd4c4e7620 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4e7620 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398657d8 | result: final-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4e7620 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f161800a0e0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f161800a0e0 (size 20) | = prf(, ): -key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398657e8 | result: clone-key@0x55fd4c4e7620 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f1610002b50 from -key@0x55fd4c4e7620 | = prf(, ) prf: begin sha with context 0x7f1610002b50 from -key@0x55fd4c4e7620 | = prf(, ): release clone-key@0x55fd4c4e7620 | = prf(, ) PRF sha crypt-prf@0x55fd4c4e8f58 | = prf(, ) PRF sha update first-packet-bytes@0x55fd4c4eb6a8 (length 444) | bb df d5 b9 5d 96 13 d2 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 bc 22 00 00 34 | 00 00 00 30 01 01 00 04 03 00 00 10 01 00 00 0c | 80 0e 00 80 80 0e 00 80 03 00 00 08 02 00 00 02 | 03 00 00 08 03 00 00 02 00 00 00 08 04 00 00 0e | 28 00 01 08 00 0e 00 00 fd 47 99 1a d7 91 0c f2 | 7d 9a 26 9e 9b fa 6f 30 a1 19 e8 ab b6 c4 a3 39 | 15 d1 32 45 a6 a4 cd 11 3c b9 89 a2 2f da e3 ce | be 2c 5d d0 cc 7e 9f 2c e9 8d a2 6a 40 71 c8 ad | c5 10 97 e3 94 d4 4d 0c 9f 33 5b 79 2b 33 6a 74 | 47 30 8b f3 0f 63 18 7c 72 ad 8d cd 7d a9 93 7f | 2c 80 ef 27 ab a4 50 da 47 ff 59 7e 8d 01 ef 45 | a9 60 c9 f5 91 14 bb df 71 c0 f0 c3 02 93 a3 23 | 47 56 8d 91 dc 22 3d 81 90 41 b2 5e 67 6f 4b a5 | 8d cc 2d b7 9b 9a a1 56 fa d6 6f 01 f2 d6 15 e2 | 8d c6 9c a6 21 f9 e9 3c a8 da f3 f2 19 ec a2 8d | 0f 6b 75 9c 38 6c 0e a8 15 83 e5 7c 23 6b 53 85 | 4e 8e 22 0c 6f 9e 31 df 96 f1 8d 04 3d 32 45 07 | 86 ba 43 cd 36 29 78 3d dd be 87 bb 13 d3 48 bf | c6 db dc 85 61 46 23 c7 7d 21 6b 2a 42 97 7d 63 | 83 23 08 83 53 0f a0 99 52 79 5a 36 35 e9 ca e7 | 88 08 93 b3 61 bc 67 60 29 00 00 24 92 ef 82 bd | 0c d7 8f 7c 41 43 4e d9 41 6a 23 fe e0 f2 06 cc | a6 d8 8f eb 1e 37 f7 23 bd 87 4c 4f 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 ff 1c d9 29 | 3e 89 4d 45 e0 6c 20 72 6b 9a 2e cb 83 65 87 8a | 00 00 00 1c 00 00 40 05 fc 3e 35 bb a6 99 ca f9 | 7e 1a 28 5d 52 fc 92 7d 0a 8a 60 e2 | = prf(, ) PRF sha update nonce-bytes@0x55fd4c4eb468 (length 32) | f8 e5 a8 5a 64 ce df e7 5b 55 db dc eb ce 00 21 | 58 d7 46 86 ab 5b 18 06 89 53 bc bf ea a5 8e 9e | = prf(, ) PRF sha update hash-bytes@0x7ffc39865d80 (length 20) | 2e 01 f3 b0 c4 06 ee e7 eb 46 b6 78 ae 71 0f 15 | 95 98 4e 31 | = prf(, ) PRF sha final-chunk@0x55fd4c4eaeb8 (length 20) | 68 64 db 17 75 e4 75 92 a1 43 20 be ab 12 11 b1 | 3c 44 c1 d7 | psk_auth: release prf-psk-key@0x7f161800a0e0 | PSK auth octets 68 64 db 17 75 e4 75 92 a1 43 20 be ab 12 11 b1 | PSK auth octets 3c 44 c1 d7 | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth 68 64 db 17 75 e4 75 92 a1 43 20 be ab 12 11 b1 | PSK auth 3c 44 c1 d7 | emitting length of IKEv2 Authentication Payload: 28 | getting first pending from state #7 | netlink_get_spi: allocated 0x8239f788 for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for aes128 (IKE SA initiator emitting ESP/AH proposals) | converting proposal AES_CBC_128-HMAC_SHA1_96-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED "aes128": constructed local ESP/AH proposals for aes128 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 82 39 f7 88 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 01 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 02 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 16 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0e repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0f repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 192 | emitting length of ISAKMP Message: 220 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 94 e4 3b 63 bb 02 21 84 99 17 f0 e5 cc f2 d3 11 | data before encryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | 68 64 db 17 75 e4 75 92 a1 43 20 be ab 12 11 b1 | 3c 44 c1 d7 2c 00 00 2c 00 00 00 28 01 03 04 03 | 82 39 f7 88 03 00 00 0c 01 00 00 0c 80 0e 00 80 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | c5 a3 29 e3 5a 03 6e f0 81 4d dd 32 c9 6d d0 21 | 97 1d b4 16 b5 5b f7 1c 59 87 c2 34 97 9a 8f 72 | 67 ae b2 af 3d bc 17 84 a7 54 88 b6 ed d0 15 09 | e7 56 d6 38 92 3e 9e 63 29 1f 14 8b bd c2 76 d7 | 5c 60 6f 30 e0 19 3d 8d f7 30 6b 24 a4 db 42 99 | d4 d5 7e 4a 0f f9 6c 90 da 23 1c 6c 78 d6 ac 78 | 98 dc 7e 57 03 21 6c 72 9b a5 2e b2 60 d9 09 d2 | 1c e9 8a 7f 91 77 73 56 01 98 28 c0 36 e1 46 59 | f4 ba d7 5b 3c 58 01 fe cf 54 59 d2 d2 8b 71 8f | d4 6b 15 ed 09 9b c5 1a e2 5f 81 00 8a d4 91 f7 | hmac PRF sha init symkey-key@0x55fd4c4d3130 (size 20) | hmac: symkey-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398658f8 | result: clone-key@0x7f161800a0e0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f1610002b50 from symkey-key@0x7f161800a0e0 | hmac prf: begin sha with context 0x7f1610002b50 from symkey-key@0x7f161800a0e0 | hmac: release clone-key@0x7f161800a0e0 | hmac PRF sha crypt-prf@0x55fd4c4eae68 | hmac PRF sha update data-bytes@0x55fd4bdec8c0 (length 208) | bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 94 e4 3b 63 bb 02 21 84 99 17 f0 e5 cc f2 d3 11 | c5 a3 29 e3 5a 03 6e f0 81 4d dd 32 c9 6d d0 21 | 97 1d b4 16 b5 5b f7 1c 59 87 c2 34 97 9a 8f 72 | 67 ae b2 af 3d bc 17 84 a7 54 88 b6 ed d0 15 09 | e7 56 d6 38 92 3e 9e 63 29 1f 14 8b bd c2 76 d7 | 5c 60 6f 30 e0 19 3d 8d f7 30 6b 24 a4 db 42 99 | d4 d5 7e 4a 0f f9 6c 90 da 23 1c 6c 78 d6 ac 78 | 98 dc 7e 57 03 21 6c 72 9b a5 2e b2 60 d9 09 d2 | 1c e9 8a 7f 91 77 73 56 01 98 28 c0 36 e1 46 59 | f4 ba d7 5b 3c 58 01 fe cf 54 59 d2 d2 8b 71 8f | d4 6b 15 ed 09 9b c5 1a e2 5f 81 00 8a d4 91 f7 | hmac PRF sha final-bytes@0x55fd4bdec990 (length 20) | 19 10 3e c2 2a 23 38 e1 3b 7c a6 88 99 e3 24 40 | b8 b1 55 15 | data being hmac: bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | data being hmac: 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | data being hmac: 94 e4 3b 63 bb 02 21 84 99 17 f0 e5 cc f2 d3 11 | data being hmac: c5 a3 29 e3 5a 03 6e f0 81 4d dd 32 c9 6d d0 21 | data being hmac: 97 1d b4 16 b5 5b f7 1c 59 87 c2 34 97 9a 8f 72 | data being hmac: 67 ae b2 af 3d bc 17 84 a7 54 88 b6 ed d0 15 09 | data being hmac: e7 56 d6 38 92 3e 9e 63 29 1f 14 8b bd c2 76 d7 | data being hmac: 5c 60 6f 30 e0 19 3d 8d f7 30 6b 24 a4 db 42 99 | data being hmac: d4 d5 7e 4a 0f f9 6c 90 da 23 1c 6c 78 d6 ac 78 | data being hmac: 98 dc 7e 57 03 21 6c 72 9b a5 2e b2 60 d9 09 d2 | data being hmac: 1c e9 8a 7f 91 77 73 56 01 98 28 c0 36 e1 46 59 | data being hmac: f4 ba d7 5b 3c 58 01 fe cf 54 59 d2 d2 8b 71 8f | data being hmac: d4 6b 15 ed 09 9b c5 1a e2 5f 81 00 8a d4 91 f7 | out calculated auth: | 19 10 3e c2 2a 23 38 e1 3b 7c a6 88 | suspend processing: state #7 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | start processing: state #8 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #8 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #8: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #8 to 0 after switching state | Message ID: recv #7.#8 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #7.#8 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "aes128" #8: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 220 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #7) | bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 94 e4 3b 63 bb 02 21 84 99 17 f0 e5 cc f2 d3 11 | c5 a3 29 e3 5a 03 6e f0 81 4d dd 32 c9 6d d0 21 | 97 1d b4 16 b5 5b f7 1c 59 87 c2 34 97 9a 8f 72 | 67 ae b2 af 3d bc 17 84 a7 54 88 b6 ed d0 15 09 | e7 56 d6 38 92 3e 9e 63 29 1f 14 8b bd c2 76 d7 | 5c 60 6f 30 e0 19 3d 8d f7 30 6b 24 a4 db 42 99 | d4 d5 7e 4a 0f f9 6c 90 da 23 1c 6c 78 d6 ac 78 | 98 dc 7e 57 03 21 6c 72 9b a5 2e b2 60 d9 09 d2 | 1c e9 8a 7f 91 77 73 56 01 98 28 c0 36 e1 46 59 | f4 ba d7 5b 3c 58 01 fe cf 54 59 d2 d2 8b 71 8f | d4 6b 15 ed 09 9b c5 1a e2 5f 81 00 8a d4 91 f7 | 19 10 3e c2 2a 23 38 e1 3b 7c a6 88 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "aes128" #8: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x7f1610002b78 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #8 | libevent_malloc: new ptr-libevent@0x55fd4c4eb208 size 128 | #8 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29299.973636 | resume sending helper answer for #7 suppresed complete_v2_state_transition() | #7 spent 1.15 milliseconds in resume sending helper answer | stop processing: state #8 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f1620004628 | spent 0.00272 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 204 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | 05 b6 e3 0f 98 a3 2f 02 e2 f0 d6 db d9 1b 1c 24 | 9e ae 58 40 95 fc e2 22 3c b2 9d f1 4d 63 44 a8 | 82 10 d0 93 78 23 5d 0f 04 67 3a 68 04 9b 24 95 | 77 38 45 58 ac aa 10 e2 63 b2 ed c4 a4 74 13 c8 | 6c 3d 17 06 16 d0 53 a8 ce 78 87 04 c3 5a 4d 2c | 63 31 aa d8 b1 17 af e6 e6 e8 a6 32 88 cd 5f 1d | ff 02 0c 76 1b 02 f9 0b 01 4f fe cd e2 fb d9 c1 | 0b 79 62 e0 ae a6 b2 e3 99 5e f5 26 6d 47 62 48 | 63 75 b1 00 f6 9c 22 20 4f 86 bd 1a ff ac 1d e6 | 54 2a 98 a4 65 e6 6e 54 cb cd 25 9a 15 54 20 38 | 1d a0 7b 8d a4 82 3f 2a 88 1c f4 24 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | bb df d5 b9 5d 96 13 d2 | responder cookie: | d3 db 59 3f cd 74 e9 39 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 204 (0xcc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #7 in PARENT_I2 (find_v2_ike_sa) | start processing: state #7 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #8 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #7 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | start processing: state #8 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #8 is idle | #8 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 176 (0xb0) | processing payload: ISAKMP_NEXT_v2SK (len=172) | #8 in state PARENT_I2: sent v2I2, expected v2R2 | hmac PRF sha init symkey-key@0x55fd4c44c080 (size 20) | hmac: symkey-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865748 | result: clone-key@0x7f161800a0e0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f161c002b50 from symkey-key@0x7f161800a0e0 | hmac prf: begin sha with context 0x7f161c002b50 from symkey-key@0x7f161800a0e0 | hmac: release clone-key@0x7f161800a0e0 | hmac PRF sha crypt-prf@0x55fd4c4e8f58 | hmac PRF sha update data-bytes@0x55fd4c47b368 (length 192) | bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | 05 b6 e3 0f 98 a3 2f 02 e2 f0 d6 db d9 1b 1c 24 | 9e ae 58 40 95 fc e2 22 3c b2 9d f1 4d 63 44 a8 | 82 10 d0 93 78 23 5d 0f 04 67 3a 68 04 9b 24 95 | 77 38 45 58 ac aa 10 e2 63 b2 ed c4 a4 74 13 c8 | 6c 3d 17 06 16 d0 53 a8 ce 78 87 04 c3 5a 4d 2c | 63 31 aa d8 b1 17 af e6 e6 e8 a6 32 88 cd 5f 1d | ff 02 0c 76 1b 02 f9 0b 01 4f fe cd e2 fb d9 c1 | 0b 79 62 e0 ae a6 b2 e3 99 5e f5 26 6d 47 62 48 | 63 75 b1 00 f6 9c 22 20 4f 86 bd 1a ff ac 1d e6 | 54 2a 98 a4 65 e6 6e 54 cb cd 25 9a 15 54 20 38 | hmac PRF sha final-bytes@0x7ffc39865910 (length 20) | 1d a0 7b 8d a4 82 3f 2a 88 1c f4 24 9b 13 f7 a2 | 54 e3 e9 89 | data for hmac: bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | data for hmac: 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | data for hmac: 05 b6 e3 0f 98 a3 2f 02 e2 f0 d6 db d9 1b 1c 24 | data for hmac: 9e ae 58 40 95 fc e2 22 3c b2 9d f1 4d 63 44 a8 | data for hmac: 82 10 d0 93 78 23 5d 0f 04 67 3a 68 04 9b 24 95 | data for hmac: 77 38 45 58 ac aa 10 e2 63 b2 ed c4 a4 74 13 c8 | data for hmac: 6c 3d 17 06 16 d0 53 a8 ce 78 87 04 c3 5a 4d 2c | data for hmac: 63 31 aa d8 b1 17 af e6 e6 e8 a6 32 88 cd 5f 1d | data for hmac: ff 02 0c 76 1b 02 f9 0b 01 4f fe cd e2 fb d9 c1 | data for hmac: 0b 79 62 e0 ae a6 b2 e3 99 5e f5 26 6d 47 62 48 | data for hmac: 63 75 b1 00 f6 9c 22 20 4f 86 bd 1a ff ac 1d e6 | data for hmac: 54 2a 98 a4 65 e6 6e 54 cb cd 25 9a 15 54 20 38 | calculated auth: 1d a0 7b 8d a4 82 3f 2a 88 1c f4 24 | provided auth: 1d a0 7b 8d a4 82 3f 2a 88 1c f4 24 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 05 b6 e3 0f 98 a3 2f 02 e2 f0 d6 db d9 1b 1c 24 | payload before decryption: | 9e ae 58 40 95 fc e2 22 3c b2 9d f1 4d 63 44 a8 | 82 10 d0 93 78 23 5d 0f 04 67 3a 68 04 9b 24 95 | 77 38 45 58 ac aa 10 e2 63 b2 ed c4 a4 74 13 c8 | 6c 3d 17 06 16 d0 53 a8 ce 78 87 04 c3 5a 4d 2c | 63 31 aa d8 b1 17 af e6 e6 e8 a6 32 88 cd 5f 1d | ff 02 0c 76 1b 02 f9 0b 01 4f fe cd e2 fb d9 c1 | 0b 79 62 e0 ae a6 b2 e3 99 5e f5 26 6d 47 62 48 | 63 75 b1 00 f6 9c 22 20 4f 86 bd 1a ff ac 1d e6 | 54 2a 98 a4 65 e6 6e 54 cb cd 25 9a 15 54 20 38 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 3e c3 6a 70 a0 cc 19 22 5c 00 40 e6 | dc be 43 58 b5 ac ca 3a 2c 00 00 2c 00 00 00 28 | 01 03 04 03 52 8f b4 c1 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 03 00 00 02 00 00 00 08 | 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 01 00 c0 00 01 ff 00 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 | c0 00 02 ff 00 01 02 03 04 05 06 07 08 09 0a 0b | stripping 12 octets as pad | #8 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Initiator: process IKE_AUTH response | Now let's proceed with state specific processing | calling processor Initiator: process IKE_AUTH response | offered CA: '%none' "aes128" #8: IKEv2 mode peer ID is ID_FQDN: '@east' | hmac PRF sha init symkey-key@0x55fd4c4d4be0 (size 20) | hmac: symkey-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865878 | result: clone-key@0x7f161800a0e0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f161c002b50 from symkey-key@0x7f161800a0e0 | hmac prf: begin sha with context 0x7f161c002b50 from symkey-key@0x7f161800a0e0 | hmac: release clone-key@0x7f161800a0e0 | hmac PRF sha crypt-prf@0x55fd4c4eae68 | idhash auth R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x55fd4c47b39c (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7ffc398659d0 (length 20) | 85 9f 47 49 44 57 bc e0 86 2f 84 b2 5f d4 0b 0f | 79 57 f7 5f | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x55fd4c441b58 (line=1) | concluding with best_match=014 best=0x55fd4c441b58 (lineno=1) | inputs to hash1 (first packet) | bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 6e 43 2b ae 1a 0e f4 a7 5e 7e e3 29 | ca a8 1f 3f 96 9d c3 fd 27 2c 02 66 51 d5 e3 69 | d7 1e 3e 39 7d 66 cc f5 1f 1e 47 72 20 b9 0f 61 | c9 7d e5 b5 bb 53 2d 25 21 86 f2 3c 5a 72 c5 18 | e0 32 8c e4 8b 72 3d a8 24 16 6a b0 15 2c b4 34 | 2a ef d1 85 f2 9f 46 8b bc b1 28 b6 f5 47 b9 35 | 6d 29 b0 22 88 42 63 14 c0 f1 53 28 7a de 84 f6 | bf 78 53 e6 d6 f0 d1 a6 41 fc e4 4b 7c 56 8d a1 | c1 f3 0c ee 84 e6 ec 21 0b 98 66 4a ea ef 87 e0 | e6 8a 94 7f 72 62 cd 27 48 78 e4 ca 12 91 62 2b | 3b 5b 27 fc c2 f0 dc 1b 57 61 89 80 97 86 c6 60 | 61 bc cf aa 42 2d 0a 85 9a 15 78 4f 4b cf 78 53 | 12 0b c7 c6 3e 51 75 be a1 f7 04 eb 27 9f a0 ad | 96 6c 3b 63 e5 15 b7 e9 6e 2d 9c 5f 90 94 57 7a | ca 1e 8b a4 3a 54 6c 5f 95 07 83 fc cb 16 dd 63 | 36 fa 0d 45 67 c0 fc 51 6f a5 54 68 d1 13 e9 de | 10 d5 a3 fd 29 00 00 24 f8 e5 a8 5a 64 ce df e7 | 5b 55 db dc eb ce 00 21 58 d7 46 86 ab 5b 18 06 | 89 53 bc bf ea a5 8e 9e 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 b5 7a 3e 8e 7b 38 0a 5c | 97 d5 2c 94 46 65 11 8b 94 b1 83 0e 00 00 00 1c | 00 00 40 05 0a e1 9b ab 31 3b 40 52 ee 6a 13 ae | 19 97 d4 38 a8 1d 3f 84 | verify: initiator inputs to hash2 (initiator nonce) | 92 ef 82 bd 0c d7 8f 7c 41 43 4e d9 41 6a 23 fe | e0 f2 06 cc a6 d8 8f eb 1e 37 f7 23 bd 87 4c 4f | idhash 85 9f 47 49 44 57 bc e0 86 2f 84 b2 5f d4 0b 0f | idhash 79 57 f7 5f | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x55fd4c4cfda8 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39865670 | result: shared secret-key@0x55fd4c4e7620 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x55fd4c4e7620 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865658 | result: shared secret-key@0x7f161800a0e0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x55fd4c4e7620 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f161c002b50 from shared secret-key@0x7f161800a0e0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f161c002b50 from shared secret-key@0x7f161800a0e0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f161800a0e0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x55fd4c4e8f58 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x55fd4bd814d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39865690 | result: final-key@0x55fd4c4e7620 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4e7620 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865678 | result: final-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4e7620 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f161800a0e0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f161800a0e0 (size 20) | = prf(, ): -key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865688 | result: clone-key@0x55fd4c4e7620 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f161c002b50 from -key@0x55fd4c4e7620 | = prf(, ) prf: begin sha with context 0x7f161c002b50 from -key@0x55fd4c4e7620 | = prf(, ): release clone-key@0x55fd4c4e7620 | = prf(, ) PRF sha crypt-prf@0x55fd4c4eae68 | = prf(, ) PRF sha update first-packet-bytes@0x55fd4c4eb4b8 (length 440) | bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 6e 43 2b ae 1a 0e f4 a7 5e 7e e3 29 | ca a8 1f 3f 96 9d c3 fd 27 2c 02 66 51 d5 e3 69 | d7 1e 3e 39 7d 66 cc f5 1f 1e 47 72 20 b9 0f 61 | c9 7d e5 b5 bb 53 2d 25 21 86 f2 3c 5a 72 c5 18 | e0 32 8c e4 8b 72 3d a8 24 16 6a b0 15 2c b4 34 | 2a ef d1 85 f2 9f 46 8b bc b1 28 b6 f5 47 b9 35 | 6d 29 b0 22 88 42 63 14 c0 f1 53 28 7a de 84 f6 | bf 78 53 e6 d6 f0 d1 a6 41 fc e4 4b 7c 56 8d a1 | c1 f3 0c ee 84 e6 ec 21 0b 98 66 4a ea ef 87 e0 | e6 8a 94 7f 72 62 cd 27 48 78 e4 ca 12 91 62 2b | 3b 5b 27 fc c2 f0 dc 1b 57 61 89 80 97 86 c6 60 | 61 bc cf aa 42 2d 0a 85 9a 15 78 4f 4b cf 78 53 | 12 0b c7 c6 3e 51 75 be a1 f7 04 eb 27 9f a0 ad | 96 6c 3b 63 e5 15 b7 e9 6e 2d 9c 5f 90 94 57 7a | ca 1e 8b a4 3a 54 6c 5f 95 07 83 fc cb 16 dd 63 | 36 fa 0d 45 67 c0 fc 51 6f a5 54 68 d1 13 e9 de | 10 d5 a3 fd 29 00 00 24 f8 e5 a8 5a 64 ce df e7 | 5b 55 db dc eb ce 00 21 58 d7 46 86 ab 5b 18 06 | 89 53 bc bf ea a5 8e 9e 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 b5 7a 3e 8e 7b 38 0a 5c | 97 d5 2c 94 46 65 11 8b 94 b1 83 0e 00 00 00 1c | 00 00 40 05 0a e1 9b ab 31 3b 40 52 ee 6a 13 ae | 19 97 d4 38 a8 1d 3f 84 | = prf(, ) PRF sha update nonce-bytes@0x7f160c001278 (length 32) | 92 ef 82 bd 0c d7 8f 7c 41 43 4e d9 41 6a 23 fe | e0 f2 06 cc a6 d8 8f eb 1e 37 f7 23 bd 87 4c 4f | = prf(, ) PRF sha update hash-bytes@0x7ffc398659d0 (length 20) | 85 9f 47 49 44 57 bc e0 86 2f 84 b2 5f d4 0b 0f | 79 57 f7 5f | = prf(, ) PRF sha final-chunk@0x55fd4c4e8c98 (length 20) | 3e c3 6a 70 a0 cc 19 22 5c 00 40 e6 dc be 43 58 | b5 ac ca 3a | psk_auth: release prf-psk-key@0x7f161800a0e0 | Received PSK auth octets | 3e c3 6a 70 a0 cc 19 22 5c 00 40 e6 dc be 43 58 | b5 ac ca 3a | Calculated PSK auth octets | 3e c3 6a 70 a0 cc 19 22 5c 00 40 e6 dc be 43 58 | b5 ac ca 3a "aes128" #8: Authenticated using authby=secret | parent state #7: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) | #7 will start re-keying in 2638 seconds with margin of 962 seconds (attempting re-key) | state #7 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f160c002888 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f160c002b78 | event_schedule: new EVENT_SA_REKEY-pe@0x7f160c002b78 | inserting event EVENT_SA_REKEY, timeout in 2638 seconds for #7 | libevent_malloc: new ptr-libevent@0x7f1620004628 size 128 | pstats #7 ikev2.ike established | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | evaluating our conn="aes128" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found an acceptable TSi/TSr Traffic Selector | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | using existing local ESP/AH proposals for aes128 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI 52 8f b4 c1 | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | *****parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=528fb4c1;ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | integ=sha: .key_size=20 encrypt=aes: .key_size=16 .salt_size=0 keymat_len=36 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39865760 | result: data=Ni-key@0x55fd4c4e7620 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x55fd4c4e7620 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865748 | result: data=Ni-key@0x7f161800a0e0 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x55fd4c4e7620 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f161800a0e0 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc39865750 | result: data+=Nr-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f161800a0e0 | prf+0 PRF sha init key-key@0x55fd4c4d6640 (size 20) | prf+0: key-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865678 | result: clone-key@0x7f161800a0e0 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f161c002b50 from key-key@0x7f161800a0e0 | prf+0 prf: begin sha with context 0x7f161c002b50 from key-key@0x7f161800a0e0 | prf+0: release clone-key@0x7f161800a0e0 | prf+0 PRF sha crypt-prf@0x55fd4c4e8b88 | prf+0 PRF sha update seed-key@0x55fd4c4e7620 (size 64) | prf+0: seed-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55fd4c4e7620 | nss hmac digest hack: symkey-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1272451581: 16 f6 6f ac 42 ec ef 64 e0 2d ae c3 db 32 0d 60 71 7a 93 13 f0 05 3a f1 c5 23 86 aa bf 87 23 b2 9a f5 d2 e1 70 82 54 f0 4d fe a7 ae fe 8a ec 96 ed 6e 50 a4 ed a2 51 b3 5c ce 66 5f b5 10 21 61 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 64 bytes at 0x55fd4c4e9158 | unwrapped: 92 ef 82 bd 0c d7 8f 7c 41 43 4e d9 41 6a 23 fe | unwrapped: e0 f2 06 cc a6 d8 8f eb 1e 37 f7 23 bd 87 4c 4f | unwrapped: f8 e5 a8 5a 64 ce df e7 5b 55 db dc eb ce 00 21 | unwrapped: 58 d7 46 86 ab 5b 18 06 89 53 bc bf ea a5 8e 9e | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39865680 | result: final-key@0x55fd4c4ee4d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4ee4d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865668 | result: final-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4ee4d0 | prf+0 PRF sha final-key@0x7f161800a0e0 (size 20) | prf+0: key-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x7f161800a0e0 | prf+N PRF sha init key-key@0x55fd4c4d6640 (size 20) | prf+N: key-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865678 | result: clone-key@0x55fd4c4ee4d0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f161c002b50 from key-key@0x55fd4c4ee4d0 | prf+N prf: begin sha with context 0x7f161c002b50 from key-key@0x55fd4c4ee4d0 | prf+N: release clone-key@0x55fd4c4ee4d0 | prf+N PRF sha crypt-prf@0x55fd4c4e8f58 | prf+N PRF sha update old_t-key@0x7f161800a0e0 (size 20) | prf+N: old_t-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f161800a0e0 | nss hmac digest hack: symkey-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 46 a0 d3 4c 9e c5 7f 14 b2 c5 fb 8b 83 36 39 f7 ac 72 3a e6 9a 54 22 c8 ed b1 76 e1 fa 6f 98 a8 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x55fd4c4e95b8 | unwrapped: a1 94 da ca ec c1 1b 0e bd 05 67 73 65 82 55 f1 | unwrapped: b5 ab 77 c8 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4e7620 (size 64) | prf+N: seed-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55fd4c4e7620 | nss hmac digest hack: symkey-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1272451581: 16 f6 6f ac 42 ec ef 64 e0 2d ae c3 db 32 0d 60 71 7a 93 13 f0 05 3a f1 c5 23 86 aa bf 87 23 b2 9a f5 d2 e1 70 82 54 f0 4d fe a7 ae fe 8a ec 96 ed 6e 50 a4 ed a2 51 b3 5c ce 66 5f b5 10 21 61 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 64 bytes at 0x7f1620002b78 | unwrapped: 92 ef 82 bd 0c d7 8f 7c 41 43 4e d9 41 6a 23 fe | unwrapped: e0 f2 06 cc a6 d8 8f eb 1e 37 f7 23 bd 87 4c 4f | unwrapped: f8 e5 a8 5a 64 ce df e7 5b 55 db dc eb ce 00 21 | unwrapped: 58 d7 46 86 ab 5b 18 06 89 53 bc bf ea a5 8e 9e | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39865680 | result: final-key@0x7f1618006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f1618006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865668 | result: final-key@0x55fd4c4ee4d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f1618006bb0 | prf+N PRF sha final-key@0x55fd4c4ee4d0 (size 20) | prf+N: key-key@0x55fd4c4ee4d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffc398656f8 | result: result-key@0x7f1618006bb0 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f161800a0e0 | prfplus: release old_t[N]-key@0x7f161800a0e0 | prf+N PRF sha init key-key@0x55fd4c4d6640 (size 20) | prf+N: key-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865678 | result: clone-key@0x7f161800a0e0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f161c002b50 from key-key@0x7f161800a0e0 | prf+N prf: begin sha with context 0x7f161c002b50 from key-key@0x7f161800a0e0 | prf+N: release clone-key@0x7f161800a0e0 | prf+N PRF sha crypt-prf@0x55fd4c4e8b88 | prf+N PRF sha update old_t-key@0x55fd4c4ee4d0 (size 20) | prf+N: old_t-key@0x55fd4c4ee4d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4ee4d0 | nss hmac digest hack: symkey-key@0x55fd4c4ee4d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 69 ab c2 ec d3 9d 98 f8 3f 58 9c 2b 2b 5b 23 f6 d3 15 af 69 5d 97 3a 53 be 08 71 99 0c 08 77 06 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x55fd4c4e8e08 | unwrapped: f2 be af 9c f4 60 75 08 f2 b5 32 77 db 9a 9c 84 | unwrapped: 91 df 49 b5 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4e7620 (size 64) | prf+N: seed-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55fd4c4e7620 | nss hmac digest hack: symkey-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1272451581: 16 f6 6f ac 42 ec ef 64 e0 2d ae c3 db 32 0d 60 71 7a 93 13 f0 05 3a f1 c5 23 86 aa bf 87 23 b2 9a f5 d2 e1 70 82 54 f0 4d fe a7 ae fe 8a ec 96 ed 6e 50 a4 ed a2 51 b3 5c ce 66 5f b5 10 21 61 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 64 bytes at 0x55fd4c4e9158 | unwrapped: 92 ef 82 bd 0c d7 8f 7c 41 43 4e d9 41 6a 23 fe | unwrapped: e0 f2 06 cc a6 d8 8f eb 1e 37 f7 23 bd 87 4c 4f | unwrapped: f8 e5 a8 5a 64 ce df e7 5b 55 db dc eb ce 00 21 | unwrapped: 58 d7 46 86 ab 5b 18 06 89 53 bc bf ea a5 8e 9e | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39865680 | result: final-key@0x55fd4c4ed620 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4ed620 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865668 | result: final-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4ed620 | prf+N PRF sha final-key@0x7f161800a0e0 (size 20) | prf+N: key-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f1618006bb0 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffc398656f8 | result: result-key@0x55fd4c4ed620 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f1618006bb0 | prfplus: release old_t[N]-key@0x55fd4c4ee4d0 | prf+N PRF sha init key-key@0x55fd4c4d6640 (size 20) | prf+N: key-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865678 | result: clone-key@0x55fd4c4ee4d0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f161c002b50 from key-key@0x55fd4c4ee4d0 | prf+N prf: begin sha with context 0x7f161c002b50 from key-key@0x55fd4c4ee4d0 | prf+N: release clone-key@0x55fd4c4ee4d0 | prf+N PRF sha crypt-prf@0x55fd4c4e95b8 | prf+N PRF sha update old_t-key@0x7f161800a0e0 (size 20) | prf+N: old_t-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f161800a0e0 | nss hmac digest hack: symkey-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 63 78 b2 d2 e8 aa 03 cc 8b 10 a5 3e 4d 43 23 9e 09 ad b6 68 17 32 41 f7 21 59 7e d3 d6 09 a9 91 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x55fd4c4e9838 | unwrapped: 57 0c 27 51 e8 33 5c 27 c7 88 b9 fc 19 df 1e 19 | unwrapped: 27 cd ed 44 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4e7620 (size 64) | prf+N: seed-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55fd4c4e7620 | nss hmac digest hack: symkey-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1272451581: 16 f6 6f ac 42 ec ef 64 e0 2d ae c3 db 32 0d 60 71 7a 93 13 f0 05 3a f1 c5 23 86 aa bf 87 23 b2 9a f5 d2 e1 70 82 54 f0 4d fe a7 ae fe 8a ec 96 ed 6e 50 a4 ed a2 51 b3 5c ce 66 5f b5 10 21 61 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 64 bytes at 0x7f1620002b78 | unwrapped: 92 ef 82 bd 0c d7 8f 7c 41 43 4e d9 41 6a 23 fe | unwrapped: e0 f2 06 cc a6 d8 8f eb 1e 37 f7 23 bd 87 4c 4f | unwrapped: f8 e5 a8 5a 64 ce df e7 5b 55 db dc eb ce 00 21 | unwrapped: 58 d7 46 86 ab 5b 18 06 89 53 bc bf ea a5 8e 9e | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39865680 | result: final-key@0x7f1618006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f1618006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865668 | result: final-key@0x55fd4c4ee4d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f1618006bb0 | prf+N PRF sha final-key@0x55fd4c4ee4d0 (size 20) | prf+N: key-key@0x55fd4c4ee4d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4ed620 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffc398656f8 | result: result-key@0x7f1618006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4ed620 | prfplus: release old_t[N]-key@0x7f161800a0e0 | prfplus: release old_t[final]-key@0x55fd4c4ee4d0 | child_sa_keymat: release data-key@0x55fd4c4e7620 | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x7f1618006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398657d8 | result: result-key@0x55fd4c4e7620 (36-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 36 bytes of key@0x55fd4c4e7620 | initiator to responder keys: symkey-key@0x55fd4c4e7620 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x55fd4c4cfe50 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)891302497: 46 a0 d3 4c 9e c5 7f 14 b2 c5 fb 8b 83 36 39 f7 d1 2a 5f 5d 2a 53 73 62 6c 26 80 1a 15 65 34 63 46 3e 84 b8 56 6f 69 e7 aa 4d d7 dd f4 a6 28 a6 | initiator to responder keys: release slot-key-key@0x55fd4c4cfe50 | initiator to responder keys extracted len 48 bytes at 0x55fd4c446918 | unwrapped: a1 94 da ca ec c1 1b 0e bd 05 67 73 65 82 55 f1 | unwrapped: b5 ab 77 c8 f2 be af 9c f4 60 75 08 f2 b5 32 77 | unwrapped: db 9a 9c 84 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x55fd4c4e7620 | key-offset: 36, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x7f1618006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398657d8 | result: result-key@0x55fd4c4e7620 (36-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 36 bytes of key@0x55fd4c4e7620 | responder to initiator keys:: symkey-key@0x55fd4c4e7620 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x55fd4c4cfe50 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)891302497: 5d 2e 59 d3 a9 3a 39 b8 80 fc da f5 19 f9 d1 dc 88 36 98 72 d2 e9 b5 dd 16 13 e0 a5 b2 0d a2 d8 71 5d a2 ed e9 12 99 01 41 40 4d f7 fb fc e9 7f | responder to initiator keys:: release slot-key-key@0x55fd4c4cfe50 | responder to initiator keys: extracted len 48 bytes at 0x55fd4c4ed818 | unwrapped: 91 df 49 b5 57 0c 27 51 e8 33 5c 27 c7 88 b9 fc | unwrapped: 19 df 1e 19 27 cd ed 44 6c 46 e2 b8 f7 ee 38 03 | unwrapped: 27 da 08 35 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x55fd4c4e7620 | ikev2_derive_child_keys: release keymat-key@0x7f1618006bb0 | #7 spent 1.91 milliseconds | install_ipsec_sa() for #8: inbound and outbound | could_route called for aes128 (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn aes128 mark 0/00000000, 0/00000000 vs | conn aes128 mark 0/00000000, 0/00000000 | route owner of "aes128" unrouted: NULL; eroute owner: NULL | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'aes128' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.528fb4c1@192.1.2.23 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'aes128' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.8239f788@192.1.2.45 included non-error error | priority calculation of connection "aes128" is 0xfe7e7 | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #8: unrouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn aes128 mark 0/00000000, 0/00000000 vs | conn aes128 mark 0/00000000, 0/00000000 | route owner of "aes128" unrouted: NULL; eroute owner: NULL | route_and_eroute with c: aes128 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #8 | priority calculation of connection "aes128" is 0xfe7e7 | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x528fb4c1 SPI_OUT= | popen cmd is 1025 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west: | cmd( 160):' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+U: | cmd( 640):P+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' : | cmd( 720):PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_D: | cmd( 800):NS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' P: | cmd( 880):LUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SH: | cmd( 960):ARED='no' SPI_IN=0x528fb4c1 SPI_OUT=0x8239f788 ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | running updown command "ipsec _updown" for verb prepare | command executing prepare-client | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x528fb4c | popen cmd is 1030 chars long | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_: | cmd( 80):INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID=': | cmd( 160):@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_C: | cmd( 240):LIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQI: | cmd( 320):D='16400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUT: | cmd( 400):O_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT: | cmd( 480):_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=: | cmd( 560):'' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+: | cmd( 640):PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMAN: | cmd( 720):ENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_P: | cmd( 800):EER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER=: | cmd( 880):'0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' V: | cmd( 960):TI_SHARED='no' SPI_IN=0x528fb4c1 SPI_OUT=0x8239f788 ipsec _updown 2>&1: | running updown command "ipsec _updown" for verb route | command executing route-client | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x528fb4c1 SP | popen cmd is 1028 chars long | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_IN: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@w: | cmd( 160):est' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLI: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: | cmd( 320):'16400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_: | cmd( 400):PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_M: | cmd( 480):ASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='': | cmd( 560): PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PF: | cmd( 640):S+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANEN: | cmd( 720):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: | cmd( 800):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: | cmd( 880):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: | cmd( 960):_SHARED='no' SPI_IN=0x528fb4c1 SPI_OUT=0x8239f788 ipsec _updown 2>&1: | route_and_eroute: instance "aes128", setting eroute_owner {spd=0x55fd4c4ee818,sr=0x55fd4c4ee818} to #8 (was #0) (newest_ipsec_sa=#0) | #7 spent 1.86 milliseconds in install_ipsec_sa() | inR2: instance aes128[0], setting IKEv2 newest_ipsec_sa to #8 (was #0) (spd.eroute=#8) cloned from #7 | state #8 requesting EVENT_RETRANSMIT to be deleted | #8 STATE_PARENT_I2: retransmits: cleared | libevent_free: release ptr-libevent@0x55fd4c4eb208 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f1610002b78 | #8 spent 3.48 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() | [RE]START processing: state #8 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #8 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I | child state #8: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) | Message ID: updating counters for #8 to 1 after switching state | Message ID: recv #7.#8 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 | Message ID: #7.#8 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 | pstats #8 ikev2.child established "aes128" #8: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] | NAT-T: encaps is 'auto' "aes128" #8: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x528fb4c1 <0x8239f788 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | releasing whack for #8 (sock=fd@25) | close_any(fd@25) (in release_whack() at state.c:654) | releasing whack and unpending for parent #7 | unpending state #7 connection "aes128" | delete from pending Child SA with 192.1.2.23 "aes128" | removing pending policy for no connection {0x55fd4c4db198} | close_any(fd@24) (in release_whack() at state.c:654) | #8 will start re-keying in 27829 seconds with margin of 971 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x7f1610002b78 | inserting event EVENT_SA_REKEY, timeout in 27829 seconds for #8 | libevent_malloc: new ptr-libevent@0x55fd4c4e8ad8 size 128 | stop processing: state #8 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #7 spent 3.95 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 3.96 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00413 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00272 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00417 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | get_sa_info esp.8239f788@192.1.2.45 | get_sa_info esp.528fb4c1@192.1.2.23 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0782 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | FOR_EACH_STATE_... in shared_phase1_connection | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #8 | suspend processing: connection "aes128" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #8 connection "aes128" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #8 ikev2.child deleted completed | #8 spent 3.48 milliseconds in total | [RE]START processing: state #8 connection "aes128" from 192.1.2.23 (in delete_state() at state.c:879) "aes128" #8: deleting state (STATE_V2_IPSEC_I) aged 0.105s and sending notification | child state #8: V2_IPSEC_I(established CHILD SA) => delete | get_sa_info esp.528fb4c1@192.1.2.23 | get_sa_info esp.8239f788@192.1.2.45 "aes128" #8: ESP traffic information: in=84B out=84B | #8 send IKEv2 delete notification for STATE_V2_IPSEC_I | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | bb df d5 b9 5d 96 13 d2 | responder cookie: | d3 db 59 3f cd 74 e9 39 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting 4 raw bytes of local spis into IKEv2 Delete Payload | local spis 82 39 f7 88 | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 58 67 96 fe f8 c9 d5 bc b5 1e f1 15 22 f6 e3 5c | data before encryption: | 00 00 00 0c 03 04 00 01 82 39 f7 88 00 01 02 03 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 3e 63 17 e0 31 55 2b 0d 45 c9 f5 eb c9 2c 23 75 | hmac PRF sha init symkey-key@0x55fd4c4d3130 (size 20) | hmac: symkey-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39862628 | result: clone-key@0x7f1618006bb0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f161c002b50 from symkey-key@0x7f1618006bb0 | hmac prf: begin sha with context 0x7f161c002b50 from symkey-key@0x7f1618006bb0 | hmac: release clone-key@0x7f1618006bb0 | hmac PRF sha crypt-prf@0x55fd4c4e8b88 | hmac PRF sha update data-bytes@0x7ffc39862a00 (length 64) | bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | 58 67 96 fe f8 c9 d5 bc b5 1e f1 15 22 f6 e3 5c | 3e 63 17 e0 31 55 2b 0d 45 c9 f5 eb c9 2c 23 75 | hmac PRF sha final-bytes@0x7ffc39862a40 (length 20) | 2d fb c1 79 b5 47 9b 19 2b 97 8d b0 45 ef 95 8f | f7 56 9a 7d | data being hmac: bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | data being hmac: 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | data being hmac: 58 67 96 fe f8 c9 d5 bc b5 1e f1 15 22 f6 e3 5c | data being hmac: 3e 63 17 e0 31 55 2b 0d 45 c9 f5 eb c9 2c 23 75 | out calculated auth: | 2d fb c1 79 b5 47 9b 19 2b 97 8d b0 | sending 76 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #8) | bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | 58 67 96 fe f8 c9 d5 bc b5 1e f1 15 22 f6 e3 5c | 3e 63 17 e0 31 55 2b 0d 45 c9 f5 eb c9 2c 23 75 | 2d fb c1 79 b5 47 9b 19 2b 97 8d b0 | Message ID: IKE #7 sender #8 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 | Message ID: IKE #7 sender #8 in send_delete hacking around record ' send | Message ID: sent #7 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->2 wip.responder=-1 | state #8 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x55fd4c4e8ad8 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f1610002b78 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844014' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x528fb4c | popen cmd is 1033 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INT: | cmd( 80):ERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@we: | cmd( 160):st' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIE: | cmd( 240):NT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=': | cmd( 320):16400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_P: | cmd( 400):EER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MA: | cmd( 480):SK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' : | cmd( 560):PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844014' PLUTO_CONN_POLICY='PSK+ENCRYPT+T: | cmd( 640):UNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PER: | cmd( 720):MANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUT: | cmd( 800):O_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERV: | cmd( 880):ER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no: | cmd( 960):' VTI_SHARED='no' SPI_IN=0x528fb4c1 SPI_OUT=0x8239f788 ipsec _updown 2>&1: | shunt_eroute() called for connection 'aes128' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "aes128" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.528fb4c1@192.1.2.23 | netlink response for Del SA esp.528fb4c1@192.1.2.23 included non-error error | priority calculation of connection "aes128" is 0xfe7e7 | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | delete esp.8239f788@192.1.2.45 | netlink response for Del SA esp.8239f788@192.1.2.45 included non-error error | stop processing: connection "aes128" (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #8 in V2_IPSEC_I | child state #8: V2_IPSEC_I(established CHILD SA) => UNDEFINED(ignore) | stop processing: state #8 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x55fd4c4d6640 | delete_state: release st->st_skey_ai_nss-key@0x55fd4c4d3130 | delete_state: release st->st_skey_ar_nss-key@0x55fd4c44c080 | delete_state: release st->st_skey_ei_nss-key@0x55fd4c4cd5b0 | delete_state: release st->st_skey_er_nss-key@0x55fd4c4d6a20 | delete_state: release st->st_skey_pi_nss-key@0x7f161800d840 | delete_state: release st->st_skey_pr_nss-key@0x55fd4c4d4be0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #7 | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #7 | start processing: state #7 connection "aes128" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #7 ikev2.ike deleted completed | #7 spent 9.78 milliseconds in total | [RE]START processing: state #7 connection "aes128" from 192.1.2.23 (in delete_state() at state.c:879) "aes128" #7: deleting state (STATE_PARENT_I3) aged 0.124s and sending notification | parent state #7: PARENT_I3(established IKE SA) => delete | #7 send IKEv2 delete notification for STATE_PARENT_I3 | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | bb df d5 b9 5d 96 13 d2 | responder cookie: | d3 db 59 3f cd 74 e9 39 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting length of IKEv2 Delete Payload: 8 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | dc 66 37 fb 34 a3 fa 58 dd ea 0a e6 5c 22 ef 00 | data before encryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 92 57 5b fb b1 86 43 05 bd b4 18 24 24 55 33 f6 | hmac PRF sha init symkey-key@0x55fd4c4d3130 (size 20) | hmac: symkey-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39862628 | result: clone-key@0x7f1618006bb0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f1610002b50 from symkey-key@0x7f1618006bb0 | hmac prf: begin sha with context 0x7f1610002b50 from symkey-key@0x7f1618006bb0 | hmac: release clone-key@0x7f1618006bb0 | hmac PRF sha crypt-prf@0x55fd4c4eae68 | hmac PRF sha update data-bytes@0x7ffc39862a00 (length 64) | bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | dc 66 37 fb 34 a3 fa 58 dd ea 0a e6 5c 22 ef 00 | 92 57 5b fb b1 86 43 05 bd b4 18 24 24 55 33 f6 | hmac PRF sha final-bytes@0x7ffc39862a40 (length 20) | aa 64 d7 7f 06 f3 c1 48 10 0d 57 7f 61 f5 c0 6c | 34 78 7d fb | data being hmac: bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | data being hmac: 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | data being hmac: dc 66 37 fb 34 a3 fa 58 dd ea 0a e6 5c 22 ef 00 | data being hmac: 92 57 5b fb b1 86 43 05 bd b4 18 24 24 55 33 f6 | out calculated auth: | aa 64 d7 7f 06 f3 c1 48 10 0d 57 7f | sending 76 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #7) | bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | dc 66 37 fb 34 a3 fa 58 dd ea 0a e6 5c 22 ef 00 | 92 57 5b fb b1 86 43 05 bd b4 18 24 24 55 33 f6 | aa 64 d7 7f 06 f3 c1 48 10 0d 57 7f | Message ID: IKE #7 sender #7 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 | Message ID: IKE #7 sender #7 in send_delete hacking around record ' send | Message ID: #7 XXX: expecting sender.wip.initiator 2 == -1 - suspect record'n'send out-of-order?); initiator.sent=3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=3 wip.responder=-1 | Message ID: sent #7 request 3; ike: initiator.sent=2->3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=2->3 wip.responder=-1 | state #7 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7f1620004628 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f160c002b78 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #7 in PARENT_I3 | parent state #7: PARENT_I3(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f160c003618: destroyed | stop processing: state #7 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x55fd4c4ecc80 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x55fd4c4d6640 | delete_state: release st->st_skey_ai_nss-key@0x55fd4c4d3130 | delete_state: release st->st_skey_ar_nss-key@0x55fd4c44c080 | delete_state: release st->st_skey_ei_nss-key@0x55fd4c4cd5b0 | delete_state: release st->st_skey_er_nss-key@0x55fd4c4d6a20 | delete_state: release st->st_skey_pi_nss-key@0x7f161800d840 | delete_state: release st->st_skey_pr_nss-key@0x55fd4c4d4be0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 2.14 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00424 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00241 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | d2 3b 74 3b 07 05 4c f8 56 5d 4a 86 36 ac 2c 20 | 0c 35 e3 d0 91 4c d6 5a 20 92 ad e9 69 df 11 e9 | 5f 0b e3 32 1c 6e 4b 18 9f 60 d9 47 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | bb df d5 b9 5d 96 13 d2 | responder cookie: | d3 db 59 3f cd 74 e9 39 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0748 milliseconds in comm_handle_cb() reading and processing packet | spent 0.0014 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | bb df d5 b9 5d 96 13 d2 d3 db 59 3f cd 74 e9 39 | 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | c4 6b 2f 7e 04 31 23 ef 77 77 93 df c7 26 63 d8 | 33 8f 81 75 3b 8a 7b 89 e5 2b d7 ba da 26 25 97 | c5 e2 50 1a 5f b5 79 be 9a b4 90 14 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | bb df d5 b9 5d 96 13 d2 | responder cookie: | d3 db 59 3f cd 74 e9 39 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.062 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | stop processing: connection "aes128" (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | shunt_eroute() called for connection 'aes128' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "aes128" is 0xfe7e7 | priority calculation of connection "aes128" is 0xfe7e7 | FOR_EACH_CONNECTION_... in route_owner | conn aes128 mark 0/00000000, 0/00000000 vs | conn aes128 mark 0/00000000, 0/00000000 | route owner of "aes128" unrouted: NULL | running updown command "ipsec _updown" for verb unroute | command executing unroute-client | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16400' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT | popen cmd is 1014 chars long | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_: | cmd( 80):INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID=': | cmd( 160):@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_C: | cmd( 240):LIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQI: | cmd( 320):D='16400' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLU: | cmd( 400):TO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIEN: | cmd( 480):T_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA: | cmd( 560):='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL: | cmd( 640):+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANEN: | cmd( 720):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: | cmd( 800):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: | cmd( 880):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: | cmd( 960):_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. | free hp@0x55fd4c4e8e78 | flush revival: connection 'aes128' wasn't on the list | stop processing: connection "aes128" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.834 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.004 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing suppress-retransmits + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | ike-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0542 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + suppress-retransmits | base impairing = suppress-retransmits | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0499 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing suppress-retransmits + none | base impairing = suppress-retransmits | child-key-length-attribute:DUPLICATE | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0474 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection aes128 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x55fd4c4e8e78 added connection description "aes128" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.142 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #9 at 0x55fd4c4ed878 | State DB: adding IKEv2 state #9 in UNDEFINED | pstats #9 ikev2.ike started | Message ID: init #9: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #9: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #9; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #9 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #9 "aes128" "aes128" #9: initiating v2 parent SA | constructing local IKE proposals for aes128 (IKE SA initiator selecting KE) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "aes128": constructed local IKE proposals for aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 9 for state #9 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f160c002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #9 | libevent_malloc: new ptr-libevent@0x55fd4c4ee448 size 128 | #9 spent 0.138 milliseconds in ikev2_parent_outI1() | crypto helper 3 resuming | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 3 starting work-order 9 for state #9 | RESET processing: state #9 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 3 doing build KE and nonce (ikev2_outI1 KE); request ID 9 | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | spent 0.213 milliseconds in whack | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f16180103b8: created | NSS: Local DH MODP2048 secret (pointer): 0x7f16180103b8 | NSS: Public DH wire value: | 64 fb 47 d7 eb 66 1b 4e b4 87 87 6a 6d c8 5a ec | 78 7e 5a 84 9f 4f 22 80 85 8f f6 03 73 62 9d b0 | 5c 19 af 4f 59 8d fc 9f 2f 4a 24 10 9e a0 9a fd | f1 f7 2c 14 00 de c3 f1 8e c7 76 5e a8 d4 d1 32 | 27 52 85 ae 3a 89 06 22 a5 14 da 3d ea d8 50 43 | 64 9a ef 46 7c c3 d4 85 3f da 0d d2 3b 1e 68 f3 | 9d 8d 46 f2 ed 26 87 12 e8 ff e2 d3 30 11 cd b0 | 8e ff 94 56 61 d8 83 6f 96 2c dd 32 9b a7 3e bf | 77 4e 93 54 f7 6f cd 88 e6 19 03 b8 f1 83 14 74 | d4 fd 9e 63 b0 10 a0 48 aa 7e f2 dc ad 01 4f d3 | 1c 7f 69 4f 2e 67 fc ee 97 d0 01 3c dd 1b 16 ca | b3 67 47 3a b8 e2 da d0 53 05 02 fa 26 41 64 6f | 75 61 0e c0 6d 11 84 e9 d9 10 af 89 b7 58 59 1a | cd 2e ae 43 b3 7d b8 1b c5 5b b1 d5 ec 60 f7 fb | 09 c1 72 c9 b9 6a e7 a7 42 9a 57 72 a6 43 28 29 | 61 09 ab 67 97 6d 5b ce de 22 7f 71 94 5b d5 c7 | Generated nonce: 28 81 cc fd 60 24 b7 fd 84 09 7e 7e 5a aa 3e 9f | Generated nonce: 27 b0 18 b2 d4 c2 2f 4a 84 47 64 62 2f d8 ab 5e | crypto helper 3 finished build KE and nonce (ikev2_outI1 KE); request ID 9 time elapsed 0.000932 seconds | (#9) spent 0.931 milliseconds in crypto helper computing work-order 9: ikev2_outI1 KE (pcr) | crypto helper 3 sending results from work-order 9 for state #9 to event queue | scheduling resume sending helper answer for #9 | libevent_malloc: new ptr-libevent@0x7f1618005088 size 128 | crypto helper 3 waiting (nothing to do) | processing resume sending helper answer for #9 | start processing: state #9 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 9 | calling continuation function 0x55fd4bceeb50 | ikev2_parent_outI1_continue for #9 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f16180103b8: transferring ownership from helper KE to state #9 | **emit ISAKMP Message: | initiator cookie: | 1f 76 f1 12 67 3d 5b b6 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 64 fb 47 d7 eb 66 1b 4e b4 87 87 6a 6d c8 5a ec | ikev2 g^x 78 7e 5a 84 9f 4f 22 80 85 8f f6 03 73 62 9d b0 | ikev2 g^x 5c 19 af 4f 59 8d fc 9f 2f 4a 24 10 9e a0 9a fd | ikev2 g^x f1 f7 2c 14 00 de c3 f1 8e c7 76 5e a8 d4 d1 32 | ikev2 g^x 27 52 85 ae 3a 89 06 22 a5 14 da 3d ea d8 50 43 | ikev2 g^x 64 9a ef 46 7c c3 d4 85 3f da 0d d2 3b 1e 68 f3 | ikev2 g^x 9d 8d 46 f2 ed 26 87 12 e8 ff e2 d3 30 11 cd b0 | ikev2 g^x 8e ff 94 56 61 d8 83 6f 96 2c dd 32 9b a7 3e bf | ikev2 g^x 77 4e 93 54 f7 6f cd 88 e6 19 03 b8 f1 83 14 74 | ikev2 g^x d4 fd 9e 63 b0 10 a0 48 aa 7e f2 dc ad 01 4f d3 | ikev2 g^x 1c 7f 69 4f 2e 67 fc ee 97 d0 01 3c dd 1b 16 ca | ikev2 g^x b3 67 47 3a b8 e2 da d0 53 05 02 fa 26 41 64 6f | ikev2 g^x 75 61 0e c0 6d 11 84 e9 d9 10 af 89 b7 58 59 1a | ikev2 g^x cd 2e ae 43 b3 7d b8 1b c5 5b b1 d5 ec 60 f7 fb | ikev2 g^x 09 c1 72 c9 b9 6a e7 a7 42 9a 57 72 a6 43 28 29 | ikev2 g^x 61 09 ab 67 97 6d 5b ce de 22 7f 71 94 5b d5 c7 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 28 81 cc fd 60 24 b7 fd 84 09 7e 7e 5a aa 3e 9f | IKEv2 nonce 27 b0 18 b2 d4 c2 2f 4a 84 47 64 62 2f d8 ab 5e | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865e90 (length 8) | 1f 76 f1 12 67 3d 5b b6 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865e98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffc39865dc4 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffc39865db6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865e40 (length 20) | 9b cb 45 8a 6c 49 68 78 2a 75 7d 47 e8 ee 9d d7 | 22 e2 bd f2 | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= 1f 76 f1 12 67 3d 5b b6 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 9b cb 45 8a 6c 49 68 78 2a 75 7d 47 e8 ee 9d d7 | natd_hash: hash= 22 e2 bd f2 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 9b cb 45 8a 6c 49 68 78 2a 75 7d 47 e8 ee 9d d7 | Notify data 22 e2 bd f2 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865e90 (length 8) | 1f 76 f1 12 67 3d 5b b6 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865e98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffc39865dc4 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffc39865db6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865e40 (length 20) | 01 52 05 19 5d b8 48 51 74 60 9a 0c a1 d2 24 20 | 65 2b f0 e2 | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= 1f 76 f1 12 67 3d 5b b6 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 01 52 05 19 5d b8 48 51 74 60 9a 0c a1 d2 24 20 | natd_hash: hash= 65 2b f0 e2 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 01 52 05 19 5d b8 48 51 74 60 9a 0c a1 d2 24 20 | Notify data 65 2b f0 e2 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #9 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #9 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #9 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #9: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #9 to 4294967295 after switching state | Message ID: IKE #9 skipping update_recv as MD is fake | Message ID: sent #9 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #9: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #9) | 1f 76 f1 12 67 3d 5b b6 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 64 fb 47 d7 eb 66 1b 4e b4 87 87 6a | 6d c8 5a ec 78 7e 5a 84 9f 4f 22 80 85 8f f6 03 | 73 62 9d b0 5c 19 af 4f 59 8d fc 9f 2f 4a 24 10 | 9e a0 9a fd f1 f7 2c 14 00 de c3 f1 8e c7 76 5e | a8 d4 d1 32 27 52 85 ae 3a 89 06 22 a5 14 da 3d | ea d8 50 43 64 9a ef 46 7c c3 d4 85 3f da 0d d2 | 3b 1e 68 f3 9d 8d 46 f2 ed 26 87 12 e8 ff e2 d3 | 30 11 cd b0 8e ff 94 56 61 d8 83 6f 96 2c dd 32 | 9b a7 3e bf 77 4e 93 54 f7 6f cd 88 e6 19 03 b8 | f1 83 14 74 d4 fd 9e 63 b0 10 a0 48 aa 7e f2 dc | ad 01 4f d3 1c 7f 69 4f 2e 67 fc ee 97 d0 01 3c | dd 1b 16 ca b3 67 47 3a b8 e2 da d0 53 05 02 fa | 26 41 64 6f 75 61 0e c0 6d 11 84 e9 d9 10 af 89 | b7 58 59 1a cd 2e ae 43 b3 7d b8 1b c5 5b b1 d5 | ec 60 f7 fb 09 c1 72 c9 b9 6a e7 a7 42 9a 57 72 | a6 43 28 29 61 09 ab 67 97 6d 5b ce de 22 7f 71 | 94 5b d5 c7 29 00 00 24 28 81 cc fd 60 24 b7 fd | 84 09 7e 7e 5a aa 3e 9f 27 b0 18 b2 d4 c2 2f 4a | 84 47 64 62 2f d8 ab 5e 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 9b cb 45 8a 6c 49 68 78 | 2a 75 7d 47 e8 ee 9d d7 22 e2 bd f2 00 00 00 1c | 00 00 40 05 01 52 05 19 5d b8 48 51 74 60 9a 0c | a1 d2 24 20 65 2b f0 e2 | state #9 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55fd4c4ee448 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f160c002b78 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "aes128" #9: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x7f160c002b78 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #9 | libevent_malloc: new ptr-libevent@0x55fd4c4eaeb8 size 128 | #9 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29300.484911 | resume sending helper answer for #9 suppresed complete_v2_state_transition() and stole MD | #9 spent 0.415 milliseconds in resume sending helper answer | stop processing: state #9 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f1618005088 | spent 0.00287 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 19 16 37 c1 7e 96 ff f1 94 a6 52 0e | 4d 86 ec ba 53 6c aa 32 74 42 65 a8 df 3a 04 70 | 95 9b 16 a1 8d e7 87 31 82 e4 98 dc 81 06 fa 41 | cd 8f 76 27 83 e7 04 6b c6 d7 a8 aa 4c 18 16 11 | aa 05 db f1 74 f4 23 60 70 b1 30 57 3d 0e 57 5a | 94 4c 79 0b 86 d2 01 d6 2f fc 29 c4 26 36 60 52 | 0b 9a 43 27 33 75 f0 86 88 33 fa f8 14 b0 8c f0 | 51 ae b2 3d b5 04 fc da ef 2f 39 bf 95 ef 22 62 | 0f d8 aa 62 ea fa d1 1a 04 fa 91 66 a9 b4 9a 25 | 23 9d 3d 15 e8 d0 21 0d 06 3a 46 5c 23 c5 a5 9a | b0 66 07 f5 4d b3 4e e6 c0 85 ca 24 1f 2c 1d 55 | a2 9b 17 87 84 76 89 2e 9c 96 87 e1 1e a6 65 6a | 4b f1 a3 f9 45 9f 1a 54 28 09 f0 cf f9 91 68 71 | 25 3e 98 ed 50 de e3 5d 9b 6e d4 5a c5 a1 61 2e | 80 f1 3a 5e 27 dc 64 6e 7b a1 25 ac c7 48 90 0f | f4 07 d0 6b ca 34 ba dc 21 ea 03 39 57 1e ed f8 | 82 3a 7c 72 29 00 00 24 c4 84 56 b4 8f 1b ac d3 | dc 5d 36 f5 29 ba e0 0a 90 e4 f4 d5 6a 82 3a 95 | e8 a9 f4 d0 34 06 b5 87 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 e2 b9 37 b4 5b c2 6b 2d | d6 ab 4e 00 b0 02 bc 04 2a de c2 ee 00 00 00 1c | 00 00 40 05 10 a7 fb e4 8a bd 9c 1c c7 f9 6b 51 | 5a 4c 9a 6d 84 41 76 bd | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 1f 76 f1 12 67 3d 5b b6 | responder cookie: | cc 88 7d 43 5d b9 94 50 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #9 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #9 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #9 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #9 is idle | #9 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | State DB: re-hashing IKEv2 state #9 IKE SPIi and SPI[ir] | #9 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | DH public value received: | 19 16 37 c1 7e 96 ff f1 94 a6 52 0e 4d 86 ec ba | 53 6c aa 32 74 42 65 a8 df 3a 04 70 95 9b 16 a1 | 8d e7 87 31 82 e4 98 dc 81 06 fa 41 cd 8f 76 27 | 83 e7 04 6b c6 d7 a8 aa 4c 18 16 11 aa 05 db f1 | 74 f4 23 60 70 b1 30 57 3d 0e 57 5a 94 4c 79 0b | 86 d2 01 d6 2f fc 29 c4 26 36 60 52 0b 9a 43 27 | 33 75 f0 86 88 33 fa f8 14 b0 8c f0 51 ae b2 3d | b5 04 fc da ef 2f 39 bf 95 ef 22 62 0f d8 aa 62 | ea fa d1 1a 04 fa 91 66 a9 b4 9a 25 23 9d 3d 15 | e8 d0 21 0d 06 3a 46 5c 23 c5 a5 9a b0 66 07 f5 | 4d b3 4e e6 c0 85 ca 24 1f 2c 1d 55 a2 9b 17 87 | 84 76 89 2e 9c 96 87 e1 1e a6 65 6a 4b f1 a3 f9 | 45 9f 1a 54 28 09 f0 cf f9 91 68 71 25 3e 98 ed | 50 de e3 5d 9b 6e d4 5a c5 a1 61 2e 80 f1 3a 5e | 27 dc 64 6e 7b a1 25 ac c7 48 90 0f f4 07 d0 6b | ca 34 ba dc 21 ea 03 39 57 1e ed f8 82 3a 7c 72 | using existing local IKE proposals for connection aes128 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE initiator (accepting) 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865950 (length 8) | 1f 76 f1 12 67 3d 5b b6 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865958 (length 8) | cc 88 7d 43 5d b9 94 50 | NATD hash sha digest IP addr-bytes@0x7ffc398658e4 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffc398658d6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865960 (length 20) | 10 a7 fb e4 8a bd 9c 1c c7 f9 6b 51 5a 4c 9a 6d | 84 41 76 bd | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= 1f 76 f1 12 67 3d 5b b6 | natd_hash: rcookie= cc 88 7d 43 5d b9 94 50 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 10 a7 fb e4 8a bd 9c 1c c7 f9 6b 51 5a 4c 9a 6d | natd_hash: hash= 84 41 76 bd | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865950 (length 8) | 1f 76 f1 12 67 3d 5b b6 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865958 (length 8) | cc 88 7d 43 5d b9 94 50 | NATD hash sha digest IP addr-bytes@0x7ffc398658e4 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffc398658d6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865980 (length 20) | e2 b9 37 b4 5b c2 6b 2d d6 ab 4e 00 b0 02 bc 04 | 2a de c2 ee | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= 1f 76 f1 12 67 3d 5b b6 | natd_hash: rcookie= cc 88 7d 43 5d b9 94 50 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= e2 b9 37 b4 5b c2 6b 2d d6 ab 4e 00 b0 02 bc 04 | natd_hash: hash= 2a de c2 ee | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f16180103b8: transferring ownership from state #9 to helper IKEv2 DH | adding ikev2_inR1outI2 KE work-order 10 for state #9 | state #9 requesting EVENT_RETRANSMIT to be deleted | #9 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x55fd4c4eaeb8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f160c002b78 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f160c002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #9 | libevent_malloc: new ptr-libevent@0x7f1618005088 size 128 | #9 spent 0.19 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | crypto helper 5 resuming | [RE]START processing: state #9 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | crypto helper 5 starting work-order 10 for state #9 | #9 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #9 and saving MD | crypto helper 5 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 10 | #9 is busy; has a suspended MD | peer's g: 19 16 37 c1 7e 96 ff f1 94 a6 52 0e 4d 86 ec ba | [RE]START processing: state #9 connection "aes128" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) | peer's g: 53 6c aa 32 74 42 65 a8 df 3a 04 70 95 9b 16 a1 | "aes128" #9 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | peer's g: 8d e7 87 31 82 e4 98 dc 81 06 fa 41 cd 8f 76 27 | peer's g: 83 e7 04 6b c6 d7 a8 aa 4c 18 16 11 aa 05 db f1 | stop processing: state #9 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | peer's g: 74 f4 23 60 70 b1 30 57 3d 0e 57 5a 94 4c 79 0b | #9 spent 0.382 milliseconds in ikev2_process_packet() | peer's g: 86 d2 01 d6 2f fc 29 c4 26 36 60 52 0b 9a 43 27 | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | peer's g: 33 75 f0 86 88 33 fa f8 14 b0 8c f0 51 ae b2 3d | peer's g: b5 04 fc da ef 2f 39 bf 95 ef 22 62 0f d8 aa 62 | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.403 milliseconds in comm_handle_cb() reading and processing packet | peer's g: ea fa d1 1a 04 fa 91 66 a9 b4 9a 25 23 9d 3d 15 | peer's g: e8 d0 21 0d 06 3a 46 5c 23 c5 a5 9a b0 66 07 f5 | peer's g: 4d b3 4e e6 c0 85 ca 24 1f 2c 1d 55 a2 9b 17 87 | peer's g: 84 76 89 2e 9c 96 87 e1 1e a6 65 6a 4b f1 a3 f9 | peer's g: 45 9f 1a 54 28 09 f0 cf f9 91 68 71 25 3e 98 ed | peer's g: 50 de e3 5d 9b 6e d4 5a c5 a1 61 2e 80 f1 3a 5e | peer's g: 27 dc 64 6e 7b a1 25 ac c7 48 90 0f f4 07 d0 6b | peer's g: ca 34 ba dc 21 ea 03 39 57 1e ed f8 82 3a 7c 72 | Started DH shared-secret computation in NSS: | new : g_ir-key@0x55fd4c4d4be0 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f16180103b8: computed shared DH secret key@0x55fd4c4d4be0 | dh-shared : g^ir-key@0x55fd4c4d4be0 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f161c003b28 (length 64) | 28 81 cc fd 60 24 b7 fd 84 09 7e 7e 5a aa 3e 9f | 27 b0 18 b2 d4 c2 2f 4a 84 47 64 62 2f d8 ab 5e | c4 84 56 b4 8f 1b ac d3 dc 5d 36 f5 29 ba e0 0a | 90 e4 f4 d5 6a 82 3a 95 e8 a9 f4 d0 34 06 b5 87 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162862d6e0 | result: Ni | Nr-key@0x55fd4c4d6a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x55fd4c4d6a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162862d6c8 | result: Ni | Nr-key@0x7f161800d840 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x55fd4c4d6a20 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f161c001410 from Ni | Nr-key@0x7f161800d840 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f161c001410 from Ni | Nr-key@0x7f161800d840 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x7f161800d840 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f161c001278 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x55fd4c4d4be0 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x55fd4c4d4be0 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x55fd4c4d4be0 | nss hmac digest hack: symkey-key@0x55fd4c4d4be0 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)1272357058: f8 86 d0 3c 66 fb 10 89 57 fd 4a 96 85 67 7d 41 d5 11 1f 25 5a 08 79 a1 a0 03 15 b7 e6 a7 f0 f4 ea ea 40 2c 03 12 7b 30 f8 98 e0 50 69 a2 66 2b 95 47 67 16 82 a9 76 62 87 ce cd e1 26 e2 37 4d cc e6 a4 5c d5 84 92 ef 97 7f 9a 3d fe 7b 1e ac ef fa c4 a7 3f 31 12 56 3a fc a7 d6 16 7e 1b 7f b4 2b 0d 9c a5 3a 60 4a 39 b6 3d 75 34 5e a6 c5 e5 06 11 9e d7 d7 e3 bb ad c4 06 f9 b4 c8 5c 94 e3 7c 6f ab de 69 24 89 9f 6c 91 53 f3 13 ab d6 3a b1 fc a1 70 ca f5 d8 99 8e f7 61 1b 19 a5 87 e9 14 6f 57 9f 1e e8 8b f3 a4 ba 4e c3 37 b2 c2 2e df 38 fa 69 e4 d1 53 f4 df 58 41 5c 36 3d 15 0e 89 82 6e 28 3d 79 5b 39 cc f2 f1 28 76 f0 22 22 76 28 d8 be 60 48 87 9a 52 3d a3 cc a2 29 80 4c e6 f1 e8 a0 32 73 79 28 c5 6b fc 17 87 08 82 f6 c8 9f bf bc 8b 3e 43 c4 8b 4a bc f4 7a 10 3e | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 256 bytes at 0x7f161c0045a8 | unwrapped: 8a 1e d0 7c d3 1c 47 f2 b3 90 6e 6d 31 64 be 6e | unwrapped: f1 4c 2e ca 54 90 07 31 59 59 6e 87 c5 b7 dc 7b | unwrapped: 20 73 cb 87 c8 32 0c 3a 4c 86 bd 39 8f 3f 52 57 | unwrapped: 5e 96 a8 4f 44 5b 89 d1 63 8f e0 cf 83 41 08 7e | unwrapped: 14 42 e1 03 9a 1e 9e a6 33 b7 e1 05 26 aa f2 15 | unwrapped: 71 4d 5c b9 4e 35 a5 f5 2f b6 18 eb 01 a8 ba 4d | unwrapped: 00 72 15 63 37 2e 25 09 e3 b5 30 73 51 d5 2e c3 | unwrapped: 5e 1f 02 6f 54 d3 2c 5f 91 5d 98 a5 64 6b e3 36 | unwrapped: bc 5c 25 63 07 5a 6e d7 36 48 cc 65 f6 a7 74 67 | unwrapped: 5e 8c fd 38 a0 3f a7 9b 89 19 8a b8 ae e2 80 6b | unwrapped: f4 a7 49 b8 41 91 c6 a5 7d 70 31 3f 5b 19 ea f9 | unwrapped: c4 6a b7 1b bd b1 be 11 65 ce e0 21 b4 aa 49 f0 | unwrapped: 57 81 c3 ff b9 d4 fe f5 4c d5 2e f4 3f 59 5b ae | unwrapped: 89 86 ec 8f d3 c9 69 10 3b 68 0c 2e 21 da 35 15 | unwrapped: 19 3c 19 ce 0d 11 06 bd e0 7b 91 f8 2f f7 7e 57 | unwrapped: 5b 0f e6 01 90 01 c2 1c 5d 3d 9a f0 d6 9d 52 60 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162862d700 | result: final-key@0x55fd4c4d6a20 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d6a20 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162862d6e8 | result: final-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4d6a20 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x7f161800d840 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162862d670 | result: data=Ni-key@0x55fd4c4cd5b0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x55fd4c4cd5b0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162862d658 | result: data=Ni-key@0x55fd4c4d6a20 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x55fd4c4cd5b0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d6a20 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f162862d660 | result: data+=Nr-key@0x55fd4c4cd5b0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55fd4c4d6a20 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4cd5b0 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f162862d660 | result: data+=SPIi-key@0x55fd4c4d6a20 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55fd4c4cd5b0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d6a20 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f162862d660 | result: data+=SPIr-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55fd4c4d6a20 | prf+0 PRF sha init key-key@0x7f161800d840 (size 20) | prf+0: key-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162862d588 | result: clone-key@0x55fd4c4d6a20 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f161c001410 from key-key@0x55fd4c4d6a20 | prf+0 prf: begin sha with context 0x7f161c001410 from key-key@0x55fd4c4d6a20 | prf+0: release clone-key@0x55fd4c4d6a20 | prf+0 PRF sha crypt-prf@0x7f161c002168 | prf+0 PRF sha update seed-key@0x55fd4c4cd5b0 (size 80) | prf+0: seed-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c4cd5b0 | nss hmac digest hack: symkey-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: fa 93 39 a9 3b 26 8d 3d ca cd dd d0 6b ec f1 55 00 c1 78 d8 12 3f 8d 62 86 96 74 1b ae 3b ea df 26 19 fc 2e a0 f9 62 3b ef 65 81 e7 71 eb 79 d9 ef 14 46 58 1a d9 a1 e5 e2 c9 3a 5a e0 bd 38 b1 a7 6b 2e 14 80 99 c4 b4 39 7f bb f2 ca e3 ca 82 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f161c004b88 | unwrapped: 28 81 cc fd 60 24 b7 fd 84 09 7e 7e 5a aa 3e 9f | unwrapped: 27 b0 18 b2 d4 c2 2f 4a 84 47 64 62 2f d8 ab 5e | unwrapped: c4 84 56 b4 8f 1b ac d3 dc 5d 36 f5 29 ba e0 0a | unwrapped: 90 e4 f4 d5 6a 82 3a 95 e8 a9 f4 d0 34 06 b5 87 | unwrapped: 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162862d590 | result: final-key@0x55fd4c44c080 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c44c080 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162862d578 | result: final-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c44c080 | prf+0 PRF sha final-key@0x55fd4c4d6a20 (size 20) | prf+0: key-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x55fd4c4d6a20 | prf+N PRF sha init key-key@0x7f161800d840 (size 20) | prf+N: key-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162862d588 | result: clone-key@0x55fd4c44c080 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f161c001410 from key-key@0x55fd4c44c080 | prf+N prf: begin sha with context 0x7f161c001410 from key-key@0x55fd4c44c080 | prf+N: release clone-key@0x55fd4c44c080 | prf+N PRF sha crypt-prf@0x7f161c0048d8 | prf+N PRF sha update old_t-key@0x55fd4c4d6a20 (size 20) | prf+N: old_t-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4d6a20 | nss hmac digest hack: symkey-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: b6 7a 63 e4 86 85 75 ab 91 81 c0 a6 1f 5a 13 1d f8 57 b7 c3 cd 4d ce 0e ac a7 16 f7 63 38 dc 84 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f161c002b28 | unwrapped: 11 66 5e 5f 5e d1 6f 0b eb 34 e8 2b 50 62 a0 fa | unwrapped: e5 29 a4 8c 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4cd5b0 (size 80) | prf+N: seed-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c4cd5b0 | nss hmac digest hack: symkey-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: fa 93 39 a9 3b 26 8d 3d ca cd dd d0 6b ec f1 55 00 c1 78 d8 12 3f 8d 62 86 96 74 1b ae 3b ea df 26 19 fc 2e a0 f9 62 3b ef 65 81 e7 71 eb 79 d9 ef 14 46 58 1a d9 a1 e5 e2 c9 3a 5a e0 bd 38 b1 a7 6b 2e 14 80 99 c4 b4 39 7f bb f2 ca e3 ca 82 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f161c004b08 | unwrapped: 28 81 cc fd 60 24 b7 fd 84 09 7e 7e 5a aa 3e 9f | unwrapped: 27 b0 18 b2 d4 c2 2f 4a 84 47 64 62 2f d8 ab 5e | unwrapped: c4 84 56 b4 8f 1b ac d3 dc 5d 36 f5 29 ba e0 0a | unwrapped: 90 e4 f4 d5 6a 82 3a 95 e8 a9 f4 d0 34 06 b5 87 | unwrapped: 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162862d590 | result: final-key@0x55fd4c4d3130 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d3130 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162862d578 | result: final-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4d3130 | prf+N PRF sha final-key@0x55fd4c44c080 (size 20) | prf+N: key-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f162862d608 | result: result-key@0x55fd4c4d3130 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4d6a20 | prfplus: release old_t[N]-key@0x55fd4c4d6a20 | prf+N PRF sha init key-key@0x7f161800d840 (size 20) | prf+N: key-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162862d588 | result: clone-key@0x55fd4c4d6a20 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f161c001410 from key-key@0x55fd4c4d6a20 | prf+N prf: begin sha with context 0x7f161c001410 from key-key@0x55fd4c4d6a20 | prf+N: release clone-key@0x55fd4c4d6a20 | prf+N PRF sha crypt-prf@0x7f161c002168 | prf+N PRF sha update old_t-key@0x55fd4c44c080 (size 20) | prf+N: old_t-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c44c080 | nss hmac digest hack: symkey-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 7f a3 06 00 55 82 6d 4a 3e fa 5e e1 57 9d 4c 28 4e dd f0 f9 82 ac fa 01 c2 6a 55 f5 9c 28 38 9c | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f161c001278 | unwrapped: 3e 78 29 a9 17 d5 b6 2e 18 a4 44 c8 7c 68 2d b9 | unwrapped: 2d 90 4e 8c 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4cd5b0 (size 80) | prf+N: seed-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c4cd5b0 | nss hmac digest hack: symkey-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: fa 93 39 a9 3b 26 8d 3d ca cd dd d0 6b ec f1 55 00 c1 78 d8 12 3f 8d 62 86 96 74 1b ae 3b ea df 26 19 fc 2e a0 f9 62 3b ef 65 81 e7 71 eb 79 d9 ef 14 46 58 1a d9 a1 e5 e2 c9 3a 5a e0 bd 38 b1 a7 6b 2e 14 80 99 c4 b4 39 7f bb f2 ca e3 ca 82 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f161c004b88 | unwrapped: 28 81 cc fd 60 24 b7 fd 84 09 7e 7e 5a aa 3e 9f | unwrapped: 27 b0 18 b2 d4 c2 2f 4a 84 47 64 62 2f d8 ab 5e | unwrapped: c4 84 56 b4 8f 1b ac d3 dc 5d 36 f5 29 ba e0 0a | unwrapped: 90 e4 f4 d5 6a 82 3a 95 e8 a9 f4 d0 34 06 b5 87 | unwrapped: 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162862d590 | result: final-key@0x55fd4c4d6640 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d6640 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162862d578 | result: final-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4d6640 | prf+N PRF sha final-key@0x55fd4c4d6a20 (size 20) | prf+N: key-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d3130 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f162862d608 | result: result-key@0x55fd4c4d6640 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4d3130 | prfplus: release old_t[N]-key@0x55fd4c44c080 | prf+N PRF sha init key-key@0x7f161800d840 (size 20) | prf+N: key-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162862d588 | result: clone-key@0x55fd4c44c080 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f161c001410 from key-key@0x55fd4c44c080 | prf+N prf: begin sha with context 0x7f161c001410 from key-key@0x55fd4c44c080 | prf+N: release clone-key@0x55fd4c44c080 | prf+N PRF sha crypt-prf@0x7f161c002b28 | prf+N PRF sha update old_t-key@0x55fd4c4d6a20 (size 20) | prf+N: old_t-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4d6a20 | nss hmac digest hack: symkey-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: cc 9d 50 d9 25 0b b2 13 ce 21 b5 12 9a bd 42 96 6d 7b dc 3c 44 2b b1 3c aa 2c 4b fa 0f 68 6a 2d | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f161c006208 | unwrapped: 76 7b bf e6 f7 43 4e d3 de 40 c8 15 10 ee 9a 3c | unwrapped: 63 ce 9c d0 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4cd5b0 (size 80) | prf+N: seed-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c4cd5b0 | nss hmac digest hack: symkey-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: fa 93 39 a9 3b 26 8d 3d ca cd dd d0 6b ec f1 55 00 c1 78 d8 12 3f 8d 62 86 96 74 1b ae 3b ea df 26 19 fc 2e a0 f9 62 3b ef 65 81 e7 71 eb 79 d9 ef 14 46 58 1a d9 a1 e5 e2 c9 3a 5a e0 bd 38 b1 a7 6b 2e 14 80 99 c4 b4 39 7f bb f2 ca e3 ca 82 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f161c004b08 | unwrapped: 28 81 cc fd 60 24 b7 fd 84 09 7e 7e 5a aa 3e 9f | unwrapped: 27 b0 18 b2 d4 c2 2f 4a 84 47 64 62 2f d8 ab 5e | unwrapped: c4 84 56 b4 8f 1b ac d3 dc 5d 36 f5 29 ba e0 0a | unwrapped: 90 e4 f4 d5 6a 82 3a 95 e8 a9 f4 d0 34 06 b5 87 | unwrapped: 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162862d590 | result: final-key@0x55fd4c4d3130 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d3130 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162862d578 | result: final-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4d3130 | prf+N PRF sha final-key@0x55fd4c44c080 (size 20) | prf+N: key-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d6640 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f162862d608 | result: result-key@0x55fd4c4d3130 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4d6640 | prfplus: release old_t[N]-key@0x55fd4c4d6a20 | prf+N PRF sha init key-key@0x7f161800d840 (size 20) | prf+N: key-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162862d588 | result: clone-key@0x55fd4c4d6a20 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f161c001410 from key-key@0x55fd4c4d6a20 | prf+N prf: begin sha with context 0x7f161c001410 from key-key@0x55fd4c4d6a20 | prf+N: release clone-key@0x55fd4c4d6a20 | prf+N PRF sha crypt-prf@0x7f161c0048d8 | prf+N PRF sha update old_t-key@0x55fd4c44c080 (size 20) | prf+N: old_t-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c44c080 | nss hmac digest hack: symkey-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: ee 6f 92 5e 90 c3 12 3d bb 29 3c 38 fe ce be a8 3f b3 03 7e 54 99 56 6c 34 53 ef e0 dc 61 68 a5 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f161c001278 | unwrapped: d5 16 e2 7d 9a 23 f9 6e 3e 71 57 f1 38 ae 62 1f | unwrapped: b8 dc 61 9f 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4cd5b0 (size 80) | prf+N: seed-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c4cd5b0 | nss hmac digest hack: symkey-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: fa 93 39 a9 3b 26 8d 3d ca cd dd d0 6b ec f1 55 00 c1 78 d8 12 3f 8d 62 86 96 74 1b ae 3b ea df 26 19 fc 2e a0 f9 62 3b ef 65 81 e7 71 eb 79 d9 ef 14 46 58 1a d9 a1 e5 e2 c9 3a 5a e0 bd 38 b1 a7 6b 2e 14 80 99 c4 b4 39 7f bb f2 ca e3 ca 82 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f161c004b88 | unwrapped: 28 81 cc fd 60 24 b7 fd 84 09 7e 7e 5a aa 3e 9f | unwrapped: 27 b0 18 b2 d4 c2 2f 4a 84 47 64 62 2f d8 ab 5e | unwrapped: c4 84 56 b4 8f 1b ac d3 dc 5d 36 f5 29 ba e0 0a | unwrapped: 90 e4 f4 d5 6a 82 3a 95 e8 a9 f4 d0 34 06 b5 87 | unwrapped: 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162862d590 | result: final-key@0x55fd4c4d6640 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d6640 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162862d578 | result: final-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4d6640 | prf+N PRF sha final-key@0x55fd4c4d6a20 (size 20) | prf+N: key-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d3130 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f162862d608 | result: result-key@0x55fd4c4d6640 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4d3130 | prfplus: release old_t[N]-key@0x55fd4c44c080 | prf+N PRF sha init key-key@0x7f161800d840 (size 20) | prf+N: key-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162862d588 | result: clone-key@0x55fd4c44c080 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f161c0059e0 from key-key@0x55fd4c44c080 | prf+N prf: begin sha with context 0x7f161c0059e0 from key-key@0x55fd4c44c080 | prf+N: release clone-key@0x55fd4c44c080 | prf+N PRF sha crypt-prf@0x7f161c002168 | prf+N PRF sha update old_t-key@0x55fd4c4d6a20 (size 20) | prf+N: old_t-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4d6a20 | nss hmac digest hack: symkey-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 88 43 23 82 b0 f4 9c 97 fc 0b 02 ed a7 5b 10 96 cc 10 8d 4d b9 6d ec 23 61 60 7c cf 24 b3 3c bd | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f161c002b28 | unwrapped: 96 7e ad bc 06 8e 16 3b c7 eb 18 57 a3 8c eb c1 | unwrapped: fa dd 22 30 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4cd5b0 (size 80) | prf+N: seed-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c4cd5b0 | nss hmac digest hack: symkey-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: fa 93 39 a9 3b 26 8d 3d ca cd dd d0 6b ec f1 55 00 c1 78 d8 12 3f 8d 62 86 96 74 1b ae 3b ea df 26 19 fc 2e a0 f9 62 3b ef 65 81 e7 71 eb 79 d9 ef 14 46 58 1a d9 a1 e5 e2 c9 3a 5a e0 bd 38 b1 a7 6b 2e 14 80 99 c4 b4 39 7f bb f2 ca e3 ca 82 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f161c004b08 | unwrapped: 28 81 cc fd 60 24 b7 fd 84 09 7e 7e 5a aa 3e 9f | unwrapped: 27 b0 18 b2 d4 c2 2f 4a 84 47 64 62 2f d8 ab 5e | unwrapped: c4 84 56 b4 8f 1b ac d3 dc 5d 36 f5 29 ba e0 0a | unwrapped: 90 e4 f4 d5 6a 82 3a 95 e8 a9 f4 d0 34 06 b5 87 | unwrapped: 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162862d590 | result: final-key@0x55fd4c4d3130 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d3130 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162862d578 | result: final-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4d3130 | prf+N PRF sha final-key@0x55fd4c44c080 (size 20) | prf+N: key-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d6640 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f162862d608 | result: result-key@0x55fd4c4d3130 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4d6640 | prfplus: release old_t[N]-key@0x55fd4c4d6a20 | prf+N PRF sha init key-key@0x7f161800d840 (size 20) | prf+N: key-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162862d588 | result: clone-key@0x55fd4c4d6a20 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f161c001410 from key-key@0x55fd4c4d6a20 | prf+N prf: begin sha with context 0x7f161c001410 from key-key@0x55fd4c4d6a20 | prf+N: release clone-key@0x55fd4c4d6a20 | prf+N PRF sha crypt-prf@0x7f161c0048d8 | prf+N PRF sha update old_t-key@0x55fd4c44c080 (size 20) | prf+N: old_t-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c44c080 | nss hmac digest hack: symkey-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 9a 1f d6 ae 7f fd 01 6a e8 b9 3e 0f dd ed 4a e4 e6 cc f0 55 aa 45 30 65 af cc db 27 42 b7 8c f9 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f161c001278 | unwrapped: 01 ed ea 67 63 e2 3a 32 ab c9 8a 1c 94 d3 dc e4 | unwrapped: 25 29 05 9b 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4cd5b0 (size 80) | prf+N: seed-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c4cd5b0 | nss hmac digest hack: symkey-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: fa 93 39 a9 3b 26 8d 3d ca cd dd d0 6b ec f1 55 00 c1 78 d8 12 3f 8d 62 86 96 74 1b ae 3b ea df 26 19 fc 2e a0 f9 62 3b ef 65 81 e7 71 eb 79 d9 ef 14 46 58 1a d9 a1 e5 e2 c9 3a 5a e0 bd 38 b1 a7 6b 2e 14 80 99 c4 b4 39 7f bb f2 ca e3 ca 82 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f161c006868 | unwrapped: 28 81 cc fd 60 24 b7 fd 84 09 7e 7e 5a aa 3e 9f | unwrapped: 27 b0 18 b2 d4 c2 2f 4a 84 47 64 62 2f d8 ab 5e | unwrapped: c4 84 56 b4 8f 1b ac d3 dc 5d 36 f5 29 ba e0 0a | unwrapped: 90 e4 f4 d5 6a 82 3a 95 e8 a9 f4 d0 34 06 b5 87 | unwrapped: 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162862d590 | result: final-key@0x55fd4c4d6640 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d6640 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162862d578 | result: final-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4d6640 | prf+N PRF sha final-key@0x55fd4c4d6a20 (size 20) | prf+N: key-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d3130 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f162862d608 | result: result-key@0x55fd4c4d6640 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4d3130 | prfplus: release old_t[N]-key@0x55fd4c44c080 | prfplus: release old_t[final]-key@0x55fd4c4d6a20 | ike_sa_keymat: release data-key@0x55fd4c4cd5b0 | calc_skeyseed_v2: release skeyseed_k-key@0x7f161800d840 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d6640 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162862d7a8 | result: result-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d6640 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162862d7a8 | result: result-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d6640 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162862d7a8 | result: result-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55fd4c4d6640 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162862d7b8 | result: SK_ei_k-key@0x55fd4c44c080 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55fd4c4d6640 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162862d7b8 | result: SK_er_k-key@0x55fd4c4d3130 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d6640 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162862d7b8 | result: result-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x55fd4c4ecc80 | chunk_SK_pi: symkey-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: 18 8f a9 fa 1d c2 9b ac 0c 57 3d 8d 67 e8 5b 28 45 8a 18 bf 12 75 70 17 59 eb ef 9f f3 c0 48 f7 | chunk_SK_pi: release slot-key-key@0x55fd4c4cfe50 | chunk_SK_pi extracted len 32 bytes at 0x7f161c002168 | unwrapped: a3 8c eb c1 fa dd 22 30 01 ed ea 67 63 e2 3a 32 | unwrapped: ab c9 8a 1c 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d6640 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162862d7b8 | result: result-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x7f1618006bb0 | chunk_SK_pr: symkey-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: f6 3b 45 9b 5a 23 69 51 76 d7 9d dc 32 6e ec 2e fa 28 41 84 5c 6f 71 ca ac 04 4a 2c 12 2b 71 16 | chunk_SK_pr: release slot-key-key@0x55fd4c4cfe50 | chunk_SK_pr extracted len 32 bytes at 0x7f161c001278 | unwrapped: 94 d3 dc e4 25 29 05 9b db b2 67 a9 b8 d3 59 94 | unwrapped: 57 36 7d 9a 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x55fd4c4d6640 | calc_skeyseed_v2 pointers: shared-key@0x55fd4c4d4be0, SK_d-key@0x7f161800d840, SK_ai-key@0x55fd4c4cd5b0, SK_ar-key@0x55fd4c4d6a20, SK_ei-key@0x55fd4c44c080, SK_er-key@0x55fd4c4d3130, SK_pi-key@0x55fd4c4ecc80, SK_pr-key@0x7f1618006bb0 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | a3 8c eb c1 fa dd 22 30 01 ed ea 67 63 e2 3a 32 | ab c9 8a 1c | calc_skeyseed_v2 SK_pr | 94 d3 dc e4 25 29 05 9b db b2 67 a9 b8 d3 59 94 | 57 36 7d 9a | crypto helper 5 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 10 time elapsed 0.00262 seconds | (#9) spent 2.58 milliseconds in crypto helper computing work-order 10: ikev2_inR1outI2 KE (pcr) | crypto helper 5 sending results from work-order 10 for state #9 to event queue | scheduling resume sending helper answer for #9 | libevent_malloc: new ptr-libevent@0x7f161c0046d8 size 128 | crypto helper 5 waiting (nothing to do) | processing resume sending helper answer for #9 | start processing: state #9 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 5 replies to request ID 10 | calling continuation function 0x55fd4bceeb50 | ikev2_parent_inR1outI2_continue for #9: calculating g^{xy}, sending I2 | DH secret MODP2048@0x7f16180103b8: transferring ownership from helper IKEv2 DH to state #9 | finish_dh_v2: release st_shared_nss-key@NULL | creating state object #10 at 0x55fd4c4f34a8 | State DB: adding IKEv2 state #10 in UNDEFINED | pstats #10 ikev2.child started | duplicating state object #9 "aes128" as #10 for IPSEC SA | #10 setting local endpoint to 192.1.2.45:500 from #9.st_localport (in duplicate_state() at state.c:1484) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x7f161800d840 | duplicate_state: reference st_skey_ai_nss-key@0x55fd4c4cd5b0 | duplicate_state: reference st_skey_ar_nss-key@0x55fd4c4d6a20 | duplicate_state: reference st_skey_ei_nss-key@0x55fd4c44c080 | duplicate_state: reference st_skey_er_nss-key@0x55fd4c4d3130 | duplicate_state: reference st_skey_pi_nss-key@0x55fd4c4ecc80 | duplicate_state: reference st_skey_pr_nss-key@0x7f1618006bb0 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #9.#10; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #9 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #9.#10 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #9 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f1618005088 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f160c002b78 | event_schedule: new EVENT_SA_REPLACE-pe@0x7f160c002b78 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #9 | libevent_malloc: new ptr-libevent@0x7f1618005088 size 128 | parent state #9: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | 1f 76 f1 12 67 3d 5b b6 | responder cookie: | cc 88 7d 43 5d b9 94 50 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | IDr payload will be sent | hmac PRF sha init symkey-key@0x55fd4c4ecc80 (size 20) | hmac: symkey-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398659e8 | result: clone-key@0x55fd4c4d6640 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f1610002b50 from symkey-key@0x55fd4c4d6640 | hmac prf: begin sha with context 0x7f1610002b50 from symkey-key@0x55fd4c4d6640 | hmac: release clone-key@0x55fd4c4d6640 | hmac PRF sha crypt-prf@0x55fd4c4cfd48 | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 77 65 73 74 | emitting length of IKEv2 Identification - Initiator - Payload: 12 | idhash calc I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x55fd4bdec8f4 (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7ffc39865d80 (length 20) | 08 7b bc 4b fb d3 4c fb 60 5b 55 50 90 21 2d e2 | e4 5e 71 5c | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload | IDr 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x55fd4c441b58 (line=1) | concluding with best_match=014 best=0x55fd4c441b58 (lineno=1) | inputs to hash1 (first packet) | 1f 76 f1 12 67 3d 5b b6 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 64 fb 47 d7 eb 66 1b 4e b4 87 87 6a | 6d c8 5a ec 78 7e 5a 84 9f 4f 22 80 85 8f f6 03 | 73 62 9d b0 5c 19 af 4f 59 8d fc 9f 2f 4a 24 10 | 9e a0 9a fd f1 f7 2c 14 00 de c3 f1 8e c7 76 5e | a8 d4 d1 32 27 52 85 ae 3a 89 06 22 a5 14 da 3d | ea d8 50 43 64 9a ef 46 7c c3 d4 85 3f da 0d d2 | 3b 1e 68 f3 9d 8d 46 f2 ed 26 87 12 e8 ff e2 d3 | 30 11 cd b0 8e ff 94 56 61 d8 83 6f 96 2c dd 32 | 9b a7 3e bf 77 4e 93 54 f7 6f cd 88 e6 19 03 b8 | f1 83 14 74 d4 fd 9e 63 b0 10 a0 48 aa 7e f2 dc | ad 01 4f d3 1c 7f 69 4f 2e 67 fc ee 97 d0 01 3c | dd 1b 16 ca b3 67 47 3a b8 e2 da d0 53 05 02 fa | 26 41 64 6f 75 61 0e c0 6d 11 84 e9 d9 10 af 89 | b7 58 59 1a cd 2e ae 43 b3 7d b8 1b c5 5b b1 d5 | ec 60 f7 fb 09 c1 72 c9 b9 6a e7 a7 42 9a 57 72 | a6 43 28 29 61 09 ab 67 97 6d 5b ce de 22 7f 71 | 94 5b d5 c7 29 00 00 24 28 81 cc fd 60 24 b7 fd | 84 09 7e 7e 5a aa 3e 9f 27 b0 18 b2 d4 c2 2f 4a | 84 47 64 62 2f d8 ab 5e 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 9b cb 45 8a 6c 49 68 78 | 2a 75 7d 47 e8 ee 9d d7 22 e2 bd f2 00 00 00 1c | 00 00 40 05 01 52 05 19 5d b8 48 51 74 60 9a 0c | a1 d2 24 20 65 2b f0 e2 | create: initiator inputs to hash2 (responder nonce) | c4 84 56 b4 8f 1b ac d3 dc 5d 36 f5 29 ba e0 0a | 90 e4 f4 d5 6a 82 3a 95 e8 a9 f4 d0 34 06 b5 87 | idhash 08 7b bc 4b fb d3 4c fb 60 5b 55 50 90 21 2d e2 | idhash e4 5e 71 5c | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x55fd4c4cfda8 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398657d0 | result: shared secret-key@0x55fd4c4e7620 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x55fd4c4e7620 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398657b8 | result: shared secret-key@0x55fd4c4d6640 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x55fd4c4e7620 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f1610002b50 from shared secret-key@0x55fd4c4d6640 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f1610002b50 from shared secret-key@0x55fd4c4d6640 | = prf(,"Key Pad for IKEv2"): release clone-key@0x55fd4c4d6640 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x55fd4c4e77d8 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x55fd4bd814d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398657f0 | result: final-key@0x55fd4c4e7620 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4e7620 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398657d8 | result: final-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4e7620 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x55fd4c4d6640 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x55fd4c4d6640 (size 20) | = prf(, ): -key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398657e8 | result: clone-key@0x55fd4c4e7620 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f1610002b50 from -key@0x55fd4c4e7620 | = prf(, ) prf: begin sha with context 0x7f1610002b50 from -key@0x55fd4c4e7620 | = prf(, ): release clone-key@0x55fd4c4e7620 | = prf(, ) PRF sha crypt-prf@0x55fd4c4ee5e8 | = prf(, ) PRF sha update first-packet-bytes@0x55fd4c4eb4b8 (length 440) | 1f 76 f1 12 67 3d 5b b6 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 64 fb 47 d7 eb 66 1b 4e b4 87 87 6a | 6d c8 5a ec 78 7e 5a 84 9f 4f 22 80 85 8f f6 03 | 73 62 9d b0 5c 19 af 4f 59 8d fc 9f 2f 4a 24 10 | 9e a0 9a fd f1 f7 2c 14 00 de c3 f1 8e c7 76 5e | a8 d4 d1 32 27 52 85 ae 3a 89 06 22 a5 14 da 3d | ea d8 50 43 64 9a ef 46 7c c3 d4 85 3f da 0d d2 | 3b 1e 68 f3 9d 8d 46 f2 ed 26 87 12 e8 ff e2 d3 | 30 11 cd b0 8e ff 94 56 61 d8 83 6f 96 2c dd 32 | 9b a7 3e bf 77 4e 93 54 f7 6f cd 88 e6 19 03 b8 | f1 83 14 74 d4 fd 9e 63 b0 10 a0 48 aa 7e f2 dc | ad 01 4f d3 1c 7f 69 4f 2e 67 fc ee 97 d0 01 3c | dd 1b 16 ca b3 67 47 3a b8 e2 da d0 53 05 02 fa | 26 41 64 6f 75 61 0e c0 6d 11 84 e9 d9 10 af 89 | b7 58 59 1a cd 2e ae 43 b3 7d b8 1b c5 5b b1 d5 | ec 60 f7 fb 09 c1 72 c9 b9 6a e7 a7 42 9a 57 72 | a6 43 28 29 61 09 ab 67 97 6d 5b ce de 22 7f 71 | 94 5b d5 c7 29 00 00 24 28 81 cc fd 60 24 b7 fd | 84 09 7e 7e 5a aa 3e 9f 27 b0 18 b2 d4 c2 2f 4a | 84 47 64 62 2f d8 ab 5e 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 9b cb 45 8a 6c 49 68 78 | 2a 75 7d 47 e8 ee 9d d7 22 e2 bd f2 00 00 00 1c | 00 00 40 05 01 52 05 19 5d b8 48 51 74 60 9a 0c | a1 d2 24 20 65 2b f0 e2 | = prf(, ) PRF sha update nonce-bytes@0x55fd4c4ed358 (length 32) | c4 84 56 b4 8f 1b ac d3 dc 5d 36 f5 29 ba e0 0a | 90 e4 f4 d5 6a 82 3a 95 e8 a9 f4 d0 34 06 b5 87 | = prf(, ) PRF sha update hash-bytes@0x7ffc39865d80 (length 20) | 08 7b bc 4b fb d3 4c fb 60 5b 55 50 90 21 2d e2 | e4 5e 71 5c | = prf(, ) PRF sha final-chunk@0x55fd4c4eaeb8 (length 20) | 0f ef 56 f0 67 53 69 6b 13 ae 92 66 83 c4 75 85 | 37 35 6f ce | psk_auth: release prf-psk-key@0x55fd4c4d6640 | PSK auth octets 0f ef 56 f0 67 53 69 6b 13 ae 92 66 83 c4 75 85 | PSK auth octets 37 35 6f ce | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth 0f ef 56 f0 67 53 69 6b 13 ae 92 66 83 c4 75 85 | PSK auth 37 35 6f ce | emitting length of IKEv2 Authentication Payload: 28 | getting first pending from state #9 | netlink_get_spi: allocated 0xb92cca0f for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for aes128 (IKE SA initiator emitting ESP/AH proposals) | converting proposal AES_CBC_128-HMAC_SHA1_96-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED "aes128": constructed local ESP/AH proposals for aes128 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi b9 2c ca 0f | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #9: IMPAIR: duplicating key-length attribute | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 16 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 01 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 02 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 12 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 192 | emitting length of ISAKMP Message: 220 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 3f 8f aa a0 fc 8f 4d e7 19 20 50 6b 6a 2f cf 0e | data before encryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | 0f ef 56 f0 67 53 69 6b 13 ae 92 66 83 c4 75 85 | 37 35 6f ce 2c 00 00 30 00 00 00 2c 01 03 04 03 | b9 2c ca 0f 03 00 00 10 01 00 00 0c 80 0e 00 80 | 80 0e 00 80 03 00 00 08 03 00 00 02 00 00 00 08 | 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 01 00 c0 00 01 ff 00 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 | c0 00 02 ff 00 01 02 03 04 05 06 07 08 09 0a 0b | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | dc 02 b3 b3 3f 32 52 1c 0e e6 a3 2d f8 3f 6a 0c | 0e 28 72 ea ea d5 95 69 c1 ef 57 c5 a5 e1 e6 59 | 9e 1b 41 9f 06 59 c2 e3 b0 7d 98 ef b4 cd 31 14 | 86 b9 7b 2a 57 20 d0 67 ab 2c fd 01 e8 60 7d 9b | 1d 66 09 d9 3e 93 ce f2 8c 38 f4 74 35 b3 24 6d | a6 f2 c8 19 e4 ab 25 7d 13 b3 49 f0 eb ce 39 ed | ff 54 11 c4 0c 25 1a 52 1a 9f 4c 7e f4 c1 14 5b | 61 16 7b 77 22 9f 1d 0e cc e6 ed cc 01 04 51 44 | d3 21 3c 7c 6f 4d 11 02 dd ee 3f 9d 8c 9e 7e 6a | 91 61 18 16 27 88 df 10 09 f0 2a 4f ef 4d 80 a5 | hmac PRF sha init symkey-key@0x55fd4c4cd5b0 (size 20) | hmac: symkey-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398658f8 | result: clone-key@0x55fd4c4d6640 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f1610002b50 from symkey-key@0x55fd4c4d6640 | hmac prf: begin sha with context 0x7f1610002b50 from symkey-key@0x55fd4c4d6640 | hmac: release clone-key@0x55fd4c4d6640 | hmac PRF sha crypt-prf@0x55fd4c4e77d8 | hmac PRF sha update data-bytes@0x55fd4bdec8c0 (length 208) | 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 3f 8f aa a0 fc 8f 4d e7 19 20 50 6b 6a 2f cf 0e | dc 02 b3 b3 3f 32 52 1c 0e e6 a3 2d f8 3f 6a 0c | 0e 28 72 ea ea d5 95 69 c1 ef 57 c5 a5 e1 e6 59 | 9e 1b 41 9f 06 59 c2 e3 b0 7d 98 ef b4 cd 31 14 | 86 b9 7b 2a 57 20 d0 67 ab 2c fd 01 e8 60 7d 9b | 1d 66 09 d9 3e 93 ce f2 8c 38 f4 74 35 b3 24 6d | a6 f2 c8 19 e4 ab 25 7d 13 b3 49 f0 eb ce 39 ed | ff 54 11 c4 0c 25 1a 52 1a 9f 4c 7e f4 c1 14 5b | 61 16 7b 77 22 9f 1d 0e cc e6 ed cc 01 04 51 44 | d3 21 3c 7c 6f 4d 11 02 dd ee 3f 9d 8c 9e 7e 6a | 91 61 18 16 27 88 df 10 09 f0 2a 4f ef 4d 80 a5 | hmac PRF sha final-bytes@0x55fd4bdec990 (length 20) | 6e 14 b3 b6 de 63 5e eb 49 9f 4c 30 7c 64 1f 6f | 4d 3e 80 10 | data being hmac: 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | data being hmac: 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | data being hmac: 3f 8f aa a0 fc 8f 4d e7 19 20 50 6b 6a 2f cf 0e | data being hmac: dc 02 b3 b3 3f 32 52 1c 0e e6 a3 2d f8 3f 6a 0c | data being hmac: 0e 28 72 ea ea d5 95 69 c1 ef 57 c5 a5 e1 e6 59 | data being hmac: 9e 1b 41 9f 06 59 c2 e3 b0 7d 98 ef b4 cd 31 14 | data being hmac: 86 b9 7b 2a 57 20 d0 67 ab 2c fd 01 e8 60 7d 9b | data being hmac: 1d 66 09 d9 3e 93 ce f2 8c 38 f4 74 35 b3 24 6d | data being hmac: a6 f2 c8 19 e4 ab 25 7d 13 b3 49 f0 eb ce 39 ed | data being hmac: ff 54 11 c4 0c 25 1a 52 1a 9f 4c 7e f4 c1 14 5b | data being hmac: 61 16 7b 77 22 9f 1d 0e cc e6 ed cc 01 04 51 44 | data being hmac: d3 21 3c 7c 6f 4d 11 02 dd ee 3f 9d 8c 9e 7e 6a | data being hmac: 91 61 18 16 27 88 df 10 09 f0 2a 4f ef 4d 80 a5 | out calculated auth: | 6e 14 b3 b6 de 63 5e eb 49 9f 4c 30 | suspend processing: state #9 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | start processing: state #10 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #10 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #10: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #10 to 0 after switching state | Message ID: recv #9.#10 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #9.#10 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "aes128" #10: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 220 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #9) | 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 3f 8f aa a0 fc 8f 4d e7 19 20 50 6b 6a 2f cf 0e | dc 02 b3 b3 3f 32 52 1c 0e e6 a3 2d f8 3f 6a 0c | 0e 28 72 ea ea d5 95 69 c1 ef 57 c5 a5 e1 e6 59 | 9e 1b 41 9f 06 59 c2 e3 b0 7d 98 ef b4 cd 31 14 | 86 b9 7b 2a 57 20 d0 67 ab 2c fd 01 e8 60 7d 9b | 1d 66 09 d9 3e 93 ce f2 8c 38 f4 74 35 b3 24 6d | a6 f2 c8 19 e4 ab 25 7d 13 b3 49 f0 eb ce 39 ed | ff 54 11 c4 0c 25 1a 52 1a 9f 4c 7e f4 c1 14 5b | 61 16 7b 77 22 9f 1d 0e cc e6 ed cc 01 04 51 44 | d3 21 3c 7c 6f 4d 11 02 dd ee 3f 9d 8c 9e 7e 6a | 91 61 18 16 27 88 df 10 09 f0 2a 4f ef 4d 80 a5 | 6e 14 b3 b6 de 63 5e eb 49 9f 4c 30 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "aes128" #10: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x7f1610002b78 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #10 | libevent_malloc: new ptr-libevent@0x55fd4c4e8ad8 size 128 | #10 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29300.491012 | resume sending helper answer for #9 suppresed complete_v2_state_transition() | #9 spent 1.03 milliseconds in resume sending helper answer | stop processing: state #10 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f161c0046d8 | spent 0.00261 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 204 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | 9d 5d de 43 60 28 36 07 f3 da da f2 6e b6 24 4b | 80 b0 c6 f5 cf 86 de c2 15 c7 d5 d1 c9 23 88 7c | d3 fd d7 5e 83 ca 3d e1 86 83 cf b9 61 04 0a cd | 8e 50 ab d4 3e 80 4e 68 7c 51 64 06 2c ec 64 dc | c6 0f 1b 1b 54 6c 08 26 c6 63 99 b0 e7 f1 f2 d7 | d7 f4 4d b4 2f fb 50 76 50 7b 19 f1 96 4e 9f da | e4 56 87 d9 27 8a 9f 4e 89 7a 6f 27 c2 9a 98 3c | a0 2b 46 c4 53 cd c6 4c 3c ef e6 54 6f 9a 7d 0a | c0 e0 bd ff 62 8e 33 6d 7a 7e d1 6f ef 09 75 80 | 74 a9 3c b9 c5 1c c4 85 a2 44 36 e1 e4 33 5d aa | a4 d4 5a 0a af 82 2d 31 b7 e3 9d cd | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 1f 76 f1 12 67 3d 5b b6 | responder cookie: | cc 88 7d 43 5d b9 94 50 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 204 (0xcc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #9 in PARENT_I2 (find_v2_ike_sa) | start processing: state #9 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #10 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #9 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | start processing: state #10 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #10 is idle | #10 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 176 (0xb0) | processing payload: ISAKMP_NEXT_v2SK (len=172) | #10 in state PARENT_I2: sent v2I2, expected v2R2 | hmac PRF sha init symkey-key@0x55fd4c4d6a20 (size 20) | hmac: symkey-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865748 | result: clone-key@0x55fd4c4d6640 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f161c002b50 from symkey-key@0x55fd4c4d6640 | hmac prf: begin sha with context 0x7f161c002b50 from symkey-key@0x55fd4c4d6640 | hmac: release clone-key@0x55fd4c4d6640 | hmac PRF sha crypt-prf@0x55fd4c4ee5e8 | hmac PRF sha update data-bytes@0x55fd4c47b368 (length 192) | 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | 9d 5d de 43 60 28 36 07 f3 da da f2 6e b6 24 4b | 80 b0 c6 f5 cf 86 de c2 15 c7 d5 d1 c9 23 88 7c | d3 fd d7 5e 83 ca 3d e1 86 83 cf b9 61 04 0a cd | 8e 50 ab d4 3e 80 4e 68 7c 51 64 06 2c ec 64 dc | c6 0f 1b 1b 54 6c 08 26 c6 63 99 b0 e7 f1 f2 d7 | d7 f4 4d b4 2f fb 50 76 50 7b 19 f1 96 4e 9f da | e4 56 87 d9 27 8a 9f 4e 89 7a 6f 27 c2 9a 98 3c | a0 2b 46 c4 53 cd c6 4c 3c ef e6 54 6f 9a 7d 0a | c0 e0 bd ff 62 8e 33 6d 7a 7e d1 6f ef 09 75 80 | 74 a9 3c b9 c5 1c c4 85 a2 44 36 e1 e4 33 5d aa | hmac PRF sha final-bytes@0x7ffc39865910 (length 20) | a4 d4 5a 0a af 82 2d 31 b7 e3 9d cd 24 e4 33 6f | ad e3 15 4b | data for hmac: 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | data for hmac: 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | data for hmac: 9d 5d de 43 60 28 36 07 f3 da da f2 6e b6 24 4b | data for hmac: 80 b0 c6 f5 cf 86 de c2 15 c7 d5 d1 c9 23 88 7c | data for hmac: d3 fd d7 5e 83 ca 3d e1 86 83 cf b9 61 04 0a cd | data for hmac: 8e 50 ab d4 3e 80 4e 68 7c 51 64 06 2c ec 64 dc | data for hmac: c6 0f 1b 1b 54 6c 08 26 c6 63 99 b0 e7 f1 f2 d7 | data for hmac: d7 f4 4d b4 2f fb 50 76 50 7b 19 f1 96 4e 9f da | data for hmac: e4 56 87 d9 27 8a 9f 4e 89 7a 6f 27 c2 9a 98 3c | data for hmac: a0 2b 46 c4 53 cd c6 4c 3c ef e6 54 6f 9a 7d 0a | data for hmac: c0 e0 bd ff 62 8e 33 6d 7a 7e d1 6f ef 09 75 80 | data for hmac: 74 a9 3c b9 c5 1c c4 85 a2 44 36 e1 e4 33 5d aa | calculated auth: a4 d4 5a 0a af 82 2d 31 b7 e3 9d cd | provided auth: a4 d4 5a 0a af 82 2d 31 b7 e3 9d cd | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 9d 5d de 43 60 28 36 07 f3 da da f2 6e b6 24 4b | payload before decryption: | 80 b0 c6 f5 cf 86 de c2 15 c7 d5 d1 c9 23 88 7c | d3 fd d7 5e 83 ca 3d e1 86 83 cf b9 61 04 0a cd | 8e 50 ab d4 3e 80 4e 68 7c 51 64 06 2c ec 64 dc | c6 0f 1b 1b 54 6c 08 26 c6 63 99 b0 e7 f1 f2 d7 | d7 f4 4d b4 2f fb 50 76 50 7b 19 f1 96 4e 9f da | e4 56 87 d9 27 8a 9f 4e 89 7a 6f 27 c2 9a 98 3c | a0 2b 46 c4 53 cd c6 4c 3c ef e6 54 6f 9a 7d 0a | c0 e0 bd ff 62 8e 33 6d 7a 7e d1 6f ef 09 75 80 | 74 a9 3c b9 c5 1c c4 85 a2 44 36 e1 e4 33 5d aa | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 14 1c b5 c5 cb 5b 56 06 2b 89 9b 07 | 85 4a 0c 05 a9 5b 5e 6f 2c 00 00 2c 00 00 00 28 | 01 03 04 03 22 90 45 47 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 03 00 00 02 00 00 00 08 | 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 01 00 c0 00 01 ff 00 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 | c0 00 02 ff 00 01 02 03 04 05 06 07 08 09 0a 0b | stripping 12 octets as pad | #10 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Initiator: process IKE_AUTH response | Now let's proceed with state specific processing | calling processor Initiator: process IKE_AUTH response | offered CA: '%none' "aes128" #10: IKEv2 mode peer ID is ID_FQDN: '@east' | hmac PRF sha init symkey-key@0x7f1618006bb0 (size 20) | hmac: symkey-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865878 | result: clone-key@0x55fd4c4d6640 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f161c002b50 from symkey-key@0x55fd4c4d6640 | hmac prf: begin sha with context 0x7f161c002b50 from symkey-key@0x55fd4c4d6640 | hmac: release clone-key@0x55fd4c4d6640 | hmac PRF sha crypt-prf@0x55fd4c4e77d8 | idhash auth R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x55fd4c47b39c (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7ffc398659d0 (length 20) | 6f 73 ad 19 cf ac 0a 7a 73 3f 4c e4 ae 8a 13 30 | 84 8b 6e 81 | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x55fd4c441b58 (line=1) | concluding with best_match=014 best=0x55fd4c441b58 (lineno=1) | inputs to hash1 (first packet) | 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 19 16 37 c1 7e 96 ff f1 94 a6 52 0e | 4d 86 ec ba 53 6c aa 32 74 42 65 a8 df 3a 04 70 | 95 9b 16 a1 8d e7 87 31 82 e4 98 dc 81 06 fa 41 | cd 8f 76 27 83 e7 04 6b c6 d7 a8 aa 4c 18 16 11 | aa 05 db f1 74 f4 23 60 70 b1 30 57 3d 0e 57 5a | 94 4c 79 0b 86 d2 01 d6 2f fc 29 c4 26 36 60 52 | 0b 9a 43 27 33 75 f0 86 88 33 fa f8 14 b0 8c f0 | 51 ae b2 3d b5 04 fc da ef 2f 39 bf 95 ef 22 62 | 0f d8 aa 62 ea fa d1 1a 04 fa 91 66 a9 b4 9a 25 | 23 9d 3d 15 e8 d0 21 0d 06 3a 46 5c 23 c5 a5 9a | b0 66 07 f5 4d b3 4e e6 c0 85 ca 24 1f 2c 1d 55 | a2 9b 17 87 84 76 89 2e 9c 96 87 e1 1e a6 65 6a | 4b f1 a3 f9 45 9f 1a 54 28 09 f0 cf f9 91 68 71 | 25 3e 98 ed 50 de e3 5d 9b 6e d4 5a c5 a1 61 2e | 80 f1 3a 5e 27 dc 64 6e 7b a1 25 ac c7 48 90 0f | f4 07 d0 6b ca 34 ba dc 21 ea 03 39 57 1e ed f8 | 82 3a 7c 72 29 00 00 24 c4 84 56 b4 8f 1b ac d3 | dc 5d 36 f5 29 ba e0 0a 90 e4 f4 d5 6a 82 3a 95 | e8 a9 f4 d0 34 06 b5 87 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 e2 b9 37 b4 5b c2 6b 2d | d6 ab 4e 00 b0 02 bc 04 2a de c2 ee 00 00 00 1c | 00 00 40 05 10 a7 fb e4 8a bd 9c 1c c7 f9 6b 51 | 5a 4c 9a 6d 84 41 76 bd | verify: initiator inputs to hash2 (initiator nonce) | 28 81 cc fd 60 24 b7 fd 84 09 7e 7e 5a aa 3e 9f | 27 b0 18 b2 d4 c2 2f 4a 84 47 64 62 2f d8 ab 5e | idhash 6f 73 ad 19 cf ac 0a 7a 73 3f 4c e4 ae 8a 13 30 | idhash 84 8b 6e 81 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x55fd4c4cfda8 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39865670 | result: shared secret-key@0x55fd4c4e7620 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x55fd4c4e7620 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865658 | result: shared secret-key@0x55fd4c4d6640 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x55fd4c4e7620 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f161c002b50 from shared secret-key@0x55fd4c4d6640 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f161c002b50 from shared secret-key@0x55fd4c4d6640 | = prf(,"Key Pad for IKEv2"): release clone-key@0x55fd4c4d6640 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x55fd4c4ee5e8 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x55fd4bd814d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39865690 | result: final-key@0x55fd4c4e7620 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4e7620 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865678 | result: final-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4e7620 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x55fd4c4d6640 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x55fd4c4d6640 (size 20) | = prf(, ): -key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865688 | result: clone-key@0x55fd4c4e7620 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f161c002b50 from -key@0x55fd4c4e7620 | = prf(, ) prf: begin sha with context 0x7f161c002b50 from -key@0x55fd4c4e7620 | = prf(, ): release clone-key@0x55fd4c4e7620 | = prf(, ) PRF sha crypt-prf@0x55fd4c4e77d8 | = prf(, ) PRF sha update first-packet-bytes@0x55fd4c4eaf68 (length 440) | 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 19 16 37 c1 7e 96 ff f1 94 a6 52 0e | 4d 86 ec ba 53 6c aa 32 74 42 65 a8 df 3a 04 70 | 95 9b 16 a1 8d e7 87 31 82 e4 98 dc 81 06 fa 41 | cd 8f 76 27 83 e7 04 6b c6 d7 a8 aa 4c 18 16 11 | aa 05 db f1 74 f4 23 60 70 b1 30 57 3d 0e 57 5a | 94 4c 79 0b 86 d2 01 d6 2f fc 29 c4 26 36 60 52 | 0b 9a 43 27 33 75 f0 86 88 33 fa f8 14 b0 8c f0 | 51 ae b2 3d b5 04 fc da ef 2f 39 bf 95 ef 22 62 | 0f d8 aa 62 ea fa d1 1a 04 fa 91 66 a9 b4 9a 25 | 23 9d 3d 15 e8 d0 21 0d 06 3a 46 5c 23 c5 a5 9a | b0 66 07 f5 4d b3 4e e6 c0 85 ca 24 1f 2c 1d 55 | a2 9b 17 87 84 76 89 2e 9c 96 87 e1 1e a6 65 6a | 4b f1 a3 f9 45 9f 1a 54 28 09 f0 cf f9 91 68 71 | 25 3e 98 ed 50 de e3 5d 9b 6e d4 5a c5 a1 61 2e | 80 f1 3a 5e 27 dc 64 6e 7b a1 25 ac c7 48 90 0f | f4 07 d0 6b ca 34 ba dc 21 ea 03 39 57 1e ed f8 | 82 3a 7c 72 29 00 00 24 c4 84 56 b4 8f 1b ac d3 | dc 5d 36 f5 29 ba e0 0a 90 e4 f4 d5 6a 82 3a 95 | e8 a9 f4 d0 34 06 b5 87 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 e2 b9 37 b4 5b c2 6b 2d | d6 ab 4e 00 b0 02 bc 04 2a de c2 ee 00 00 00 1c | 00 00 40 05 10 a7 fb e4 8a bd 9c 1c c7 f9 6b 51 | 5a 4c 9a 6d 84 41 76 bd | = prf(, ) PRF sha update nonce-bytes@0x7f1618003a78 (length 32) | 28 81 cc fd 60 24 b7 fd 84 09 7e 7e 5a aa 3e 9f | 27 b0 18 b2 d4 c2 2f 4a 84 47 64 62 2f d8 ab 5e | = prf(, ) PRF sha update hash-bytes@0x7ffc398659d0 (length 20) | 6f 73 ad 19 cf ac 0a 7a 73 3f 4c e4 ae 8a 13 30 | 84 8b 6e 81 | = prf(, ) PRF sha final-chunk@0x55fd4c4eecb8 (length 20) | 14 1c b5 c5 cb 5b 56 06 2b 89 9b 07 85 4a 0c 05 | a9 5b 5e 6f | psk_auth: release prf-psk-key@0x55fd4c4d6640 | Received PSK auth octets | 14 1c b5 c5 cb 5b 56 06 2b 89 9b 07 85 4a 0c 05 | a9 5b 5e 6f | Calculated PSK auth octets | 14 1c b5 c5 cb 5b 56 06 2b 89 9b 07 85 4a 0c 05 | a9 5b 5e 6f "aes128" #10: Authenticated using authby=secret | parent state #9: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) | #9 will start re-keying in 2568 seconds with margin of 1032 seconds (attempting re-key) | state #9 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f1618005088 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f160c002b78 | event_schedule: new EVENT_SA_REKEY-pe@0x7f160c002b78 | inserting event EVENT_SA_REKEY, timeout in 2568 seconds for #9 | libevent_malloc: new ptr-libevent@0x7f161c0046d8 size 128 | pstats #9 ikev2.ike established | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | evaluating our conn="aes128" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found an acceptable TSi/TSr Traffic Selector | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | using existing local ESP/AH proposals for aes128 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI 22 90 45 47 | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | *****parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=22904547;ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | integ=sha: .key_size=20 encrypt=aes: .key_size=16 .salt_size=0 keymat_len=36 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39865760 | result: data=Ni-key@0x55fd4c4e7620 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x55fd4c4e7620 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865748 | result: data=Ni-key@0x55fd4c4d6640 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x55fd4c4e7620 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d6640 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc39865750 | result: data+=Nr-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55fd4c4d6640 | prf+0 PRF sha init key-key@0x7f161800d840 (size 20) | prf+0: key-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865678 | result: clone-key@0x55fd4c4d6640 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f161c002b50 from key-key@0x55fd4c4d6640 | prf+0 prf: begin sha with context 0x7f161c002b50 from key-key@0x55fd4c4d6640 | prf+0: release clone-key@0x55fd4c4d6640 | prf+0 PRF sha crypt-prf@0x55fd4c4e9938 | prf+0 PRF sha update seed-key@0x55fd4c4e7620 (size 64) | prf+0: seed-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55fd4c4e7620 | nss hmac digest hack: symkey-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1272451581: fa 93 39 a9 3b 26 8d 3d ca cd dd d0 6b ec f1 55 00 c1 78 d8 12 3f 8d 62 86 96 74 1b ae 3b ea df 26 19 fc 2e a0 f9 62 3b ef 65 81 e7 71 eb 79 d9 ef 14 46 58 1a d9 a1 e5 e2 c9 3a 5a e0 bd 38 b1 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 64 bytes at 0x55fd4c4e9158 | unwrapped: 28 81 cc fd 60 24 b7 fd 84 09 7e 7e 5a aa 3e 9f | unwrapped: 27 b0 18 b2 d4 c2 2f 4a 84 47 64 62 2f d8 ab 5e | unwrapped: c4 84 56 b4 8f 1b ac d3 dc 5d 36 f5 29 ba e0 0a | unwrapped: 90 e4 f4 d5 6a 82 3a 95 e8 a9 f4 d0 34 06 b5 87 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39865680 | result: final-key@0x55fd4c4ee4d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4ee4d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865668 | result: final-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4ee4d0 | prf+0 PRF sha final-key@0x55fd4c4d6640 (size 20) | prf+0: key-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x55fd4c4d6640 | prf+N PRF sha init key-key@0x7f161800d840 (size 20) | prf+N: key-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865678 | result: clone-key@0x55fd4c4ee4d0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f161c002b50 from key-key@0x55fd4c4ee4d0 | prf+N prf: begin sha with context 0x7f161c002b50 from key-key@0x55fd4c4ee4d0 | prf+N: release clone-key@0x55fd4c4ee4d0 | prf+N PRF sha crypt-prf@0x55fd4c4ee5e8 | prf+N PRF sha update old_t-key@0x55fd4c4d6640 (size 20) | prf+N: old_t-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4d6640 | nss hmac digest hack: symkey-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 90 d0 5c 2d 0e ca 13 d9 d2 ac f5 26 2d 8e 43 09 48 11 59 7f d9 40 95 f8 93 80 c2 e9 fa de fa d0 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x55fd4c4eed58 | unwrapped: d9 72 d4 b2 91 75 db 75 f3 2d e8 7f c7 41 01 5c | unwrapped: 85 ab 39 e9 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4e7620 (size 64) | prf+N: seed-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55fd4c4e7620 | nss hmac digest hack: symkey-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1272451581: fa 93 39 a9 3b 26 8d 3d ca cd dd d0 6b ec f1 55 00 c1 78 d8 12 3f 8d 62 86 96 74 1b ae 3b ea df 26 19 fc 2e a0 f9 62 3b ef 65 81 e7 71 eb 79 d9 ef 14 46 58 1a d9 a1 e5 e2 c9 3a 5a e0 bd 38 b1 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 64 bytes at 0x7f1620002b78 | unwrapped: 28 81 cc fd 60 24 b7 fd 84 09 7e 7e 5a aa 3e 9f | unwrapped: 27 b0 18 b2 d4 c2 2f 4a 84 47 64 62 2f d8 ab 5e | unwrapped: c4 84 56 b4 8f 1b ac d3 dc 5d 36 f5 29 ba e0 0a | unwrapped: 90 e4 f4 d5 6a 82 3a 95 e8 a9 f4 d0 34 06 b5 87 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39865680 | result: final-key@0x7f161800a0e0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f161800a0e0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865668 | result: final-key@0x55fd4c4ee4d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f161800a0e0 | prf+N PRF sha final-key@0x55fd4c4ee4d0 (size 20) | prf+N: key-key@0x55fd4c4ee4d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffc398656f8 | result: result-key@0x7f161800a0e0 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4d6640 | prfplus: release old_t[N]-key@0x55fd4c4d6640 | prf+N PRF sha init key-key@0x7f161800d840 (size 20) | prf+N: key-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865678 | result: clone-key@0x55fd4c4d6640 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f161c002b50 from key-key@0x55fd4c4d6640 | prf+N prf: begin sha with context 0x7f161c002b50 from key-key@0x55fd4c4d6640 | prf+N: release clone-key@0x55fd4c4d6640 | prf+N PRF sha crypt-prf@0x55fd4c4e9938 | prf+N PRF sha update old_t-key@0x55fd4c4ee4d0 (size 20) | prf+N: old_t-key@0x55fd4c4ee4d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4ee4d0 | nss hmac digest hack: symkey-key@0x55fd4c4ee4d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 46 b3 92 c4 d0 3f d7 8d 4d 67 1f d2 cf 1a d1 39 99 cf 78 4b 50 92 f5 a6 29 94 d5 38 45 78 0a 26 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x55fd4c4eed08 | unwrapped: f8 d5 8c 8c c4 b9 39 a1 f4 8e 6b 9f 77 89 1c 2f | unwrapped: 42 f5 ac 3d 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4e7620 (size 64) | prf+N: seed-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55fd4c4e7620 | nss hmac digest hack: symkey-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1272451581: fa 93 39 a9 3b 26 8d 3d ca cd dd d0 6b ec f1 55 00 c1 78 d8 12 3f 8d 62 86 96 74 1b ae 3b ea df 26 19 fc 2e a0 f9 62 3b ef 65 81 e7 71 eb 79 d9 ef 14 46 58 1a d9 a1 e5 e2 c9 3a 5a e0 bd 38 b1 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 64 bytes at 0x55fd4c4e9158 | unwrapped: 28 81 cc fd 60 24 b7 fd 84 09 7e 7e 5a aa 3e 9f | unwrapped: 27 b0 18 b2 d4 c2 2f 4a 84 47 64 62 2f d8 ab 5e | unwrapped: c4 84 56 b4 8f 1b ac d3 dc 5d 36 f5 29 ba e0 0a | unwrapped: 90 e4 f4 d5 6a 82 3a 95 e8 a9 f4 d0 34 06 b5 87 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39865680 | result: final-key@0x55fd4c4ed620 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4ed620 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865668 | result: final-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4ed620 | prf+N PRF sha final-key@0x55fd4c4d6640 (size 20) | prf+N: key-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f161800a0e0 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffc398656f8 | result: result-key@0x55fd4c4ed620 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f161800a0e0 | prfplus: release old_t[N]-key@0x55fd4c4ee4d0 | prf+N PRF sha init key-key@0x7f161800d840 (size 20) | prf+N: key-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865678 | result: clone-key@0x55fd4c4ee4d0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f161c002b50 from key-key@0x55fd4c4ee4d0 | prf+N prf: begin sha with context 0x7f161c002b50 from key-key@0x55fd4c4ee4d0 | prf+N: release clone-key@0x55fd4c4ee4d0 | prf+N PRF sha crypt-prf@0x55fd4c4eed58 | prf+N PRF sha update old_t-key@0x55fd4c4d6640 (size 20) | prf+N: old_t-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4d6640 | nss hmac digest hack: symkey-key@0x55fd4c4d6640 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: a4 cf e3 5f 6d 7c b1 0f 9c 74 13 a5 fb b1 59 da 0e a7 e9 05 ac 30 55 58 d3 5f 93 fd 34 0d f7 e1 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x55fd4c4e8c28 | unwrapped: 37 3b 26 be 2c e7 f2 08 fb 09 ca c5 ac 2c bf be | unwrapped: fb 72 73 bf 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4e7620 (size 64) | prf+N: seed-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55fd4c4e7620 | nss hmac digest hack: symkey-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1272451581: fa 93 39 a9 3b 26 8d 3d ca cd dd d0 6b ec f1 55 00 c1 78 d8 12 3f 8d 62 86 96 74 1b ae 3b ea df 26 19 fc 2e a0 f9 62 3b ef 65 81 e7 71 eb 79 d9 ef 14 46 58 1a d9 a1 e5 e2 c9 3a 5a e0 bd 38 b1 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 64 bytes at 0x7f1620002b78 | unwrapped: 28 81 cc fd 60 24 b7 fd 84 09 7e 7e 5a aa 3e 9f | unwrapped: 27 b0 18 b2 d4 c2 2f 4a 84 47 64 62 2f d8 ab 5e | unwrapped: c4 84 56 b4 8f 1b ac d3 dc 5d 36 f5 29 ba e0 0a | unwrapped: 90 e4 f4 d5 6a 82 3a 95 e8 a9 f4 d0 34 06 b5 87 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39865680 | result: final-key@0x7f161800a0e0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f161800a0e0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865668 | result: final-key@0x55fd4c4ee4d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f161800a0e0 | prf+N PRF sha final-key@0x55fd4c4ee4d0 (size 20) | prf+N: key-key@0x55fd4c4ee4d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4ed620 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffc398656f8 | result: result-key@0x7f161800a0e0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4ed620 | prfplus: release old_t[N]-key@0x55fd4c4d6640 | prfplus: release old_t[final]-key@0x55fd4c4ee4d0 | child_sa_keymat: release data-key@0x55fd4c4e7620 | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x7f161800a0e0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398657d8 | result: result-key@0x55fd4c4e7620 (36-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 36 bytes of key@0x55fd4c4e7620 | initiator to responder keys: symkey-key@0x55fd4c4e7620 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x55fd4c4cfe50 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1629501796: 90 d0 5c 2d 0e ca 13 d9 d2 ac f5 26 2d 8e 43 09 c3 fb 46 60 24 51 7d 7a fe 8d 16 b4 9d 00 bd 84 ac 22 59 3d 78 3d 00 47 cb 01 0d e8 16 ec bc ff | initiator to responder keys: release slot-key-key@0x55fd4c4cfe50 | initiator to responder keys extracted len 48 bytes at 0x55fd4c445e38 | unwrapped: d9 72 d4 b2 91 75 db 75 f3 2d e8 7f c7 41 01 5c | unwrapped: 85 ab 39 e9 f8 d5 8c 8c c4 b9 39 a1 f4 8e 6b 9f | unwrapped: 77 89 1c 2f 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x55fd4c4e7620 | key-offset: 36, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x7f161800a0e0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398657d8 | result: result-key@0x55fd4c4e7620 (36-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 36 bytes of key@0x55fd4c4e7620 | responder to initiator keys:: symkey-key@0x55fd4c4e7620 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x55fd4c4cfe50 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1629501796: 73 46 de 02 cc 92 38 1e 83 f3 2a 78 39 6e b1 7e ff f5 8a 75 f3 b5 f1 f7 3f a2 18 08 c7 74 c4 e2 a8 ec ce 0a 35 2e 69 80 3a 77 0b 40 16 28 ba e8 | responder to initiator keys:: release slot-key-key@0x55fd4c4cfe50 | responder to initiator keys: extracted len 48 bytes at 0x55fd4c4e93f8 | unwrapped: 42 f5 ac 3d 37 3b 26 be 2c e7 f2 08 fb 09 ca c5 | unwrapped: ac 2c bf be fb 72 73 bf 39 c3 34 3e be b4 2e 95 | unwrapped: c3 fd 1b 03 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x55fd4c4e7620 | ikev2_derive_child_keys: release keymat-key@0x7f161800a0e0 | #9 spent 1.71 milliseconds | install_ipsec_sa() for #10: inbound and outbound | could_route called for aes128 (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn aes128 mark 0/00000000, 0/00000000 vs | conn aes128 mark 0/00000000, 0/00000000 | route owner of "aes128" unrouted: NULL; eroute owner: NULL | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'aes128' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.22904547@192.1.2.23 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'aes128' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.b92cca0f@192.1.2.45 included non-error error | priority calculation of connection "aes128" is 0xfe7e7 | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #10: unrouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn aes128 mark 0/00000000, 0/00000000 vs | conn aes128 mark 0/00000000, 0/00000000 | route owner of "aes128" unrouted: NULL; eroute owner: NULL | route_and_eroute with c: aes128 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #10 | priority calculation of connection "aes128" is 0xfe7e7 | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16404' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x22904547 SPI_OUT= | popen cmd is 1025 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west: | cmd( 160):' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):404' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+U: | cmd( 640):P+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' : | cmd( 720):PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_D: | cmd( 800):NS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' P: | cmd( 880):LUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SH: | cmd( 960):ARED='no' SPI_IN=0x22904547 SPI_OUT=0xb92cca0f ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | running updown command "ipsec _updown" for verb prepare | command executing prepare-client | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16404' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x2290454 | popen cmd is 1030 chars long | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_: | cmd( 80):INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID=': | cmd( 160):@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_C: | cmd( 240):LIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQI: | cmd( 320):D='16404' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUT: | cmd( 400):O_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT: | cmd( 480):_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=: | cmd( 560):'' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+: | cmd( 640):PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMAN: | cmd( 720):ENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_P: | cmd( 800):EER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER=: | cmd( 880):'0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' V: | cmd( 960):TI_SHARED='no' SPI_IN=0x22904547 SPI_OUT=0xb92cca0f ipsec _updown 2>&1: | running updown command "ipsec _updown" for verb route | command executing route-client | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16404' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x22904547 SP | popen cmd is 1028 chars long | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_IN: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@w: | cmd( 160):est' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLI: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: | cmd( 320):'16404' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_: | cmd( 400):PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_M: | cmd( 480):ASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='': | cmd( 560): PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PF: | cmd( 640):S+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANEN: | cmd( 720):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: | cmd( 800):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: | cmd( 880):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: | cmd( 960):_SHARED='no' SPI_IN=0x22904547 SPI_OUT=0xb92cca0f ipsec _updown 2>&1: | route_and_eroute: instance "aes128", setting eroute_owner {spd=0x55fd4c4ee818,sr=0x55fd4c4ee818} to #10 (was #0) (newest_ipsec_sa=#0) | #9 spent 1.75 milliseconds in install_ipsec_sa() | inR2: instance aes128[0], setting IKEv2 newest_ipsec_sa to #10 (was #0) (spd.eroute=#10) cloned from #9 | state #10 requesting EVENT_RETRANSMIT to be deleted | #10 STATE_PARENT_I2: retransmits: cleared | libevent_free: release ptr-libevent@0x55fd4c4e8ad8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f1610002b78 | #10 spent 3.21 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() | [RE]START processing: state #10 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #10 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I | child state #10: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) | Message ID: updating counters for #10 to 1 after switching state | Message ID: recv #9.#10 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 | Message ID: #9.#10 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 | pstats #10 ikev2.child established "aes128" #10: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] | NAT-T: encaps is 'auto' "aes128" #10: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x22904547 <0xb92cca0f xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | releasing whack for #10 (sock=fd@25) | close_any(fd@25) (in release_whack() at state.c:654) | releasing whack and unpending for parent #9 | unpending state #9 connection "aes128" | delete from pending Child SA with 192.1.2.23 "aes128" | removing pending policy for no connection {0x55fd4c4db198} | close_any(fd@24) (in release_whack() at state.c:654) | #10 will start re-keying in 28154 seconds with margin of 646 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x7f1610002b78 | inserting event EVENT_SA_REKEY, timeout in 28154 seconds for #10 | libevent_malloc: new ptr-libevent@0x55fd4c4eb208 size 128 | stop processing: state #10 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #9 spent 3.62 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 3.64 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00412 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00267 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00262 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | get_sa_info esp.b92cca0f@192.1.2.45 | get_sa_info esp.22904547@192.1.2.23 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.108 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | FOR_EACH_STATE_... in shared_phase1_connection | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #10 | suspend processing: connection "aes128" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #10 connection "aes128" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #10 ikev2.child deleted completed | #10 spent 3.21 milliseconds in total | [RE]START processing: state #10 connection "aes128" from 192.1.2.23 (in delete_state() at state.c:879) "aes128" #10: deleting state (STATE_V2_IPSEC_I) aged 0.124s and sending notification | child state #10: V2_IPSEC_I(established CHILD SA) => delete | get_sa_info esp.22904547@192.1.2.23 | get_sa_info esp.b92cca0f@192.1.2.45 "aes128" #10: ESP traffic information: in=84B out=84B | #10 send IKEv2 delete notification for STATE_V2_IPSEC_I | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | 1f 76 f1 12 67 3d 5b b6 | responder cookie: | cc 88 7d 43 5d b9 94 50 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting 4 raw bytes of local spis into IKEv2 Delete Payload | local spis b9 2c ca 0f | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | f1 67 5c 89 92 13 5e 64 35 2b 6a 4d 88 98 f9 b8 | data before encryption: | 00 00 00 0c 03 04 00 01 b9 2c ca 0f 00 01 02 03 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 1b 57 96 99 05 dd 5a 8e 13 ba 4b 28 f1 a0 eb 65 | hmac PRF sha init symkey-key@0x55fd4c4cd5b0 (size 20) | hmac: symkey-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39862628 | result: clone-key@0x7f161800a0e0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f161c002b50 from symkey-key@0x7f161800a0e0 | hmac prf: begin sha with context 0x7f161c002b50 from symkey-key@0x7f161800a0e0 | hmac: release clone-key@0x7f161800a0e0 | hmac PRF sha crypt-prf@0x55fd4c4e9938 | hmac PRF sha update data-bytes@0x7ffc39862a00 (length 64) | 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | f1 67 5c 89 92 13 5e 64 35 2b 6a 4d 88 98 f9 b8 | 1b 57 96 99 05 dd 5a 8e 13 ba 4b 28 f1 a0 eb 65 | hmac PRF sha final-bytes@0x7ffc39862a40 (length 20) | 0e 07 92 2c e3 ee 37 5a 57 8a c3 28 80 54 29 b0 | ae 62 26 29 | data being hmac: 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | data being hmac: 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | data being hmac: f1 67 5c 89 92 13 5e 64 35 2b 6a 4d 88 98 f9 b8 | data being hmac: 1b 57 96 99 05 dd 5a 8e 13 ba 4b 28 f1 a0 eb 65 | out calculated auth: | 0e 07 92 2c e3 ee 37 5a 57 8a c3 28 | sending 76 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #10) | 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | f1 67 5c 89 92 13 5e 64 35 2b 6a 4d 88 98 f9 b8 | 1b 57 96 99 05 dd 5a 8e 13 ba 4b 28 f1 a0 eb 65 | 0e 07 92 2c e3 ee 37 5a 57 8a c3 28 | Message ID: IKE #9 sender #10 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 | Message ID: IKE #9 sender #10 in send_delete hacking around record ' send | Message ID: sent #9 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->2 wip.responder=-1 | state #10 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x55fd4c4eb208 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f1610002b78 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16404' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844014' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x2290454 | popen cmd is 1033 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INT: | cmd( 80):ERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@we: | cmd( 160):st' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIE: | cmd( 240):NT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=': | cmd( 320):16404' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_P: | cmd( 400):EER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MA: | cmd( 480):SK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' : | cmd( 560):PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844014' PLUTO_CONN_POLICY='PSK+ENCRYPT+T: | cmd( 640):UNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PER: | cmd( 720):MANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUT: | cmd( 800):O_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERV: | cmd( 880):ER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no: | cmd( 960):' VTI_SHARED='no' SPI_IN=0x22904547 SPI_OUT=0xb92cca0f ipsec _updown 2>&1: | shunt_eroute() called for connection 'aes128' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "aes128" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.22904547@192.1.2.23 | netlink response for Del SA esp.22904547@192.1.2.23 included non-error error | priority calculation of connection "aes128" is 0xfe7e7 | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | delete esp.b92cca0f@192.1.2.45 | netlink response for Del SA esp.b92cca0f@192.1.2.45 included non-error error | stop processing: connection "aes128" (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #10 in V2_IPSEC_I | child state #10: V2_IPSEC_I(established CHILD SA) => UNDEFINED(ignore) | stop processing: state #10 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f161800d840 | delete_state: release st->st_skey_ai_nss-key@0x55fd4c4cd5b0 | delete_state: release st->st_skey_ar_nss-key@0x55fd4c4d6a20 | delete_state: release st->st_skey_ei_nss-key@0x55fd4c44c080 | delete_state: release st->st_skey_er_nss-key@0x55fd4c4d3130 | delete_state: release st->st_skey_pi_nss-key@0x55fd4c4ecc80 | delete_state: release st->st_skey_pr_nss-key@0x7f1618006bb0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #9 | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #9 | start processing: state #9 connection "aes128" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #9 ikev2.ike deleted completed | #9 spent 9.1 milliseconds in total | [RE]START processing: state #9 connection "aes128" from 192.1.2.23 (in delete_state() at state.c:879) "aes128" #9: deleting state (STATE_PARENT_I3) aged 0.144s and sending notification | parent state #9: PARENT_I3(established IKE SA) => delete | #9 send IKEv2 delete notification for STATE_PARENT_I3 | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | 1f 76 f1 12 67 3d 5b b6 | responder cookie: | cc 88 7d 43 5d b9 94 50 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting length of IKEv2 Delete Payload: 8 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | d5 39 63 5d 85 d3 56 7d 09 ea 9f f3 82 f8 d1 31 | data before encryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 01 85 e0 00 31 9a 1a a5 ac e1 9f e8 67 ed c9 24 | hmac PRF sha init symkey-key@0x55fd4c4cd5b0 (size 20) | hmac: symkey-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39862628 | result: clone-key@0x7f161800a0e0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f1610002b50 from symkey-key@0x7f161800a0e0 | hmac prf: begin sha with context 0x7f1610002b50 from symkey-key@0x7f161800a0e0 | hmac: release clone-key@0x7f161800a0e0 | hmac PRF sha crypt-prf@0x55fd4c4e77d8 | hmac PRF sha update data-bytes@0x7ffc39862a00 (length 64) | 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | d5 39 63 5d 85 d3 56 7d 09 ea 9f f3 82 f8 d1 31 | 01 85 e0 00 31 9a 1a a5 ac e1 9f e8 67 ed c9 24 | hmac PRF sha final-bytes@0x7ffc39862a40 (length 20) | 39 0c 42 6c e1 42 91 6c 7f a1 a6 38 f1 fc 2d a2 | 33 c8 4a e2 | data being hmac: 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | data being hmac: 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | data being hmac: d5 39 63 5d 85 d3 56 7d 09 ea 9f f3 82 f8 d1 31 | data being hmac: 01 85 e0 00 31 9a 1a a5 ac e1 9f e8 67 ed c9 24 | out calculated auth: | 39 0c 42 6c e1 42 91 6c 7f a1 a6 38 | sending 76 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #9) | 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | d5 39 63 5d 85 d3 56 7d 09 ea 9f f3 82 f8 d1 31 | 01 85 e0 00 31 9a 1a a5 ac e1 9f e8 67 ed c9 24 | 39 0c 42 6c e1 42 91 6c 7f a1 a6 38 | Message ID: IKE #9 sender #9 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 | Message ID: IKE #9 sender #9 in send_delete hacking around record ' send | Message ID: #9 XXX: expecting sender.wip.initiator 2 == -1 - suspect record'n'send out-of-order?); initiator.sent=3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=3 wip.responder=-1 | Message ID: sent #9 request 3; ike: initiator.sent=2->3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=2->3 wip.responder=-1 | state #9 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7f161c0046d8 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f160c002b78 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #9 in PARENT_I3 | parent state #9: PARENT_I3(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f16180103b8: destroyed | stop processing: state #9 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x55fd4c4d4be0 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f161800d840 | delete_state: release st->st_skey_ai_nss-key@0x55fd4c4cd5b0 | delete_state: release st->st_skey_ar_nss-key@0x55fd4c4d6a20 | delete_state: release st->st_skey_ei_nss-key@0x55fd4c44c080 | delete_state: release st->st_skey_er_nss-key@0x55fd4c4d3130 | delete_state: release st->st_skey_pi_nss-key@0x55fd4c4ecc80 | delete_state: release st->st_skey_pr_nss-key@0x7f1618006bb0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 2.02 milliseconds in whack | spent 0.00201 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | b3 48 df 14 4b 8c bc c5 f7 ab 5c 3c db 81 99 35 | 87 55 ca 21 bc 64 04 f0 9b 4b 1f 1d 1f ea 0c 1c | 5a 63 d6 ae fb 6d de d7 7b 92 43 2c | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 1f 76 f1 12 67 3d 5b b6 | responder cookie: | cc 88 7d 43 5d b9 94 50 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0625 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00482 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00174 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 1f 76 f1 12 67 3d 5b b6 cc 88 7d 43 5d b9 94 50 | 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | 27 e7 1e be aa 23 da 71 65 11 94 ee 55 29 91 62 | 57 7c 2a b3 86 26 78 ce 47 2d d3 2c fd 73 eb 1b | cc b9 8c ea 84 a7 e3 48 ac cb 5a 3e | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 1f 76 f1 12 67 3d 5b b6 | responder cookie: | cc 88 7d 43 5d b9 94 50 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0855 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | stop processing: connection "aes128" (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | shunt_eroute() called for connection 'aes128' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "aes128" is 0xfe7e7 | priority calculation of connection "aes128" is 0xfe7e7 | FOR_EACH_CONNECTION_... in route_owner | conn aes128 mark 0/00000000, 0/00000000 vs | conn aes128 mark 0/00000000, 0/00000000 | route owner of "aes128" unrouted: NULL | running updown command "ipsec _updown" for verb unroute | command executing unroute-client | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16404' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT | popen cmd is 1014 chars long | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_: | cmd( 80):INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID=': | cmd( 160):@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_C: | cmd( 240):LIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQI: | cmd( 320):D='16404' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLU: | cmd( 400):TO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIEN: | cmd( 480):T_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA: | cmd( 560):='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL: | cmd( 640):+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANEN: | cmd( 720):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: | cmd( 800):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: | cmd( 880):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: | cmd( 960):_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. | free hp@0x55fd4c4e8e78 | flush revival: connection 'aes128' wasn't on the list | stop processing: connection "aes128" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.955 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00461 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing suppress-retransmits + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | child-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.403 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + delete-on-retransmit | base impairing = delete-on-retransmit | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0502 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | ike-key-length-attribute:OMIT | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0466 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection aes128 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x55fd4c4e8e78 added connection description "aes128" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.162 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #11 at 0x55fd4c4ed818 | State DB: adding IKEv2 state #11 in UNDEFINED | pstats #11 ikev2.ike started | Message ID: init #11: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #11: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #11; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #11 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #11 "aes128" "aes128" #11: initiating v2 parent SA | constructing local IKE proposals for aes128 (IKE SA initiator selecting KE) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "aes128": constructed local IKE proposals for aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 11 for state #11 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f160c002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #11 | libevent_malloc: new ptr-libevent@0x55fd4c4ee448 size 128 | #11 spent 0.12 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #11 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.181 milliseconds in whack | crypto helper 6 resuming | crypto helper 6 starting work-order 11 for state #11 | crypto helper 6 doing build KE and nonce (ikev2_outI1 KE); request ID 11 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f16100059b8: created | NSS: Local DH MODP2048 secret (pointer): 0x7f16100059b8 | NSS: Public DH wire value: | c6 13 46 48 e4 8d c1 3f 76 89 a8 12 b4 f7 2e 02 | 2a f2 04 bf 39 a5 f8 c2 51 95 8d 74 57 0a b6 f4 | 24 4b 2a cc 5e bd 2e 0d 53 dd e7 4d da 38 e3 f5 | a2 9d 63 3d 7b a7 16 fb 02 dd 27 50 1e b7 d3 22 | 87 02 40 fb 53 73 05 eb 9e 0a 64 8c a6 66 82 3c | 65 86 32 da e0 0b 25 2f 94 56 81 95 f9 72 7d c0 | 09 ae 45 21 d7 fc 9d e1 e3 0a 0d 94 4f 3a ef d1 | bc 41 9c 7c 92 fb ee 0a 96 16 6f 0f 1d ce 96 53 | 91 ec 54 c5 dd bb 79 b2 e9 4a fe a5 7c 2f e4 9e | 93 a6 0c a9 d8 d9 d5 e1 8d 73 06 8f 29 1f a7 e8 | 0d b7 58 c5 51 1c 22 06 6a 3b df 42 d3 6b d2 88 | 62 1c f5 7a 64 4f c0 71 a8 0f bb f9 25 75 9d 05 | 08 94 3a 99 e4 e3 a7 17 46 a8 05 bf 39 61 39 b3 | de 49 24 c5 c2 e5 04 ce af e3 84 7b 1b 43 52 32 | 7e 95 a8 1a 9e b2 9d 08 1e a8 cf 8c a5 bc 8f a9 | eb ee 57 10 8f 27 cb 06 b0 5a 6c 61 5d 8a de a5 | Generated nonce: 75 7a 34 ca 49 ca 29 43 32 4f fb f0 43 97 42 7d | Generated nonce: cc 7c 4b b4 6d 9e c9 58 d5 5f 82 7d e6 88 98 29 | crypto helper 6 finished build KE and nonce (ikev2_outI1 KE); request ID 11 time elapsed 0.001058 seconds | (#11) spent 1.06 milliseconds in crypto helper computing work-order 11: ikev2_outI1 KE (pcr) | crypto helper 6 sending results from work-order 11 for state #11 to event queue | scheduling resume sending helper answer for #11 | libevent_malloc: new ptr-libevent@0x7f1610006378 size 128 | crypto helper 6 waiting (nothing to do) | processing resume sending helper answer for #11 | start processing: state #11 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 6 replies to request ID 11 | calling continuation function 0x55fd4bceeb50 | ikev2_parent_outI1_continue for #11 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f16100059b8: transferring ownership from helper KE to state #11 | **emit ISAKMP Message: | initiator cookie: | c3 b5 a9 58 56 e4 83 21 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #11: IMPAIR: omitting fixed-size key-length attribute | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x c6 13 46 48 e4 8d c1 3f 76 89 a8 12 b4 f7 2e 02 | ikev2 g^x 2a f2 04 bf 39 a5 f8 c2 51 95 8d 74 57 0a b6 f4 | ikev2 g^x 24 4b 2a cc 5e bd 2e 0d 53 dd e7 4d da 38 e3 f5 | ikev2 g^x a2 9d 63 3d 7b a7 16 fb 02 dd 27 50 1e b7 d3 22 | ikev2 g^x 87 02 40 fb 53 73 05 eb 9e 0a 64 8c a6 66 82 3c | ikev2 g^x 65 86 32 da e0 0b 25 2f 94 56 81 95 f9 72 7d c0 | ikev2 g^x 09 ae 45 21 d7 fc 9d e1 e3 0a 0d 94 4f 3a ef d1 | ikev2 g^x bc 41 9c 7c 92 fb ee 0a 96 16 6f 0f 1d ce 96 53 | ikev2 g^x 91 ec 54 c5 dd bb 79 b2 e9 4a fe a5 7c 2f e4 9e | ikev2 g^x 93 a6 0c a9 d8 d9 d5 e1 8d 73 06 8f 29 1f a7 e8 | ikev2 g^x 0d b7 58 c5 51 1c 22 06 6a 3b df 42 d3 6b d2 88 | ikev2 g^x 62 1c f5 7a 64 4f c0 71 a8 0f bb f9 25 75 9d 05 | ikev2 g^x 08 94 3a 99 e4 e3 a7 17 46 a8 05 bf 39 61 39 b3 | ikev2 g^x de 49 24 c5 c2 e5 04 ce af e3 84 7b 1b 43 52 32 | ikev2 g^x 7e 95 a8 1a 9e b2 9d 08 1e a8 cf 8c a5 bc 8f a9 | ikev2 g^x eb ee 57 10 8f 27 cb 06 b0 5a 6c 61 5d 8a de a5 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 75 7a 34 ca 49 ca 29 43 32 4f fb f0 43 97 42 7d | IKEv2 nonce cc 7c 4b b4 6d 9e c9 58 d5 5f 82 7d e6 88 98 29 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865e90 (length 8) | c3 b5 a9 58 56 e4 83 21 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865e98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffc39865dc4 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffc39865db6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865e40 (length 20) | 61 e8 f5 1b 22 cd 33 14 68 c7 76 c7 f9 01 bd 06 | e5 ae 55 91 | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= c3 b5 a9 58 56 e4 83 21 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 61 e8 f5 1b 22 cd 33 14 68 c7 76 c7 f9 01 bd 06 | natd_hash: hash= e5 ae 55 91 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 61 e8 f5 1b 22 cd 33 14 68 c7 76 c7 f9 01 bd 06 | Notify data e5 ae 55 91 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865e90 (length 8) | c3 b5 a9 58 56 e4 83 21 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865e98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffc39865dc4 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffc39865db6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865e40 (length 20) | fc e1 25 72 dd 60 f5 92 86 d9 63 86 5a 8f e7 e4 | 7d c4 f9 90 | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= c3 b5 a9 58 56 e4 83 21 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= fc e1 25 72 dd 60 f5 92 86 d9 63 86 5a 8f e7 e4 | natd_hash: hash= 7d c4 f9 90 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data fc e1 25 72 dd 60 f5 92 86 d9 63 86 5a 8f e7 e4 | Notify data 7d c4 f9 90 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 436 | stop processing: state #11 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #11 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #11 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #11: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #11 to 4294967295 after switching state | Message ID: IKE #11 skipping update_recv as MD is fake | Message ID: sent #11 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #11: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 436 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #11) | c3 b5 a9 58 56 e4 83 21 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 0c | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | c6 13 46 48 e4 8d c1 3f 76 89 a8 12 b4 f7 2e 02 | 2a f2 04 bf 39 a5 f8 c2 51 95 8d 74 57 0a b6 f4 | 24 4b 2a cc 5e bd 2e 0d 53 dd e7 4d da 38 e3 f5 | a2 9d 63 3d 7b a7 16 fb 02 dd 27 50 1e b7 d3 22 | 87 02 40 fb 53 73 05 eb 9e 0a 64 8c a6 66 82 3c | 65 86 32 da e0 0b 25 2f 94 56 81 95 f9 72 7d c0 | 09 ae 45 21 d7 fc 9d e1 e3 0a 0d 94 4f 3a ef d1 | bc 41 9c 7c 92 fb ee 0a 96 16 6f 0f 1d ce 96 53 | 91 ec 54 c5 dd bb 79 b2 e9 4a fe a5 7c 2f e4 9e | 93 a6 0c a9 d8 d9 d5 e1 8d 73 06 8f 29 1f a7 e8 | 0d b7 58 c5 51 1c 22 06 6a 3b df 42 d3 6b d2 88 | 62 1c f5 7a 64 4f c0 71 a8 0f bb f9 25 75 9d 05 | 08 94 3a 99 e4 e3 a7 17 46 a8 05 bf 39 61 39 b3 | de 49 24 c5 c2 e5 04 ce af e3 84 7b 1b 43 52 32 | 7e 95 a8 1a 9e b2 9d 08 1e a8 cf 8c a5 bc 8f a9 | eb ee 57 10 8f 27 cb 06 b0 5a 6c 61 5d 8a de a5 | 29 00 00 24 75 7a 34 ca 49 ca 29 43 32 4f fb f0 | 43 97 42 7d cc 7c 4b b4 6d 9e c9 58 d5 5f 82 7d | e6 88 98 29 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 61 e8 f5 1b 22 cd 33 14 68 c7 76 c7 | f9 01 bd 06 e5 ae 55 91 00 00 00 1c 00 00 40 05 | fc e1 25 72 dd 60 f5 92 86 d9 63 86 5a 8f e7 e4 | 7d c4 f9 90 | state #11 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55fd4c4ee448 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f160c002b78 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x7f160c002b78 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #11 | libevent_malloc: new ptr-libevent@0x55fd4c4eb208 size 128 | #11 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29301.152064 | resume sending helper answer for #11 suppresed complete_v2_state_transition() and stole MD | #11 spent 0.504 milliseconds in resume sending helper answer | stop processing: state #11 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f1610006378 | spent 0.00205 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | c3 b5 a9 58 56 e4 83 21 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | c3 b5 a9 58 56 e4 83 21 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #11 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #11 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #11 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #11 is idle | #11 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #11 IKE SPIi and SPI[ir] | #11 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "aes128" #11: STATE_PARENT_I1: received unauthenticated v2N_NO_PROPOSAL_CHOSEN - ignored | #11 spent 0.00821 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #11 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #11 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #11 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #11 spent 0.114 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.125 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x7f160c002b78 | handling event EVENT_RETRANSMIT for parent state #11 | start processing: state #11 connection "aes128" from 192.1.2.23 (in timer_event_cb() at timer.c:250) | IKEv2 retransmit event | [RE]START processing: state #11 connection "aes128" from 192.1.2.23 (in retransmit_v2_msg() at retry.c:144) | handling event EVENT_RETRANSMIT for 192.1.2.23 "aes128" #11 attempt 2 of 0 | and parent for 192.1.2.23 "aes128" #11 keying attempt 1 of 0; retransmit 1 "aes128" #11: IMPAIR: retransmit so deleting SA | maximum number of keyingtries reached - deleting state | [RE]START processing: state #11 connection "aes128" from 192.1.2.23 (in retransmit_v2_msg() at retry.c:234) | pstats #11 ikev2.ike failed too-many-retransmits | pstats #11 ikev2.ike deleted too-many-retransmits | #11 spent 1.8 milliseconds in total | [RE]START processing: state #11 connection "aes128" from 192.1.2.23 (in delete_state() at state.c:879) "aes128" #11: deleting state (STATE_PARENT_I1) aged 0.502s and NOT sending notification | parent state #11: PARENT_I1(half-open IKE SA) => delete | in connection_discard for connection aes128 | close_any(fd@25) (in delete_pending() at pending.c:244) | removing pending policy for "aes128" {0x55fd4c4db198} | State DB: IKEv2 state not found (flush_incomplete_children) | picked newest_isakmp_sa #0 for #11 "aes128" #11: deleting IKE SA for connection 'aes128' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS | add revival: connection 'aes128' added to the list and scheduled for 0 seconds | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #11 in PARENT_I1 | parent state #11: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | close_any(fd@24) (in release_whack() at state.c:654) | DH secret MODP2048@0x7f16100059b8: destroyed | stop processing: state #11 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | libevent_free: release ptr-libevent@0x55fd4c4eb208 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f160c002b78 | in statetime_stop() and could not find #11 | processing: STOP state #0 (in timer_event_cb() at timer.c:557) | processing global timer EVENT_REVIVE_CONNS Initiating connection aes128 which received a Delete/Notify but must remain up per local policy | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #12 at 0x55fd4c4ed818 | State DB: adding IKEv2 state #12 in UNDEFINED | pstats #12 ikev2.ike started | Message ID: init #12: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #12: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #12; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #12 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #12 "aes128" "aes128" #12: initiating v2 parent SA | using existing local IKE proposals for connection aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 12 for state #12 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f160c002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #12 | libevent_malloc: new ptr-libevent@0x7f1610006378 size 128 | #12 spent 0.0796 milliseconds in ikev2_parent_outI1() | RESET processing: state #12 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | spent 0.0966 milliseconds in global timer EVENT_REVIVE_CONNS | crypto helper 2 resuming | crypto helper 2 starting work-order 12 for state #12 | crypto helper 2 doing build KE and nonce (ikev2_outI1 KE); request ID 12 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f1614001818: created | NSS: Local DH MODP2048 secret (pointer): 0x7f1614001818 | NSS: Public DH wire value: | 3d 82 9c 8a 92 14 23 cf 13 c0 1b 62 2a 61 de f4 | 5d 45 17 89 f3 f7 5f d6 ee e9 bf bf ac b9 5e 92 | 9c 8c 44 5e 4d b8 ff 4e f1 03 19 3c c3 fc 3c 59 | 2c 61 b2 15 48 4e 5b 45 81 b0 5a fc ac 8c b5 5a | 11 6a 41 2e 80 ab 36 a9 41 df a8 80 5a 7a a2 c9 | 03 1e 20 40 5d 93 83 79 93 be b4 fe f4 5f 4d e5 | 2f b7 46 c6 98 0f dd 7e c0 64 00 e0 e5 03 21 6a | 92 72 62 4c a2 4d b4 a1 45 66 b7 91 c6 8d ad 50 | 4a be c0 9c fd 4b 2a d1 0c fd 4a fa 6c 5f f9 78 | a6 b1 fb d4 36 49 7e 7d 88 13 1d 40 a6 88 9d 0d | 17 48 74 5a de f2 db d6 42 a0 c7 a4 50 8e f3 98 | 34 9d 51 b7 18 85 6f 6c 2f d9 6f 54 68 0a e2 01 | 44 54 f2 9b 8c 60 35 31 eb 69 6f b0 09 dd e9 ba | bd 99 a3 80 df ca 0a 68 fd 68 26 c6 bb 56 8f 95 | 1d eb 8d e7 78 7c c8 45 96 82 66 11 68 fa 49 0b | e4 41 7b 64 44 da ad fa 25 8b 07 48 64 4a 31 d2 | Generated nonce: f4 c8 f0 e0 b1 7f 78 8b 90 39 31 b6 eb 96 c5 ad | Generated nonce: aa 13 4b bc ad 41 56 ce 38 eb 43 e3 d8 57 2f 05 | crypto helper 2 finished build KE and nonce (ikev2_outI1 KE); request ID 12 time elapsed 0.000912 seconds | (#12) spent 0.914 milliseconds in crypto helper computing work-order 12: ikev2_outI1 KE (pcr) | crypto helper 2 sending results from work-order 12 for state #12 to event queue | scheduling resume sending helper answer for #12 | libevent_malloc: new ptr-libevent@0x7f1614002888 size 128 | crypto helper 2 waiting (nothing to do) | processing resume sending helper answer for #12 | start processing: state #12 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 2 replies to request ID 12 | calling continuation function 0x55fd4bceeb50 | ikev2_parent_outI1_continue for #12 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f1614001818: transferring ownership from helper KE to state #12 | **emit ISAKMP Message: | initiator cookie: | 3c 7b 15 43 84 e6 cf f4 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #12: IMPAIR: omitting fixed-size key-length attribute | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 3d 82 9c 8a 92 14 23 cf 13 c0 1b 62 2a 61 de f4 | ikev2 g^x 5d 45 17 89 f3 f7 5f d6 ee e9 bf bf ac b9 5e 92 | ikev2 g^x 9c 8c 44 5e 4d b8 ff 4e f1 03 19 3c c3 fc 3c 59 | ikev2 g^x 2c 61 b2 15 48 4e 5b 45 81 b0 5a fc ac 8c b5 5a | ikev2 g^x 11 6a 41 2e 80 ab 36 a9 41 df a8 80 5a 7a a2 c9 | ikev2 g^x 03 1e 20 40 5d 93 83 79 93 be b4 fe f4 5f 4d e5 | ikev2 g^x 2f b7 46 c6 98 0f dd 7e c0 64 00 e0 e5 03 21 6a | ikev2 g^x 92 72 62 4c a2 4d b4 a1 45 66 b7 91 c6 8d ad 50 | ikev2 g^x 4a be c0 9c fd 4b 2a d1 0c fd 4a fa 6c 5f f9 78 | ikev2 g^x a6 b1 fb d4 36 49 7e 7d 88 13 1d 40 a6 88 9d 0d | ikev2 g^x 17 48 74 5a de f2 db d6 42 a0 c7 a4 50 8e f3 98 | ikev2 g^x 34 9d 51 b7 18 85 6f 6c 2f d9 6f 54 68 0a e2 01 | ikev2 g^x 44 54 f2 9b 8c 60 35 31 eb 69 6f b0 09 dd e9 ba | ikev2 g^x bd 99 a3 80 df ca 0a 68 fd 68 26 c6 bb 56 8f 95 | ikev2 g^x 1d eb 8d e7 78 7c c8 45 96 82 66 11 68 fa 49 0b | ikev2 g^x e4 41 7b 64 44 da ad fa 25 8b 07 48 64 4a 31 d2 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce f4 c8 f0 e0 b1 7f 78 8b 90 39 31 b6 eb 96 c5 ad | IKEv2 nonce aa 13 4b bc ad 41 56 ce 38 eb 43 e3 d8 57 2f 05 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865e90 (length 8) | 3c 7b 15 43 84 e6 cf f4 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865e98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffc39865dc4 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffc39865db6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865e40 (length 20) | 5e d2 85 67 c9 1c 29 53 54 45 02 4c 43 03 84 12 | 88 26 82 c9 | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= 3c 7b 15 43 84 e6 cf f4 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 5e d2 85 67 c9 1c 29 53 54 45 02 4c 43 03 84 12 | natd_hash: hash= 88 26 82 c9 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 5e d2 85 67 c9 1c 29 53 54 45 02 4c 43 03 84 12 | Notify data 88 26 82 c9 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865e90 (length 8) | 3c 7b 15 43 84 e6 cf f4 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865e98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffc39865dc4 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffc39865db6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865e40 (length 20) | 45 9e 1c 27 c3 ab 9f a8 31 d7 c7 41 54 81 f9 2b | b2 c3 8a ab | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= 3c 7b 15 43 84 e6 cf f4 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 45 9e 1c 27 c3 ab 9f a8 31 d7 c7 41 54 81 f9 2b | natd_hash: hash= b2 c3 8a ab | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 45 9e 1c 27 c3 ab 9f a8 31 d7 c7 41 54 81 f9 2b | Notify data b2 c3 8a ab | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 436 | stop processing: state #12 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #12 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #12 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #12: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #12 to 4294967295 after switching state | Message ID: IKE #12 skipping update_recv as MD is fake | Message ID: sent #12 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #12: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 436 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #12) | 3c 7b 15 43 84 e6 cf f4 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 0c | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | 3d 82 9c 8a 92 14 23 cf 13 c0 1b 62 2a 61 de f4 | 5d 45 17 89 f3 f7 5f d6 ee e9 bf bf ac b9 5e 92 | 9c 8c 44 5e 4d b8 ff 4e f1 03 19 3c c3 fc 3c 59 | 2c 61 b2 15 48 4e 5b 45 81 b0 5a fc ac 8c b5 5a | 11 6a 41 2e 80 ab 36 a9 41 df a8 80 5a 7a a2 c9 | 03 1e 20 40 5d 93 83 79 93 be b4 fe f4 5f 4d e5 | 2f b7 46 c6 98 0f dd 7e c0 64 00 e0 e5 03 21 6a | 92 72 62 4c a2 4d b4 a1 45 66 b7 91 c6 8d ad 50 | 4a be c0 9c fd 4b 2a d1 0c fd 4a fa 6c 5f f9 78 | a6 b1 fb d4 36 49 7e 7d 88 13 1d 40 a6 88 9d 0d | 17 48 74 5a de f2 db d6 42 a0 c7 a4 50 8e f3 98 | 34 9d 51 b7 18 85 6f 6c 2f d9 6f 54 68 0a e2 01 | 44 54 f2 9b 8c 60 35 31 eb 69 6f b0 09 dd e9 ba | bd 99 a3 80 df ca 0a 68 fd 68 26 c6 bb 56 8f 95 | 1d eb 8d e7 78 7c c8 45 96 82 66 11 68 fa 49 0b | e4 41 7b 64 44 da ad fa 25 8b 07 48 64 4a 31 d2 | 29 00 00 24 f4 c8 f0 e0 b1 7f 78 8b 90 39 31 b6 | eb 96 c5 ad aa 13 4b bc ad 41 56 ce 38 eb 43 e3 | d8 57 2f 05 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 5e d2 85 67 c9 1c 29 53 54 45 02 4c | 43 03 84 12 88 26 82 c9 00 00 00 1c 00 00 40 05 | 45 9e 1c 27 c3 ab 9f a8 31 d7 c7 41 54 81 f9 2b | b2 c3 8a ab | state #12 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f1610006378 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f160c002b78 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x7f160c002b78 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #12 | libevent_malloc: new ptr-libevent@0x55fd4c4eb208 size 128 | #12 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29301.654097 | resume sending helper answer for #12 suppresed complete_v2_state_transition() and stole MD | #12 spent 0.51 milliseconds in resume sending helper answer | stop processing: state #12 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f1614002888 | spent 0.00229 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 3c 7b 15 43 84 e6 cf f4 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3c 7b 15 43 84 e6 cf f4 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #12 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #12 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #12 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #12 is idle | #12 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #12 IKE SPIi and SPI[ir] | #12 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "aes128" #12: STATE_PARENT_I1: received unauthenticated v2N_NO_PROPOSAL_CHOSEN - ignored | #12 spent 0.00355 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #12 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #12 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #12 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #12 spent 0.124 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.142 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0425 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | removing pending policy for no connection {0x55fd4c4db198} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #12 | suspend processing: connection "aes128" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #12 connection "aes128" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #12 ikev2.ike deleted other | #12 spent 1.63 milliseconds in total | [RE]START processing: state #12 connection "aes128" from 192.1.2.23 (in delete_state() at state.c:879) "aes128" #12: deleting state (STATE_PARENT_I1) aged 0.016s and NOT sending notification | parent state #12: PARENT_I1(half-open IKE SA) => delete | state #12 requesting EVENT_RETRANSMIT to be deleted | #12 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x55fd4c4eb208 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f160c002b78 | State DB: IKEv2 state not found (flush_incomplete_children) | stop processing: connection "aes128" (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #12 in PARENT_I1 | parent state #12: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f1614001818: destroyed | stop processing: state #12 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x55fd4c4e8e78 | flush revival: connection 'aes128' wasn't on the list | stop processing: connection "aes128" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.167 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | ike-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0638 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + delete-on-retransmit | base impairing = delete-on-retransmit | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.05 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | child-key-length-attribute:OMIT | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0516 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection aes128 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x55fd4c4e8e78 added connection description "aes128" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.141 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #13 at 0x55fd4c4ed818 | State DB: adding IKEv2 state #13 in UNDEFINED | pstats #13 ikev2.ike started | Message ID: init #13: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #13: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #13; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #13 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #13 "aes128" "aes128" #13: initiating v2 parent SA | constructing local IKE proposals for aes128 (IKE SA initiator selecting KE) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "aes128": constructed local IKE proposals for aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 13 for state #13 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f160c002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #13 | libevent_malloc: new ptr-libevent@0x7f1614002888 size 128 | #13 spent 0.119 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 0 resuming | crypto helper 0 starting work-order 13 for state #13 | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 13 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f1608007588: created | NSS: Local DH MODP2048 secret (pointer): 0x7f1608007588 | NSS: Public DH wire value: | 17 75 94 bb cb 77 14 78 7d 33 b8 a8 55 60 08 74 | bb a9 27 cc 4b bd ca 34 60 45 37 47 c5 4b d5 b0 | f8 3f 33 47 13 87 d1 c5 7c 45 d5 f4 5b 52 2b 41 | fb 9d 40 61 9b f5 9d ef ec 15 6d db 66 98 0b 19 | 8f d1 13 a0 44 91 b1 09 67 cc 02 0c 3a 38 88 49 | 4f 6b 8c 28 0f 2e 29 e3 c0 36 82 85 1b f1 a7 5a | 8a d7 ac a0 75 02 5a d2 5c de 55 39 c5 4a 32 f7 | b9 b1 c1 0f 54 da 22 a0 e5 7b 57 dd cd 2f fc 27 | d3 b7 97 81 d9 58 df d1 41 e1 ec b1 ae fd 76 b0 | d1 b0 fa 1e fe 1d 00 9e c3 57 d2 19 c6 02 18 af | 4c 9a b0 4d 56 aa ea 3a 77 a9 bd a7 64 34 f0 63 | 7a d5 50 9e ec 19 0d 57 b9 51 ce 69 6e ad da 15 | 72 c2 ec 9b f1 8e d1 b6 5f 1a 6b e9 24 1c bb 7f | 38 00 d1 a3 20 b9 6d f1 ec 82 85 c9 49 6a ee b4 | 44 bc 69 0b 12 ce 2c 31 ee 01 d8 26 07 9a e8 2f | 4e f9 f3 df cb ae ca 19 f1 c9 e0 08 b0 67 2c e1 | Generated nonce: ae 68 9f 74 2c ab 51 df b6 8c 58 e5 16 3e 8a 50 | Generated nonce: f4 3a b8 dd 5b 13 da e7 bb bc d4 9b 94 f9 c2 e2 | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 13 time elapsed 0.001055 seconds | (#13) spent 1.06 milliseconds in crypto helper computing work-order 13: ikev2_outI1 KE (pcr) | crypto helper 0 sending results from work-order 13 for state #13 to event queue | scheduling resume sending helper answer for #13 | libevent_malloc: new ptr-libevent@0x7f1608004f28 size 128 | crypto helper 0 waiting (nothing to do) | RESET processing: state #13 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.192 milliseconds in whack | processing resume sending helper answer for #13 | start processing: state #13 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 13 | calling continuation function 0x55fd4bceeb50 | ikev2_parent_outI1_continue for #13 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f1608007588: transferring ownership from helper KE to state #13 | **emit ISAKMP Message: | initiator cookie: | 8f 95 81 70 ae b8 a3 89 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 17 75 94 bb cb 77 14 78 7d 33 b8 a8 55 60 08 74 | ikev2 g^x bb a9 27 cc 4b bd ca 34 60 45 37 47 c5 4b d5 b0 | ikev2 g^x f8 3f 33 47 13 87 d1 c5 7c 45 d5 f4 5b 52 2b 41 | ikev2 g^x fb 9d 40 61 9b f5 9d ef ec 15 6d db 66 98 0b 19 | ikev2 g^x 8f d1 13 a0 44 91 b1 09 67 cc 02 0c 3a 38 88 49 | ikev2 g^x 4f 6b 8c 28 0f 2e 29 e3 c0 36 82 85 1b f1 a7 5a | ikev2 g^x 8a d7 ac a0 75 02 5a d2 5c de 55 39 c5 4a 32 f7 | ikev2 g^x b9 b1 c1 0f 54 da 22 a0 e5 7b 57 dd cd 2f fc 27 | ikev2 g^x d3 b7 97 81 d9 58 df d1 41 e1 ec b1 ae fd 76 b0 | ikev2 g^x d1 b0 fa 1e fe 1d 00 9e c3 57 d2 19 c6 02 18 af | ikev2 g^x 4c 9a b0 4d 56 aa ea 3a 77 a9 bd a7 64 34 f0 63 | ikev2 g^x 7a d5 50 9e ec 19 0d 57 b9 51 ce 69 6e ad da 15 | ikev2 g^x 72 c2 ec 9b f1 8e d1 b6 5f 1a 6b e9 24 1c bb 7f | ikev2 g^x 38 00 d1 a3 20 b9 6d f1 ec 82 85 c9 49 6a ee b4 | ikev2 g^x 44 bc 69 0b 12 ce 2c 31 ee 01 d8 26 07 9a e8 2f | ikev2 g^x 4e f9 f3 df cb ae ca 19 f1 c9 e0 08 b0 67 2c e1 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce ae 68 9f 74 2c ab 51 df b6 8c 58 e5 16 3e 8a 50 | IKEv2 nonce f4 3a b8 dd 5b 13 da e7 bb bc d4 9b 94 f9 c2 e2 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865e90 (length 8) | 8f 95 81 70 ae b8 a3 89 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865e98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffc39865dc4 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffc39865db6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865e40 (length 20) | 5b 36 99 ca 21 3f e2 ca 2c 1f e1 29 de b3 b4 42 | c5 4c da 97 | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= 8f 95 81 70 ae b8 a3 89 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 5b 36 99 ca 21 3f e2 ca 2c 1f e1 29 de b3 b4 42 | natd_hash: hash= c5 4c da 97 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 5b 36 99 ca 21 3f e2 ca 2c 1f e1 29 de b3 b4 42 | Notify data c5 4c da 97 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865e90 (length 8) | 8f 95 81 70 ae b8 a3 89 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865e98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffc39865dc4 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffc39865db6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865e40 (length 20) | 50 17 c6 ca 13 c7 59 27 d4 94 ea 60 99 c7 72 b4 | d4 fc 36 ff | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= 8f 95 81 70 ae b8 a3 89 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 50 17 c6 ca 13 c7 59 27 d4 94 ea 60 99 c7 72 b4 | natd_hash: hash= d4 fc 36 ff | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 50 17 c6 ca 13 c7 59 27 d4 94 ea 60 99 c7 72 b4 | Notify data d4 fc 36 ff | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #13 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #13 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #13 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #13: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #13 to 4294967295 after switching state | Message ID: IKE #13 skipping update_recv as MD is fake | Message ID: sent #13 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #13: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #13) | 8f 95 81 70 ae b8 a3 89 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 17 75 94 bb cb 77 14 78 7d 33 b8 a8 | 55 60 08 74 bb a9 27 cc 4b bd ca 34 60 45 37 47 | c5 4b d5 b0 f8 3f 33 47 13 87 d1 c5 7c 45 d5 f4 | 5b 52 2b 41 fb 9d 40 61 9b f5 9d ef ec 15 6d db | 66 98 0b 19 8f d1 13 a0 44 91 b1 09 67 cc 02 0c | 3a 38 88 49 4f 6b 8c 28 0f 2e 29 e3 c0 36 82 85 | 1b f1 a7 5a 8a d7 ac a0 75 02 5a d2 5c de 55 39 | c5 4a 32 f7 b9 b1 c1 0f 54 da 22 a0 e5 7b 57 dd | cd 2f fc 27 d3 b7 97 81 d9 58 df d1 41 e1 ec b1 | ae fd 76 b0 d1 b0 fa 1e fe 1d 00 9e c3 57 d2 19 | c6 02 18 af 4c 9a b0 4d 56 aa ea 3a 77 a9 bd a7 | 64 34 f0 63 7a d5 50 9e ec 19 0d 57 b9 51 ce 69 | 6e ad da 15 72 c2 ec 9b f1 8e d1 b6 5f 1a 6b e9 | 24 1c bb 7f 38 00 d1 a3 20 b9 6d f1 ec 82 85 c9 | 49 6a ee b4 44 bc 69 0b 12 ce 2c 31 ee 01 d8 26 | 07 9a e8 2f 4e f9 f3 df cb ae ca 19 f1 c9 e0 08 | b0 67 2c e1 29 00 00 24 ae 68 9f 74 2c ab 51 df | b6 8c 58 e5 16 3e 8a 50 f4 3a b8 dd 5b 13 da e7 | bb bc d4 9b 94 f9 c2 e2 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 5b 36 99 ca 21 3f e2 ca | 2c 1f e1 29 de b3 b4 42 c5 4c da 97 00 00 00 1c | 00 00 40 05 50 17 c6 ca 13 c7 59 27 d4 94 ea 60 | 99 c7 72 b4 d4 fc 36 ff | state #13 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f1614002888 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f160c002b78 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x7f160c002b78 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #13 | libevent_malloc: new ptr-libevent@0x55fd4c4eb208 size 128 | #13 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29302.006058 | resume sending helper answer for #13 suppresed complete_v2_state_transition() and stole MD | #13 spent 0.503 milliseconds in resume sending helper answer | stop processing: state #13 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f1608004f28 | spent 0.00295 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 8f 95 81 70 ae b8 a3 89 94 07 0e 6f 00 e5 08 47 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 d4 85 a6 aa 06 0d 2b b8 6e b5 c7 df | 19 33 39 89 f5 3d eb ff 0a 2c fe 27 88 d7 b3 c7 | d7 0c fe 0c 2f 96 d7 d0 a2 76 e1 a4 83 9f d8 4f | 76 86 a9 88 ac 1f 3c f3 0f 0f b8 8a 7b 12 42 6f | d0 ff ef 72 87 50 34 44 a8 b5 ea 54 bd 48 cc 27 | 78 67 c4 7a 99 e6 d9 57 d7 04 89 6f 45 36 ba 03 | b0 5a 39 f2 77 3a 33 7c c3 81 f1 c1 cb 79 cc 0a | 7c b6 34 30 a0 6b 4d 63 79 20 ac 63 76 8e 0e 01 | ed 51 aa 32 88 41 e7 2a 12 dd e7 70 be e7 f2 c2 | 2f a4 72 c9 f3 23 e1 93 e6 74 37 94 0e fe 65 d4 | 1a d3 1b e5 bb cb 6a ba db f3 f5 3d c8 f3 7e 41 | 45 29 85 b2 64 16 55 d5 1c 4b e4 cc 1f 4f 89 59 | 8b 2b 18 8d 98 d6 29 05 b4 57 3f 79 f6 aa 17 b2 | 34 23 0a 88 df 88 39 2d 09 5c 56 2f 7a 90 1d a2 | 30 fb 6d a1 59 8b ff 69 df 73 b3 c7 9d 51 48 81 | 3a 0f e2 18 c3 14 30 26 2d 0a 86 03 8d 66 2c 16 | 3c 0e 22 a4 29 00 00 24 c2 5f 2b a7 7a 1d e9 26 | 37 38 5b 64 3e 35 69 31 0d 36 ba b1 0e 84 b3 21 | 03 38 cf aa 75 d5 f4 83 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 08 66 ca 4e 1e 96 a3 2c | 30 e4 b4 e8 5a f8 af 1b 0f 9a 8e b9 00 00 00 1c | 00 00 40 05 ef c9 cd a1 3c b0 b6 ab 1d d0 15 04 | 31 65 46 52 eb b2 3d 3d | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 8f 95 81 70 ae b8 a3 89 | responder cookie: | 94 07 0e 6f 00 e5 08 47 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #13 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #13 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #13 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #13 is idle | #13 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | State DB: re-hashing IKEv2 state #13 IKE SPIi and SPI[ir] | #13 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | DH public value received: | d4 85 a6 aa 06 0d 2b b8 6e b5 c7 df 19 33 39 89 | f5 3d eb ff 0a 2c fe 27 88 d7 b3 c7 d7 0c fe 0c | 2f 96 d7 d0 a2 76 e1 a4 83 9f d8 4f 76 86 a9 88 | ac 1f 3c f3 0f 0f b8 8a 7b 12 42 6f d0 ff ef 72 | 87 50 34 44 a8 b5 ea 54 bd 48 cc 27 78 67 c4 7a | 99 e6 d9 57 d7 04 89 6f 45 36 ba 03 b0 5a 39 f2 | 77 3a 33 7c c3 81 f1 c1 cb 79 cc 0a 7c b6 34 30 | a0 6b 4d 63 79 20 ac 63 76 8e 0e 01 ed 51 aa 32 | 88 41 e7 2a 12 dd e7 70 be e7 f2 c2 2f a4 72 c9 | f3 23 e1 93 e6 74 37 94 0e fe 65 d4 1a d3 1b e5 | bb cb 6a ba db f3 f5 3d c8 f3 7e 41 45 29 85 b2 | 64 16 55 d5 1c 4b e4 cc 1f 4f 89 59 8b 2b 18 8d | 98 d6 29 05 b4 57 3f 79 f6 aa 17 b2 34 23 0a 88 | df 88 39 2d 09 5c 56 2f 7a 90 1d a2 30 fb 6d a1 | 59 8b ff 69 df 73 b3 c7 9d 51 48 81 3a 0f e2 18 | c3 14 30 26 2d 0a 86 03 8d 66 2c 16 3c 0e 22 a4 | using existing local IKE proposals for connection aes128 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE initiator (accepting) 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865950 (length 8) | 8f 95 81 70 ae b8 a3 89 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865958 (length 8) | 94 07 0e 6f 00 e5 08 47 | NATD hash sha digest IP addr-bytes@0x7ffc398658e4 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffc398658d6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865960 (length 20) | ef c9 cd a1 3c b0 b6 ab 1d d0 15 04 31 65 46 52 | eb b2 3d 3d | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= 8f 95 81 70 ae b8 a3 89 | natd_hash: rcookie= 94 07 0e 6f 00 e5 08 47 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= ef c9 cd a1 3c b0 b6 ab 1d d0 15 04 31 65 46 52 | natd_hash: hash= eb b2 3d 3d | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865950 (length 8) | 8f 95 81 70 ae b8 a3 89 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865958 (length 8) | 94 07 0e 6f 00 e5 08 47 | NATD hash sha digest IP addr-bytes@0x7ffc398658e4 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffc398658d6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865980 (length 20) | 08 66 ca 4e 1e 96 a3 2c 30 e4 b4 e8 5a f8 af 1b | 0f 9a 8e b9 | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= 8f 95 81 70 ae b8 a3 89 | natd_hash: rcookie= 94 07 0e 6f 00 e5 08 47 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 08 66 ca 4e 1e 96 a3 2c 30 e4 b4 e8 5a f8 af 1b | natd_hash: hash= 0f 9a 8e b9 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f1608007588: transferring ownership from state #13 to helper IKEv2 DH | adding ikev2_inR1outI2 KE work-order 14 for state #13 | state #13 requesting EVENT_RETRANSMIT to be deleted | #13 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x55fd4c4eb208 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f160c002b78 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f160c002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #13 | libevent_malloc: new ptr-libevent@0x7f1608004f28 size 128 | #13 spent 0.192 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | [RE]START processing: state #13 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | crypto helper 4 resuming | #13 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #13 and saving MD | crypto helper 4 starting work-order 14 for state #13 | #13 is busy; has a suspended MD | crypto helper 4 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 14 | [RE]START processing: state #13 connection "aes128" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) | "aes128" #13 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | peer's g: d4 85 a6 aa 06 0d 2b b8 6e b5 c7 df 19 33 39 89 | peer's g: f5 3d eb ff 0a 2c fe 27 88 d7 b3 c7 d7 0c fe 0c | peer's g: 2f 96 d7 d0 a2 76 e1 a4 83 9f d8 4f 76 86 a9 88 | peer's g: ac 1f 3c f3 0f 0f b8 8a 7b 12 42 6f d0 ff ef 72 | peer's g: 87 50 34 44 a8 b5 ea 54 bd 48 cc 27 78 67 c4 7a | peer's g: 99 e6 d9 57 d7 04 89 6f 45 36 ba 03 b0 5a 39 f2 | peer's g: 77 3a 33 7c c3 81 f1 c1 cb 79 cc 0a 7c b6 34 30 | peer's g: a0 6b 4d 63 79 20 ac 63 76 8e 0e 01 ed 51 aa 32 | peer's g: 88 41 e7 2a 12 dd e7 70 be e7 f2 c2 2f a4 72 c9 | peer's g: f3 23 e1 93 e6 74 37 94 0e fe 65 d4 1a d3 1b e5 | peer's g: bb cb 6a ba db f3 f5 3d c8 f3 7e 41 45 29 85 b2 | peer's g: 64 16 55 d5 1c 4b e4 cc 1f 4f 89 59 8b 2b 18 8d | peer's g: 98 d6 29 05 b4 57 3f 79 f6 aa 17 b2 34 23 0a 88 | peer's g: df 88 39 2d 09 5c 56 2f 7a 90 1d a2 30 fb 6d a1 | peer's g: 59 8b ff 69 df 73 b3 c7 9d 51 48 81 3a 0f e2 18 | peer's g: c3 14 30 26 2d 0a 86 03 8d 66 2c 16 3c 0e 22 a4 | Started DH shared-secret computation in NSS: | new : g_ir-key@0x7f1618006bb0 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f1608007588: computed shared DH secret key@0x7f1618006bb0 | dh-shared : g^ir-key@0x7f1618006bb0 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f160c003718 (length 64) | ae 68 9f 74 2c ab 51 df b6 8c 58 e5 16 3e 8a 50 | f4 3a b8 dd 5b 13 da e7 bb bc d4 9b 94 f9 c2 e2 | c2 5f 2b a7 7a 1d e9 26 37 38 5b 64 3e 35 69 31 | 0d 36 ba b1 0e 84 b3 21 03 38 cf aa 75 d5 f4 83 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f1628e2e6e0 | result: Ni | Nr-key@0x55fd4c4d3130 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x55fd4c4d3130 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f1628e2e6c8 | result: Ni | Nr-key@0x55fd4c4ecc80 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x55fd4c4d3130 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f160c0013b0 from Ni | Nr-key@0x55fd4c4ecc80 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f160c0013b0 from Ni | Nr-key@0x55fd4c4ecc80 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x55fd4c4ecc80 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f160c0016c8 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x7f1618006bb0 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x7f1618006bb0 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x7f1618006bb0 | nss hmac digest hack: symkey-key@0x7f1618006bb0 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)1272357058: 9f 08 16 aa 44 b7 42 f8 b6 17 b3 e3 9f 67 a6 b8 42 d7 77 99 ac f2 7f 1d d4 52 29 f5 2c 06 51 80 2c 32 13 9d ca 06 0f 61 a4 50 2c 5f 5b 79 57 56 3c 0c 59 d4 88 38 01 fd 67 a4 f5 5d 8a 67 0b 00 b3 4e 1d 10 0b 4f a8 86 a1 f1 72 4e 6a 92 39 93 06 59 91 95 3d 71 88 58 bc 30 d2 6b 5e c7 5f f3 8c 0a 48 8f b5 9a 3b a6 7d 72 9e cb 74 15 d2 5d 56 b8 3f 5c e8 91 eb 79 e4 4a be 29 c9 30 a2 15 1e bc b6 c1 11 d6 4d ce 07 4b 24 b4 2a 4c fc b4 5b a3 e3 a5 bc 3c 5c 9d 1d 1e f4 92 a2 29 d2 5b 4b ef 83 65 43 7f dc cc 13 1d 9b 9e 41 da 90 c6 61 e3 19 02 e2 21 55 fb bb b1 a5 fe 3b 7e a7 1b 00 c3 51 05 a2 fe 99 48 78 1f e3 ef 6e 87 ee 0d 2e c5 4e 88 a4 5e 12 82 79 b9 2d bc 9b 74 a6 bb 35 2e 0b 56 24 b7 c1 c0 35 0a 6b 5f 8a a4 ab 74 26 f5 a8 5c d0 44 f7 1c 6e 29 79 7b c5 ce 19 9a | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | stop processing: state #13 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | nss hmac digest hack extracted len 256 bytes at 0x7f160c0045a8 | unwrapped: 35 8b b1 14 0e d2 56 a2 88 e0 1b 49 0a f5 62 ce | unwrapped: 95 db 95 48 74 ab a5 16 4e 7d 3f 9e 5a 86 9b 33 | unwrapped: ff df fe 5c 0f 5d 7b 4a fe 4a 63 d8 6c cb 3f fe | unwrapped: 26 11 ad 80 08 5a 2f 9f c0 2b 42 4c 35 23 8d 90 | unwrapped: b7 1e 2b 60 90 e0 c9 ec 4c 41 f9 5b c5 5a a7 03 | unwrapped: 34 49 f9 53 5b 9b a6 04 32 08 b1 20 8f bb 51 7c | unwrapped: be 20 b0 a7 23 fd 50 5c 35 c6 0e a4 c7 67 24 dc | unwrapped: c6 58 f2 b9 16 b5 2c bd e5 d9 b4 cc 9d aa 2e 81 | unwrapped: d6 6f 92 16 d0 21 42 b5 6a f3 cb 84 be 51 5b cf | unwrapped: e2 5e cd cb c2 09 bd c3 1b 05 42 4b d6 64 b1 5f | unwrapped: f7 51 ab a6 26 8f c1 b2 e4 4b b3 59 96 71 27 f0 | unwrapped: 4f ef 64 22 68 52 52 19 22 d6 68 2e a3 86 5e 4d | unwrapped: 01 d2 0a a4 3c 44 14 8b c0 30 b8 3d 33 49 fd 25 | unwrapped: d4 da 3f ad a5 df 3b b5 b7 7f 7c d1 16 21 11 b8 | unwrapped: 3b c0 87 84 ed b1 fa 68 14 99 99 13 fa 94 a4 7f | unwrapped: 21 f4 da 54 91 c5 45 83 d8 37 a0 9e 71 c4 8a b0 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f1628e2e700 | result: final-key@0x55fd4c4d3130 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d3130 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f1628e2e6e8 | result: final-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4d3130 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x55fd4c4ecc80 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f1628e2e670 | result: data=Ni-key@0x55fd4c44c080 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x55fd4c44c080 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f1628e2e658 | result: data=Ni-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x55fd4c44c080 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d3130 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f1628e2e660 | result: data+=Nr-key@0x55fd4c44c080 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55fd4c4d3130 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c44c080 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f1628e2e660 | result: data+=SPIi-key@0x55fd4c4d3130 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55fd4c44c080 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d3130 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f1628e2e660 | result: data+=SPIr-key@0x55fd4c44c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55fd4c4d3130 | prf+0 PRF sha init key-key@0x55fd4c4ecc80 (size 20) | prf+0: key-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f1628e2e588 | result: clone-key@0x55fd4c4d3130 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f160c0013b0 from key-key@0x55fd4c4d3130 | prf+0 prf: begin sha with context 0x7f160c0013b0 from key-key@0x55fd4c4d3130 | prf+0: release clone-key@0x55fd4c4d3130 | prf+0 PRF sha crypt-prf@0x7f160c002168 | prf+0 PRF sha update seed-key@0x55fd4c44c080 (size 80) | prf+0: seed-key@0x55fd4c44c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c44c080 | nss hmac digest hack: symkey-key@0x55fd4c44c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 7c 69 ff 6f bd 68 85 1d 3f b3 ea c8 be d4 b2 95 d6 0e 50 f9 de b8 7a 55 dc 6f c4 a0 0c 7d 47 20 96 38 92 69 2a 70 af 0c af 08 bf 58 09 4f 09 76 e8 d0 be 86 60 5d 67 a9 50 16 a4 6c 20 0b d9 36 4c bd a1 c5 ef 41 d0 da 68 de 02 c8 a3 99 c0 e2 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f160c004ba8 | unwrapped: ae 68 9f 74 2c ab 51 df b6 8c 58 e5 16 3e 8a 50 | unwrapped: f4 3a b8 dd 5b 13 da e7 bb bc d4 9b 94 f9 c2 e2 | unwrapped: c2 5f 2b a7 7a 1d e9 26 37 38 5b 64 3e 35 69 31 | unwrapped: 0d 36 ba b1 0e 84 b3 21 03 38 cf aa 75 d5 f4 83 | unwrapped: 8f 95 81 70 ae b8 a3 89 94 07 0e 6f 00 e5 08 47 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f1628e2e590 | result: final-key@0x55fd4c4d6a20 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d6a20 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f1628e2e578 | result: final-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4d6a20 | prf+0 PRF sha final-key@0x55fd4c4d3130 (size 20) | prf+0: key-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x55fd4c4d3130 | prf+N PRF sha init key-key@0x55fd4c4ecc80 (size 20) | prf+N: key-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f1628e2e588 | result: clone-key@0x55fd4c4d6a20 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f160c0013b0 from key-key@0x55fd4c4d6a20 | prf+N prf: begin sha with context 0x7f160c0013b0 from key-key@0x55fd4c4d6a20 | prf+N: release clone-key@0x55fd4c4d6a20 | prf+N PRF sha crypt-prf@0x7f160c0046d8 | prf+N PRF sha update old_t-key@0x55fd4c4d3130 (size 20) | prf+N: old_t-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4d3130 | nss hmac digest hack: symkey-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 01 23 7c 64 3c 31 4e 31 14 7f 75 55 a8 8f f6 e0 d7 ef 7f 05 56 f7 1b ac 2d cd 65 a4 69 3d ca 90 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f160c001278 | unwrapped: 9c 30 56 b1 8a 9d e7 71 df b7 cc 9f 44 3b 27 cf | unwrapped: 77 e1 ae 9a 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c44c080 (size 80) | prf+N: seed-key@0x55fd4c44c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c44c080 | nss hmac digest hack: symkey-key@0x55fd4c44c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 7c 69 ff 6f bd 68 85 1d 3f b3 ea c8 be d4 b2 95 d6 0e 50 f9 de b8 7a 55 dc 6f c4 a0 0c 7d 47 20 96 38 92 69 2a 70 af 0c af 08 bf 58 09 4f 09 76 e8 d0 be 86 60 5d 67 a9 50 16 a4 6c 20 0b d9 36 4c bd a1 c5 ef 41 d0 da 68 de 02 c8 a3 99 c0 e2 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f160c004b28 | unwrapped: ae 68 9f 74 2c ab 51 df b6 8c 58 e5 16 3e 8a 50 | unwrapped: f4 3a b8 dd 5b 13 da e7 bb bc d4 9b 94 f9 c2 e2 | unwrapped: c2 5f 2b a7 7a 1d e9 26 37 38 5b 64 3e 35 69 31 | unwrapped: 0d 36 ba b1 0e 84 b3 21 03 38 cf aa 75 d5 f4 83 | unwrapped: 8f 95 81 70 ae b8 a3 89 94 07 0e 6f 00 e5 08 47 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f1628e2e590 | result: final-key@0x55fd4c4cd5b0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4cd5b0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f1628e2e578 | result: final-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4cd5b0 | prf+N PRF sha final-key@0x55fd4c4d6a20 (size 20) | prf+N: key-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f1628e2e608 | result: result-key@0x55fd4c4cd5b0 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4d3130 | prfplus: release old_t[N]-key@0x55fd4c4d3130 | prf+N PRF sha init key-key@0x55fd4c4ecc80 (size 20) | prf+N: key-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f1628e2e588 | result: clone-key@0x55fd4c4d3130 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f160c0013b0 from key-key@0x55fd4c4d3130 | prf+N prf: begin sha with context 0x7f160c0013b0 from key-key@0x55fd4c4d3130 | prf+N: release clone-key@0x55fd4c4d3130 | prf+N PRF sha crypt-prf@0x7f160c002168 | prf+N PRF sha update old_t-key@0x55fd4c4d6a20 (size 20) | prf+N: old_t-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4d6a20 | nss hmac digest hack: symkey-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 33 af 1e 3c e9 6e bb 6f 7f 1f 88 af 7c d0 52 e1 91 23 29 28 c5 38 5d 9a 96 90 a0 3d 3f 97 68 d3 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f160c0016c8 | unwrapped: c1 b7 85 cb b6 f9 12 75 63 a9 22 1b c8 47 83 a4 | unwrapped: 61 8b 59 ca 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c44c080 (size 80) | prf+N: seed-key@0x55fd4c44c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c44c080 | nss hmac digest hack: symkey-key@0x55fd4c44c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 7c 69 ff 6f bd 68 85 1d 3f b3 ea c8 be d4 b2 95 d6 0e 50 f9 de b8 7a 55 dc 6f c4 a0 0c 7d 47 20 96 38 92 69 2a 70 af 0c af 08 bf 58 09 4f 09 76 e8 d0 be 86 60 5d 67 a9 50 16 a4 6c 20 0b d9 36 4c bd a1 c5 ef 41 d0 da 68 de 02 c8 a3 99 c0 e2 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f160c004ba8 | unwrapped: ae 68 9f 74 2c ab 51 df b6 8c 58 e5 16 3e 8a 50 | unwrapped: f4 3a b8 dd 5b 13 da e7 bb bc d4 9b 94 f9 c2 e2 | unwrapped: c2 5f 2b a7 7a 1d e9 26 37 38 5b 64 3e 35 69 31 | unwrapped: 0d 36 ba b1 0e 84 b3 21 03 38 cf aa 75 d5 f4 83 | unwrapped: 8f 95 81 70 ae b8 a3 89 94 07 0e 6f 00 e5 08 47 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f1628e2e590 | result: final-key@0x7f161800d840 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f161800d840 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f1628e2e578 | result: final-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f161800d840 | prf+N PRF sha final-key@0x55fd4c4d3130 (size 20) | prf+N: key-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4cd5b0 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f1628e2e608 | result: result-key@0x7f161800d840 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4cd5b0 | prfplus: release old_t[N]-key@0x55fd4c4d6a20 | prf+N PRF sha init key-key@0x55fd4c4ecc80 (size 20) | prf+N: key-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f1628e2e588 | result: clone-key@0x55fd4c4d6a20 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f160c0013b0 from key-key@0x55fd4c4d6a20 | prf+N prf: begin sha with context 0x7f160c0013b0 from key-key@0x55fd4c4d6a20 | prf+N: release clone-key@0x55fd4c4d6a20 | prf+N PRF sha crypt-prf@0x7f160c001278 | prf+N PRF sha update old_t-key@0x55fd4c4d3130 (size 20) | prf+N: old_t-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4d3130 | nss hmac digest hack: symkey-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: c8 6f 9c e8 1a d7 b4 ac 4f 1a 19 30 a6 dd 5d 4e 7b 1e 43 93 bf cd 95 ae 08 84 af ad 74 81 89 7d | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f160c0061e8 | unwrapped: 1e a0 c8 f7 ba ac 8d 49 f1 bc c1 53 6d d8 f2 68 | unwrapped: be ac d4 f8 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c44c080 (size 80) | prf+N: seed-key@0x55fd4c44c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c44c080 | nss hmac digest hack: symkey-key@0x55fd4c44c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 7c 69 ff 6f bd 68 85 1d 3f b3 ea c8 be d4 b2 95 d6 0e 50 f9 de b8 7a 55 dc 6f c4 a0 0c 7d 47 20 96 38 92 69 2a 70 af 0c af 08 bf 58 09 4f 09 76 e8 d0 be 86 60 5d 67 a9 50 16 a4 6c 20 0b d9 36 4c bd a1 c5 ef 41 d0 da 68 de 02 c8 a3 99 c0 e2 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f160c004b28 | unwrapped: ae 68 9f 74 2c ab 51 df b6 8c 58 e5 16 3e 8a 50 | unwrapped: f4 3a b8 dd 5b 13 da e7 bb bc d4 9b 94 f9 c2 e2 | unwrapped: c2 5f 2b a7 7a 1d e9 26 37 38 5b 64 3e 35 69 31 | unwrapped: 0d 36 ba b1 0e 84 b3 21 03 38 cf aa 75 d5 f4 83 | unwrapped: 8f 95 81 70 ae b8 a3 89 94 07 0e 6f 00 e5 08 47 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f1628e2e590 | result: final-key@0x55fd4c4cd5b0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4cd5b0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f1628e2e578 | result: final-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4cd5b0 | prf+N PRF sha final-key@0x55fd4c4d6a20 (size 20) | prf+N: key-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f161800d840 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f1628e2e608 | result: result-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f161800d840 | prfplus: release old_t[N]-key@0x55fd4c4d3130 | prf+N PRF sha init key-key@0x55fd4c4ecc80 (size 20) | prf+N: key-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f1628e2e588 | result: clone-key@0x55fd4c4d3130 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f160c0013b0 from key-key@0x55fd4c4d3130 | prf+N prf: begin sha with context 0x7f160c0013b0 from key-key@0x55fd4c4d3130 | prf+N: release clone-key@0x55fd4c4d3130 | prf+N PRF sha crypt-prf@0x7f160c0046d8 | prf+N PRF sha update old_t-key@0x55fd4c4d6a20 (size 20) | prf+N: old_t-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4d6a20 | nss hmac digest hack: symkey-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 9d 40 eb 47 77 a7 49 af 13 ec 9d 2b a6 a4 a9 d0 e3 2d 24 f0 6c 7d ea 86 bc 76 53 c3 c6 43 33 4d | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f160c0016c8 | unwrapped: 7b a9 27 16 0d 70 42 fe 59 d1 f4 8b d3 79 f6 2a | unwrapped: 94 55 d6 a3 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c44c080 (size 80) | prf+N: seed-key@0x55fd4c44c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c44c080 | nss hmac digest hack: symkey-key@0x55fd4c44c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 7c 69 ff 6f bd 68 85 1d 3f b3 ea c8 be d4 b2 95 d6 0e 50 f9 de b8 7a 55 dc 6f c4 a0 0c 7d 47 20 96 38 92 69 2a 70 af 0c af 08 bf 58 09 4f 09 76 e8 d0 be 86 60 5d 67 a9 50 16 a4 6c 20 0b d9 36 4c bd a1 c5 ef 41 d0 da 68 de 02 c8 a3 99 c0 e2 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f160c004ba8 | unwrapped: ae 68 9f 74 2c ab 51 df b6 8c 58 e5 16 3e 8a 50 | unwrapped: f4 3a b8 dd 5b 13 da e7 bb bc d4 9b 94 f9 c2 e2 | unwrapped: c2 5f 2b a7 7a 1d e9 26 37 38 5b 64 3e 35 69 31 | unwrapped: 0d 36 ba b1 0e 84 b3 21 03 38 cf aa 75 d5 f4 83 | unwrapped: 8f 95 81 70 ae b8 a3 89 94 07 0e 6f 00 e5 08 47 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f1628e2e590 | result: final-key@0x7f161800d840 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f161800d840 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f1628e2e578 | result: final-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f161800d840 | prf+N PRF sha final-key@0x55fd4c4d3130 (size 20) | prf+N: key-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f1628e2e608 | result: result-key@0x7f161800d840 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4cd5b0 | prfplus: release old_t[N]-key@0x55fd4c4d6a20 | prf+N PRF sha init key-key@0x55fd4c4ecc80 (size 20) | prf+N: key-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f1628e2e588 | result: clone-key@0x55fd4c4d6a20 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f160c0059e0 from key-key@0x55fd4c4d6a20 | prf+N prf: begin sha with context 0x7f160c0059e0 from key-key@0x55fd4c4d6a20 | prf+N: release clone-key@0x55fd4c4d6a20 | prf+N PRF sha crypt-prf@0x7f160c002168 | prf+N PRF sha update old_t-key@0x55fd4c4d3130 (size 20) | prf+N: old_t-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4d3130 | nss hmac digest hack: symkey-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: df ab a8 6e 47 cf 4a 66 d1 aa 6c bd 3a de f6 07 4a 86 57 4c a5 c9 cd 7b 2e 13 e2 41 24 2e 88 09 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f160c001278 | unwrapped: f6 6b e6 c7 52 3f 8a 60 2d 76 ce cd 17 f7 cb cf | unwrapped: 05 40 90 2e 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c44c080 (size 80) | prf+N: seed-key@0x55fd4c44c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c44c080 | nss hmac digest hack: symkey-key@0x55fd4c44c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 7c 69 ff 6f bd 68 85 1d 3f b3 ea c8 be d4 b2 95 d6 0e 50 f9 de b8 7a 55 dc 6f c4 a0 0c 7d 47 20 96 38 92 69 2a 70 af 0c af 08 bf 58 09 4f 09 76 e8 d0 be 86 60 5d 67 a9 50 16 a4 6c 20 0b d9 36 4c bd a1 c5 ef 41 d0 da 68 de 02 c8 a3 99 c0 e2 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f160c004b28 | unwrapped: ae 68 9f 74 2c ab 51 df b6 8c 58 e5 16 3e 8a 50 | unwrapped: f4 3a b8 dd 5b 13 da e7 bb bc d4 9b 94 f9 c2 e2 | unwrapped: c2 5f 2b a7 7a 1d e9 26 37 38 5b 64 3e 35 69 31 | unwrapped: 0d 36 ba b1 0e 84 b3 21 03 38 cf aa 75 d5 f4 83 | unwrapped: 8f 95 81 70 ae b8 a3 89 94 07 0e 6f 00 e5 08 47 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f1628e2e590 | result: final-key@0x55fd4c4cd5b0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4cd5b0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f1628e2e578 | result: final-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4cd5b0 | prf+N PRF sha final-key@0x55fd4c4d6a20 (size 20) | prf+N: key-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f161800d840 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f1628e2e608 | result: result-key@0x55fd4c4cd5b0 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f161800d840 | prfplus: release old_t[N]-key@0x55fd4c4d3130 | prf+N PRF sha init key-key@0x55fd4c4ecc80 (size 20) | prf+N: key-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f1628e2e588 | result: clone-key@0x55fd4c4d3130 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f160c0013b0 from key-key@0x55fd4c4d3130 | prf+N prf: begin sha with context 0x7f160c0013b0 from key-key@0x55fd4c4d3130 | prf+N: release clone-key@0x55fd4c4d3130 | prf+N PRF sha crypt-prf@0x7f160c0046d8 | prf+N PRF sha update old_t-key@0x55fd4c4d6a20 (size 20) | prf+N: old_t-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4d6a20 | nss hmac digest hack: symkey-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: fc 54 a2 6c 84 e0 01 ed 1a e8 95 14 af 6c c5 4c 6f ab 0b bb ee de f2 00 35 5e 7b 49 c1 d0 67 d3 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f160c0016c8 | unwrapped: 0f 61 8b 14 34 fb ab 1d 0c 9a 26 fb 4f f6 dc cc | unwrapped: 34 e3 e3 23 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c44c080 (size 80) | prf+N: seed-key@0x55fd4c44c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c44c080 | nss hmac digest hack: symkey-key@0x55fd4c44c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 7c 69 ff 6f bd 68 85 1d 3f b3 ea c8 be d4 b2 95 d6 0e 50 f9 de b8 7a 55 dc 6f c4 a0 0c 7d 47 20 96 38 92 69 2a 70 af 0c af 08 bf 58 09 4f 09 76 e8 d0 be 86 60 5d 67 a9 50 16 a4 6c 20 0b d9 36 4c bd a1 c5 ef 41 d0 da 68 de 02 c8 a3 99 c0 e2 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f160c006878 | unwrapped: ae 68 9f 74 2c ab 51 df b6 8c 58 e5 16 3e 8a 50 | unwrapped: f4 3a b8 dd 5b 13 da e7 bb bc d4 9b 94 f9 c2 e2 | unwrapped: c2 5f 2b a7 7a 1d e9 26 37 38 5b 64 3e 35 69 31 | unwrapped: 0d 36 ba b1 0e 84 b3 21 03 38 cf aa 75 d5 f4 83 | unwrapped: 8f 95 81 70 ae b8 a3 89 94 07 0e 6f 00 e5 08 47 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | #13 spent 0.39 milliseconds in ikev2_process_packet() | target: EXTRACT_KEY_FROM_KEY | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f1628e2e590 | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.422 milliseconds in comm_handle_cb() reading and processing packet | result: final-key@0x7f161800d840 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f161800d840 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f1628e2e578 | result: final-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f161800d840 | prf+N PRF sha final-key@0x55fd4c4d3130 (size 20) | prf+N: key-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4cd5b0 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f1628e2e608 | result: result-key@0x7f161800d840 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4cd5b0 | prfplus: release old_t[N]-key@0x55fd4c4d6a20 | prfplus: release old_t[final]-key@0x55fd4c4d3130 | ike_sa_keymat: release data-key@0x55fd4c44c080 | calc_skeyseed_v2: release skeyseed_k-key@0x55fd4c4ecc80 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f161800d840 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f1628e2e7a8 | result: result-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f161800d840 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f1628e2e7a8 | result: result-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f161800d840 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f1628e2e7a8 | result: result-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f161800d840 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f1628e2e7b8 | result: SK_ei_k-key@0x55fd4c4d6a20 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f161800d840 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f1628e2e7b8 | result: SK_er_k-key@0x55fd4c4cd5b0 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f161800d840 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f1628e2e7b8 | result: result-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x55fd4c4d4be0 | chunk_SK_pi: symkey-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: 9a 25 b5 a5 7b e6 03 4e d5 52 d5 92 82 0b a6 58 7b 77 25 4b 7e a5 11 2c 02 65 4d b8 4b 21 97 4f | chunk_SK_pi: release slot-key-key@0x55fd4c4cfe50 | chunk_SK_pi extracted len 32 bytes at 0x7f160c002168 | unwrapped: 17 f7 cb cf 05 40 90 2e 0f 61 8b 14 34 fb ab 1d | unwrapped: 0c 9a 26 fb 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f161800d840 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f1628e2e7b8 | result: result-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x7f161800a0e0 | chunk_SK_pr: symkey-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: 0a 0f fc c8 5c 19 53 bc 3e 03 a8 3c 28 eb c6 6a 41 c1 03 66 55 2e 02 ed 52 9e 78 57 92 94 e3 f4 | chunk_SK_pr: release slot-key-key@0x55fd4c4cfe50 | chunk_SK_pr extracted len 32 bytes at 0x7f160c0016c8 | unwrapped: 4f f6 dc cc 34 e3 e3 23 99 03 93 37 f5 44 c1 e2 | unwrapped: 35 22 72 bf 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x7f161800d840 | calc_skeyseed_v2 pointers: shared-key@0x7f1618006bb0, SK_d-key@0x55fd4c4ecc80, SK_ai-key@0x55fd4c44c080, SK_ar-key@0x55fd4c4d3130, SK_ei-key@0x55fd4c4d6a20, SK_er-key@0x55fd4c4cd5b0, SK_pi-key@0x55fd4c4d4be0, SK_pr-key@0x7f161800a0e0 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | 17 f7 cb cf 05 40 90 2e 0f 61 8b 14 34 fb ab 1d | 0c 9a 26 fb | calc_skeyseed_v2 SK_pr | 4f f6 dc cc 34 e3 e3 23 99 03 93 37 f5 44 c1 e2 | 35 22 72 bf | crypto helper 4 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 14 time elapsed 0.002808 seconds | (#13) spent 2.77 milliseconds in crypto helper computing work-order 14: ikev2_inR1outI2 KE (pcr) | crypto helper 4 sending results from work-order 14 for state #13 to event queue | scheduling resume sending helper answer for #13 | libevent_malloc: new ptr-libevent@0x7f160c0019f8 size 128 | crypto helper 4 waiting (nothing to do) | processing resume sending helper answer for #13 | start processing: state #13 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 4 replies to request ID 14 | calling continuation function 0x55fd4bceeb50 | ikev2_parent_inR1outI2_continue for #13: calculating g^{xy}, sending I2 | DH secret MODP2048@0x7f1608007588: transferring ownership from helper IKEv2 DH to state #13 | finish_dh_v2: release st_shared_nss-key@NULL | creating state object #14 at 0x55fd4c4f34a8 | State DB: adding IKEv2 state #14 in UNDEFINED | pstats #14 ikev2.child started | duplicating state object #13 "aes128" as #14 for IPSEC SA | #14 setting local endpoint to 192.1.2.45:500 from #13.st_localport (in duplicate_state() at state.c:1484) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x55fd4c4ecc80 | duplicate_state: reference st_skey_ai_nss-key@0x55fd4c44c080 | duplicate_state: reference st_skey_ar_nss-key@0x55fd4c4d3130 | duplicate_state: reference st_skey_ei_nss-key@0x55fd4c4d6a20 | duplicate_state: reference st_skey_er_nss-key@0x55fd4c4cd5b0 | duplicate_state: reference st_skey_pi_nss-key@0x55fd4c4d4be0 | duplicate_state: reference st_skey_pr_nss-key@0x7f161800a0e0 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #13.#14; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #13 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #13.#14 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #13 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f1608004f28 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f160c002b78 | event_schedule: new EVENT_SA_REPLACE-pe@0x7f160c002b78 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #13 | libevent_malloc: new ptr-libevent@0x7f1608004f28 size 128 | parent state #13: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | 8f 95 81 70 ae b8 a3 89 | responder cookie: | 94 07 0e 6f 00 e5 08 47 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | IDr payload will be sent | hmac PRF sha init symkey-key@0x55fd4c4d4be0 (size 20) | hmac: symkey-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398659e8 | result: clone-key@0x7f161800d840 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f1610002b50 from symkey-key@0x7f161800d840 | hmac prf: begin sha with context 0x7f1610002b50 from symkey-key@0x7f161800d840 | hmac: release clone-key@0x7f161800d840 | hmac PRF sha crypt-prf@0x55fd4c4e9728 | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 77 65 73 74 | emitting length of IKEv2 Identification - Initiator - Payload: 12 | idhash calc I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x55fd4bdec8f4 (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7ffc39865d80 (length 20) | 01 b7 a2 72 ef 0f 86 2e d5 2d 30 76 ed 3f 8a 7d | 6c 7c bb 98 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload | IDr 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x55fd4c441b58 (line=1) | concluding with best_match=014 best=0x55fd4c441b58 (lineno=1) | inputs to hash1 (first packet) | 8f 95 81 70 ae b8 a3 89 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 17 75 94 bb cb 77 14 78 7d 33 b8 a8 | 55 60 08 74 bb a9 27 cc 4b bd ca 34 60 45 37 47 | c5 4b d5 b0 f8 3f 33 47 13 87 d1 c5 7c 45 d5 f4 | 5b 52 2b 41 fb 9d 40 61 9b f5 9d ef ec 15 6d db | 66 98 0b 19 8f d1 13 a0 44 91 b1 09 67 cc 02 0c | 3a 38 88 49 4f 6b 8c 28 0f 2e 29 e3 c0 36 82 85 | 1b f1 a7 5a 8a d7 ac a0 75 02 5a d2 5c de 55 39 | c5 4a 32 f7 b9 b1 c1 0f 54 da 22 a0 e5 7b 57 dd | cd 2f fc 27 d3 b7 97 81 d9 58 df d1 41 e1 ec b1 | ae fd 76 b0 d1 b0 fa 1e fe 1d 00 9e c3 57 d2 19 | c6 02 18 af 4c 9a b0 4d 56 aa ea 3a 77 a9 bd a7 | 64 34 f0 63 7a d5 50 9e ec 19 0d 57 b9 51 ce 69 | 6e ad da 15 72 c2 ec 9b f1 8e d1 b6 5f 1a 6b e9 | 24 1c bb 7f 38 00 d1 a3 20 b9 6d f1 ec 82 85 c9 | 49 6a ee b4 44 bc 69 0b 12 ce 2c 31 ee 01 d8 26 | 07 9a e8 2f 4e f9 f3 df cb ae ca 19 f1 c9 e0 08 | b0 67 2c e1 29 00 00 24 ae 68 9f 74 2c ab 51 df | b6 8c 58 e5 16 3e 8a 50 f4 3a b8 dd 5b 13 da e7 | bb bc d4 9b 94 f9 c2 e2 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 5b 36 99 ca 21 3f e2 ca | 2c 1f e1 29 de b3 b4 42 c5 4c da 97 00 00 00 1c | 00 00 40 05 50 17 c6 ca 13 c7 59 27 d4 94 ea 60 | 99 c7 72 b4 d4 fc 36 ff | create: initiator inputs to hash2 (responder nonce) | c2 5f 2b a7 7a 1d e9 26 37 38 5b 64 3e 35 69 31 | 0d 36 ba b1 0e 84 b3 21 03 38 cf aa 75 d5 f4 83 | idhash 01 b7 a2 72 ef 0f 86 2e d5 2d 30 76 ed 3f 8a 7d | idhash 6c 7c bb 98 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x55fd4c4cfda8 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398657d0 | result: shared secret-key@0x55fd4c4e7620 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x55fd4c4e7620 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398657b8 | result: shared secret-key@0x7f161800d840 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x55fd4c4e7620 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f1610002b50 from shared secret-key@0x7f161800d840 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f1610002b50 from shared secret-key@0x7f161800d840 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f161800d840 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x55fd4c4e96d8 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x55fd4bd814d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398657f0 | result: final-key@0x55fd4c4e7620 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4e7620 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398657d8 | result: final-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4e7620 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f161800d840 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f161800d840 (size 20) | = prf(, ): -key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398657e8 | result: clone-key@0x55fd4c4e7620 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f1610002b50 from -key@0x55fd4c4e7620 | = prf(, ) prf: begin sha with context 0x7f1610002b50 from -key@0x55fd4c4e7620 | = prf(, ): release clone-key@0x55fd4c4e7620 | = prf(, ) PRF sha crypt-prf@0x55fd4c4e9728 | = prf(, ) PRF sha update first-packet-bytes@0x55fd4c4eaf68 (length 440) | 8f 95 81 70 ae b8 a3 89 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 17 75 94 bb cb 77 14 78 7d 33 b8 a8 | 55 60 08 74 bb a9 27 cc 4b bd ca 34 60 45 37 47 | c5 4b d5 b0 f8 3f 33 47 13 87 d1 c5 7c 45 d5 f4 | 5b 52 2b 41 fb 9d 40 61 9b f5 9d ef ec 15 6d db | 66 98 0b 19 8f d1 13 a0 44 91 b1 09 67 cc 02 0c | 3a 38 88 49 4f 6b 8c 28 0f 2e 29 e3 c0 36 82 85 | 1b f1 a7 5a 8a d7 ac a0 75 02 5a d2 5c de 55 39 | c5 4a 32 f7 b9 b1 c1 0f 54 da 22 a0 e5 7b 57 dd | cd 2f fc 27 d3 b7 97 81 d9 58 df d1 41 e1 ec b1 | ae fd 76 b0 d1 b0 fa 1e fe 1d 00 9e c3 57 d2 19 | c6 02 18 af 4c 9a b0 4d 56 aa ea 3a 77 a9 bd a7 | 64 34 f0 63 7a d5 50 9e ec 19 0d 57 b9 51 ce 69 | 6e ad da 15 72 c2 ec 9b f1 8e d1 b6 5f 1a 6b e9 | 24 1c bb 7f 38 00 d1 a3 20 b9 6d f1 ec 82 85 c9 | 49 6a ee b4 44 bc 69 0b 12 ce 2c 31 ee 01 d8 26 | 07 9a e8 2f 4e f9 f3 df cb ae ca 19 f1 c9 e0 08 | b0 67 2c e1 29 00 00 24 ae 68 9f 74 2c ab 51 df | b6 8c 58 e5 16 3e 8a 50 f4 3a b8 dd 5b 13 da e7 | bb bc d4 9b 94 f9 c2 e2 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 5b 36 99 ca 21 3f e2 ca | 2c 1f e1 29 de b3 b4 42 c5 4c da 97 00 00 00 1c | 00 00 40 05 50 17 c6 ca 13 c7 59 27 d4 94 ea 60 | 99 c7 72 b4 d4 fc 36 ff | = prf(, ) PRF sha update nonce-bytes@0x55fd4c4e77d8 (length 32) | c2 5f 2b a7 7a 1d e9 26 37 38 5b 64 3e 35 69 31 | 0d 36 ba b1 0e 84 b3 21 03 38 cf aa 75 d5 f4 83 | = prf(, ) PRF sha update hash-bytes@0x7ffc39865d80 (length 20) | 01 b7 a2 72 ef 0f 86 2e d5 2d 30 76 ed 3f 8a 7d | 6c 7c bb 98 | = prf(, ) PRF sha final-chunk@0x55fd4c4ee5a8 (length 20) | e5 b0 d5 5e 23 22 92 02 76 22 da d9 fa fd 88 f2 | f8 5b 6f 8c | psk_auth: release prf-psk-key@0x7f161800d840 | PSK auth octets e5 b0 d5 5e 23 22 92 02 76 22 da d9 fa fd 88 f2 | PSK auth octets f8 5b 6f 8c | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth e5 b0 d5 5e 23 22 92 02 76 22 da d9 fa fd 88 f2 | PSK auth f8 5b 6f 8c | emitting length of IKEv2 Authentication Payload: 28 | getting first pending from state #13 | netlink_get_spi: allocated 0x95e8bdb2 for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for aes128 (IKE SA initiator emitting ESP/AH proposals) | converting proposal AES_CBC_128-HMAC_SHA1_96-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED "aes128": constructed local ESP/AH proposals for aes128 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 95 e8 bd b2 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #13: IMPAIR: omitting fixed-size key-length attribute | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 36 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 40 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 01 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 02 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 176 | emitting length of ISAKMP Message: 204 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 38 f7 09 37 ea be ac c4 49 b8 93 44 92 51 50 97 | data before encryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | e5 b0 d5 5e 23 22 92 02 76 22 da d9 fa fd 88 f2 | f8 5b 6f 8c 2c 00 00 28 00 00 00 24 01 03 04 03 | 95 e8 bd b2 03 00 00 08 01 00 00 0c 03 00 00 08 | 03 00 00 02 00 00 00 08 05 00 00 00 2d 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 01 00 | c0 00 01 ff 00 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 02 00 c0 00 02 ff 00 01 02 03 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | d7 90 a3 af 9c 2c 52 e6 81 77 3b 4d 4f 4f 67 d3 | b2 bf 52 ab 38 37 ea 44 0d b0 56 3c 69 e0 1a 8a | a9 d6 29 31 38 f2 7b 96 9e dc 33 97 69 c5 e2 0a | af 28 c9 ca de 60 8d f8 34 5b 84 0e d7 bd 96 e1 | a5 93 88 39 7b cc b3 e6 40 c3 e8 5b 77 c1 14 da | 1e ac ae 0f 0e ec d2 00 7e ff fb 4b 33 f8 7d ea | 6e db 3b 66 41 c8 a8 27 9e fa a6 d2 23 a6 65 15 | e5 a6 54 0b b2 10 f1 b6 d1 40 39 b8 b1 55 1f c5 | 22 96 26 4f 6f 18 f2 72 c0 de 21 59 05 03 f6 46 | hmac PRF sha init symkey-key@0x55fd4c44c080 (size 20) | hmac: symkey-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398658f8 | result: clone-key@0x7f161800d840 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f1610002b50 from symkey-key@0x7f161800d840 | hmac prf: begin sha with context 0x7f1610002b50 from symkey-key@0x7f161800d840 | hmac: release clone-key@0x7f161800d840 | hmac PRF sha crypt-prf@0x55fd4c4e96d8 | hmac PRF sha update data-bytes@0x55fd4bdec8c0 (length 192) | 8f 95 81 70 ae b8 a3 89 94 07 0e 6f 00 e5 08 47 | 2e 20 23 08 00 00 00 01 00 00 00 cc 23 00 00 b0 | 38 f7 09 37 ea be ac c4 49 b8 93 44 92 51 50 97 | d7 90 a3 af 9c 2c 52 e6 81 77 3b 4d 4f 4f 67 d3 | b2 bf 52 ab 38 37 ea 44 0d b0 56 3c 69 e0 1a 8a | a9 d6 29 31 38 f2 7b 96 9e dc 33 97 69 c5 e2 0a | af 28 c9 ca de 60 8d f8 34 5b 84 0e d7 bd 96 e1 | a5 93 88 39 7b cc b3 e6 40 c3 e8 5b 77 c1 14 da | 1e ac ae 0f 0e ec d2 00 7e ff fb 4b 33 f8 7d ea | 6e db 3b 66 41 c8 a8 27 9e fa a6 d2 23 a6 65 15 | e5 a6 54 0b b2 10 f1 b6 d1 40 39 b8 b1 55 1f c5 | 22 96 26 4f 6f 18 f2 72 c0 de 21 59 05 03 f6 46 | hmac PRF sha final-bytes@0x55fd4bdec980 (length 20) | df 0a 6e 69 39 a5 05 e2 45 64 b6 02 98 44 09 ea | c0 d1 cb 55 | data being hmac: 8f 95 81 70 ae b8 a3 89 94 07 0e 6f 00 e5 08 47 | data being hmac: 2e 20 23 08 00 00 00 01 00 00 00 cc 23 00 00 b0 | data being hmac: 38 f7 09 37 ea be ac c4 49 b8 93 44 92 51 50 97 | data being hmac: d7 90 a3 af 9c 2c 52 e6 81 77 3b 4d 4f 4f 67 d3 | data being hmac: b2 bf 52 ab 38 37 ea 44 0d b0 56 3c 69 e0 1a 8a | data being hmac: a9 d6 29 31 38 f2 7b 96 9e dc 33 97 69 c5 e2 0a | data being hmac: af 28 c9 ca de 60 8d f8 34 5b 84 0e d7 bd 96 e1 | data being hmac: a5 93 88 39 7b cc b3 e6 40 c3 e8 5b 77 c1 14 da | data being hmac: 1e ac ae 0f 0e ec d2 00 7e ff fb 4b 33 f8 7d ea | data being hmac: 6e db 3b 66 41 c8 a8 27 9e fa a6 d2 23 a6 65 15 | data being hmac: e5 a6 54 0b b2 10 f1 b6 d1 40 39 b8 b1 55 1f c5 | data being hmac: 22 96 26 4f 6f 18 f2 72 c0 de 21 59 05 03 f6 46 | out calculated auth: | df 0a 6e 69 39 a5 05 e2 45 64 b6 02 | suspend processing: state #13 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | start processing: state #14 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #14 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #14: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #14 to 0 after switching state | Message ID: recv #13.#14 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #13.#14 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "aes128" #14: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 204 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #13) | 8f 95 81 70 ae b8 a3 89 94 07 0e 6f 00 e5 08 47 | 2e 20 23 08 00 00 00 01 00 00 00 cc 23 00 00 b0 | 38 f7 09 37 ea be ac c4 49 b8 93 44 92 51 50 97 | d7 90 a3 af 9c 2c 52 e6 81 77 3b 4d 4f 4f 67 d3 | b2 bf 52 ab 38 37 ea 44 0d b0 56 3c 69 e0 1a 8a | a9 d6 29 31 38 f2 7b 96 9e dc 33 97 69 c5 e2 0a | af 28 c9 ca de 60 8d f8 34 5b 84 0e d7 bd 96 e1 | a5 93 88 39 7b cc b3 e6 40 c3 e8 5b 77 c1 14 da | 1e ac ae 0f 0e ec d2 00 7e ff fb 4b 33 f8 7d ea | 6e db 3b 66 41 c8 a8 27 9e fa a6 d2 23 a6 65 15 | e5 a6 54 0b b2 10 f1 b6 d1 40 39 b8 b1 55 1f c5 | 22 96 26 4f 6f 18 f2 72 c0 de 21 59 05 03 f6 46 | df 0a 6e 69 39 a5 05 e2 45 64 b6 02 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x7f1610002b78 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #14 | libevent_malloc: new ptr-libevent@0x55fd4c4eae68 size 128 | #14 STATE_PARENT_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29302.012836 | resume sending helper answer for #13 suppresed complete_v2_state_transition() | #13 spent 1.33 milliseconds in resume sending helper answer | stop processing: state #14 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f160c0019f8 | spent 0.00329 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 8f 95 81 70 ae b8 a3 89 94 07 0e 6f 00 e5 08 47 | 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | 05 b3 ea 6d 9b 0d b0 f0 b6 94 3f e9 68 d0 46 8b | b5 2b 62 df 38 96 8b 3e 1d b3 e3 a7 97 3a 3a 53 | 0d 77 42 f0 02 a2 06 a0 52 9d a7 7b | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 8f 95 81 70 ae b8 a3 89 | responder cookie: | 94 07 0e 6f 00 e5 08 47 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #13 in PARENT_I2 (find_v2_ike_sa) | start processing: state #13 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #14 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #13 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | start processing: state #14 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #14 is idle | #14 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SK (len=44) | #14 in state PARENT_I2: sent v2I2, expected v2R2 | hmac PRF sha init symkey-key@0x55fd4c4d3130 (size 20) | hmac: symkey-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865748 | result: clone-key@0x7f161800d840 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f161c002b50 from symkey-key@0x7f161800d840 | hmac prf: begin sha with context 0x7f161c002b50 from symkey-key@0x7f161800d840 | hmac: release clone-key@0x7f161800d840 | hmac PRF sha crypt-prf@0x55fd4c4e9728 | hmac PRF sha update data-bytes@0x55fd4c4db218 (length 64) | 8f 95 81 70 ae b8 a3 89 94 07 0e 6f 00 e5 08 47 | 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | 05 b3 ea 6d 9b 0d b0 f0 b6 94 3f e9 68 d0 46 8b | b5 2b 62 df 38 96 8b 3e 1d b3 e3 a7 97 3a 3a 53 | hmac PRF sha final-bytes@0x7ffc39865910 (length 20) | 0d 77 42 f0 02 a2 06 a0 52 9d a7 7b 10 32 eb c6 | cc 32 c4 df | data for hmac: 8f 95 81 70 ae b8 a3 89 94 07 0e 6f 00 e5 08 47 | data for hmac: 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | data for hmac: 05 b3 ea 6d 9b 0d b0 f0 b6 94 3f e9 68 d0 46 8b | data for hmac: b5 2b 62 df 38 96 8b 3e 1d b3 e3 a7 97 3a 3a 53 | calculated auth: 0d 77 42 f0 02 a2 06 a0 52 9d a7 7b | provided auth: 0d 77 42 f0 02 a2 06 a0 52 9d a7 7b | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 05 b3 ea 6d 9b 0d b0 f0 b6 94 3f e9 68 d0 46 8b | payload before decryption: | b5 2b 62 df 38 96 8b 3e 1d b3 e3 a7 97 3a 3a 53 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 00 00 00 08 00 00 00 0e 00 01 02 03 04 05 06 07 | stripping 8 octets as pad | #14 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2N) | **parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | processing payload: ISAKMP_NEXT_v2N (len=0) | selected state microcode IKE SA: process IKE_AUTH response containing unknown notification | Now let's proceed with state specific processing | calling processor IKE SA: process IKE_AUTH response containing unknown notification "aes128" #14: IKE_AUTH response contained the error notification NO_PROPOSAL_CHOSEN "aes128" #14: scheduling retry attempt 1 of an unlimited number, but releasing whack | release_pending_whacks: state #14 fd@25 .st_dev=9 .st_ino=10148848 | close_any(fd@25) (in release_whack() at state.c:654) | close_any(fd@24) (in release_whack() at state.c:654) | release_pending_whacks: IKE SA #13 fd@-1 has pending CHILD SA with socket fd@25 | libevent_free: release ptr-libevent@0x55fd4c4eae68 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f1610002b78 | event_schedule: new EVENT_RETRANSMIT-pe@0x7f1610002b78 | inserting event EVENT_RETRANSMIT, timeout in 59.993797 seconds for #14 | libevent_malloc: new ptr-libevent@0x7f160c0019f8 size 128 "aes128" #14: STATE_PARENT_I2: suppressing retransmits; will wait 59.993797 seconds for retry | #14 spent 0.109 milliseconds in processing: IKE SA: process IKE_AUTH response containing unknown notification in ikev2_process_state_packet() | [RE]START processing: state #14 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #14 complete_v2_state_transition() PARENT_I2->PARENT_I2 with status STF_IGNORE | stop processing: state #14 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #13 spent 0.357 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.368 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.403 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | close_any(fd@25) Errno 9: Bad file descriptor (in delete_pending() at pending.c:244) | removing pending policy for no connection {0x55fd4c4db198} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #14 | suspend processing: connection "aes128" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #14 connection "aes128" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #14 ikev2.child deleted other | #14 spent 0.109 milliseconds in total | [RE]START processing: state #14 connection "aes128" from 192.1.2.23 (in delete_state() at state.c:879) "aes128" #14: deleting state (STATE_PARENT_I2) aged 0.038s and NOT sending notification | child state #14: PARENT_I2(open IKE SA) => delete | child state #14: PARENT_I2(open IKE SA) => CHILDSA_DEL(informational) | state #14 requesting EVENT_RETRANSMIT to be deleted | #14 STATE_CHILDSA_DEL: retransmits: cleared | libevent_free: release ptr-libevent@0x7f160c0019f8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f1610002b78 | priority calculation of connection "aes128" is 0xfe7e7 | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | stop processing: connection "aes128" (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #14 in CHILDSA_DEL | child state #14: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #14 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x55fd4c4ecc80 | delete_state: release st->st_skey_ai_nss-key@0x55fd4c44c080 | delete_state: release st->st_skey_ar_nss-key@0x55fd4c4d3130 | delete_state: release st->st_skey_ei_nss-key@0x55fd4c4d6a20 | delete_state: release st->st_skey_er_nss-key@0x55fd4c4cd5b0 | delete_state: release st->st_skey_pi_nss-key@0x55fd4c4d4be0 | delete_state: release st->st_skey_pr_nss-key@0x7f161800a0e0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #13 | start processing: state #13 connection "aes128" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #13 ikev2.ike deleted other | #13 spent 6.52 milliseconds in total | [RE]START processing: state #13 connection "aes128" from 192.1.2.23 (in delete_state() at state.c:879) "aes128" #13: deleting state (STATE_PARENT_I2) aged 0.045s and NOT sending notification | parent state #13: PARENT_I2(open IKE SA) => delete | state #13 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f1608004f28 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f160c002b78 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #13 in PARENT_I2 | parent state #13: PARENT_I2(open IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f1608007588: destroyed | stop processing: state #13 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x7f1618006bb0 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x55fd4c4ecc80 | delete_state: release st->st_skey_ai_nss-key@0x55fd4c44c080 | delete_state: release st->st_skey_ar_nss-key@0x55fd4c4d3130 | delete_state: release st->st_skey_ei_nss-key@0x55fd4c4d6a20 | delete_state: release st->st_skey_er_nss-key@0x55fd4c4cd5b0 | delete_state: release st->st_skey_pi_nss-key@0x55fd4c4d4be0 | delete_state: release st->st_skey_pr_nss-key@0x7f161800a0e0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x55fd4c4e8e78 | flush revival: connection 'aes128' wasn't on the list | stop processing: connection "aes128" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.311 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | child-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0504 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + delete-on-retransmit | base impairing = delete-on-retransmit | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0507 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | emitting | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0536 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | ike-key-length-attribute:EMPTY | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0537 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection aes128 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x55fd4c4e8e78 added connection description "aes128" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.158 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #15 at 0x55fd4c4ed818 | State DB: adding IKEv2 state #15 in UNDEFINED | pstats #15 ikev2.ike started | Message ID: init #15: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #15: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #15; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #15 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #15 "aes128" "aes128" #15: initiating v2 parent SA | constructing local IKE proposals for aes128 (IKE SA initiator selecting KE) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "aes128": constructed local IKE proposals for aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 15 for state #15 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f160c002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #15 | libevent_malloc: new ptr-libevent@0x7f160c0019f8 size 128 | crypto helper 1 resuming | crypto helper 1 starting work-order 15 for state #15 | crypto helper 1 doing build KE and nonce (ikev2_outI1 KE); request ID 15 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f1620007bf8: created | NSS: Local DH MODP2048 secret (pointer): 0x7f1620007bf8 | NSS: Public DH wire value: | 9f dd 5b 88 07 d7 78 a1 43 49 bc 27 19 6a 66 12 | 6a 70 e1 ee 78 64 da 1e 15 b5 f9 4f 8d 90 94 9b | 52 67 46 55 38 af de 9e 66 e8 37 7c a6 2a cc f8 | ac 8c 9b 92 db 5a 1b 71 cc 54 2e 56 75 cb 70 e9 | 36 80 24 0e ae ae ab 89 8b ce 76 ff 51 aa 28 0a | d6 58 a1 ad 8c 72 81 a6 66 a0 ff 08 2c ba 26 98 | 79 3b 2e 33 74 c0 3f 9e 3e 7e e9 9b 80 77 55 04 | 07 6c 48 92 d3 db 48 c4 c1 48 80 4f 68 1f c0 3b | 3f e4 66 a2 94 e0 0b 43 12 d5 73 16 2a cd c8 ba | e1 9b b5 5c 6f 08 fe 9e a7 b9 76 26 62 c9 b9 9a | 55 56 a3 9d 88 8c 0d 44 4a 62 e3 83 10 9c 22 32 | bb 5b 08 3e b0 b3 ba cc 6f 7b 8c 26 c8 51 0d 2d | 53 79 29 be 35 a5 9c 29 5f 10 e5 d3 15 07 f3 cc | d1 fc 19 69 b1 97 90 e8 42 3f e6 9b 9c f1 59 65 | d3 94 df e0 1e 88 a1 ef 59 e1 df b6 55 00 ef 8f | be 8c 16 79 2c 3d 88 2a 92 54 21 c0 1a a9 74 bd | Generated nonce: 53 3b a7 57 28 dd 3c 09 82 e5 ee 55 40 12 a3 2f | Generated nonce: e0 c5 81 ac 69 e2 79 f8 e6 c9 91 fb 8c 17 85 0f | crypto helper 1 finished build KE and nonce (ikev2_outI1 KE); request ID 15 time elapsed 0.001025 seconds | (#15) spent 1.02 milliseconds in crypto helper computing work-order 15: ikev2_outI1 KE (pcr) | crypto helper 1 sending results from work-order 15 for state #15 to event queue | scheduling resume sending helper answer for #15 | libevent_malloc: new ptr-libevent@0x7f1620004a28 size 128 | crypto helper 1 waiting (nothing to do) | #15 spent 0.112 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #15 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.17 milliseconds in whack | processing resume sending helper answer for #15 | start processing: state #15 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 15 | calling continuation function 0x55fd4bceeb50 | ikev2_parent_outI1_continue for #15 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f1620007bf8: transferring ownership from helper KE to state #15 | **emit ISAKMP Message: | initiator cookie: | 74 23 ad d1 28 79 70 93 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #15: IMPAIR: emitting variable-size key-length attribute with no key | ******emit IKEv2 Attribute Substructure Payload: | af+type: 14?? (0xe) | length/value: 0 (0x0) "aes128" #15: IMPAIR: emitting af+type of IKEv2 Attribute Substructure Payload has an unknown value: 0x0+14 (0xe) | emitting length of IKEv2 Attribute Substructure Payload: 0 | emitting 0 raw bytes of attribute value into IKEv2 Transform Substructure Payload | attribute value | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 9f dd 5b 88 07 d7 78 a1 43 49 bc 27 19 6a 66 12 | ikev2 g^x 6a 70 e1 ee 78 64 da 1e 15 b5 f9 4f 8d 90 94 9b | ikev2 g^x 52 67 46 55 38 af de 9e 66 e8 37 7c a6 2a cc f8 | ikev2 g^x ac 8c 9b 92 db 5a 1b 71 cc 54 2e 56 75 cb 70 e9 | ikev2 g^x 36 80 24 0e ae ae ab 89 8b ce 76 ff 51 aa 28 0a | ikev2 g^x d6 58 a1 ad 8c 72 81 a6 66 a0 ff 08 2c ba 26 98 | ikev2 g^x 79 3b 2e 33 74 c0 3f 9e 3e 7e e9 9b 80 77 55 04 | ikev2 g^x 07 6c 48 92 d3 db 48 c4 c1 48 80 4f 68 1f c0 3b | ikev2 g^x 3f e4 66 a2 94 e0 0b 43 12 d5 73 16 2a cd c8 ba | ikev2 g^x e1 9b b5 5c 6f 08 fe 9e a7 b9 76 26 62 c9 b9 9a | ikev2 g^x 55 56 a3 9d 88 8c 0d 44 4a 62 e3 83 10 9c 22 32 | ikev2 g^x bb 5b 08 3e b0 b3 ba cc 6f 7b 8c 26 c8 51 0d 2d | ikev2 g^x 53 79 29 be 35 a5 9c 29 5f 10 e5 d3 15 07 f3 cc | ikev2 g^x d1 fc 19 69 b1 97 90 e8 42 3f e6 9b 9c f1 59 65 | ikev2 g^x d3 94 df e0 1e 88 a1 ef 59 e1 df b6 55 00 ef 8f | ikev2 g^x be 8c 16 79 2c 3d 88 2a 92 54 21 c0 1a a9 74 bd | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 53 3b a7 57 28 dd 3c 09 82 e5 ee 55 40 12 a3 2f | IKEv2 nonce e0 c5 81 ac 69 e2 79 f8 e6 c9 91 fb 8c 17 85 0f | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865e90 (length 8) | 74 23 ad d1 28 79 70 93 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865e98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffc39865dc4 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffc39865db6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865e40 (length 20) | 04 9f 83 73 43 96 6b a6 23 89 8e 41 77 75 d2 82 | a8 e8 36 3c | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= 74 23 ad d1 28 79 70 93 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 04 9f 83 73 43 96 6b a6 23 89 8e 41 77 75 d2 82 | natd_hash: hash= a8 e8 36 3c | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 04 9f 83 73 43 96 6b a6 23 89 8e 41 77 75 d2 82 | Notify data a8 e8 36 3c | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865e90 (length 8) | 74 23 ad d1 28 79 70 93 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865e98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffc39865dc4 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffc39865db6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865e40 (length 20) | f5 62 50 12 e1 7b 73 3c 45 8a f6 15 c3 31 98 79 | 40 75 9b d5 | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= 74 23 ad d1 28 79 70 93 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= f5 62 50 12 e1 7b 73 3c 45 8a f6 15 c3 31 98 79 | natd_hash: hash= 40 75 9b d5 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data f5 62 50 12 e1 7b 73 3c 45 8a f6 15 c3 31 98 79 | Notify data 40 75 9b d5 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #15 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #15 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #15 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #15: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #15 to 4294967295 after switching state | Message ID: IKE #15 skipping update_recv as MD is fake | Message ID: sent #15 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #15: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #15) | 74 23 ad d1 28 79 70 93 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 00 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 9f dd 5b 88 07 d7 78 a1 43 49 bc 27 | 19 6a 66 12 6a 70 e1 ee 78 64 da 1e 15 b5 f9 4f | 8d 90 94 9b 52 67 46 55 38 af de 9e 66 e8 37 7c | a6 2a cc f8 ac 8c 9b 92 db 5a 1b 71 cc 54 2e 56 | 75 cb 70 e9 36 80 24 0e ae ae ab 89 8b ce 76 ff | 51 aa 28 0a d6 58 a1 ad 8c 72 81 a6 66 a0 ff 08 | 2c ba 26 98 79 3b 2e 33 74 c0 3f 9e 3e 7e e9 9b | 80 77 55 04 07 6c 48 92 d3 db 48 c4 c1 48 80 4f | 68 1f c0 3b 3f e4 66 a2 94 e0 0b 43 12 d5 73 16 | 2a cd c8 ba e1 9b b5 5c 6f 08 fe 9e a7 b9 76 26 | 62 c9 b9 9a 55 56 a3 9d 88 8c 0d 44 4a 62 e3 83 | 10 9c 22 32 bb 5b 08 3e b0 b3 ba cc 6f 7b 8c 26 | c8 51 0d 2d 53 79 29 be 35 a5 9c 29 5f 10 e5 d3 | 15 07 f3 cc d1 fc 19 69 b1 97 90 e8 42 3f e6 9b | 9c f1 59 65 d3 94 df e0 1e 88 a1 ef 59 e1 df b6 | 55 00 ef 8f be 8c 16 79 2c 3d 88 2a 92 54 21 c0 | 1a a9 74 bd 29 00 00 24 53 3b a7 57 28 dd 3c 09 | 82 e5 ee 55 40 12 a3 2f e0 c5 81 ac 69 e2 79 f8 | e6 c9 91 fb 8c 17 85 0f 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 04 9f 83 73 43 96 6b a6 | 23 89 8e 41 77 75 d2 82 a8 e8 36 3c 00 00 00 1c | 00 00 40 05 f5 62 50 12 e1 7b 73 3c 45 8a f6 15 | c3 31 98 79 40 75 9b d5 | state #15 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f160c0019f8 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f160c002b78 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x7f160c002b78 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #15 | libevent_malloc: new ptr-libevent@0x55fd4c4eb208 size 128 | #15 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29302.608199 | resume sending helper answer for #15 suppresed complete_v2_state_transition() and stole MD | #15 spent 0.504 milliseconds in resume sending helper answer | stop processing: state #15 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f1620004a28 | spent 0.00211 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 74 23 ad d1 28 79 70 93 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 07 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 74 23 ad d1 28 79 70 93 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #15 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #15 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #15 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #15 is idle | #15 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_INVALID_SYNTAX (0x7) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #15 IKE SPIi and SPI[ir] | #15 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "aes128" #15: STATE_PARENT_I1: received unauthenticated v2N_INVALID_SYNTAX - ignored | #15 spent 0.00802 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #15 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #15 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #15 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #15 spent 0.115 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.126 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x7f160c002b78 | handling event EVENT_RETRANSMIT for parent state #15 | start processing: state #15 connection "aes128" from 192.1.2.23 (in timer_event_cb() at timer.c:250) | IKEv2 retransmit event | [RE]START processing: state #15 connection "aes128" from 192.1.2.23 (in retransmit_v2_msg() at retry.c:144) | handling event EVENT_RETRANSMIT for 192.1.2.23 "aes128" #15 attempt 2 of 0 | and parent for 192.1.2.23 "aes128" #15 keying attempt 1 of 0; retransmit 1 "aes128" #15: IMPAIR: retransmit so deleting SA | maximum number of keyingtries reached - deleting state | [RE]START processing: state #15 connection "aes128" from 192.1.2.23 (in retransmit_v2_msg() at retry.c:234) | pstats #15 ikev2.ike failed too-many-retransmits | pstats #15 ikev2.ike deleted too-many-retransmits | #15 spent 1.76 milliseconds in total | [RE]START processing: state #15 connection "aes128" from 192.1.2.23 (in delete_state() at state.c:879) "aes128" #15: deleting state (STATE_PARENT_I1) aged 0.501s and NOT sending notification | parent state #15: PARENT_I1(half-open IKE SA) => delete | in connection_discard for connection aes128 | close_any(fd@25) (in delete_pending() at pending.c:244) | removing pending policy for "aes128" {0x55fd4c4db198} | State DB: IKEv2 state not found (flush_incomplete_children) | picked newest_isakmp_sa #0 for #15 "aes128" #15: deleting IKE SA for connection 'aes128' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS | add revival: connection 'aes128' added to the list and scheduled for 0 seconds | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #15 in PARENT_I1 | parent state #15: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | close_any(fd@24) (in release_whack() at state.c:654) | DH secret MODP2048@0x7f1620007bf8: destroyed | stop processing: state #15 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | libevent_free: release ptr-libevent@0x55fd4c4eb208 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f160c002b78 | in statetime_stop() and could not find #15 | processing: STOP state #0 (in timer_event_cb() at timer.c:557) | processing global timer EVENT_REVIVE_CONNS Initiating connection aes128 which received a Delete/Notify but must remain up per local policy | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #16 at 0x55fd4c4ed818 | State DB: adding IKEv2 state #16 in UNDEFINED | pstats #16 ikev2.ike started | Message ID: init #16: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #16: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #16; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #16 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #16 "aes128" "aes128" #16: initiating v2 parent SA | using existing local IKE proposals for connection aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 16 for state #16 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f160c002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #16 | libevent_malloc: new ptr-libevent@0x7f1620004a28 size 128 | crypto helper 3 resuming | crypto helper 3 starting work-order 16 for state #16 | crypto helper 3 doing build KE and nonce (ikev2_outI1 KE); request ID 16 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f1618003a78: created | NSS: Local DH MODP2048 secret (pointer): 0x7f1618003a78 | NSS: Public DH wire value: | d9 58 c8 24 d6 80 52 8a cc 16 fe ea 4d a7 f9 73 | 2b 43 d9 d3 0d b9 ac 03 0e 70 92 21 43 7a 90 bb | 19 96 99 ba be c1 53 ee ac 21 01 0a 43 f4 73 96 | 25 07 9a a2 dd 40 eb 15 16 12 b1 d7 1b 30 ec 21 | f3 da 91 16 c7 a2 7d 23 e9 af 42 cb 08 66 26 19 | e8 77 53 eb 38 c8 0f 4a 00 52 b9 5d bb a9 79 24 | 38 4a 21 2d 2d ba db ff 83 d6 ed 83 0f 7f ca 52 | cc 19 1f b9 1a 3a 3e a1 2e 9b 8e 76 b9 6f 83 c8 | b5 96 ed d4 88 7a 34 1d ce f9 4e 96 8b 32 20 70 | f2 48 69 22 e5 51 fa c8 dd 36 e0 bd c7 31 39 de | 72 12 b0 80 78 93 1c d9 63 9d 70 f8 49 50 f7 83 | ed d5 73 40 b7 03 b7 06 f0 1b 07 75 cd cb c3 74 | 36 32 f8 90 b6 10 02 bb fb d1 aa 22 fa bc 56 3d | 23 c0 37 29 45 51 ca 12 26 31 48 57 7f 4e c4 4a | e5 ae 22 11 ee 02 e3 8e df c3 66 78 24 30 c1 8c | 78 ea 85 36 0a a6 74 80 59 38 df 10 a8 53 d6 2a | Generated nonce: ae 0c 5a 9f c5 77 bd 15 f6 87 ad 9b 78 fc b3 b2 | Generated nonce: fa 92 49 b9 f9 a5 73 48 de db df dd 4d a8 dd 01 | crypto helper 3 finished build KE and nonce (ikev2_outI1 KE); request ID 16 time elapsed 0.001012 seconds | (#16) spent 1 milliseconds in crypto helper computing work-order 16: ikev2_outI1 KE (pcr) | crypto helper 3 sending results from work-order 16 for state #16 to event queue | scheduling resume sending helper answer for #16 | libevent_malloc: new ptr-libevent@0x7f1618005088 size 128 | crypto helper 3 waiting (nothing to do) | #16 spent 0.0886 milliseconds in ikev2_parent_outI1() | RESET processing: state #16 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | spent 0.108 milliseconds in global timer EVENT_REVIVE_CONNS | processing resume sending helper answer for #16 | start processing: state #16 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 16 | calling continuation function 0x55fd4bceeb50 | ikev2_parent_outI1_continue for #16 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f1618003a78: transferring ownership from helper KE to state #16 | **emit ISAKMP Message: | initiator cookie: | 04 72 5e e4 6e f1 79 89 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #16: IMPAIR: emitting variable-size key-length attribute with no key | ******emit IKEv2 Attribute Substructure Payload: | af+type: 14?? (0xe) | length/value: 0 (0x0) "aes128" #16: IMPAIR: emitting af+type of IKEv2 Attribute Substructure Payload has an unknown value: 0x0+14 (0xe) | emitting length of IKEv2 Attribute Substructure Payload: 0 | emitting 0 raw bytes of attribute value into IKEv2 Transform Substructure Payload | attribute value | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x d9 58 c8 24 d6 80 52 8a cc 16 fe ea 4d a7 f9 73 | ikev2 g^x 2b 43 d9 d3 0d b9 ac 03 0e 70 92 21 43 7a 90 bb | ikev2 g^x 19 96 99 ba be c1 53 ee ac 21 01 0a 43 f4 73 96 | ikev2 g^x 25 07 9a a2 dd 40 eb 15 16 12 b1 d7 1b 30 ec 21 | ikev2 g^x f3 da 91 16 c7 a2 7d 23 e9 af 42 cb 08 66 26 19 | ikev2 g^x e8 77 53 eb 38 c8 0f 4a 00 52 b9 5d bb a9 79 24 | ikev2 g^x 38 4a 21 2d 2d ba db ff 83 d6 ed 83 0f 7f ca 52 | ikev2 g^x cc 19 1f b9 1a 3a 3e a1 2e 9b 8e 76 b9 6f 83 c8 | ikev2 g^x b5 96 ed d4 88 7a 34 1d ce f9 4e 96 8b 32 20 70 | ikev2 g^x f2 48 69 22 e5 51 fa c8 dd 36 e0 bd c7 31 39 de | ikev2 g^x 72 12 b0 80 78 93 1c d9 63 9d 70 f8 49 50 f7 83 | ikev2 g^x ed d5 73 40 b7 03 b7 06 f0 1b 07 75 cd cb c3 74 | ikev2 g^x 36 32 f8 90 b6 10 02 bb fb d1 aa 22 fa bc 56 3d | ikev2 g^x 23 c0 37 29 45 51 ca 12 26 31 48 57 7f 4e c4 4a | ikev2 g^x e5 ae 22 11 ee 02 e3 8e df c3 66 78 24 30 c1 8c | ikev2 g^x 78 ea 85 36 0a a6 74 80 59 38 df 10 a8 53 d6 2a | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce ae 0c 5a 9f c5 77 bd 15 f6 87 ad 9b 78 fc b3 b2 | IKEv2 nonce fa 92 49 b9 f9 a5 73 48 de db df dd 4d a8 dd 01 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865e90 (length 8) | 04 72 5e e4 6e f1 79 89 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865e98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffc39865dc4 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffc39865db6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865e40 (length 20) | 49 bc 5f e0 8c c9 51 62 a9 36 b9 0b 42 8a fa cd | 0c b9 ac 4f | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= 04 72 5e e4 6e f1 79 89 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 49 bc 5f e0 8c c9 51 62 a9 36 b9 0b 42 8a fa cd | natd_hash: hash= 0c b9 ac 4f | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 49 bc 5f e0 8c c9 51 62 a9 36 b9 0b 42 8a fa cd | Notify data 0c b9 ac 4f | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865e90 (length 8) | 04 72 5e e4 6e f1 79 89 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865e98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffc39865dc4 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffc39865db6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865e40 (length 20) | 23 9f 36 8c f1 4a e7 2e 76 e8 c0 9b b8 37 ad ba | 01 43 c6 cf | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= 04 72 5e e4 6e f1 79 89 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 23 9f 36 8c f1 4a e7 2e 76 e8 c0 9b b8 37 ad ba | natd_hash: hash= 01 43 c6 cf | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 23 9f 36 8c f1 4a e7 2e 76 e8 c0 9b b8 37 ad ba | Notify data 01 43 c6 cf | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #16 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #16 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #16 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #16: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #16 to 4294967295 after switching state | Message ID: IKE #16 skipping update_recv as MD is fake | Message ID: sent #16 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #16: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #16) | 04 72 5e e4 6e f1 79 89 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 00 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 d9 58 c8 24 d6 80 52 8a cc 16 fe ea | 4d a7 f9 73 2b 43 d9 d3 0d b9 ac 03 0e 70 92 21 | 43 7a 90 bb 19 96 99 ba be c1 53 ee ac 21 01 0a | 43 f4 73 96 25 07 9a a2 dd 40 eb 15 16 12 b1 d7 | 1b 30 ec 21 f3 da 91 16 c7 a2 7d 23 e9 af 42 cb | 08 66 26 19 e8 77 53 eb 38 c8 0f 4a 00 52 b9 5d | bb a9 79 24 38 4a 21 2d 2d ba db ff 83 d6 ed 83 | 0f 7f ca 52 cc 19 1f b9 1a 3a 3e a1 2e 9b 8e 76 | b9 6f 83 c8 b5 96 ed d4 88 7a 34 1d ce f9 4e 96 | 8b 32 20 70 f2 48 69 22 e5 51 fa c8 dd 36 e0 bd | c7 31 39 de 72 12 b0 80 78 93 1c d9 63 9d 70 f8 | 49 50 f7 83 ed d5 73 40 b7 03 b7 06 f0 1b 07 75 | cd cb c3 74 36 32 f8 90 b6 10 02 bb fb d1 aa 22 | fa bc 56 3d 23 c0 37 29 45 51 ca 12 26 31 48 57 | 7f 4e c4 4a e5 ae 22 11 ee 02 e3 8e df c3 66 78 | 24 30 c1 8c 78 ea 85 36 0a a6 74 80 59 38 df 10 | a8 53 d6 2a 29 00 00 24 ae 0c 5a 9f c5 77 bd 15 | f6 87 ad 9b 78 fc b3 b2 fa 92 49 b9 f9 a5 73 48 | de db df dd 4d a8 dd 01 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 49 bc 5f e0 8c c9 51 62 | a9 36 b9 0b 42 8a fa cd 0c b9 ac 4f 00 00 00 1c | 00 00 40 05 23 9f 36 8c f1 4a e7 2e 76 e8 c0 9b | b8 37 ad ba 01 43 c6 cf | state #16 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f1620004a28 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f160c002b78 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x7f160c002b78 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #16 | libevent_malloc: new ptr-libevent@0x55fd4c4eae68 size 128 | #16 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29303.110257 | resume sending helper answer for #16 suppresed complete_v2_state_transition() and stole MD | #16 spent 0.498 milliseconds in resume sending helper answer | stop processing: state #16 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f1618005088 | spent 0.00216 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 04 72 5e e4 6e f1 79 89 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 07 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 04 72 5e e4 6e f1 79 89 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #16 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #16 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #16 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #16 is idle | #16 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_INVALID_SYNTAX (0x7) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #16 IKE SPIi and SPI[ir] | #16 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "aes128" #16: STATE_PARENT_I1: received unauthenticated v2N_INVALID_SYNTAX - ignored | #16 spent 0.00394 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #16 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #16 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #16 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #16 spent 0.112 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.124 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0373 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | removing pending policy for no connection {0x55fd4c4db198} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #16 | suspend processing: connection "aes128" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #16 connection "aes128" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #16 ikev2.ike deleted other | #16 spent 1.7 milliseconds in total | [RE]START processing: state #16 connection "aes128" from 192.1.2.23 (in delete_state() at state.c:879) "aes128" #16: deleting state (STATE_PARENT_I1) aged 0.027s and NOT sending notification | parent state #16: PARENT_I1(half-open IKE SA) => delete | state #16 requesting EVENT_RETRANSMIT to be deleted | #16 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x55fd4c4eae68 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f160c002b78 | State DB: IKEv2 state not found (flush_incomplete_children) | stop processing: connection "aes128" (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #16 in PARENT_I1 | parent state #16: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f1618003a78: destroyed | stop processing: state #16 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x55fd4c4e8e78 | flush revival: connection 'aes128' wasn't on the list | stop processing: connection "aes128" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.205 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | emitting: disabled | ike-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0604 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + delete-on-retransmit | base impairing = delete-on-retransmit | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0534 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | emitting | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0475 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | ike-key-length-attribute:EMPTY | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0427 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection aes128 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x55fd4c4e8e78 added connection description "aes128" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.12 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #17 at 0x55fd4c4ed818 | State DB: adding IKEv2 state #17 in UNDEFINED | pstats #17 ikev2.ike started | Message ID: init #17: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #17: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #17; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #17 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #17 "aes128" "aes128" #17: initiating v2 parent SA | constructing local IKE proposals for aes128 (IKE SA initiator selecting KE) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "aes128": constructed local IKE proposals for aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 17 for state #17 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f160c002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #17 | libevent_malloc: new ptr-libevent@0x7f1618005088 size 128 | crypto helper 5 resuming | crypto helper 5 starting work-order 17 for state #17 | crypto helper 5 doing build KE and nonce (ikev2_outI1 KE); request ID 17 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f161c006778: created | NSS: Local DH MODP2048 secret (pointer): 0x7f161c006778 | NSS: Public DH wire value: | 74 cc e6 2a c4 1d a0 ba ba 64 42 af d5 88 46 74 | ab d2 cc cc 78 63 58 aa ff 05 4d 77 73 68 48 fc | 2e e7 19 8f 4d 6e 13 ac b3 e7 9f b6 0b 34 49 a5 | 2a 13 4c c8 fa 6d 89 18 4c 3b a6 20 53 ca e5 18 | 96 e0 3e 80 07 d4 7b 29 4a c7 d7 12 32 01 11 6e | 87 56 0d 5a 4f 5b a8 dc 68 c6 0d e0 7b 15 9b 46 | 58 7c f6 dc 29 d2 2c 9c 68 69 99 b5 60 7f 4c 5c | 4c a4 e8 f5 82 98 4e b4 09 fb 78 b3 d0 26 f1 3c | cc 5c 6a ef 26 d1 11 cf 34 75 7e 4b b7 5a 86 90 | 83 2f d1 9e ba 57 61 d2 e5 d5 98 be 2f 6a a8 37 | c8 3d 5d cc 0d e7 34 3b 3a 79 c2 12 be 64 ac 89 | 87 57 a5 62 6c d7 96 89 5a 71 2d 6a 10 36 53 5c | 7e 4b 1c 96 11 db 90 80 bb 3d 6c dc a2 cd 5d e7 | 23 87 03 1c f3 7d 5e d4 03 41 51 8f 97 37 df 89 | 7d f5 99 3c 29 f3 3d d9 93 29 96 01 bf db a6 b1 | 25 33 7b 83 eb e0 e3 3f 4a ac 99 af e9 02 7a f7 | Generated nonce: fb 46 86 a4 73 b4 70 59 ed 32 f5 39 97 1e a8 1c | Generated nonce: f8 ec 4d 7e 44 12 fc 16 4d 31 84 7b c7 60 53 c0 | crypto helper 5 finished build KE and nonce (ikev2_outI1 KE); request ID 17 time elapsed 0.001023 seconds | (#17) spent 1.01 milliseconds in crypto helper computing work-order 17: ikev2_outI1 KE (pcr) | crypto helper 5 sending results from work-order 17 for state #17 to event queue | scheduling resume sending helper answer for #17 | libevent_malloc: new ptr-libevent@0x7f161c0014a8 size 128 | crypto helper 5 waiting (nothing to do) | #17 spent 0.105 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #17 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.168 milliseconds in whack | processing resume sending helper answer for #17 | start processing: state #17 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 5 replies to request ID 17 | calling continuation function 0x55fd4bceeb50 | ikev2_parent_outI1_continue for #17 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f161c006778: transferring ownership from helper KE to state #17 | **emit ISAKMP Message: | initiator cookie: | 1d 3d c1 a9 ba 21 c1 00 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #17: IMPAIR: emitting variable-size key-length attribute with no key | ******emit IKEv2 Attribute Substructure Payload: | af+type: 14?? (0xe) | length/value: 0 (0x0) "aes128" #17: IMPAIR: emitting af+type of IKEv2 Attribute Substructure Payload has an unknown value: 0x0+14 (0xe) | emitting length of IKEv2 Attribute Substructure Payload: 0 | emitting 0 raw bytes of attribute value into IKEv2 Transform Substructure Payload | attribute value | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 74 cc e6 2a c4 1d a0 ba ba 64 42 af d5 88 46 74 | ikev2 g^x ab d2 cc cc 78 63 58 aa ff 05 4d 77 73 68 48 fc | ikev2 g^x 2e e7 19 8f 4d 6e 13 ac b3 e7 9f b6 0b 34 49 a5 | ikev2 g^x 2a 13 4c c8 fa 6d 89 18 4c 3b a6 20 53 ca e5 18 | ikev2 g^x 96 e0 3e 80 07 d4 7b 29 4a c7 d7 12 32 01 11 6e | ikev2 g^x 87 56 0d 5a 4f 5b a8 dc 68 c6 0d e0 7b 15 9b 46 | ikev2 g^x 58 7c f6 dc 29 d2 2c 9c 68 69 99 b5 60 7f 4c 5c | ikev2 g^x 4c a4 e8 f5 82 98 4e b4 09 fb 78 b3 d0 26 f1 3c | ikev2 g^x cc 5c 6a ef 26 d1 11 cf 34 75 7e 4b b7 5a 86 90 | ikev2 g^x 83 2f d1 9e ba 57 61 d2 e5 d5 98 be 2f 6a a8 37 | ikev2 g^x c8 3d 5d cc 0d e7 34 3b 3a 79 c2 12 be 64 ac 89 | ikev2 g^x 87 57 a5 62 6c d7 96 89 5a 71 2d 6a 10 36 53 5c | ikev2 g^x 7e 4b 1c 96 11 db 90 80 bb 3d 6c dc a2 cd 5d e7 | ikev2 g^x 23 87 03 1c f3 7d 5e d4 03 41 51 8f 97 37 df 89 | ikev2 g^x 7d f5 99 3c 29 f3 3d d9 93 29 96 01 bf db a6 b1 | ikev2 g^x 25 33 7b 83 eb e0 e3 3f 4a ac 99 af e9 02 7a f7 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce fb 46 86 a4 73 b4 70 59 ed 32 f5 39 97 1e a8 1c | IKEv2 nonce f8 ec 4d 7e 44 12 fc 16 4d 31 84 7b c7 60 53 c0 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865e90 (length 8) | 1d 3d c1 a9 ba 21 c1 00 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865e98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffc39865dc4 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffc39865db6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865e40 (length 20) | 00 a2 11 10 a3 4c 7b f6 d7 c0 43 35 b2 0a 4d 59 | f5 dd e8 82 | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= 1d 3d c1 a9 ba 21 c1 00 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 00 a2 11 10 a3 4c 7b f6 d7 c0 43 35 b2 0a 4d 59 | natd_hash: hash= f5 dd e8 82 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 00 a2 11 10 a3 4c 7b f6 d7 c0 43 35 b2 0a 4d 59 | Notify data f5 dd e8 82 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865e90 (length 8) | 1d 3d c1 a9 ba 21 c1 00 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865e98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffc39865dc4 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffc39865db6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865e40 (length 20) | f6 cb b5 5d 4b fa b1 40 5d c9 26 4c c2 60 76 e9 | ef 15 46 ce | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= 1d 3d c1 a9 ba 21 c1 00 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= f6 cb b5 5d 4b fa b1 40 5d c9 26 4c c2 60 76 e9 | natd_hash: hash= ef 15 46 ce | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data f6 cb b5 5d 4b fa b1 40 5d c9 26 4c c2 60 76 e9 | Notify data ef 15 46 ce | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #17 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #17 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #17 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #17: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #17 to 4294967295 after switching state | Message ID: IKE #17 skipping update_recv as MD is fake | Message ID: sent #17 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #17: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #17) | 1d 3d c1 a9 ba 21 c1 00 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 00 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 74 cc e6 2a c4 1d a0 ba ba 64 42 af | d5 88 46 74 ab d2 cc cc 78 63 58 aa ff 05 4d 77 | 73 68 48 fc 2e e7 19 8f 4d 6e 13 ac b3 e7 9f b6 | 0b 34 49 a5 2a 13 4c c8 fa 6d 89 18 4c 3b a6 20 | 53 ca e5 18 96 e0 3e 80 07 d4 7b 29 4a c7 d7 12 | 32 01 11 6e 87 56 0d 5a 4f 5b a8 dc 68 c6 0d e0 | 7b 15 9b 46 58 7c f6 dc 29 d2 2c 9c 68 69 99 b5 | 60 7f 4c 5c 4c a4 e8 f5 82 98 4e b4 09 fb 78 b3 | d0 26 f1 3c cc 5c 6a ef 26 d1 11 cf 34 75 7e 4b | b7 5a 86 90 83 2f d1 9e ba 57 61 d2 e5 d5 98 be | 2f 6a a8 37 c8 3d 5d cc 0d e7 34 3b 3a 79 c2 12 | be 64 ac 89 87 57 a5 62 6c d7 96 89 5a 71 2d 6a | 10 36 53 5c 7e 4b 1c 96 11 db 90 80 bb 3d 6c dc | a2 cd 5d e7 23 87 03 1c f3 7d 5e d4 03 41 51 8f | 97 37 df 89 7d f5 99 3c 29 f3 3d d9 93 29 96 01 | bf db a6 b1 25 33 7b 83 eb e0 e3 3f 4a ac 99 af | e9 02 7a f7 29 00 00 24 fb 46 86 a4 73 b4 70 59 | ed 32 f5 39 97 1e a8 1c f8 ec 4d 7e 44 12 fc 16 | 4d 31 84 7b c7 60 53 c0 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 00 a2 11 10 a3 4c 7b f6 | d7 c0 43 35 b2 0a 4d 59 f5 dd e8 82 00 00 00 1c | 00 00 40 05 f6 cb b5 5d 4b fa b1 40 5d c9 26 4c | c2 60 76 e9 ef 15 46 ce | state #17 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f1618005088 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f160c002b78 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x7f160c002b78 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #17 | libevent_malloc: new ptr-libevent@0x55fd4c4eb208 size 128 | #17 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29303.545067 | resume sending helper answer for #17 suppresed complete_v2_state_transition() and stole MD | #17 spent 0.533 milliseconds in resume sending helper answer | stop processing: state #17 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f161c0014a8 | spent 0.00212 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 1d 3d c1 a9 ba 21 c1 00 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 07 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 1d 3d c1 a9 ba 21 c1 00 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #17 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #17 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #17 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #17 is idle | #17 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_INVALID_SYNTAX (0x7) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #17 IKE SPIi and SPI[ir] | #17 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "aes128" #17: STATE_PARENT_I1: received unauthenticated v2N_INVALID_SYNTAX - ignored | #17 spent 0.0104 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #17 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #17 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #17 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #17 spent 0.123 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.135 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x7f160c002b78 | handling event EVENT_RETRANSMIT for parent state #17 | start processing: state #17 connection "aes128" from 192.1.2.23 (in timer_event_cb() at timer.c:250) | IKEv2 retransmit event | [RE]START processing: state #17 connection "aes128" from 192.1.2.23 (in retransmit_v2_msg() at retry.c:144) | handling event EVENT_RETRANSMIT for 192.1.2.23 "aes128" #17 attempt 2 of 0 | and parent for 192.1.2.23 "aes128" #17 keying attempt 1 of 0; retransmit 1 "aes128" #17: IMPAIR: retransmit so deleting SA | maximum number of keyingtries reached - deleting state | [RE]START processing: state #17 connection "aes128" from 192.1.2.23 (in retransmit_v2_msg() at retry.c:234) | pstats #17 ikev2.ike failed too-many-retransmits | pstats #17 ikev2.ike deleted too-many-retransmits | #17 spent 1.77 milliseconds in total | [RE]START processing: state #17 connection "aes128" from 192.1.2.23 (in delete_state() at state.c:879) "aes128" #17: deleting state (STATE_PARENT_I1) aged 0.501s and NOT sending notification | parent state #17: PARENT_I1(half-open IKE SA) => delete | in connection_discard for connection aes128 | close_any(fd@25) (in delete_pending() at pending.c:244) | removing pending policy for "aes128" {0x55fd4c4db198} | State DB: IKEv2 state not found (flush_incomplete_children) | picked newest_isakmp_sa #0 for #17 "aes128" #17: deleting IKE SA for connection 'aes128' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS | add revival: connection 'aes128' added to the list and scheduled for 0 seconds | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #17 in PARENT_I1 | parent state #17: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | close_any(fd@24) (in release_whack() at state.c:654) | DH secret MODP2048@0x7f161c006778: destroyed | stop processing: state #17 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | libevent_free: release ptr-libevent@0x55fd4c4eb208 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f160c002b78 | in statetime_stop() and could not find #17 | processing: STOP state #0 (in timer_event_cb() at timer.c:557) | processing global timer EVENT_REVIVE_CONNS Initiating connection aes128 which received a Delete/Notify but must remain up per local policy | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #18 at 0x55fd4c4ed818 | State DB: adding IKEv2 state #18 in UNDEFINED | pstats #18 ikev2.ike started | Message ID: init #18: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #18: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #18; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #18 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #18 "aes128" "aes128" #18: initiating v2 parent SA | using existing local IKE proposals for connection aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 18 for state #18 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f160c002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #18 | libevent_malloc: new ptr-libevent@0x7f161c0014a8 size 128 | #18 spent 0.0697 milliseconds in ikev2_parent_outI1() | RESET processing: state #18 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 6 resuming | crypto helper 6 starting work-order 18 for state #18 | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 6 doing build KE and nonce (ikev2_outI1 KE); request ID 18 | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | spent 0.099 milliseconds in global timer EVENT_REVIVE_CONNS | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f16100020b8: created | NSS: Local DH MODP2048 secret (pointer): 0x7f16100020b8 | NSS: Public DH wire value: | 28 44 24 35 3b 04 a4 fc c9 a7 41 dc a4 fe bd ff | 3a 5e f4 3d 55 03 3a 7a aa 3f bd 70 6d d7 dd 5e | cc d0 5b 06 c9 4d dc f2 c2 5e 94 12 0f a5 2d 8c | cf ce f2 7e 1e c0 21 30 24 c5 2d 76 11 5f 97 25 | 19 7f fd 6e d0 1f c5 99 18 e9 2a 83 22 3e 4e 10 | 92 73 d1 de 78 66 eb bf a8 ff b4 6f 80 b1 b7 ed | e8 29 4a c8 66 db 0d 19 7f 5d f2 ea 7f 71 0b b3 | 4a 79 68 a2 bf 6d 69 a9 19 d3 f0 eb 29 07 b7 85 | a5 cc 84 fe 8d 4a 6e e1 49 58 10 20 12 78 96 da | 1c a2 bc a9 9f 44 2b b1 91 8c 4f 84 09 7f 8e b2 | 5e 19 ac be d6 db c0 2e ab 0e 37 c9 15 76 1c b1 | 23 2c 28 ce 60 c9 5b 0c 3f c8 9e 6d 8e 07 d0 20 | 44 fd e2 6f e6 79 34 33 56 c5 6e 98 81 c9 37 68 | e9 4c 7a ee 66 3b 80 18 13 55 83 23 63 2c 64 da | b2 b0 98 de a0 7e ee 09 09 18 e1 1e a7 9c 9a be | b7 88 39 0e 4f 92 95 c8 d9 83 c4 2e 68 31 5d 76 | Generated nonce: bb 76 80 fc de f3 68 b4 6d 39 4a 5b ab 7a 08 b6 | Generated nonce: 81 3f cb a7 78 49 b4 e8 bf c1 9d df a6 6c 1d bc | crypto helper 6 finished build KE and nonce (ikev2_outI1 KE); request ID 18 time elapsed 0.001037 seconds | (#18) spent 1.02 milliseconds in crypto helper computing work-order 18: ikev2_outI1 KE (pcr) | crypto helper 6 sending results from work-order 18 for state #18 to event queue | scheduling resume sending helper answer for #18 | libevent_malloc: new ptr-libevent@0x7f1610005908 size 128 | crypto helper 6 waiting (nothing to do) | processing resume sending helper answer for #18 | start processing: state #18 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 6 replies to request ID 18 | calling continuation function 0x55fd4bceeb50 | ikev2_parent_outI1_continue for #18 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f16100020b8: transferring ownership from helper KE to state #18 | **emit ISAKMP Message: | initiator cookie: | dd f1 a7 97 73 22 40 a8 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #18: IMPAIR: emitting variable-size key-length attribute with no key | ******emit IKEv2 Attribute Substructure Payload: | af+type: 14?? (0xe) | length/value: 0 (0x0) "aes128" #18: IMPAIR: emitting af+type of IKEv2 Attribute Substructure Payload has an unknown value: 0x0+14 (0xe) | emitting length of IKEv2 Attribute Substructure Payload: 0 | emitting 0 raw bytes of attribute value into IKEv2 Transform Substructure Payload | attribute value | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 28 44 24 35 3b 04 a4 fc c9 a7 41 dc a4 fe bd ff | ikev2 g^x 3a 5e f4 3d 55 03 3a 7a aa 3f bd 70 6d d7 dd 5e | ikev2 g^x cc d0 5b 06 c9 4d dc f2 c2 5e 94 12 0f a5 2d 8c | ikev2 g^x cf ce f2 7e 1e c0 21 30 24 c5 2d 76 11 5f 97 25 | ikev2 g^x 19 7f fd 6e d0 1f c5 99 18 e9 2a 83 22 3e 4e 10 | ikev2 g^x 92 73 d1 de 78 66 eb bf a8 ff b4 6f 80 b1 b7 ed | ikev2 g^x e8 29 4a c8 66 db 0d 19 7f 5d f2 ea 7f 71 0b b3 | ikev2 g^x 4a 79 68 a2 bf 6d 69 a9 19 d3 f0 eb 29 07 b7 85 | ikev2 g^x a5 cc 84 fe 8d 4a 6e e1 49 58 10 20 12 78 96 da | ikev2 g^x 1c a2 bc a9 9f 44 2b b1 91 8c 4f 84 09 7f 8e b2 | ikev2 g^x 5e 19 ac be d6 db c0 2e ab 0e 37 c9 15 76 1c b1 | ikev2 g^x 23 2c 28 ce 60 c9 5b 0c 3f c8 9e 6d 8e 07 d0 20 | ikev2 g^x 44 fd e2 6f e6 79 34 33 56 c5 6e 98 81 c9 37 68 | ikev2 g^x e9 4c 7a ee 66 3b 80 18 13 55 83 23 63 2c 64 da | ikev2 g^x b2 b0 98 de a0 7e ee 09 09 18 e1 1e a7 9c 9a be | ikev2 g^x b7 88 39 0e 4f 92 95 c8 d9 83 c4 2e 68 31 5d 76 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce bb 76 80 fc de f3 68 b4 6d 39 4a 5b ab 7a 08 b6 | IKEv2 nonce 81 3f cb a7 78 49 b4 e8 bf c1 9d df a6 6c 1d bc | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865e90 (length 8) | dd f1 a7 97 73 22 40 a8 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865e98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffc39865dc4 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffc39865db6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865e40 (length 20) | 64 53 6b 42 7f c3 45 31 9c 1e b4 b1 56 86 6b 21 | e5 e8 c9 ba | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= dd f1 a7 97 73 22 40 a8 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 64 53 6b 42 7f c3 45 31 9c 1e b4 b1 56 86 6b 21 | natd_hash: hash= e5 e8 c9 ba | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 64 53 6b 42 7f c3 45 31 9c 1e b4 b1 56 86 6b 21 | Notify data e5 e8 c9 ba | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865e90 (length 8) | dd f1 a7 97 73 22 40 a8 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865e98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffc39865dc4 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffc39865db6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865e40 (length 20) | d9 1e 7c a9 b9 1f ab 91 32 4d 72 ce fe 3d d0 96 | 1d 13 3e ad | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= dd f1 a7 97 73 22 40 a8 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= d9 1e 7c a9 b9 1f ab 91 32 4d 72 ce fe 3d d0 96 | natd_hash: hash= 1d 13 3e ad | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data d9 1e 7c a9 b9 1f ab 91 32 4d 72 ce fe 3d d0 96 | Notify data 1d 13 3e ad | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #18 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #18 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #18 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #18: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #18 to 4294967295 after switching state | Message ID: IKE #18 skipping update_recv as MD is fake | Message ID: sent #18 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #18: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #18) | dd f1 a7 97 73 22 40 a8 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 00 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 28 44 24 35 3b 04 a4 fc c9 a7 41 dc | a4 fe bd ff 3a 5e f4 3d 55 03 3a 7a aa 3f bd 70 | 6d d7 dd 5e cc d0 5b 06 c9 4d dc f2 c2 5e 94 12 | 0f a5 2d 8c cf ce f2 7e 1e c0 21 30 24 c5 2d 76 | 11 5f 97 25 19 7f fd 6e d0 1f c5 99 18 e9 2a 83 | 22 3e 4e 10 92 73 d1 de 78 66 eb bf a8 ff b4 6f | 80 b1 b7 ed e8 29 4a c8 66 db 0d 19 7f 5d f2 ea | 7f 71 0b b3 4a 79 68 a2 bf 6d 69 a9 19 d3 f0 eb | 29 07 b7 85 a5 cc 84 fe 8d 4a 6e e1 49 58 10 20 | 12 78 96 da 1c a2 bc a9 9f 44 2b b1 91 8c 4f 84 | 09 7f 8e b2 5e 19 ac be d6 db c0 2e ab 0e 37 c9 | 15 76 1c b1 23 2c 28 ce 60 c9 5b 0c 3f c8 9e 6d | 8e 07 d0 20 44 fd e2 6f e6 79 34 33 56 c5 6e 98 | 81 c9 37 68 e9 4c 7a ee 66 3b 80 18 13 55 83 23 | 63 2c 64 da b2 b0 98 de a0 7e ee 09 09 18 e1 1e | a7 9c 9a be b7 88 39 0e 4f 92 95 c8 d9 83 c4 2e | 68 31 5d 76 29 00 00 24 bb 76 80 fc de f3 68 b4 | 6d 39 4a 5b ab 7a 08 b6 81 3f cb a7 78 49 b4 e8 | bf c1 9d df a6 6c 1d bc 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 64 53 6b 42 7f c3 45 31 | 9c 1e b4 b1 56 86 6b 21 e5 e8 c9 ba 00 00 00 1c | 00 00 40 05 d9 1e 7c a9 b9 1f ab 91 32 4d 72 ce | fe 3d d0 96 1d 13 3e ad | state #18 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f161c0014a8 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f160c002b78 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x7f160c002b78 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #18 | libevent_malloc: new ptr-libevent@0x55fd4c4eb208 size 128 | #18 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29304.046479 | resume sending helper answer for #18 suppresed complete_v2_state_transition() and stole MD | #18 spent 0.347 milliseconds in resume sending helper answer | stop processing: state #18 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f1610005908 | spent 0.00245 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | dd f1 a7 97 73 22 40 a8 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 07 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | dd f1 a7 97 73 22 40 a8 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #18 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #18 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #18 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #18 is idle | #18 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_INVALID_SYNTAX (0x7) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #18 IKE SPIi and SPI[ir] | #18 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "aes128" #18: STATE_PARENT_I1: received unauthenticated v2N_INVALID_SYNTAX - ignored | #18 spent 0.00366 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #18 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #18 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #18 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #18 spent 0.107 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.118 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0449 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | removing pending policy for no connection {0x55fd4c4db198} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #18 | suspend processing: connection "aes128" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #18 connection "aes128" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #18 ikev2.ike deleted other | #18 spent 1.55 milliseconds in total | [RE]START processing: state #18 connection "aes128" from 192.1.2.23 (in delete_state() at state.c:879) "aes128" #18: deleting state (STATE_PARENT_I1) aged 0.014s and NOT sending notification | parent state #18: PARENT_I1(half-open IKE SA) => delete | state #18 requesting EVENT_RETRANSMIT to be deleted | #18 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x55fd4c4eb208 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f160c002b78 | State DB: IKEv2 state not found (flush_incomplete_children) | stop processing: connection "aes128" (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #18 in PARENT_I1 | parent state #18: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f16100020b8: destroyed | stop processing: state #18 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x55fd4c4e8e78 | flush revival: connection 'aes128' wasn't on the list | stop processing: connection "aes128" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.154 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | emitting: disabled | ike-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0536 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + suppress-retransmits | base impairing = suppress-retransmits | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0489 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection 3des with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: 3DES_CBC-HMAC_SHA1-MODP2048 | from whack: got --esp=3des-sha1;modp2048 | ESP/AH string values: 3DES_CBC-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x55fd4c4e8e78 added connection description "3des" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.126 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in initiate_a_connection() at initiate.c:186) | connection '3des' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #19 at 0x55fd4c4ed818 | State DB: adding IKEv2 state #19 in UNDEFINED | pstats #19 ikev2.ike started | Message ID: init #19: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #19: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #19; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "3des" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #19 connection "3des" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "3des" IKE SA #19 "3des" "3des" #19: initiating v2 parent SA | constructing local IKE proposals for 3des (IKE SA initiator selecting KE) | converting ike_info 3DES_CBC-HMAC_SHA1-MODP2048 to ikev2 ... | omitting IKEv2 PROTO_v2_IKE 3des_cbc ENCRYPT transform key-length | ... ikev2_proposal: 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "3des": constructed local IKE proposals for 3des (IKE SA initiator selecting KE): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 19 for state #19 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f160c002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #19 | libevent_malloc: new ptr-libevent@0x7f1610005908 size 128 | #19 spent 0.117 milliseconds in ikev2_parent_outI1() | crypto helper 2 resuming | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 2 starting work-order 19 for state #19 | RESET processing: state #19 connection "3des" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "3des" (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 2 doing build KE and nonce (ikev2_outI1 KE); request ID 19 | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.226 milliseconds in whack | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f1614003828: created | NSS: Local DH MODP2048 secret (pointer): 0x7f1614003828 | NSS: Public DH wire value: | 3d a9 d4 a5 ad a5 e8 ca 0b e2 52 49 47 80 7b a7 | 09 cb d8 3a 4e 27 02 45 21 49 c3 14 60 7b 6e bb | 49 9e 8e 22 28 54 d8 85 f6 c9 5f dc 83 02 0e 75 | c3 f8 e0 4f 65 ba 84 c2 be cb 40 dd a3 57 c3 c2 | cd 6e 29 15 f5 6a 43 69 3f a8 54 15 ad 13 7a fe | ba a6 9f c5 0b 71 ea 0e 8c 6c b8 e5 71 f1 7d 2d | f7 d1 95 a6 2a 86 75 82 96 b6 7f 98 70 72 38 08 | 03 52 58 07 8c be 3f c6 a2 fe 56 58 31 f6 1f 3f | ec 50 9f 96 8e a2 b8 d4 f4 95 67 b0 10 3a a5 c4 | db 9a 55 b3 4f bb 32 25 7d f7 d6 a6 de 24 7d 29 | 91 44 57 1d 5d a5 db 2d 8a 3c 9e f8 0e 98 b4 ec | 89 25 81 28 68 fd 6d 40 6f 29 88 30 91 89 06 78 | cd ab 67 b0 f8 52 88 d4 68 7c 78 03 0f af fc 24 | 5e bf d8 4b 98 8c 91 e1 0a bc c0 bd e3 35 32 85 | 03 b5 66 6e c2 93 71 9f 59 5a dd 99 f0 e7 de 56 | 7e cf 2e f2 93 22 7a dc 86 e3 fc 80 8b 8f 18 94 | Generated nonce: 7e ef df b9 e6 c0 95 b6 35 29 54 b9 ca 10 f9 27 | Generated nonce: df af 2b 9d e8 b2 43 e8 cb eb 84 20 d3 7e 8c ca | crypto helper 2 finished build KE and nonce (ikev2_outI1 KE); request ID 19 time elapsed 0.000954 seconds | (#19) spent 0.953 milliseconds in crypto helper computing work-order 19: ikev2_outI1 KE (pcr) | crypto helper 2 sending results from work-order 19 for state #19 to event queue | scheduling resume sending helper answer for #19 | libevent_malloc: new ptr-libevent@0x7f1614002888 size 128 | crypto helper 2 waiting (nothing to do) | processing resume sending helper answer for #19 | start processing: state #19 connection "3des" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 2 replies to request ID 19 | calling continuation function 0x55fd4bceeb50 | ikev2_parent_outI1_continue for #19 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f1614003828: transferring ownership from helper KE to state #19 | **emit ISAKMP Message: | initiator cookie: | b4 9f d5 a5 56 78 42 52 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection 3des (IKE SA initiator emitting local proposals): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 3d a9 d4 a5 ad a5 e8 ca 0b e2 52 49 47 80 7b a7 | ikev2 g^x 09 cb d8 3a 4e 27 02 45 21 49 c3 14 60 7b 6e bb | ikev2 g^x 49 9e 8e 22 28 54 d8 85 f6 c9 5f dc 83 02 0e 75 | ikev2 g^x c3 f8 e0 4f 65 ba 84 c2 be cb 40 dd a3 57 c3 c2 | ikev2 g^x cd 6e 29 15 f5 6a 43 69 3f a8 54 15 ad 13 7a fe | ikev2 g^x ba a6 9f c5 0b 71 ea 0e 8c 6c b8 e5 71 f1 7d 2d | ikev2 g^x f7 d1 95 a6 2a 86 75 82 96 b6 7f 98 70 72 38 08 | ikev2 g^x 03 52 58 07 8c be 3f c6 a2 fe 56 58 31 f6 1f 3f | ikev2 g^x ec 50 9f 96 8e a2 b8 d4 f4 95 67 b0 10 3a a5 c4 | ikev2 g^x db 9a 55 b3 4f bb 32 25 7d f7 d6 a6 de 24 7d 29 | ikev2 g^x 91 44 57 1d 5d a5 db 2d 8a 3c 9e f8 0e 98 b4 ec | ikev2 g^x 89 25 81 28 68 fd 6d 40 6f 29 88 30 91 89 06 78 | ikev2 g^x cd ab 67 b0 f8 52 88 d4 68 7c 78 03 0f af fc 24 | ikev2 g^x 5e bf d8 4b 98 8c 91 e1 0a bc c0 bd e3 35 32 85 | ikev2 g^x 03 b5 66 6e c2 93 71 9f 59 5a dd 99 f0 e7 de 56 | ikev2 g^x 7e cf 2e f2 93 22 7a dc 86 e3 fc 80 8b 8f 18 94 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 7e ef df b9 e6 c0 95 b6 35 29 54 b9 ca 10 f9 27 | IKEv2 nonce df af 2b 9d e8 b2 43 e8 cb eb 84 20 d3 7e 8c ca | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865e90 (length 8) | b4 9f d5 a5 56 78 42 52 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865e98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffc39865dc4 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffc39865db6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865e40 (length 20) | d0 fe 55 3f 51 19 d4 f8 2d c0 7b 7f 22 c6 c8 96 | 0a a6 b5 d2 | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= b4 9f d5 a5 56 78 42 52 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= d0 fe 55 3f 51 19 d4 f8 2d c0 7b 7f 22 c6 c8 96 | natd_hash: hash= 0a a6 b5 d2 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data d0 fe 55 3f 51 19 d4 f8 2d c0 7b 7f 22 c6 c8 96 | Notify data 0a a6 b5 d2 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865e90 (length 8) | b4 9f d5 a5 56 78 42 52 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865e98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffc39865dc4 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffc39865db6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865e40 (length 20) | d8 3e 84 3d 45 f6 ac 66 b0 b3 16 7d f1 63 b8 43 | 77 2f 23 62 | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= b4 9f d5 a5 56 78 42 52 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= d8 3e 84 3d 45 f6 ac 66 b0 b3 16 7d f1 63 b8 43 | natd_hash: hash= 77 2f 23 62 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data d8 3e 84 3d 45 f6 ac 66 b0 b3 16 7d f1 63 b8 43 | Notify data 77 2f 23 62 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 436 | stop processing: state #19 connection "3des" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #19 connection "3des" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #19 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #19: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #19 to 4294967295 after switching state | Message ID: IKE #19 skipping update_recv as MD is fake | Message ID: sent #19 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "3des" #19: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 436 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #19) | b4 9f d5 a5 56 78 42 52 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | 3d a9 d4 a5 ad a5 e8 ca 0b e2 52 49 47 80 7b a7 | 09 cb d8 3a 4e 27 02 45 21 49 c3 14 60 7b 6e bb | 49 9e 8e 22 28 54 d8 85 f6 c9 5f dc 83 02 0e 75 | c3 f8 e0 4f 65 ba 84 c2 be cb 40 dd a3 57 c3 c2 | cd 6e 29 15 f5 6a 43 69 3f a8 54 15 ad 13 7a fe | ba a6 9f c5 0b 71 ea 0e 8c 6c b8 e5 71 f1 7d 2d | f7 d1 95 a6 2a 86 75 82 96 b6 7f 98 70 72 38 08 | 03 52 58 07 8c be 3f c6 a2 fe 56 58 31 f6 1f 3f | ec 50 9f 96 8e a2 b8 d4 f4 95 67 b0 10 3a a5 c4 | db 9a 55 b3 4f bb 32 25 7d f7 d6 a6 de 24 7d 29 | 91 44 57 1d 5d a5 db 2d 8a 3c 9e f8 0e 98 b4 ec | 89 25 81 28 68 fd 6d 40 6f 29 88 30 91 89 06 78 | cd ab 67 b0 f8 52 88 d4 68 7c 78 03 0f af fc 24 | 5e bf d8 4b 98 8c 91 e1 0a bc c0 bd e3 35 32 85 | 03 b5 66 6e c2 93 71 9f 59 5a dd 99 f0 e7 de 56 | 7e cf 2e f2 93 22 7a dc 86 e3 fc 80 8b 8f 18 94 | 29 00 00 24 7e ef df b9 e6 c0 95 b6 35 29 54 b9 | ca 10 f9 27 df af 2b 9d e8 b2 43 e8 cb eb 84 20 | d3 7e 8c ca 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 d0 fe 55 3f 51 19 d4 f8 2d c0 7b 7f | 22 c6 c8 96 0a a6 b5 d2 00 00 00 1c 00 00 40 05 | d8 3e 84 3d 45 f6 ac 66 b0 b3 16 7d f1 63 b8 43 | 77 2f 23 62 | state #19 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f1610005908 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f160c002b78 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "3des" #19: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x7f160c002b78 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #19 | libevent_malloc: new ptr-libevent@0x55fd4c4eb208 size 128 | #19 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29304.426947 | resume sending helper answer for #19 suppresed complete_v2_state_transition() and stole MD | #19 spent 0.712 milliseconds in resume sending helper answer | stop processing: state #19 connection "3des" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f1614002888 | spent 0.00239 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 436 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | fa f5 0e d0 64 2b 86 2a de 62 a4 8f 0a 1e 9d 69 | a3 44 88 71 80 da 05 5e 56 e2 27 84 fe b0 ee 09 | a7 2e d8 47 f0 7c 5f fc d3 d4 0a cd 6f 55 89 12 | 9d 99 1b 65 a7 53 90 ff 0a 4e 75 44 43 07 fa 99 | 0a ec 25 e8 28 86 7d 68 36 25 3d a6 af 85 f9 e4 | 54 c5 39 08 4a 5a 93 38 cf 35 81 99 ea 7a 98 5c | 59 99 27 f0 16 dc b1 e1 c2 06 34 b2 39 2b 19 f8 | 89 4b 07 35 04 07 ba ec 5e 3f d7 db d8 0c 4c c0 | 7c 72 87 e8 78 f5 bf b4 e1 77 56 58 37 c7 0f 71 | f2 9c 53 93 ed bc 8c a1 37 f8 3e 0b 24 78 15 4e | 3d da a5 5e 54 ea 2c 7c 19 ee e8 02 20 0e be 33 | f8 4c 9c 7f 6e 5b 5d 70 18 5a f7 0a 19 c3 fb 13 | fd 31 c9 94 07 60 4e 19 f9 66 cc 06 4a 33 f3 cf | f7 19 d4 d3 66 f7 6c 87 15 b8 0d 82 cd 73 cf b8 | 51 ec fd 31 44 c7 a3 52 03 4a 32 f4 9f 61 76 79 | c1 ad b0 c6 7a 53 8d e5 a4 d4 d4 d4 73 75 6f af | 29 00 00 24 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d | 63 21 66 52 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 | 9a 54 db b9 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 3e 47 fc 3b c5 a7 32 0a 39 a5 ba 05 | 71 1d 70 9c d1 72 db 45 00 00 00 1c 00 00 40 05 | ad 95 42 f3 6d e5 d6 bb b0 67 6a 84 da 6b 7c 96 | 0f e2 48 23 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | b4 9f d5 a5 56 78 42 52 | responder cookie: | 64 8b 3f f5 9a 68 9d 5a | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 436 (0x1b4) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #19 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #19 connection "3des" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #19 connection "3des" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #19 is idle | #19 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | State DB: re-hashing IKEv2 state #19 IKE SPIi and SPI[ir] | #19 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | DH public value received: | fa f5 0e d0 64 2b 86 2a de 62 a4 8f 0a 1e 9d 69 | a3 44 88 71 80 da 05 5e 56 e2 27 84 fe b0 ee 09 | a7 2e d8 47 f0 7c 5f fc d3 d4 0a cd 6f 55 89 12 | 9d 99 1b 65 a7 53 90 ff 0a 4e 75 44 43 07 fa 99 | 0a ec 25 e8 28 86 7d 68 36 25 3d a6 af 85 f9 e4 | 54 c5 39 08 4a 5a 93 38 cf 35 81 99 ea 7a 98 5c | 59 99 27 f0 16 dc b1 e1 c2 06 34 b2 39 2b 19 f8 | 89 4b 07 35 04 07 ba ec 5e 3f d7 db d8 0c 4c c0 | 7c 72 87 e8 78 f5 bf b4 e1 77 56 58 37 c7 0f 71 | f2 9c 53 93 ed bc 8c a1 37 f8 3e 0b 24 78 15 4e | 3d da a5 5e 54 ea 2c 7c 19 ee e8 02 20 0e be 33 | f8 4c 9c 7f 6e 5b 5d 70 18 5a f7 0a 19 c3 fb 13 | fd 31 c9 94 07 60 4e 19 f9 66 cc 06 4a 33 f3 cf | f7 19 d4 d3 66 f7 6c 87 15 b8 0d 82 cd 73 cf b8 | 51 ec fd 31 44 c7 a3 52 03 4a 32 f4 9f 61 76 79 | c1 ad b0 c6 7a 53 8d e5 a4 d4 d4 d4 73 75 6f af | using existing local IKE proposals for connection 3des (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE initiator (accepting) 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | remote proposal 1 transform 0 (ENCR=3DES) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: 3DES=3, found 3DES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865950 (length 8) | b4 9f d5 a5 56 78 42 52 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865958 (length 8) | 64 8b 3f f5 9a 68 9d 5a | NATD hash sha digest IP addr-bytes@0x7ffc398658e4 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffc398658d6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865960 (length 20) | ad 95 42 f3 6d e5 d6 bb b0 67 6a 84 da 6b 7c 96 | 0f e2 48 23 | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= b4 9f d5 a5 56 78 42 52 | natd_hash: rcookie= 64 8b 3f f5 9a 68 9d 5a | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= ad 95 42 f3 6d e5 d6 bb b0 67 6a 84 da 6b 7c 96 | natd_hash: hash= 0f e2 48 23 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865950 (length 8) | b4 9f d5 a5 56 78 42 52 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865958 (length 8) | 64 8b 3f f5 9a 68 9d 5a | NATD hash sha digest IP addr-bytes@0x7ffc398658e4 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffc398658d6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865980 (length 20) | 3e 47 fc 3b c5 a7 32 0a 39 a5 ba 05 71 1d 70 9c | d1 72 db 45 | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= b4 9f d5 a5 56 78 42 52 | natd_hash: rcookie= 64 8b 3f f5 9a 68 9d 5a | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 3e 47 fc 3b c5 a7 32 0a 39 a5 ba 05 71 1d 70 9c | natd_hash: hash= d1 72 db 45 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=3DES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f1614003828: transferring ownership from state #19 to helper IKEv2 DH | adding ikev2_inR1outI2 KE work-order 20 for state #19 | state #19 requesting EVENT_RETRANSMIT to be deleted | #19 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x55fd4c4eb208 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f160c002b78 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f160c002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #19 | libevent_malloc: new ptr-libevent@0x7f1614002888 size 128 | crypto helper 0 resuming | crypto helper 0 starting work-order 20 for state #19 | #19 spent 0.262 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | crypto helper 0 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 20 | [RE]START processing: state #19 connection "3des" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | peer's g: fa f5 0e d0 64 2b 86 2a de 62 a4 8f 0a 1e 9d 69 | peer's g: a3 44 88 71 80 da 05 5e 56 e2 27 84 fe b0 ee 09 | peer's g: a7 2e d8 47 f0 7c 5f fc d3 d4 0a cd 6f 55 89 12 | peer's g: 9d 99 1b 65 a7 53 90 ff 0a 4e 75 44 43 07 fa 99 | #19 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | peer's g: 0a ec 25 e8 28 86 7d 68 36 25 3d a6 af 85 f9 e4 | peer's g: 54 c5 39 08 4a 5a 93 38 cf 35 81 99 ea 7a 98 5c | peer's g: 59 99 27 f0 16 dc b1 e1 c2 06 34 b2 39 2b 19 f8 | peer's g: 89 4b 07 35 04 07 ba ec 5e 3f d7 db d8 0c 4c c0 | peer's g: 7c 72 87 e8 78 f5 bf b4 e1 77 56 58 37 c7 0f 71 | peer's g: f2 9c 53 93 ed bc 8c a1 37 f8 3e 0b 24 78 15 4e | peer's g: 3d da a5 5e 54 ea 2c 7c 19 ee e8 02 20 0e be 33 | peer's g: f8 4c 9c 7f 6e 5b 5d 70 18 5a f7 0a 19 c3 fb 13 | peer's g: fd 31 c9 94 07 60 4e 19 f9 66 cc 06 4a 33 f3 cf | peer's g: f7 19 d4 d3 66 f7 6c 87 15 b8 0d 82 cd 73 cf b8 | peer's g: 51 ec fd 31 44 c7 a3 52 03 4a 32 f4 9f 61 76 79 | peer's g: c1 ad b0 c6 7a 53 8d e5 a4 d4 d4 d4 73 75 6f af | suspending state #19 and saving MD | #19 is busy; has a suspended MD | Started DH shared-secret computation in NSS: | [RE]START processing: state #19 connection "3des" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) | "3des" #19 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | stop processing: state #19 connection "3des" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #19 spent 0.535 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.546 milliseconds in comm_handle_cb() reading and processing packet | new : g_ir-key@0x7f161800a0e0 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f1614003828: computed shared DH secret key@0x7f161800a0e0 | dh-shared : g^ir-key@0x7f161800a0e0 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=24 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f1608002fc8 (length 64) | 7e ef df b9 e6 c0 95 b6 35 29 54 b9 ca 10 f9 27 | df af 2b 9d e8 b2 43 e8 cb eb 84 20 d3 7e 8c ca | 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d 63 21 66 52 | 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 9a 54 db b9 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162ae326e0 | result: Ni | Nr-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae326c8 | result: Ni | Nr-key@0x55fd4c4d4be0 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x55fd4c4cd5b0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f1608001ef0 from Ni | Nr-key@0x55fd4c4d4be0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f1608001ef0 from Ni | Nr-key@0x55fd4c4d4be0 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x55fd4c4d4be0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f1608002f28 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x7f161800a0e0 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x7f161800a0e0 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x7f161800a0e0 | nss hmac digest hack: symkey-key@0x7f161800a0e0 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)1272357058: 4b 32 3f 0d ae ef 8c 98 49 d5 64 8d 45 cb 05 24 ac c4 f3 46 9d cd 6a e6 d0 c8 c8 41 3d 5d 19 e2 e8 28 9b 98 c6 4c 19 d6 6b 56 89 87 82 2e da a7 9a f5 c9 bf 95 2a fb 36 46 3f d3 ff 31 5e 55 95 3e 86 af bd 18 3a cb 6d 95 9e 45 ba 17 f4 b5 fb a1 8b 09 c6 2e 75 44 7a 78 47 e3 1f 85 61 d7 ae bf f4 54 d4 5d 49 25 ae 4f 07 90 ca ae 55 41 4f 8f 7c 28 7a 44 47 e8 19 c8 5d 49 01 70 a9 e0 29 36 1c eb 46 b6 f7 f0 67 34 6f 80 78 7c 4b 52 be 74 77 63 61 3f 5c c7 54 fd 55 8f 1e b8 93 ce bd 56 0c 99 80 62 bb 73 00 80 e0 3f 2f 10 5b 9b 9c 52 c2 b8 76 33 75 e7 64 96 e2 af d3 50 ea 04 d9 70 1e 66 cf 45 aa 62 fe 93 c3 a0 fd 47 3d 62 d8 78 eb 0c 61 30 a7 86 31 2d 0f 83 61 03 bf 5f ed ed 90 1e 12 3b 53 b0 ed 8f 79 92 48 36 a0 8b 85 ee 7c 41 01 cc c0 be c3 0f 50 1a 0c fd 75 a1 bb | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 256 bytes at 0x7f1608006678 | unwrapped: 0f 96 14 f4 55 71 a9 3c 29 1e a7 4e b7 58 6c 3d | unwrapped: 7d c2 67 34 84 32 09 5d f5 73 12 ea e3 9d ae 73 | unwrapped: e3 18 70 35 fa 6f 9f 41 ae 57 26 5c 9a 6c b8 2d | unwrapped: 8b ef 30 2f e5 b1 dd 17 b0 e0 09 2f 6a 9c d7 78 | unwrapped: 82 5d 70 f9 90 8f 26 5a b6 09 ce d4 3e ec 18 fd | unwrapped: f5 c1 d5 8d fe ff bd 96 ab b5 18 76 8d 63 75 cc | unwrapped: e3 85 db 98 d9 77 a4 8c a6 52 21 b0 a8 90 ff ae | unwrapped: e5 b2 fe 60 0e 01 99 5f 23 2b 14 4e 67 49 bc 84 | unwrapped: 23 96 2a 8c ff 3c c2 64 23 10 4d ec dd e5 fd 90 | unwrapped: 3a 8e 40 6b ad cb b0 20 93 fc 74 35 e7 4b c9 54 | unwrapped: be d4 70 fb 7e 3d 6c 3d 99 2f ad cd b9 e3 cd 97 | unwrapped: 1c a7 d5 5b af 6d e9 30 46 b1 bf e6 12 71 24 f7 | unwrapped: 5e 63 89 f4 75 85 b9 8b e2 6d 6e a1 99 4b 53 68 | unwrapped: 0f 99 5e 4d c4 8c 9f 35 27 3d 8f d6 d7 e0 68 de | unwrapped: b4 8e 5d 18 9d 27 39 4e 05 83 33 e0 83 23 6a 58 | unwrapped: 24 20 8f 8a 67 6a 43 3d 27 44 c8 a6 7e 88 8a f8 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162ae32700 | result: final-key@0x55fd4c4cd5b0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4cd5b0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae326e8 | result: final-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4cd5b0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x55fd4c4d4be0 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162ae32670 | result: data=Ni-key@0x55fd4c4d6a20 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x55fd4c4d6a20 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae32658 | result: data=Ni-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x55fd4c4d6a20 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4cd5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f162ae32660 | result: data+=Nr-key@0x55fd4c4d6a20 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55fd4c4cd5b0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d6a20 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f162ae32660 | result: data+=SPIi-key@0x55fd4c4cd5b0 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55fd4c4d6a20 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4cd5b0 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f162ae32660 | result: data+=SPIr-key@0x55fd4c4d6a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55fd4c4cd5b0 | prf+0 PRF sha init key-key@0x55fd4c4d4be0 (size 20) | prf+0: key-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae32588 | result: clone-key@0x55fd4c4cd5b0 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f1608001ef0 from key-key@0x55fd4c4cd5b0 | prf+0 prf: begin sha with context 0x7f1608001ef0 from key-key@0x55fd4c4cd5b0 | prf+0: release clone-key@0x55fd4c4cd5b0 | prf+0 PRF sha crypt-prf@0x7f16080030d8 | prf+0 PRF sha update seed-key@0x55fd4c4d6a20 (size 80) | prf+0: seed-key@0x55fd4c4d6a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c4d6a20 | nss hmac digest hack: symkey-key@0x55fd4c4d6a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 2e be f0 da 35 7a a8 a4 69 c2 86 3a 8c 0c e9 11 24 fb ae 4b 58 aa 32 a2 80 67 b0 6a 87 01 ed 8b 45 c2 16 70 68 ba 3a f8 47 57 8a b7 e0 9f 64 0c e1 b2 a6 6f 87 9a e4 5f 32 2c 54 ad af 43 8e af 63 6b 49 dd 42 ba f6 55 ca 72 42 32 43 7a d8 0d | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f1608005338 | unwrapped: 7e ef df b9 e6 c0 95 b6 35 29 54 b9 ca 10 f9 27 | unwrapped: df af 2b 9d e8 b2 43 e8 cb eb 84 20 d3 7e 8c ca | unwrapped: 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d 63 21 66 52 | unwrapped: 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 9a 54 db b9 | unwrapped: b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162ae32590 | result: final-key@0x55fd4c4d3130 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d3130 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae32578 | result: final-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4d3130 | prf+0 PRF sha final-key@0x55fd4c4cd5b0 (size 20) | prf+0: key-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x55fd4c4cd5b0 | prf+N PRF sha init key-key@0x55fd4c4d4be0 (size 20) | prf+N: key-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae32588 | result: clone-key@0x55fd4c4d3130 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f1608001ef0 from key-key@0x55fd4c4d3130 | prf+N prf: begin sha with context 0x7f1608001ef0 from key-key@0x55fd4c4d3130 | prf+N: release clone-key@0x55fd4c4d3130 | prf+N PRF sha crypt-prf@0x7f1608005e88 | prf+N PRF sha update old_t-key@0x55fd4c4cd5b0 (size 20) | prf+N: old_t-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4cd5b0 | nss hmac digest hack: symkey-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 30 3d 29 6d fb af 8d 34 88 8e f6 a6 3e ee 61 a3 25 ab 95 a3 9e 9a 62 46 d3 f1 fa 57 93 8d 74 73 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f1608002f78 | unwrapped: 21 62 c5 27 5b d5 06 c1 31 f9 1f 13 9a f0 27 32 | unwrapped: 75 04 40 d5 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4d6a20 (size 80) | prf+N: seed-key@0x55fd4c4d6a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c4d6a20 | nss hmac digest hack: symkey-key@0x55fd4c4d6a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 2e be f0 da 35 7a a8 a4 69 c2 86 3a 8c 0c e9 11 24 fb ae 4b 58 aa 32 a2 80 67 b0 6a 87 01 ed 8b 45 c2 16 70 68 ba 3a f8 47 57 8a b7 e0 9f 64 0c e1 b2 a6 6f 87 9a e4 5f 32 2c 54 ad af 43 8e af 63 6b 49 dd 42 ba f6 55 ca 72 42 32 43 7a d8 0d | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f16080052b8 | unwrapped: 7e ef df b9 e6 c0 95 b6 35 29 54 b9 ca 10 f9 27 | unwrapped: df af 2b 9d e8 b2 43 e8 cb eb 84 20 d3 7e 8c ca | unwrapped: 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d 63 21 66 52 | unwrapped: 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 9a 54 db b9 | unwrapped: b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162ae32590 | result: final-key@0x55fd4c44c080 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c44c080 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae32578 | result: final-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c44c080 | prf+N PRF sha final-key@0x55fd4c4d3130 (size 20) | prf+N: key-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f162ae32608 | result: result-key@0x55fd4c44c080 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4cd5b0 | prfplus: release old_t[N]-key@0x55fd4c4cd5b0 | prf+N PRF sha init key-key@0x55fd4c4d4be0 (size 20) | prf+N: key-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae32588 | result: clone-key@0x55fd4c4cd5b0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f1608001ef0 from key-key@0x55fd4c4cd5b0 | prf+N prf: begin sha with context 0x7f1608001ef0 from key-key@0x55fd4c4cd5b0 | prf+N: release clone-key@0x55fd4c4cd5b0 | prf+N PRF sha crypt-prf@0x7f16080030d8 | prf+N PRF sha update old_t-key@0x55fd4c4d3130 (size 20) | prf+N: old_t-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4d3130 | nss hmac digest hack: symkey-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 9b 47 07 05 b9 3f 67 60 16 92 64 d2 84 14 41 e8 50 00 2f 2d 97 aa 56 32 6b 53 8f b0 04 b8 2a 5d | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f1608002f28 | unwrapped: 14 09 11 41 00 e2 80 77 0e e3 de 66 c4 fd 47 a6 | unwrapped: d9 51 e8 21 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4d6a20 (size 80) | prf+N: seed-key@0x55fd4c4d6a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c4d6a20 | nss hmac digest hack: symkey-key@0x55fd4c4d6a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 2e be f0 da 35 7a a8 a4 69 c2 86 3a 8c 0c e9 11 24 fb ae 4b 58 aa 32 a2 80 67 b0 6a 87 01 ed 8b 45 c2 16 70 68 ba 3a f8 47 57 8a b7 e0 9f 64 0c e1 b2 a6 6f 87 9a e4 5f 32 2c 54 ad af 43 8e af 63 6b 49 dd 42 ba f6 55 ca 72 42 32 43 7a d8 0d | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f1608005338 | unwrapped: 7e ef df b9 e6 c0 95 b6 35 29 54 b9 ca 10 f9 27 | unwrapped: df af 2b 9d e8 b2 43 e8 cb eb 84 20 d3 7e 8c ca | unwrapped: 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d 63 21 66 52 | unwrapped: 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 9a 54 db b9 | unwrapped: b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162ae32590 | result: final-key@0x55fd4c4ecc80 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4ecc80 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae32578 | result: final-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4ecc80 | prf+N PRF sha final-key@0x55fd4c4cd5b0 (size 20) | prf+N: key-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c44c080 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f162ae32608 | result: result-key@0x55fd4c4ecc80 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c44c080 | prfplus: release old_t[N]-key@0x55fd4c4d3130 | prf+N PRF sha init key-key@0x55fd4c4d4be0 (size 20) | prf+N: key-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae32588 | result: clone-key@0x55fd4c4d3130 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f1608001ef0 from key-key@0x55fd4c4d3130 | prf+N prf: begin sha with context 0x7f1608001ef0 from key-key@0x55fd4c4d3130 | prf+N: release clone-key@0x55fd4c4d3130 | prf+N PRF sha crypt-prf@0x7f1608002f78 | prf+N PRF sha update old_t-key@0x55fd4c4cd5b0 (size 20) | prf+N: old_t-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4cd5b0 | nss hmac digest hack: symkey-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: f7 d2 e6 82 4f 2f 65 b2 55 ba a4 a4 82 53 99 51 40 1e 37 70 61 17 1d 2e 7d 6f c6 dd 96 0a 2c 46 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f1608003a78 | unwrapped: ad cf 84 17 0d 44 ef b8 9e 15 d0 80 63 46 15 e7 | unwrapped: cd 62 bb 9d 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4d6a20 (size 80) | prf+N: seed-key@0x55fd4c4d6a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c4d6a20 | nss hmac digest hack: symkey-key@0x55fd4c4d6a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 2e be f0 da 35 7a a8 a4 69 c2 86 3a 8c 0c e9 11 24 fb ae 4b 58 aa 32 a2 80 67 b0 6a 87 01 ed 8b 45 c2 16 70 68 ba 3a f8 47 57 8a b7 e0 9f 64 0c e1 b2 a6 6f 87 9a e4 5f 32 2c 54 ad af 43 8e af 63 6b 49 dd 42 ba f6 55 ca 72 42 32 43 7a d8 0d | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f16080052b8 | unwrapped: 7e ef df b9 e6 c0 95 b6 35 29 54 b9 ca 10 f9 27 | unwrapped: df af 2b 9d e8 b2 43 e8 cb eb 84 20 d3 7e 8c ca | unwrapped: 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d 63 21 66 52 | unwrapped: 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 9a 54 db b9 | unwrapped: b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162ae32590 | result: final-key@0x55fd4c44c080 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c44c080 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae32578 | result: final-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c44c080 | prf+N PRF sha final-key@0x55fd4c4d3130 (size 20) | prf+N: key-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4ecc80 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f162ae32608 | result: result-key@0x55fd4c44c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4ecc80 | prfplus: release old_t[N]-key@0x55fd4c4cd5b0 | prf+N PRF sha init key-key@0x55fd4c4d4be0 (size 20) | prf+N: key-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae32588 | result: clone-key@0x55fd4c4cd5b0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f1608001ef0 from key-key@0x55fd4c4cd5b0 | prf+N prf: begin sha with context 0x7f1608001ef0 from key-key@0x55fd4c4cd5b0 | prf+N: release clone-key@0x55fd4c4cd5b0 | prf+N PRF sha crypt-prf@0x7f1608005e88 | prf+N PRF sha update old_t-key@0x55fd4c4d3130 (size 20) | prf+N: old_t-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4d3130 | nss hmac digest hack: symkey-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 82 65 51 fa d3 00 01 25 b7 f6 34 1b c5 7d 25 9a e6 95 35 af 98 8f da 0f 1d ad cf cd d8 a4 62 b0 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f1608002f28 | unwrapped: 1c ef 83 61 4b 4c a5 70 2a 74 5b 4c 97 1b 83 b9 | unwrapped: ac 66 24 12 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4d6a20 (size 80) | prf+N: seed-key@0x55fd4c4d6a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c4d6a20 | nss hmac digest hack: symkey-key@0x55fd4c4d6a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 2e be f0 da 35 7a a8 a4 69 c2 86 3a 8c 0c e9 11 24 fb ae 4b 58 aa 32 a2 80 67 b0 6a 87 01 ed 8b 45 c2 16 70 68 ba 3a f8 47 57 8a b7 e0 9f 64 0c e1 b2 a6 6f 87 9a e4 5f 32 2c 54 ad af 43 8e af 63 6b 49 dd 42 ba f6 55 ca 72 42 32 43 7a d8 0d | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f1608005338 | unwrapped: 7e ef df b9 e6 c0 95 b6 35 29 54 b9 ca 10 f9 27 | unwrapped: df af 2b 9d e8 b2 43 e8 cb eb 84 20 d3 7e 8c ca | unwrapped: 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d 63 21 66 52 | unwrapped: 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 9a 54 db b9 | unwrapped: b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162ae32590 | result: final-key@0x55fd4c4ecc80 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4ecc80 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae32578 | result: final-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4ecc80 | prf+N PRF sha final-key@0x55fd4c4cd5b0 (size 20) | prf+N: key-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c44c080 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f162ae32608 | result: result-key@0x55fd4c4ecc80 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c44c080 | prfplus: release old_t[N]-key@0x55fd4c4d3130 | prf+N PRF sha init key-key@0x55fd4c4d4be0 (size 20) | prf+N: key-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae32588 | result: clone-key@0x55fd4c4d3130 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f1608005510 from key-key@0x55fd4c4d3130 | prf+N prf: begin sha with context 0x7f1608005510 from key-key@0x55fd4c4d3130 | prf+N: release clone-key@0x55fd4c4d3130 | prf+N PRF sha crypt-prf@0x7f16080030d8 | prf+N PRF sha update old_t-key@0x55fd4c4cd5b0 (size 20) | prf+N: old_t-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4cd5b0 | nss hmac digest hack: symkey-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 5f 44 ba bf a4 05 39 75 5c d0 4f 87 ce e9 d3 f9 34 c6 29 ad 2a 25 38 c9 47 0d f9 77 95 7e 5d 10 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f1608002f78 | unwrapped: ae f6 db a9 b9 27 7c 45 d8 01 4e 88 0c 3f 2c fb | unwrapped: ed fb eb 69 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4d6a20 (size 80) | prf+N: seed-key@0x55fd4c4d6a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c4d6a20 | nss hmac digest hack: symkey-key@0x55fd4c4d6a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 2e be f0 da 35 7a a8 a4 69 c2 86 3a 8c 0c e9 11 24 fb ae 4b 58 aa 32 a2 80 67 b0 6a 87 01 ed 8b 45 c2 16 70 68 ba 3a f8 47 57 8a b7 e0 9f 64 0c e1 b2 a6 6f 87 9a e4 5f 32 2c 54 ad af 43 8e af 63 6b 49 dd 42 ba f6 55 ca 72 42 32 43 7a d8 0d | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f16080052b8 | unwrapped: 7e ef df b9 e6 c0 95 b6 35 29 54 b9 ca 10 f9 27 | unwrapped: df af 2b 9d e8 b2 43 e8 cb eb 84 20 d3 7e 8c ca | unwrapped: 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d 63 21 66 52 | unwrapped: 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 9a 54 db b9 | unwrapped: b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162ae32590 | result: final-key@0x55fd4c44c080 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c44c080 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae32578 | result: final-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c44c080 | prf+N PRF sha final-key@0x55fd4c4d3130 (size 20) | prf+N: key-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4ecc80 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f162ae32608 | result: result-key@0x55fd4c44c080 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4ecc80 | prfplus: release old_t[N]-key@0x55fd4c4cd5b0 | prf+N PRF sha init key-key@0x55fd4c4d4be0 (size 20) | prf+N: key-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae32588 | result: clone-key@0x55fd4c4cd5b0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f1608001ef0 from key-key@0x55fd4c4cd5b0 | prf+N prf: begin sha with context 0x7f1608001ef0 from key-key@0x55fd4c4cd5b0 | prf+N: release clone-key@0x55fd4c4cd5b0 | prf+N PRF sha crypt-prf@0x7f1608005e88 | prf+N PRF sha update old_t-key@0x55fd4c4d3130 (size 20) | prf+N: old_t-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4d3130 | nss hmac digest hack: symkey-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 40 a1 17 a6 a4 cb 7e 23 76 af fd b2 a2 42 a9 ea 2a 3f 11 5d 56 f5 36 ef ec 18 ca 05 92 2d 07 3c | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f1608002f28 | unwrapped: 67 14 4f d9 4c 47 8f 22 4f c4 fd 0a 09 18 1f a7 | unwrapped: bc 63 59 ad 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4d6a20 (size 80) | prf+N: seed-key@0x55fd4c4d6a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c4d6a20 | nss hmac digest hack: symkey-key@0x55fd4c4d6a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 2e be f0 da 35 7a a8 a4 69 c2 86 3a 8c 0c e9 11 24 fb ae 4b 58 aa 32 a2 80 67 b0 6a 87 01 ed 8b 45 c2 16 70 68 ba 3a f8 47 57 8a b7 e0 9f 64 0c e1 b2 a6 6f 87 9a e4 5f 32 2c 54 ad af 43 8e af 63 6b 49 dd 42 ba f6 55 ca 72 42 32 43 7a d8 0d | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f1608006468 | unwrapped: 7e ef df b9 e6 c0 95 b6 35 29 54 b9 ca 10 f9 27 | unwrapped: df af 2b 9d e8 b2 43 e8 cb eb 84 20 d3 7e 8c ca | unwrapped: 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d 63 21 66 52 | unwrapped: 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 9a 54 db b9 | unwrapped: b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162ae32590 | result: final-key@0x55fd4c4ecc80 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4ecc80 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae32578 | result: final-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4ecc80 | prf+N PRF sha final-key@0x55fd4c4cd5b0 (size 20) | prf+N: key-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c44c080 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f162ae32608 | result: result-key@0x55fd4c4ecc80 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c44c080 | prfplus: release old_t[N]-key@0x55fd4c4d3130 | prf+N PRF sha init key-key@0x55fd4c4d4be0 (size 20) | prf+N: key-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae32588 | result: clone-key@0x55fd4c4d3130 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f1608001ef0 from key-key@0x55fd4c4d3130 | prf+N prf: begin sha with context 0x7f1608001ef0 from key-key@0x55fd4c4d3130 | prf+N: release clone-key@0x55fd4c4d3130 | prf+N PRF sha crypt-prf@0x7f16080030d8 | prf+N PRF sha update old_t-key@0x55fd4c4cd5b0 (size 20) | prf+N: old_t-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4cd5b0 | nss hmac digest hack: symkey-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 33 d3 6f 68 31 d9 68 56 2f cd e2 c0 5c b8 a9 2a e2 90 1d 8f a0 62 ae f9 6d 29 9c dd 0f 30 0c e1 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f1608002f78 | unwrapped: a7 f5 e8 ea f4 9c ee f7 85 ee df 21 7b 63 a3 ca | unwrapped: 7b 9f 66 2e 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4d6a20 (size 80) | prf+N: seed-key@0x55fd4c4d6a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c4d6a20 | nss hmac digest hack: symkey-key@0x55fd4c4d6a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 2e be f0 da 35 7a a8 a4 69 c2 86 3a 8c 0c e9 11 24 fb ae 4b 58 aa 32 a2 80 67 b0 6a 87 01 ed 8b 45 c2 16 70 68 ba 3a f8 47 57 8a b7 e0 9f 64 0c e1 b2 a6 6f 87 9a e4 5f 32 2c 54 ad af 43 8e af 63 6b 49 dd 42 ba f6 55 ca 72 42 32 43 7a d8 0d | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f1608005338 | unwrapped: 7e ef df b9 e6 c0 95 b6 35 29 54 b9 ca 10 f9 27 | unwrapped: df af 2b 9d e8 b2 43 e8 cb eb 84 20 d3 7e 8c ca | unwrapped: 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d 63 21 66 52 | unwrapped: 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 9a 54 db b9 | unwrapped: b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | prf+N PRF sha update N++-byte@0x8 (8) | 08 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162ae32590 | result: final-key@0x55fd4c44c080 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c44c080 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae32578 | result: final-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c44c080 | prf+N PRF sha final-key@0x55fd4c4d3130 (size 20) | prf+N: key-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4ecc80 (140-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f162ae32608 | result: result-key@0x55fd4c44c080 (160-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4ecc80 | prfplus: release old_t[N]-key@0x55fd4c4cd5b0 | prfplus: release old_t[final]-key@0x55fd4c4d3130 | ike_sa_keymat: release data-key@0x55fd4c4d6a20 | calc_skeyseed_v2: release skeyseed_k-key@0x55fd4c4d4be0 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c44c080 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae327a8 | result: result-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c44c080 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae327a8 | result: result-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c44c080 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae327a8 | result: result-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: DES3_CBC | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x55fd4c44c080 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae327b8 | result: SK_ei_k-key@0x55fd4c4cd5b0 (24-bytes, DES3_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 84, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: DES3_CBC | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x55fd4c44c080 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae327b8 | result: SK_er_k-key@0x55fd4c4ecc80 (24-bytes, DES3_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 108, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c44c080 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae327b8 | result: result-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x7f1618006bb0 | chunk_SK_pi: symkey-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: 50 c7 9b 11 d9 88 e7 5e 78 f6 2a ae 19 a0 3a f7 02 7e a1 c2 74 b6 e0 67 d8 5e 17 80 e8 78 2f fe | chunk_SK_pi: release slot-key-key@0x55fd4c4cfe50 | chunk_SK_pi extracted len 32 bytes at 0x7f1608005e88 | unwrapped: 4f c4 fd 0a 09 18 1f a7 bc 63 59 ad a7 f5 e8 ea | unwrapped: f4 9c ee f7 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 128, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c44c080 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162ae327b8 | result: result-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x7f161800d840 | chunk_SK_pr: symkey-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: af 43 dd da 81 00 0b 0a d3 1c b4 d7 8a b8 96 e6 4a 44 74 be 12 b6 b7 b0 cb 2f 8b 1a 36 d0 5b c2 | chunk_SK_pr: release slot-key-key@0x55fd4c4cfe50 | chunk_SK_pr extracted len 32 bytes at 0x7f1608002f78 | unwrapped: 85 ee df 21 7b 63 a3 ca 7b 9f 66 2e aa ea bc cd | unwrapped: 15 d1 52 60 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x55fd4c44c080 | calc_skeyseed_v2 pointers: shared-key@0x7f161800a0e0, SK_d-key@0x55fd4c4d4be0, SK_ai-key@0x55fd4c4d6a20, SK_ar-key@0x55fd4c4d3130, SK_ei-key@0x55fd4c4cd5b0, SK_er-key@0x55fd4c4ecc80, SK_pi-key@0x7f1618006bb0, SK_pr-key@0x7f161800d840 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | 4f c4 fd 0a 09 18 1f a7 bc 63 59 ad a7 f5 e8 ea | f4 9c ee f7 | calc_skeyseed_v2 SK_pr | 85 ee df 21 7b 63 a3 ca 7b 9f 66 2e aa ea bc cd | 15 d1 52 60 | crypto helper 0 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 20 time elapsed 0.003104 seconds | (#19) spent 3.05 milliseconds in crypto helper computing work-order 20: ikev2_inR1outI2 KE (pcr) | crypto helper 0 sending results from work-order 20 for state #19 to event queue | scheduling resume sending helper answer for #19 | libevent_malloc: new ptr-libevent@0x7f1608005088 size 128 | crypto helper 0 waiting (nothing to do) | processing resume sending helper answer for #19 | start processing: state #19 connection "3des" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 20 | calling continuation function 0x55fd4bceeb50 | ikev2_parent_inR1outI2_continue for #19: calculating g^{xy}, sending I2 | DH secret MODP2048@0x7f1614003828: transferring ownership from helper IKEv2 DH to state #19 | finish_dh_v2: release st_shared_nss-key@NULL | creating state object #20 at 0x55fd4c4f34a8 | State DB: adding IKEv2 state #20 in UNDEFINED | pstats #20 ikev2.child started | duplicating state object #19 "3des" as #20 for IPSEC SA | #20 setting local endpoint to 192.1.2.45:500 from #19.st_localport (in duplicate_state() at state.c:1484) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x55fd4c4d4be0 | duplicate_state: reference st_skey_ai_nss-key@0x55fd4c4d6a20 | duplicate_state: reference st_skey_ar_nss-key@0x55fd4c4d3130 | duplicate_state: reference st_skey_ei_nss-key@0x55fd4c4cd5b0 | duplicate_state: reference st_skey_er_nss-key@0x55fd4c4ecc80 | duplicate_state: reference st_skey_pi_nss-key@0x7f1618006bb0 | duplicate_state: reference st_skey_pr_nss-key@0x7f161800d840 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #19.#20; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #19 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #19.#20 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #19 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f1614002888 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f160c002b78 | event_schedule: new EVENT_SA_REPLACE-pe@0x7f160c002b78 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #19 | libevent_malloc: new ptr-libevent@0x7f1614002888 size 128 | parent state #19: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | b4 9f d5 a5 56 78 42 52 | responder cookie: | 64 8b 3f f5 9a 68 9d 5a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | IDr payload will be sent | hmac PRF sha init symkey-key@0x7f1618006bb0 (size 20) | hmac: symkey-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398659e8 | result: clone-key@0x55fd4c44c080 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f1610002b50 from symkey-key@0x55fd4c44c080 | hmac prf: begin sha with context 0x7f1610002b50 from symkey-key@0x55fd4c44c080 | hmac: release clone-key@0x55fd4c44c080 | hmac PRF sha crypt-prf@0x55fd4c4e9728 | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 77 65 73 74 | emitting length of IKEv2 Identification - Initiator - Payload: 12 | idhash calc I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x55fd4bdec8ec (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7ffc39865d80 (length 20) | 27 ad 79 e0 a5 04 a8 3e 08 f7 20 4e de a8 17 2d | a3 bb 02 0f | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload | IDr 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x55fd4c441b58 (line=1) | concluding with best_match=014 best=0x55fd4c441b58 (lineno=1) | inputs to hash1 (first packet) | b4 9f d5 a5 56 78 42 52 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | 3d a9 d4 a5 ad a5 e8 ca 0b e2 52 49 47 80 7b a7 | 09 cb d8 3a 4e 27 02 45 21 49 c3 14 60 7b 6e bb | 49 9e 8e 22 28 54 d8 85 f6 c9 5f dc 83 02 0e 75 | c3 f8 e0 4f 65 ba 84 c2 be cb 40 dd a3 57 c3 c2 | cd 6e 29 15 f5 6a 43 69 3f a8 54 15 ad 13 7a fe | ba a6 9f c5 0b 71 ea 0e 8c 6c b8 e5 71 f1 7d 2d | f7 d1 95 a6 2a 86 75 82 96 b6 7f 98 70 72 38 08 | 03 52 58 07 8c be 3f c6 a2 fe 56 58 31 f6 1f 3f | ec 50 9f 96 8e a2 b8 d4 f4 95 67 b0 10 3a a5 c4 | db 9a 55 b3 4f bb 32 25 7d f7 d6 a6 de 24 7d 29 | 91 44 57 1d 5d a5 db 2d 8a 3c 9e f8 0e 98 b4 ec | 89 25 81 28 68 fd 6d 40 6f 29 88 30 91 89 06 78 | cd ab 67 b0 f8 52 88 d4 68 7c 78 03 0f af fc 24 | 5e bf d8 4b 98 8c 91 e1 0a bc c0 bd e3 35 32 85 | 03 b5 66 6e c2 93 71 9f 59 5a dd 99 f0 e7 de 56 | 7e cf 2e f2 93 22 7a dc 86 e3 fc 80 8b 8f 18 94 | 29 00 00 24 7e ef df b9 e6 c0 95 b6 35 29 54 b9 | ca 10 f9 27 df af 2b 9d e8 b2 43 e8 cb eb 84 20 | d3 7e 8c ca 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 d0 fe 55 3f 51 19 d4 f8 2d c0 7b 7f | 22 c6 c8 96 0a a6 b5 d2 00 00 00 1c 00 00 40 05 | d8 3e 84 3d 45 f6 ac 66 b0 b3 16 7d f1 63 b8 43 | 77 2f 23 62 | create: initiator inputs to hash2 (responder nonce) | 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d 63 21 66 52 | 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 9a 54 db b9 | idhash 27 ad 79 e0 a5 04 a8 3e 08 f7 20 4e de a8 17 2d | idhash a3 bb 02 0f | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x55fd4c4cfda8 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398657d0 | result: shared secret-key@0x55fd4c4e7620 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x55fd4c4e7620 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398657b8 | result: shared secret-key@0x55fd4c44c080 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x55fd4c4e7620 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f1610002b50 from shared secret-key@0x55fd4c44c080 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f1610002b50 from shared secret-key@0x55fd4c44c080 | = prf(,"Key Pad for IKEv2"): release clone-key@0x55fd4c44c080 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x55fd4c4e96d8 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x55fd4bd814d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398657f0 | result: final-key@0x55fd4c4e7620 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4e7620 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398657d8 | result: final-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4e7620 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x55fd4c44c080 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x55fd4c44c080 (size 20) | = prf(, ): -key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398657e8 | result: clone-key@0x55fd4c4e7620 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f1610002b50 from -key@0x55fd4c4e7620 | = prf(, ) prf: begin sha with context 0x7f1610002b50 from -key@0x55fd4c4e7620 | = prf(, ): release clone-key@0x55fd4c4e7620 | = prf(, ) PRF sha crypt-prf@0x55fd4c4e9728 | = prf(, ) PRF sha update first-packet-bytes@0x55fd4c4eb6a8 (length 436) | b4 9f d5 a5 56 78 42 52 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | 3d a9 d4 a5 ad a5 e8 ca 0b e2 52 49 47 80 7b a7 | 09 cb d8 3a 4e 27 02 45 21 49 c3 14 60 7b 6e bb | 49 9e 8e 22 28 54 d8 85 f6 c9 5f dc 83 02 0e 75 | c3 f8 e0 4f 65 ba 84 c2 be cb 40 dd a3 57 c3 c2 | cd 6e 29 15 f5 6a 43 69 3f a8 54 15 ad 13 7a fe | ba a6 9f c5 0b 71 ea 0e 8c 6c b8 e5 71 f1 7d 2d | f7 d1 95 a6 2a 86 75 82 96 b6 7f 98 70 72 38 08 | 03 52 58 07 8c be 3f c6 a2 fe 56 58 31 f6 1f 3f | ec 50 9f 96 8e a2 b8 d4 f4 95 67 b0 10 3a a5 c4 | db 9a 55 b3 4f bb 32 25 7d f7 d6 a6 de 24 7d 29 | 91 44 57 1d 5d a5 db 2d 8a 3c 9e f8 0e 98 b4 ec | 89 25 81 28 68 fd 6d 40 6f 29 88 30 91 89 06 78 | cd ab 67 b0 f8 52 88 d4 68 7c 78 03 0f af fc 24 | 5e bf d8 4b 98 8c 91 e1 0a bc c0 bd e3 35 32 85 | 03 b5 66 6e c2 93 71 9f 59 5a dd 99 f0 e7 de 56 | 7e cf 2e f2 93 22 7a dc 86 e3 fc 80 8b 8f 18 94 | 29 00 00 24 7e ef df b9 e6 c0 95 b6 35 29 54 b9 | ca 10 f9 27 df af 2b 9d e8 b2 43 e8 cb eb 84 20 | d3 7e 8c ca 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 d0 fe 55 3f 51 19 d4 f8 2d c0 7b 7f | 22 c6 c8 96 0a a6 b5 d2 00 00 00 1c 00 00 40 05 | d8 3e 84 3d 45 f6 ac 66 b0 b3 16 7d f1 63 b8 43 | 77 2f 23 62 | = prf(, ) PRF sha update nonce-bytes@0x55fd4c4e77d8 (length 32) | 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d 63 21 66 52 | 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 9a 54 db b9 | = prf(, ) PRF sha update hash-bytes@0x7ffc39865d80 (length 20) | 27 ad 79 e0 a5 04 a8 3e 08 f7 20 4e de a8 17 2d | a3 bb 02 0f | = prf(, ) PRF sha final-chunk@0x55fd4c4eae68 (length 20) | be 85 ef f0 bd eb 28 ff 5e dc 07 4c db 3a cb 3d | 9f 84 c2 d3 | psk_auth: release prf-psk-key@0x55fd4c44c080 | PSK auth octets be 85 ef f0 bd eb 28 ff 5e dc 07 4c db 3a cb 3d | PSK auth octets 9f 84 c2 d3 | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth be 85 ef f0 bd eb 28 ff 5e dc 07 4c db 3a cb 3d | PSK auth 9f 84 c2 d3 | emitting length of IKEv2 Authentication Payload: 28 | getting first pending from state #19 | netlink_get_spi: allocated 0x8ec98d3f for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for 3des (IKE SA initiator emitting ESP/AH proposals) | converting proposal 3DES_CBC-HMAC_SHA1_96-MODP2048 to ikev2 ... | omitting IKEv2 PROTO_v2_ESP 3des_cbc ENCRYPT transform key-length | ... ikev2_proposal: 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED "3des": constructed local ESP/AH proposals for 3des (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 8e c9 8d 3f | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 36 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 40 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 01 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 02 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 168 | emitting length of ISAKMP Message: 196 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 25 88 ec bc 4c 66 ec 38 | data before encryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | be 85 ef f0 bd eb 28 ff 5e dc 07 4c db 3a cb 3d | 9f 84 c2 d3 2c 00 00 28 00 00 00 24 01 03 04 03 | 8e c9 8d 3f 03 00 00 08 01 00 00 03 03 00 00 08 | 03 00 00 02 00 00 00 08 05 00 00 00 2d 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 01 00 | c0 00 01 ff 00 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 02 00 c0 00 02 ff 00 01 02 03 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | 90 2b d1 e6 90 6b 66 69 ab ff d9 18 31 7a ba e9 | b8 05 69 db 9c 39 8a a1 63 05 9b 04 45 57 97 2c | 4e 1a 73 4a d7 2e 04 b8 a3 86 a1 cb 0d 2c c4 50 | fe cf 61 47 03 ce 1c 57 f9 4d 7e 4c 13 01 c3 6b | 33 a9 44 41 0a 2c 20 fe 2b 9a fb 0b c0 86 91 b9 | 31 0d 43 b3 8b f1 30 c9 6d 31 02 19 a6 03 e5 3d | 38 45 4a d4 53 4e 29 16 8b 7e be 1b 64 a0 27 30 | 76 93 25 ca 5f d5 4e bc 0f e2 27 04 c1 86 3d d7 | d6 f8 29 01 cc ca 5b 11 25 81 dd 48 b3 ed 52 d0 | hmac PRF sha init symkey-key@0x55fd4c4d6a20 (size 20) | hmac: symkey-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398658f8 | result: clone-key@0x55fd4c44c080 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f1610002b50 from symkey-key@0x55fd4c44c080 | hmac prf: begin sha with context 0x7f1610002b50 from symkey-key@0x55fd4c44c080 | hmac: release clone-key@0x55fd4c44c080 | hmac PRF sha crypt-prf@0x55fd4c4e96d8 | hmac PRF sha update data-bytes@0x55fd4bdec8c0 (length 184) | b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | 25 88 ec bc 4c 66 ec 38 90 2b d1 e6 90 6b 66 69 | ab ff d9 18 31 7a ba e9 b8 05 69 db 9c 39 8a a1 | 63 05 9b 04 45 57 97 2c 4e 1a 73 4a d7 2e 04 b8 | a3 86 a1 cb 0d 2c c4 50 fe cf 61 47 03 ce 1c 57 | f9 4d 7e 4c 13 01 c3 6b 33 a9 44 41 0a 2c 20 fe | 2b 9a fb 0b c0 86 91 b9 31 0d 43 b3 8b f1 30 c9 | 6d 31 02 19 a6 03 e5 3d 38 45 4a d4 53 4e 29 16 | 8b 7e be 1b 64 a0 27 30 76 93 25 ca 5f d5 4e bc | 0f e2 27 04 c1 86 3d d7 d6 f8 29 01 cc ca 5b 11 | 25 81 dd 48 b3 ed 52 d0 | hmac PRF sha final-bytes@0x55fd4bdec978 (length 20) | b3 1a 14 2a 86 e2 0a d9 56 5a 00 92 31 67 1d a8 | c7 39 b4 3d | data being hmac: b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | data being hmac: 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | data being hmac: 25 88 ec bc 4c 66 ec 38 90 2b d1 e6 90 6b 66 69 | data being hmac: ab ff d9 18 31 7a ba e9 b8 05 69 db 9c 39 8a a1 | data being hmac: 63 05 9b 04 45 57 97 2c 4e 1a 73 4a d7 2e 04 b8 | data being hmac: a3 86 a1 cb 0d 2c c4 50 fe cf 61 47 03 ce 1c 57 | data being hmac: f9 4d 7e 4c 13 01 c3 6b 33 a9 44 41 0a 2c 20 fe | data being hmac: 2b 9a fb 0b c0 86 91 b9 31 0d 43 b3 8b f1 30 c9 | data being hmac: 6d 31 02 19 a6 03 e5 3d 38 45 4a d4 53 4e 29 16 | data being hmac: 8b 7e be 1b 64 a0 27 30 76 93 25 ca 5f d5 4e bc | data being hmac: 0f e2 27 04 c1 86 3d d7 d6 f8 29 01 cc ca 5b 11 | data being hmac: 25 81 dd 48 b3 ed 52 d0 | out calculated auth: | b3 1a 14 2a 86 e2 0a d9 56 5a 00 92 | suspend processing: state #19 connection "3des" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | start processing: state #20 connection "3des" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #20 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #20: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #20 to 0 after switching state | Message ID: recv #19.#20 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #19.#20 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "3des" #20: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=3DES_CBC_192 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 196 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #19) | b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | 25 88 ec bc 4c 66 ec 38 90 2b d1 e6 90 6b 66 69 | ab ff d9 18 31 7a ba e9 b8 05 69 db 9c 39 8a a1 | 63 05 9b 04 45 57 97 2c 4e 1a 73 4a d7 2e 04 b8 | a3 86 a1 cb 0d 2c c4 50 fe cf 61 47 03 ce 1c 57 | f9 4d 7e 4c 13 01 c3 6b 33 a9 44 41 0a 2c 20 fe | 2b 9a fb 0b c0 86 91 b9 31 0d 43 b3 8b f1 30 c9 | 6d 31 02 19 a6 03 e5 3d 38 45 4a d4 53 4e 29 16 | 8b 7e be 1b 64 a0 27 30 76 93 25 ca 5f d5 4e bc | 0f e2 27 04 c1 86 3d d7 d6 f8 29 01 cc ca 5b 11 | 25 81 dd 48 b3 ed 52 d0 b3 1a 14 2a 86 e2 0a d9 | 56 5a 00 92 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "3des" #20: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x7f1610002b78 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #20 | libevent_malloc: new ptr-libevent@0x55fd4c4eb208 size 128 | #20 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29304.433967 | resume sending helper answer for #19 suppresed complete_v2_state_transition() | #19 spent 1.03 milliseconds in resume sending helper answer | stop processing: state #20 connection "3des" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f1608005088 | spent 0.00309 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 188 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | 65 c9 cb 17 43 e7 fc 10 9b 52 48 e5 99 6c 49 b3 | c1 d9 21 11 5e a9 4b 4a 18 b0 27 d8 f7 87 e0 8f | b9 dd bc 51 54 f9 2d b2 fe 10 32 ca d0 2f 03 d6 | 35 0a 7c d8 cd 35 a7 cc e0 e3 54 69 76 ab 3c 77 | 4a c3 1e 2a bc 37 2a fb 45 b5 13 bb b2 d7 e0 e7 | 75 ae ca 8c 4d 38 82 30 61 1a f6 29 64 f8 d1 2f | f0 cb 45 07 22 eb b8 f5 7f ba 51 78 1a f5 67 b3 | dd 84 01 36 bf 5d 05 89 78 a8 85 a2 f8 4b 73 dc | 55 69 ad 8a 3e 23 17 cd ad f9 cf 02 43 3f f1 82 | 3d 28 d3 1c a4 34 29 e5 40 15 19 f4 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | b4 9f d5 a5 56 78 42 52 | responder cookie: | 64 8b 3f f5 9a 68 9d 5a | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 188 (0xbc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #19 in PARENT_I2 (find_v2_ike_sa) | start processing: state #19 connection "3des" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #20 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #19 connection "3des" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | start processing: state #20 connection "3des" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #20 is idle | #20 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 160 (0xa0) | processing payload: ISAKMP_NEXT_v2SK (len=156) | #20 in state PARENT_I2: sent v2I2, expected v2R2 | hmac PRF sha init symkey-key@0x55fd4c4d3130 (size 20) | hmac: symkey-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865748 | result: clone-key@0x55fd4c44c080 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f161c002b50 from symkey-key@0x55fd4c44c080 | hmac prf: begin sha with context 0x7f161c002b50 from symkey-key@0x55fd4c44c080 | hmac: release clone-key@0x55fd4c44c080 | hmac PRF sha crypt-prf@0x55fd4c4e9728 | hmac PRF sha update data-bytes@0x55fd4c441c48 (length 176) | b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | 65 c9 cb 17 43 e7 fc 10 9b 52 48 e5 99 6c 49 b3 | c1 d9 21 11 5e a9 4b 4a 18 b0 27 d8 f7 87 e0 8f | b9 dd bc 51 54 f9 2d b2 fe 10 32 ca d0 2f 03 d6 | 35 0a 7c d8 cd 35 a7 cc e0 e3 54 69 76 ab 3c 77 | 4a c3 1e 2a bc 37 2a fb 45 b5 13 bb b2 d7 e0 e7 | 75 ae ca 8c 4d 38 82 30 61 1a f6 29 64 f8 d1 2f | f0 cb 45 07 22 eb b8 f5 7f ba 51 78 1a f5 67 b3 | dd 84 01 36 bf 5d 05 89 78 a8 85 a2 f8 4b 73 dc | 55 69 ad 8a 3e 23 17 cd ad f9 cf 02 43 3f f1 82 | hmac PRF sha final-bytes@0x7ffc39865910 (length 20) | 3d 28 d3 1c a4 34 29 e5 40 15 19 f4 5f 49 52 9d | fc af 5e 4c | data for hmac: b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | data for hmac: 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | data for hmac: 65 c9 cb 17 43 e7 fc 10 9b 52 48 e5 99 6c 49 b3 | data for hmac: c1 d9 21 11 5e a9 4b 4a 18 b0 27 d8 f7 87 e0 8f | data for hmac: b9 dd bc 51 54 f9 2d b2 fe 10 32 ca d0 2f 03 d6 | data for hmac: 35 0a 7c d8 cd 35 a7 cc e0 e3 54 69 76 ab 3c 77 | data for hmac: 4a c3 1e 2a bc 37 2a fb 45 b5 13 bb b2 d7 e0 e7 | data for hmac: 75 ae ca 8c 4d 38 82 30 61 1a f6 29 64 f8 d1 2f | data for hmac: f0 cb 45 07 22 eb b8 f5 7f ba 51 78 1a f5 67 b3 | data for hmac: dd 84 01 36 bf 5d 05 89 78 a8 85 a2 f8 4b 73 dc | data for hmac: 55 69 ad 8a 3e 23 17 cd ad f9 cf 02 43 3f f1 82 | calculated auth: 3d 28 d3 1c a4 34 29 e5 40 15 19 f4 | provided auth: 3d 28 d3 1c a4 34 29 e5 40 15 19 f4 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 65 c9 cb 17 43 e7 fc 10 | payload before decryption: | 9b 52 48 e5 99 6c 49 b3 c1 d9 21 11 5e a9 4b 4a | 18 b0 27 d8 f7 87 e0 8f b9 dd bc 51 54 f9 2d b2 | fe 10 32 ca d0 2f 03 d6 35 0a 7c d8 cd 35 a7 cc | e0 e3 54 69 76 ab 3c 77 4a c3 1e 2a bc 37 2a fb | 45 b5 13 bb b2 d7 e0 e7 75 ae ca 8c 4d 38 82 30 | 61 1a f6 29 64 f8 d1 2f f0 cb 45 07 22 eb b8 f5 | 7f ba 51 78 1a f5 67 b3 dd 84 01 36 bf 5d 05 89 | 78 a8 85 a2 f8 4b 73 dc 55 69 ad 8a 3e 23 17 cd | ad f9 cf 02 43 3f f1 82 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | payload after decryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 af f8 62 b1 c8 ef ea 59 4e 5b d5 9b | 77 23 98 5a 94 8b f4 76 2c 00 00 28 00 00 00 24 | 01 03 04 03 6a 81 52 78 03 00 00 08 01 00 00 03 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 | stripping 8 octets as pad | #20 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SA (len=36) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Initiator: process IKE_AUTH response | Now let's proceed with state specific processing | calling processor Initiator: process IKE_AUTH response | offered CA: '%none' "3des" #20: IKEv2 mode peer ID is ID_FQDN: '@east' | hmac PRF sha init symkey-key@0x7f161800d840 (size 20) | hmac: symkey-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f161800d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865878 | result: clone-key@0x55fd4c44c080 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f161c002b50 from symkey-key@0x55fd4c44c080 | hmac prf: begin sha with context 0x7f161c002b50 from symkey-key@0x55fd4c44c080 | hmac: release clone-key@0x55fd4c44c080 | hmac PRF sha crypt-prf@0x55fd4c4e96d8 | idhash auth R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x55fd4c441c74 (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7ffc398659d0 (length 20) | dc 81 f7 ef 1a ed b5 90 e4 e6 ff 0b f3 85 36 01 | c8 0d d8 f6 | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x55fd4c441b58 (line=1) | concluding with best_match=014 best=0x55fd4c441b58 (lineno=1) | inputs to hash1 (first packet) | b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | fa f5 0e d0 64 2b 86 2a de 62 a4 8f 0a 1e 9d 69 | a3 44 88 71 80 da 05 5e 56 e2 27 84 fe b0 ee 09 | a7 2e d8 47 f0 7c 5f fc d3 d4 0a cd 6f 55 89 12 | 9d 99 1b 65 a7 53 90 ff 0a 4e 75 44 43 07 fa 99 | 0a ec 25 e8 28 86 7d 68 36 25 3d a6 af 85 f9 e4 | 54 c5 39 08 4a 5a 93 38 cf 35 81 99 ea 7a 98 5c | 59 99 27 f0 16 dc b1 e1 c2 06 34 b2 39 2b 19 f8 | 89 4b 07 35 04 07 ba ec 5e 3f d7 db d8 0c 4c c0 | 7c 72 87 e8 78 f5 bf b4 e1 77 56 58 37 c7 0f 71 | f2 9c 53 93 ed bc 8c a1 37 f8 3e 0b 24 78 15 4e | 3d da a5 5e 54 ea 2c 7c 19 ee e8 02 20 0e be 33 | f8 4c 9c 7f 6e 5b 5d 70 18 5a f7 0a 19 c3 fb 13 | fd 31 c9 94 07 60 4e 19 f9 66 cc 06 4a 33 f3 cf | f7 19 d4 d3 66 f7 6c 87 15 b8 0d 82 cd 73 cf b8 | 51 ec fd 31 44 c7 a3 52 03 4a 32 f4 9f 61 76 79 | c1 ad b0 c6 7a 53 8d e5 a4 d4 d4 d4 73 75 6f af | 29 00 00 24 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d | 63 21 66 52 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 | 9a 54 db b9 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 3e 47 fc 3b c5 a7 32 0a 39 a5 ba 05 | 71 1d 70 9c d1 72 db 45 00 00 00 1c 00 00 40 05 | ad 95 42 f3 6d e5 d6 bb b0 67 6a 84 da 6b 7c 96 | 0f e2 48 23 | verify: initiator inputs to hash2 (initiator nonce) | 7e ef df b9 e6 c0 95 b6 35 29 54 b9 ca 10 f9 27 | df af 2b 9d e8 b2 43 e8 cb eb 84 20 d3 7e 8c ca | idhash dc 81 f7 ef 1a ed b5 90 e4 e6 ff 0b f3 85 36 01 | idhash c8 0d d8 f6 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x55fd4c4cfda8 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39865670 | result: shared secret-key@0x55fd4c4e7620 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x55fd4c4e7620 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865658 | result: shared secret-key@0x55fd4c44c080 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x55fd4c4e7620 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f161c002b50 from shared secret-key@0x55fd4c44c080 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f161c002b50 from shared secret-key@0x55fd4c44c080 | = prf(,"Key Pad for IKEv2"): release clone-key@0x55fd4c44c080 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x55fd4c4e9728 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x55fd4bd814d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39865690 | result: final-key@0x55fd4c4e7620 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4e7620 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865678 | result: final-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4e7620 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x55fd4c44c080 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x55fd4c44c080 (size 20) | = prf(, ): -key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865688 | result: clone-key@0x55fd4c4e7620 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f161c002b50 from -key@0x55fd4c4e7620 | = prf(, ) prf: begin sha with context 0x7f161c002b50 from -key@0x55fd4c4e7620 | = prf(, ): release clone-key@0x55fd4c4e7620 | = prf(, ) PRF sha crypt-prf@0x55fd4c4e96d8 | = prf(, ) PRF sha update first-packet-bytes@0x55fd4c4eb4b8 (length 436) | b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | fa f5 0e d0 64 2b 86 2a de 62 a4 8f 0a 1e 9d 69 | a3 44 88 71 80 da 05 5e 56 e2 27 84 fe b0 ee 09 | a7 2e d8 47 f0 7c 5f fc d3 d4 0a cd 6f 55 89 12 | 9d 99 1b 65 a7 53 90 ff 0a 4e 75 44 43 07 fa 99 | 0a ec 25 e8 28 86 7d 68 36 25 3d a6 af 85 f9 e4 | 54 c5 39 08 4a 5a 93 38 cf 35 81 99 ea 7a 98 5c | 59 99 27 f0 16 dc b1 e1 c2 06 34 b2 39 2b 19 f8 | 89 4b 07 35 04 07 ba ec 5e 3f d7 db d8 0c 4c c0 | 7c 72 87 e8 78 f5 bf b4 e1 77 56 58 37 c7 0f 71 | f2 9c 53 93 ed bc 8c a1 37 f8 3e 0b 24 78 15 4e | 3d da a5 5e 54 ea 2c 7c 19 ee e8 02 20 0e be 33 | f8 4c 9c 7f 6e 5b 5d 70 18 5a f7 0a 19 c3 fb 13 | fd 31 c9 94 07 60 4e 19 f9 66 cc 06 4a 33 f3 cf | f7 19 d4 d3 66 f7 6c 87 15 b8 0d 82 cd 73 cf b8 | 51 ec fd 31 44 c7 a3 52 03 4a 32 f4 9f 61 76 79 | c1 ad b0 c6 7a 53 8d e5 a4 d4 d4 d4 73 75 6f af | 29 00 00 24 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d | 63 21 66 52 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 | 9a 54 db b9 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 3e 47 fc 3b c5 a7 32 0a 39 a5 ba 05 | 71 1d 70 9c d1 72 db 45 00 00 00 1c 00 00 40 05 | ad 95 42 f3 6d e5 d6 bb b0 67 6a 84 da 6b 7c 96 | 0f e2 48 23 | = prf(, ) PRF sha update nonce-bytes@0x7f1614001868 (length 32) | 7e ef df b9 e6 c0 95 b6 35 29 54 b9 ca 10 f9 27 | df af 2b 9d e8 b2 43 e8 cb eb 84 20 d3 7e 8c ca | = prf(, ) PRF sha update hash-bytes@0x7ffc398659d0 (length 20) | dc 81 f7 ef 1a ed b5 90 e4 e6 ff 0b f3 85 36 01 | c8 0d d8 f6 | = prf(, ) PRF sha final-chunk@0x55fd4c4eecb8 (length 20) | af f8 62 b1 c8 ef ea 59 4e 5b d5 9b 77 23 98 5a | 94 8b f4 76 | psk_auth: release prf-psk-key@0x55fd4c44c080 | Received PSK auth octets | af f8 62 b1 c8 ef ea 59 4e 5b d5 9b 77 23 98 5a | 94 8b f4 76 | Calculated PSK auth octets | af f8 62 b1 c8 ef ea 59 4e 5b d5 9b 77 23 98 5a | 94 8b f4 76 "3des" #20: Authenticated using authby=secret | parent state #19: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) | #19 will start re-keying in 2879 seconds with margin of 721 seconds (attempting re-key) | state #19 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f1614002888 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f160c002b78 | event_schedule: new EVENT_SA_REKEY-pe@0x7f160c002b78 | inserting event EVENT_SA_REKEY, timeout in 2879 seconds for #19 | libevent_malloc: new ptr-libevent@0x7f1608005088 size 128 | pstats #19 ikev2.ike established | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | evaluating our conn="3des" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found an acceptable TSi/TSr Traffic Selector | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | using existing local ESP/AH proposals for 3des (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 36 (0x24) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI 6a 81 52 78 | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | remote proposal 1 transform 0 (ENCR=3DES) matches local proposal 1 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=6a815278;ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: 3DES=3, found 3DES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | integ=sha: .key_size=20 encrypt=3des_cbc: .key_size=24 .salt_size=0 keymat_len=44 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39865760 | result: data=Ni-key@0x55fd4c4e7620 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x55fd4c4e7620 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865748 | result: data=Ni-key@0x55fd4c44c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x55fd4c4e7620 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c44c080 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc39865750 | result: data+=Nr-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55fd4c44c080 | prf+0 PRF sha init key-key@0x55fd4c4d4be0 (size 20) | prf+0: key-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865678 | result: clone-key@0x55fd4c44c080 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f161c002b50 from key-key@0x55fd4c44c080 | prf+0 prf: begin sha with context 0x7f161c002b50 from key-key@0x55fd4c44c080 | prf+0: release clone-key@0x55fd4c44c080 | prf+0 PRF sha crypt-prf@0x55fd4c4e8db8 | prf+0 PRF sha update seed-key@0x55fd4c4e7620 (size 64) | prf+0: seed-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55fd4c4e7620 | nss hmac digest hack: symkey-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1272451581: 2e be f0 da 35 7a a8 a4 69 c2 86 3a 8c 0c e9 11 24 fb ae 4b 58 aa 32 a2 80 67 b0 6a 87 01 ed 8b 45 c2 16 70 68 ba 3a f8 47 57 8a b7 e0 9f 64 0c e1 b2 a6 6f 87 9a e4 5f 32 2c 54 ad af 43 8e af | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 64 bytes at 0x55fd4c4e9158 | unwrapped: 7e ef df b9 e6 c0 95 b6 35 29 54 b9 ca 10 f9 27 | unwrapped: df af 2b 9d e8 b2 43 e8 cb eb 84 20 d3 7e 8c ca | unwrapped: 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d 63 21 66 52 | unwrapped: 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 9a 54 db b9 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39865680 | result: final-key@0x55fd4c4ee4d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4ee4d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865668 | result: final-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4ee4d0 | prf+0 PRF sha final-key@0x55fd4c44c080 (size 20) | prf+0: key-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x55fd4c44c080 | prf+N PRF sha init key-key@0x55fd4c4d4be0 (size 20) | prf+N: key-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865678 | result: clone-key@0x55fd4c4ee4d0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f161c002b50 from key-key@0x55fd4c4ee4d0 | prf+N prf: begin sha with context 0x7f161c002b50 from key-key@0x55fd4c4ee4d0 | prf+N: release clone-key@0x55fd4c4ee4d0 | prf+N PRF sha crypt-prf@0x55fd4c4e9728 | prf+N PRF sha update old_t-key@0x55fd4c44c080 (size 20) | prf+N: old_t-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c44c080 | nss hmac digest hack: symkey-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 1d 3d 09 9e d8 d9 7e a2 8e c2 03 c1 d2 c9 79 11 59 60 cb c7 c0 56 06 db b1 7f 6e f4 4a 7e 83 1e | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x55fd4c4eed58 | unwrapped: 1b e1 32 35 f3 c5 2b a8 06 9e a1 aa 09 79 bd dd | unwrapped: c2 53 5e 0c 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4e7620 (size 64) | prf+N: seed-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55fd4c4e7620 | nss hmac digest hack: symkey-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1272451581: 2e be f0 da 35 7a a8 a4 69 c2 86 3a 8c 0c e9 11 24 fb ae 4b 58 aa 32 a2 80 67 b0 6a 87 01 ed 8b 45 c2 16 70 68 ba 3a f8 47 57 8a b7 e0 9f 64 0c e1 b2 a6 6f 87 9a e4 5f 32 2c 54 ad af 43 8e af | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 64 bytes at 0x7f1620002b78 | unwrapped: 7e ef df b9 e6 c0 95 b6 35 29 54 b9 ca 10 f9 27 | unwrapped: df af 2b 9d e8 b2 43 e8 cb eb 84 20 d3 7e 8c ca | unwrapped: 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d 63 21 66 52 | unwrapped: 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 9a 54 db b9 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39865680 | result: final-key@0x55fd4c4d6640 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d6640 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865668 | result: final-key@0x55fd4c4ee4d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4d6640 | prf+N PRF sha final-key@0x55fd4c4ee4d0 (size 20) | prf+N: key-key@0x55fd4c4ee4d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffc398656f8 | result: result-key@0x55fd4c4d6640 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c44c080 | prfplus: release old_t[N]-key@0x55fd4c44c080 | prf+N PRF sha init key-key@0x55fd4c4d4be0 (size 20) | prf+N: key-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865678 | result: clone-key@0x55fd4c44c080 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f161c002b50 from key-key@0x55fd4c44c080 | prf+N prf: begin sha with context 0x7f161c002b50 from key-key@0x55fd4c44c080 | prf+N: release clone-key@0x55fd4c44c080 | prf+N PRF sha crypt-prf@0x55fd4c4e8db8 | prf+N PRF sha update old_t-key@0x55fd4c4ee4d0 (size 20) | prf+N: old_t-key@0x55fd4c4ee4d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4ee4d0 | nss hmac digest hack: symkey-key@0x55fd4c4ee4d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: ed a7 b7 2b b7 87 3c a2 63 e1 f7 07 46 4f a8 85 0e 20 f1 e8 bb f9 5a 49 12 ad e8 36 82 17 e3 21 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x55fd4c4eed08 | unwrapped: b5 48 84 29 af 5f 73 07 94 3c 7e 95 c5 4c 91 77 | unwrapped: 2c 7e be b2 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4e7620 (size 64) | prf+N: seed-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55fd4c4e7620 | nss hmac digest hack: symkey-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1272451581: 2e be f0 da 35 7a a8 a4 69 c2 86 3a 8c 0c e9 11 24 fb ae 4b 58 aa 32 a2 80 67 b0 6a 87 01 ed 8b 45 c2 16 70 68 ba 3a f8 47 57 8a b7 e0 9f 64 0c e1 b2 a6 6f 87 9a e4 5f 32 2c 54 ad af 43 8e af | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 64 bytes at 0x55fd4c4e9158 | unwrapped: 7e ef df b9 e6 c0 95 b6 35 29 54 b9 ca 10 f9 27 | unwrapped: df af 2b 9d e8 b2 43 e8 cb eb 84 20 d3 7e 8c ca | unwrapped: 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d 63 21 66 52 | unwrapped: 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 9a 54 db b9 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39865680 | result: final-key@0x55fd4c4ed620 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4ed620 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865668 | result: final-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4ed620 | prf+N PRF sha final-key@0x55fd4c44c080 (size 20) | prf+N: key-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d6640 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffc398656f8 | result: result-key@0x55fd4c4ed620 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4d6640 | prfplus: release old_t[N]-key@0x55fd4c4ee4d0 | prf+N PRF sha init key-key@0x55fd4c4d4be0 (size 20) | prf+N: key-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865678 | result: clone-key@0x55fd4c4ee4d0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f161c002b50 from key-key@0x55fd4c4ee4d0 | prf+N prf: begin sha with context 0x7f161c002b50 from key-key@0x55fd4c4ee4d0 | prf+N: release clone-key@0x55fd4c4ee4d0 | prf+N PRF sha crypt-prf@0x55fd4c4eed58 | prf+N PRF sha update old_t-key@0x55fd4c44c080 (size 20) | prf+N: old_t-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c44c080 | nss hmac digest hack: symkey-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 10 19 0c 69 1d e6 1f 38 8d 5c 24 d6 8d 01 62 56 44 71 ef 4a ba 37 ae 63 9e bf 00 17 ca a6 ad 7e | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x55fd4c4e8b28 | unwrapped: 24 61 db fe 63 56 4b 39 83 4c 5f 65 c6 16 e6 75 | unwrapped: d2 28 db 05 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4e7620 (size 64) | prf+N: seed-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55fd4c4e7620 | nss hmac digest hack: symkey-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1272451581: 2e be f0 da 35 7a a8 a4 69 c2 86 3a 8c 0c e9 11 24 fb ae 4b 58 aa 32 a2 80 67 b0 6a 87 01 ed 8b 45 c2 16 70 68 ba 3a f8 47 57 8a b7 e0 9f 64 0c e1 b2 a6 6f 87 9a e4 5f 32 2c 54 ad af 43 8e af | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 64 bytes at 0x7f1620002b78 | unwrapped: 7e ef df b9 e6 c0 95 b6 35 29 54 b9 ca 10 f9 27 | unwrapped: df af 2b 9d e8 b2 43 e8 cb eb 84 20 d3 7e 8c ca | unwrapped: 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d 63 21 66 52 | unwrapped: 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 9a 54 db b9 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39865680 | result: final-key@0x55fd4c4d6640 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d6640 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865668 | result: final-key@0x55fd4c4ee4d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4d6640 | prf+N PRF sha final-key@0x55fd4c4ee4d0 (size 20) | prf+N: key-key@0x55fd4c4ee4d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4ed620 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffc398656f8 | result: result-key@0x55fd4c4d6640 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4ed620 | prfplus: release old_t[N]-key@0x55fd4c44c080 | prf+N PRF sha init key-key@0x55fd4c4d4be0 (size 20) | prf+N: key-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865678 | result: clone-key@0x55fd4c44c080 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f161c002b50 from key-key@0x55fd4c44c080 | prf+N prf: begin sha with context 0x7f161c002b50 from key-key@0x55fd4c44c080 | prf+N: release clone-key@0x55fd4c44c080 | prf+N PRF sha crypt-prf@0x55fd4c4e9728 | prf+N PRF sha update old_t-key@0x55fd4c4ee4d0 (size 20) | prf+N: old_t-key@0x55fd4c4ee4d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4ee4d0 | nss hmac digest hack: symkey-key@0x55fd4c4ee4d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 0c 7b 9f 27 fb 8c 66 e6 fa 92 00 6d 01 70 1a 36 cc 6c a2 5a 5f b9 20 cc ca 1e 7c 71 ef 5e 96 f2 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x55fd4c4eed08 | unwrapped: bd 6c 63 92 b1 74 52 0a 0c 8b d0 ba eb 8d c3 77 | unwrapped: 48 1d 57 36 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4e7620 (size 64) | prf+N: seed-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55fd4c4e7620 | nss hmac digest hack: symkey-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1272451581: 2e be f0 da 35 7a a8 a4 69 c2 86 3a 8c 0c e9 11 24 fb ae 4b 58 aa 32 a2 80 67 b0 6a 87 01 ed 8b 45 c2 16 70 68 ba 3a f8 47 57 8a b7 e0 9f 64 0c e1 b2 a6 6f 87 9a e4 5f 32 2c 54 ad af 43 8e af | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 64 bytes at 0x55fd4c4e9158 | unwrapped: 7e ef df b9 e6 c0 95 b6 35 29 54 b9 ca 10 f9 27 | unwrapped: df af 2b 9d e8 b2 43 e8 cb eb 84 20 d3 7e 8c ca | unwrapped: 1a 07 af 14 9b 46 ad a3 95 a9 a4 3d 63 21 66 52 | unwrapped: 72 d7 fa 8d 68 2b 16 f5 91 43 a8 b9 9a 54 db b9 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39865680 | result: final-key@0x55fd4c4ed620 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4ed620 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865668 | result: final-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4ed620 | prf+N PRF sha final-key@0x55fd4c44c080 (size 20) | prf+N: key-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d6640 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffc398656f8 | result: result-key@0x55fd4c4ed620 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4d6640 | prfplus: release old_t[N]-key@0x55fd4c4ee4d0 | prfplus: release old_t[final]-key@0x55fd4c44c080 | child_sa_keymat: release data-key@0x55fd4c4e7620 | key-offset: 0, key-size: 44 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 44-bytes | base: base-key@0x55fd4c4ed620 (100-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398657d8 | result: result-key@0x55fd4c4e7620 (44-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 44 bytes of key@0x55fd4c4e7620 | initiator to responder keys: symkey-key@0x55fd4c4e7620 (44-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x55fd4c4cfe50 (44-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1696620857: 1d 3d 09 9e d8 d9 7e a2 8e c2 03 c1 d2 c9 79 11 0f 81 4a 48 d6 19 9e f3 e9 75 35 ff 7a ef b1 24 18 29 11 f2 3c 7d 4c ca 88 b1 70 fa 1f c7 95 dc | initiator to responder keys: release slot-key-key@0x55fd4c4cfe50 | initiator to responder keys extracted len 48 bytes at 0x7f1614001688 | unwrapped: 1b e1 32 35 f3 c5 2b a8 06 9e a1 aa 09 79 bd dd | unwrapped: c2 53 5e 0c b5 48 84 29 af 5f 73 07 94 3c 7e 95 | unwrapped: c5 4c 91 77 2c 7e be b2 24 61 db fe 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x55fd4c4e7620 | key-offset: 44, key-size: 44 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 44-bytes | base: base-key@0x55fd4c4ed620 (100-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398657d8 | result: result-key@0x55fd4c4e7620 (44-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 44 bytes of key@0x55fd4c4e7620 | responder to initiator keys:: symkey-key@0x55fd4c4e7620 (44-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x55fd4c4cfe50 (44-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1696620857: 28 da 0d dc 6e 3d 3c d2 48 3b 0f 5e 4d 9d b9 3b 0c 7b 9f 27 fb 8c 66 e6 fa 92 00 6d 01 70 1a 36 ed 3b 41 dd 57 76 ee f3 2b 95 56 31 2c 0a c4 78 | responder to initiator keys:: release slot-key-key@0x55fd4c4cfe50 | responder to initiator keys: extracted len 48 bytes at 0x55fd4c4cfd48 | unwrapped: 63 56 4b 39 83 4c 5f 65 c6 16 e6 75 d2 28 db 05 | unwrapped: bd 6c 63 92 b1 74 52 0a 0c 8b d0 ba eb 8d c3 77 | unwrapped: 48 1d 57 36 48 83 34 26 f6 b6 39 14 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x55fd4c4e7620 | ikev2_derive_child_keys: release keymat-key@0x55fd4c4ed620 | #19 spent 2.21 milliseconds | install_ipsec_sa() for #20: inbound and outbound | could_route called for 3des (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn 3des mark 0/00000000, 0/00000000 vs | conn 3des mark 0/00000000, 0/00000000 | route owner of "3des" unrouted: NULL; eroute owner: NULL | looking for alg with encrypt: 3DES_CBC keylen: 192 integ: HMAC_SHA1_96 | encrypt 3DES_CBC keylen=192 transid=3, key_size=24, encryptalg=3 | st->st_esp.keymat_len=44 is encrypt_keymat_size=24 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection '3des' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.6a815278@192.1.2.23 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: 3DES_CBC keylen: 192 integ: HMAC_SHA1_96 | encrypt 3DES_CBC keylen=192 transid=3, key_size=24, encryptalg=3 | st->st_esp.keymat_len=44 is encrypt_keymat_size=24 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection '3des' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.8ec98d3f@192.1.2.45 included non-error error | priority calculation of connection "3des" is 0xfe7e7 | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #20: unrouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn 3des mark 0/00000000, 0/00000000 vs | conn 3des mark 0/00000000, 0/00000000 | route owner of "3des" unrouted: NULL; eroute owner: NULL | route_and_eroute with c: 3des (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #20 | priority calculation of connection "3des" is 0xfe7e7 | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16424' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x6a815278 SPI_OUT=0x | popen cmd is 1023 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFA: | cmd( 80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' : | cmd( 160):PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_M: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1642: | cmd( 320):4' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_: | cmd( 400):CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK=': | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+: | cmd( 640):IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PL: | cmd( 720):UTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS: | cmd( 800):_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLU: | cmd( 880):TO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR: | cmd( 960):ED='no' SPI_IN=0x6a815278 SPI_OUT=0x8ec98d3f ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | running updown command "ipsec _updown" for verb prepare | command executing prepare-client | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16424' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x6a815278 | popen cmd is 1028 chars long | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_IN: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@w: | cmd( 160):est' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLI: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: | cmd( 320):'16424' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_: | cmd( 400):PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_M: | cmd( 480):ASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='': | cmd( 560): PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PF: | cmd( 640):S+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANEN: | cmd( 720):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: | cmd( 800):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: | cmd( 880):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: | cmd( 960):_SHARED='no' SPI_IN=0x6a815278 SPI_OUT=0x8ec98d3f ipsec _updown 2>&1: | running updown command "ipsec _updown" for verb route | command executing route-client | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16424' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x6a815278 SPI_ | popen cmd is 1026 chars long | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTE: | cmd( 80):RFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@wes: | cmd( 160):t' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIEN: | cmd( 240):T_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1: | cmd( 320):6424' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PE: | cmd( 400):ER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MAS: | cmd( 480):K='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' P: | cmd( 560):LUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+: | cmd( 640):UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT': | cmd( 720): PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_: | cmd( 800):DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' : | cmd( 880):PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S: | cmd( 960):HARED='no' SPI_IN=0x6a815278 SPI_OUT=0x8ec98d3f ipsec _updown 2>&1: | route_and_eroute: instance "3des", setting eroute_owner {spd=0x55fd4c4ee818,sr=0x55fd4c4ee818} to #20 (was #0) (newest_ipsec_sa=#0) | #19 spent 2.18 milliseconds in install_ipsec_sa() | inR2: instance 3des[0], setting IKEv2 newest_ipsec_sa to #20 (was #0) (spd.eroute=#20) cloned from #19 | state #20 requesting EVENT_RETRANSMIT to be deleted | #20 STATE_PARENT_I2: retransmits: cleared | libevent_free: release ptr-libevent@0x55fd4c4eb208 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f1610002b78 | #20 spent 4.06 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() | [RE]START processing: state #20 connection "3des" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #20 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I | child state #20: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) | Message ID: updating counters for #20 to 1 after switching state | Message ID: recv #19.#20 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 | Message ID: #19.#20 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 | pstats #20 ikev2.child established "3des" #20: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] | NAT-T: encaps is 'auto' "3des" #20: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x6a815278 <0x8ec98d3f xfrm=3DES_CBC-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | releasing whack for #20 (sock=fd@25) | close_any(fd@25) (in release_whack() at state.c:654) | releasing whack and unpending for parent #19 | unpending state #19 connection "3des" | delete from pending Child SA with 192.1.2.23 "3des" | removing pending policy for no connection {0x55fd4c4db198} | close_any(fd@24) (in release_whack() at state.c:654) | #20 will start re-keying in 27846 seconds with margin of 954 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x7f1610002b78 | inserting event EVENT_SA_REKEY, timeout in 27846 seconds for #20 | libevent_malloc: new ptr-libevent@0x55fd4c4e8d08 size 128 | stop processing: state #20 connection "3des" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #19 spent 4.54 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 4.56 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00422 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00265 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00282 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | get_sa_info esp.8ec98d3f@192.1.2.45 | get_sa_info esp.6a815278@192.1.2.23 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0788 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in terminate_a_connection() at terminate.c:69) "3des": terminating SAs using this connection | connection '3des' -POLICY_UP | FOR_EACH_STATE_... in shared_phase1_connection | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #20 | suspend processing: connection "3des" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #20 connection "3des" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #20 ikev2.child deleted completed | #20 spent 4.06 milliseconds in total | [RE]START processing: state #20 connection "3des" from 192.1.2.23 (in delete_state() at state.c:879) "3des" #20: deleting state (STATE_V2_IPSEC_I) aged 0.093s and sending notification | child state #20: V2_IPSEC_I(established CHILD SA) => delete | get_sa_info esp.6a815278@192.1.2.23 | get_sa_info esp.8ec98d3f@192.1.2.45 "3des" #20: ESP traffic information: in=84B out=84B | #20 send IKEv2 delete notification for STATE_V2_IPSEC_I | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | b4 9f d5 a5 56 78 42 52 | responder cookie: | 64 8b 3f f5 9a 68 9d 5a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting 4 raw bytes of local spis into IKEv2 Delete Payload | local spis 8e c9 8d 3f | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 40 | emitting length of ISAKMP Message: 68 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | a1 5b e9 60 c7 85 47 d6 | data before encryption: | 00 00 00 0c 03 04 00 01 8e c9 8d 3f 00 01 02 03 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | d7 de 3b 4d c7 23 da 35 8f c4 b2 3d 83 65 88 cd | hmac PRF sha init symkey-key@0x55fd4c4d6a20 (size 20) | hmac: symkey-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39862628 | result: clone-key@0x55fd4c4ed620 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f161c002b50 from symkey-key@0x55fd4c4ed620 | hmac prf: begin sha with context 0x7f161c002b50 from symkey-key@0x55fd4c4ed620 | hmac: release clone-key@0x55fd4c4ed620 | hmac PRF sha crypt-prf@0x55fd4c4e9728 | hmac PRF sha update data-bytes@0x7ffc39862a00 (length 56) | b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | a1 5b e9 60 c7 85 47 d6 d7 de 3b 4d c7 23 da 35 | 8f c4 b2 3d 83 65 88 cd | hmac PRF sha final-bytes@0x7ffc39862a38 (length 20) | ec 37 47 27 71 30 ce 01 c4 bd 62 b8 1f 6a c1 fc | 41 fd 6a cf | data being hmac: b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | data being hmac: 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | data being hmac: a1 5b e9 60 c7 85 47 d6 d7 de 3b 4d c7 23 da 35 | data being hmac: 8f c4 b2 3d 83 65 88 cd | out calculated auth: | ec 37 47 27 71 30 ce 01 c4 bd 62 b8 | sending 68 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #20) | b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | a1 5b e9 60 c7 85 47 d6 d7 de 3b 4d c7 23 da 35 | 8f c4 b2 3d 83 65 88 cd ec 37 47 27 71 30 ce 01 | c4 bd 62 b8 | Message ID: IKE #19 sender #20 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 | Message ID: IKE #19 sender #20 in send_delete hacking around record ' send | Message ID: sent #19 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->2 wip.responder=-1 | state #20 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x55fd4c4e8d08 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f1610002b78 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16424' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844018' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x6a815278 | popen cmd is 1031 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west: | cmd( 160):' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):424' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='1566844018' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUN: | cmd( 640):NEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMA: | cmd( 720):NENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_: | cmd( 800):PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER: | cmd( 880):='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' : | cmd( 960):VTI_SHARED='no' SPI_IN=0x6a815278 SPI_OUT=0x8ec98d3f ipsec _updown 2>&1: | shunt_eroute() called for connection '3des' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "3des" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.6a815278@192.1.2.23 | netlink response for Del SA esp.6a815278@192.1.2.23 included non-error error | priority calculation of connection "3des" is 0xfe7e7 | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | delete esp.8ec98d3f@192.1.2.45 | netlink response for Del SA esp.8ec98d3f@192.1.2.45 included non-error error | stop processing: connection "3des" (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection 3des | State DB: deleting IKEv2 state #20 in V2_IPSEC_I | child state #20: V2_IPSEC_I(established CHILD SA) => UNDEFINED(ignore) | stop processing: state #20 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x55fd4c4d4be0 | delete_state: release st->st_skey_ai_nss-key@0x55fd4c4d6a20 | delete_state: release st->st_skey_ar_nss-key@0x55fd4c4d3130 | delete_state: release st->st_skey_ei_nss-key@0x55fd4c4cd5b0 | delete_state: release st->st_skey_er_nss-key@0x55fd4c4ecc80 | delete_state: release st->st_skey_pi_nss-key@0x7f1618006bb0 | delete_state: release st->st_skey_pr_nss-key@0x7f161800d840 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #19 | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #19 | start processing: state #19 connection "3des" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #19 ikev2.ike deleted completed | #19 spent 10.9 milliseconds in total | [RE]START processing: state #19 connection "3des" from 192.1.2.23 (in delete_state() at state.c:879) "3des" #19: deleting state (STATE_PARENT_I3) aged 0.112s and sending notification | parent state #19: PARENT_I3(established IKE SA) => delete | #19 send IKEv2 delete notification for STATE_PARENT_I3 | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | b4 9f d5 a5 56 78 42 52 | responder cookie: | 64 8b 3f f5 9a 68 9d 5a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting length of IKEv2 Delete Payload: 8 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 40 | emitting length of ISAKMP Message: 68 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | ab 0d 66 af 01 50 d3 17 | data before encryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | a1 82 60 ad 92 c8 23 3f d8 41 fc 68 97 b0 3a d9 | hmac PRF sha init symkey-key@0x55fd4c4d6a20 (size 20) | hmac: symkey-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39862628 | result: clone-key@0x55fd4c4ed620 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f1610002b50 from symkey-key@0x55fd4c4ed620 | hmac prf: begin sha with context 0x7f1610002b50 from symkey-key@0x55fd4c4ed620 | hmac: release clone-key@0x55fd4c4ed620 | hmac PRF sha crypt-prf@0x55fd4c4e96d8 | hmac PRF sha update data-bytes@0x7ffc39862a00 (length 56) | b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | ab 0d 66 af 01 50 d3 17 a1 82 60 ad 92 c8 23 3f | d8 41 fc 68 97 b0 3a d9 | hmac PRF sha final-bytes@0x7ffc39862a38 (length 20) | 24 69 52 b9 94 61 df 2a 8f f4 54 3f 1b 91 ba 2d | e4 16 06 94 | data being hmac: b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | data being hmac: 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | data being hmac: ab 0d 66 af 01 50 d3 17 a1 82 60 ad 92 c8 23 3f | data being hmac: d8 41 fc 68 97 b0 3a d9 | out calculated auth: | 24 69 52 b9 94 61 df 2a 8f f4 54 3f | sending 68 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #19) | b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | ab 0d 66 af 01 50 d3 17 a1 82 60 ad 92 c8 23 3f | d8 41 fc 68 97 b0 3a d9 24 69 52 b9 94 61 df 2a | 8f f4 54 3f | Message ID: IKE #19 sender #19 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 | Message ID: IKE #19 sender #19 in send_delete hacking around record ' send | Message ID: #19 XXX: expecting sender.wip.initiator 2 == -1 - suspect record'n'send out-of-order?); initiator.sent=3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=3 wip.responder=-1 | Message ID: sent #19 request 3; ike: initiator.sent=2->3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=2->3 wip.responder=-1 | state #19 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7f1608005088 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f160c002b78 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection 3des | State DB: deleting IKEv2 state #19 in PARENT_I3 | parent state #19: PARENT_I3(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f1614003828: destroyed | stop processing: state #19 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x7f161800a0e0 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x55fd4c4d4be0 | delete_state: release st->st_skey_ai_nss-key@0x55fd4c4d6a20 | delete_state: release st->st_skey_ar_nss-key@0x55fd4c4d3130 | delete_state: release st->st_skey_ei_nss-key@0x55fd4c4cd5b0 | delete_state: release st->st_skey_er_nss-key@0x55fd4c4ecc80 | delete_state: release st->st_skey_pi_nss-key@0x7f1618006bb0 | delete_state: release st->st_skey_pr_nss-key@0x7f161800d840 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.68 milliseconds in whack | spent 0.00153 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 68 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | 2e 20 25 20 00 00 00 02 00 00 00 44 2a 00 00 28 | 02 6b 47 77 71 45 9e 3a ae 5f f4 37 ea 55 c4 51 | 41 d3 19 fa eb 36 07 0c 1c b3 5b 51 66 d1 b5 83 | 0a 2a f1 9c | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | b4 9f d5 a5 56 78 42 52 | responder cookie: | 64 8b 3f f5 9a 68 9d 5a | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | length: 68 (0x44) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0566 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.0038 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00157 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 60 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | b4 9f d5 a5 56 78 42 52 64 8b 3f f5 9a 68 9d 5a | 2e 20 25 20 00 00 00 03 00 00 00 3c 00 00 00 20 | 18 88 68 12 c4 29 5f c1 a4 ca 01 e2 03 36 c5 8d | a3 83 d6 6f ee 43 f0 77 cc d6 30 43 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | b4 9f d5 a5 56 78 42 52 | responder cookie: | 64 8b 3f f5 9a 68 9d 5a | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | length: 60 (0x3c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0496 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in terminate_a_connection() at terminate.c:69) "3des": terminating SAs using this connection | connection '3des' -POLICY_UP | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | stop processing: connection "3des" (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | shunt_eroute() called for connection '3des' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "3des" is 0xfe7e7 | priority calculation of connection "3des" is 0xfe7e7 | FOR_EACH_CONNECTION_... in route_owner | conn 3des mark 0/00000000, 0/00000000 vs | conn 3des mark 0/00000000, 0/00000000 | route owner of "3des" unrouted: NULL | running updown command "ipsec _updown" for verb unroute | command executing unroute-client | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16424' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0 | popen cmd is 1012 chars long | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_IN: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@w: | cmd( 160):est' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLI: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: | cmd( 320):'16424' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO: | cmd( 400):_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_: | cmd( 480):MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=': | cmd( 560):' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+P: | cmd( 640):FS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT': | cmd( 720): PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_: | cmd( 800):DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' : | cmd( 880):PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S: | cmd( 960):HARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. | free hp@0x55fd4c4e8e78 | flush revival: connection '3des' wasn't on the list | stop processing: connection "3des" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.916 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00488 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing suppress-retransmits + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0597 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + delete-on-retransmit | base impairing = delete-on-retransmit | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0494 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | ike-key-length-attribute:0 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.057 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection 3des with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: 3DES_CBC-HMAC_SHA1-MODP2048 | from whack: got --esp=3des-sha1;modp2048 | ESP/AH string values: 3DES_CBC-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x55fd4c4e8e78 added connection description "3des" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.178 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in initiate_a_connection() at initiate.c:186) | connection '3des' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #21 at 0x55fd4c4ed818 | State DB: adding IKEv2 state #21 in UNDEFINED | pstats #21 ikev2.ike started | Message ID: init #21: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #21: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #21; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "3des" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #21 connection "3des" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "3des" IKE SA #21 "3des" "3des" #21: initiating v2 parent SA | constructing local IKE proposals for 3des (IKE SA initiator selecting KE) | converting ike_info 3DES_CBC-HMAC_SHA1-MODP2048 to ikev2 ... | omitting IKEv2 PROTO_v2_IKE 3des_cbc ENCRYPT transform key-length | ... ikev2_proposal: 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "3des": constructed local IKE proposals for 3des (IKE SA initiator selecting KE): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 21 for state #21 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f160c002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #21 | libevent_malloc: new ptr-libevent@0x55fd4c4eaeb8 size 128 | #21 spent 0.136 milliseconds in ikev2_parent_outI1() | crypto helper 4 resuming | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 4 starting work-order 21 for state #21 | RESET processing: state #21 connection "3des" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 4 doing build KE and nonce (ikev2_outI1 KE); request ID 21 | RESET processing: connection "3des" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | NSS: Value of Prime: | spent 0.204 milliseconds in whack | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f160c006788: created | NSS: Local DH MODP2048 secret (pointer): 0x7f160c006788 | NSS: Public DH wire value: | 46 71 e7 56 e8 56 e2 84 f7 80 b1 1e ce d9 e0 1a | e9 d8 6a 1b 5d 2d 03 9b ef 6f 27 3f 50 1c a3 b8 | 55 91 84 1c 14 9b 9e 45 89 09 86 5d dc 91 49 c0 | 18 9f e5 dc 25 6c 33 aa 83 23 94 73 76 70 c2 f7 | d8 6b 99 02 d4 47 f4 21 14 eb 01 33 5e 07 8c 79 | b1 c6 a7 1f 70 19 14 24 c9 dd 12 0d b7 d3 ee 91 | 83 77 65 b4 29 2c 65 4d ac e3 c8 cc 41 cc 84 2a | fe ed 9f cb 25 ae 1e c6 6d 52 f9 67 04 42 69 03 | 9d b3 6b 11 b9 9f bc 7d 55 47 a4 7b 40 78 fe 96 | ee fa 59 66 0a 70 a8 bc 94 5a c9 8d a4 88 ba 18 | 24 b0 8b 5d 93 63 37 cd 6a ae b1 92 60 72 75 cb | 17 fe 93 f7 1b 45 11 52 e4 31 99 6e a5 f3 df 00 | ee 1d 3a e8 5a f3 3e 9b 8f 4e 76 d3 88 2f 12 0c | 02 58 af e8 92 2f e0 d6 29 c5 1f e9 10 de 74 16 | 1a 50 4e 98 6f e2 a3 75 a4 f7 cd b6 da 83 cf d7 | 02 ad 83 34 f5 b7 45 e6 64 a6 8d 11 90 b8 d9 0d | Generated nonce: 52 42 a6 4f b9 ae d7 f0 18 e1 f6 13 b3 0b 6b b8 | Generated nonce: f0 35 2d cd b9 3e 0a 80 df 34 34 5c e7 12 d0 26 | crypto helper 4 finished build KE and nonce (ikev2_outI1 KE); request ID 21 time elapsed 0.00076 seconds | (#21) spent 0.759 milliseconds in crypto helper computing work-order 21: ikev2_outI1 KE (pcr) | crypto helper 4 sending results from work-order 21 for state #21 to event queue | scheduling resume sending helper answer for #21 | libevent_malloc: new ptr-libevent@0x7f160c0060e8 size 128 | crypto helper 4 waiting (nothing to do) | processing resume sending helper answer for #21 | start processing: state #21 connection "3des" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 4 replies to request ID 21 | calling continuation function 0x55fd4bceeb50 | ikev2_parent_outI1_continue for #21 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f160c006788: transferring ownership from helper KE to state #21 | **emit ISAKMP Message: | initiator cookie: | 31 91 a7 e4 1f 1e 39 2b | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection 3des (IKE SA initiator emitting local proposals): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "3des" #21: IMPAIR: emitting fixed-length key-length attribute with 0 key | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 0 (0x0) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 46 71 e7 56 e8 56 e2 84 f7 80 b1 1e ce d9 e0 1a | ikev2 g^x e9 d8 6a 1b 5d 2d 03 9b ef 6f 27 3f 50 1c a3 b8 | ikev2 g^x 55 91 84 1c 14 9b 9e 45 89 09 86 5d dc 91 49 c0 | ikev2 g^x 18 9f e5 dc 25 6c 33 aa 83 23 94 73 76 70 c2 f7 | ikev2 g^x d8 6b 99 02 d4 47 f4 21 14 eb 01 33 5e 07 8c 79 | ikev2 g^x b1 c6 a7 1f 70 19 14 24 c9 dd 12 0d b7 d3 ee 91 | ikev2 g^x 83 77 65 b4 29 2c 65 4d ac e3 c8 cc 41 cc 84 2a | ikev2 g^x fe ed 9f cb 25 ae 1e c6 6d 52 f9 67 04 42 69 03 | ikev2 g^x 9d b3 6b 11 b9 9f bc 7d 55 47 a4 7b 40 78 fe 96 | ikev2 g^x ee fa 59 66 0a 70 a8 bc 94 5a c9 8d a4 88 ba 18 | ikev2 g^x 24 b0 8b 5d 93 63 37 cd 6a ae b1 92 60 72 75 cb | ikev2 g^x 17 fe 93 f7 1b 45 11 52 e4 31 99 6e a5 f3 df 00 | ikev2 g^x ee 1d 3a e8 5a f3 3e 9b 8f 4e 76 d3 88 2f 12 0c | ikev2 g^x 02 58 af e8 92 2f e0 d6 29 c5 1f e9 10 de 74 16 | ikev2 g^x 1a 50 4e 98 6f e2 a3 75 a4 f7 cd b6 da 83 cf d7 | ikev2 g^x 02 ad 83 34 f5 b7 45 e6 64 a6 8d 11 90 b8 d9 0d | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 52 42 a6 4f b9 ae d7 f0 18 e1 f6 13 b3 0b 6b b8 | IKEv2 nonce f0 35 2d cd b9 3e 0a 80 df 34 34 5c e7 12 d0 26 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865e90 (length 8) | 31 91 a7 e4 1f 1e 39 2b | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865e98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffc39865dc4 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffc39865db6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865e40 (length 20) | 03 00 a3 52 49 3e fe a5 38 fc db fa 93 87 a2 04 | d8 af dc 29 | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= 31 91 a7 e4 1f 1e 39 2b | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 03 00 a3 52 49 3e fe a5 38 fc db fa 93 87 a2 04 | natd_hash: hash= d8 af dc 29 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 03 00 a3 52 49 3e fe a5 38 fc db fa 93 87 a2 04 | Notify data d8 af dc 29 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865e90 (length 8) | 31 91 a7 e4 1f 1e 39 2b | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865e98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffc39865dc4 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffc39865db6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865e40 (length 20) | 15 5b 2e 20 43 8e 57 54 6c 02 96 4e d2 c9 5e 89 | af 57 d6 d1 | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= 31 91 a7 e4 1f 1e 39 2b | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 15 5b 2e 20 43 8e 57 54 6c 02 96 4e d2 c9 5e 89 | natd_hash: hash= af 57 d6 d1 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 15 5b 2e 20 43 8e 57 54 6c 02 96 4e d2 c9 5e 89 | Notify data af 57 d6 d1 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #21 connection "3des" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #21 connection "3des" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #21 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #21: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #21 to 4294967295 after switching state | Message ID: IKE #21 skipping update_recv as MD is fake | Message ID: sent #21 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "3des" #21: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #21) | 31 91 a7 e4 1f 1e 39 2b 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 46 71 e7 56 e8 56 e2 84 f7 80 b1 1e | ce d9 e0 1a e9 d8 6a 1b 5d 2d 03 9b ef 6f 27 3f | 50 1c a3 b8 55 91 84 1c 14 9b 9e 45 89 09 86 5d | dc 91 49 c0 18 9f e5 dc 25 6c 33 aa 83 23 94 73 | 76 70 c2 f7 d8 6b 99 02 d4 47 f4 21 14 eb 01 33 | 5e 07 8c 79 b1 c6 a7 1f 70 19 14 24 c9 dd 12 0d | b7 d3 ee 91 83 77 65 b4 29 2c 65 4d ac e3 c8 cc | 41 cc 84 2a fe ed 9f cb 25 ae 1e c6 6d 52 f9 67 | 04 42 69 03 9d b3 6b 11 b9 9f bc 7d 55 47 a4 7b | 40 78 fe 96 ee fa 59 66 0a 70 a8 bc 94 5a c9 8d | a4 88 ba 18 24 b0 8b 5d 93 63 37 cd 6a ae b1 92 | 60 72 75 cb 17 fe 93 f7 1b 45 11 52 e4 31 99 6e | a5 f3 df 00 ee 1d 3a e8 5a f3 3e 9b 8f 4e 76 d3 | 88 2f 12 0c 02 58 af e8 92 2f e0 d6 29 c5 1f e9 | 10 de 74 16 1a 50 4e 98 6f e2 a3 75 a4 f7 cd b6 | da 83 cf d7 02 ad 83 34 f5 b7 45 e6 64 a6 8d 11 | 90 b8 d9 0d 29 00 00 24 52 42 a6 4f b9 ae d7 f0 | 18 e1 f6 13 b3 0b 6b b8 f0 35 2d cd b9 3e 0a 80 | df 34 34 5c e7 12 d0 26 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 03 00 a3 52 49 3e fe a5 | 38 fc db fa 93 87 a2 04 d8 af dc 29 00 00 00 1c | 00 00 40 05 15 5b 2e 20 43 8e 57 54 6c 02 96 4e | d2 c9 5e 89 af 57 d6 d1 | state #21 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55fd4c4eaeb8 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f160c002b78 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x7f160c002b78 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #21 | libevent_malloc: new ptr-libevent@0x55fd4c4e8d08 size 128 | #21 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29304.989375 | resume sending helper answer for #21 suppresed complete_v2_state_transition() and stole MD | #21 spent 0.391 milliseconds in resume sending helper answer | stop processing: state #21 connection "3des" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f160c0060e8 | spent 0.00314 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 436 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | 2f c2 e4 d2 02 ee df 01 45 9f 87 55 13 94 c0 5c | 19 4e 6d 9f 48 7a 8f df 5d 23 9e 55 6b bf 07 36 | af 0a d5 71 c2 78 ab 14 78 b8 45 3a 73 8f 98 46 | 60 41 88 72 b6 6d 01 f7 4e 20 b6 d7 75 be ee 58 | 4f 5f 4f 19 e2 e2 06 3d 66 9d 1a 50 3e 5a 35 af | c0 3e d9 aa b4 d8 bc e0 1f bb 4c 46 ac b0 d2 95 | aa cf 7f 9a 23 90 b1 6d 7b a7 4a 88 37 63 37 dd | 64 c4 b8 3d 96 90 79 ee 7e 7e 6d 51 06 f4 44 54 | fc 36 ff f1 13 ac 66 bd a6 dc aa 11 45 a8 2c 2a | 4c b7 2e 44 91 ef b2 1a e1 56 c3 d7 de b7 79 70 | d1 61 02 d9 6e 32 5b 5b 4e b9 94 34 13 97 78 1f | d6 cd 1e ba 9f 40 bb 2c 34 4e 4c 93 b4 aa 85 7b | 82 a4 34 d8 80 ac bc bf 72 98 1e e9 e9 9a bf 18 | de 43 03 15 d7 d5 6b ac 64 0b 19 83 b3 8c a0 1b | 81 33 12 98 7b c1 4e 27 b7 7c 6f 45 4e 4e ed 51 | b9 31 62 d4 ac 0f 9b b2 6f b4 69 b2 33 02 73 77 | 29 00 00 24 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a | 7a 20 e0 9c cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 | 48 39 54 9a 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 0c b0 56 2e ed 28 d2 10 0f a5 5b 50 | e0 ea 20 ee a7 44 de 9d 00 00 00 1c 00 00 40 05 | 4a fb 76 88 f0 e9 69 db f5 bf 78 75 73 09 5a a7 | 4e a4 a3 46 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 31 91 a7 e4 1f 1e 39 2b | responder cookie: | 3c ff 26 95 49 7e 55 86 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 436 (0x1b4) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #21 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #21 connection "3des" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #21 connection "3des" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #21 is idle | #21 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | State DB: re-hashing IKEv2 state #21 IKE SPIi and SPI[ir] | #21 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | DH public value received: | 2f c2 e4 d2 02 ee df 01 45 9f 87 55 13 94 c0 5c | 19 4e 6d 9f 48 7a 8f df 5d 23 9e 55 6b bf 07 36 | af 0a d5 71 c2 78 ab 14 78 b8 45 3a 73 8f 98 46 | 60 41 88 72 b6 6d 01 f7 4e 20 b6 d7 75 be ee 58 | 4f 5f 4f 19 e2 e2 06 3d 66 9d 1a 50 3e 5a 35 af | c0 3e d9 aa b4 d8 bc e0 1f bb 4c 46 ac b0 d2 95 | aa cf 7f 9a 23 90 b1 6d 7b a7 4a 88 37 63 37 dd | 64 c4 b8 3d 96 90 79 ee 7e 7e 6d 51 06 f4 44 54 | fc 36 ff f1 13 ac 66 bd a6 dc aa 11 45 a8 2c 2a | 4c b7 2e 44 91 ef b2 1a e1 56 c3 d7 de b7 79 70 | d1 61 02 d9 6e 32 5b 5b 4e b9 94 34 13 97 78 1f | d6 cd 1e ba 9f 40 bb 2c 34 4e 4c 93 b4 aa 85 7b | 82 a4 34 d8 80 ac bc bf 72 98 1e e9 e9 9a bf 18 | de 43 03 15 d7 d5 6b ac 64 0b 19 83 b3 8c a0 1b | 81 33 12 98 7b c1 4e 27 b7 7c 6f 45 4e 4e ed 51 | b9 31 62 d4 ac 0f 9b b2 6f b4 69 b2 33 02 73 77 | using existing local IKE proposals for connection 3des (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE initiator (accepting) 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | remote proposal 1 transform 0 (ENCR=3DES) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: 3DES=3, found 3DES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865950 (length 8) | 31 91 a7 e4 1f 1e 39 2b | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865958 (length 8) | 3c ff 26 95 49 7e 55 86 | NATD hash sha digest IP addr-bytes@0x7ffc398658e4 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffc398658d6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865960 (length 20) | 4a fb 76 88 f0 e9 69 db f5 bf 78 75 73 09 5a a7 | 4e a4 a3 46 | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= 31 91 a7 e4 1f 1e 39 2b | natd_hash: rcookie= 3c ff 26 95 49 7e 55 86 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 4a fb 76 88 f0 e9 69 db f5 bf 78 75 73 09 5a a7 | natd_hash: hash= 4e a4 a3 46 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865950 (length 8) | 31 91 a7 e4 1f 1e 39 2b | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865958 (length 8) | 3c ff 26 95 49 7e 55 86 | NATD hash sha digest IP addr-bytes@0x7ffc398658e4 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffc398658d6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865980 (length 20) | 0c b0 56 2e ed 28 d2 10 0f a5 5b 50 e0 ea 20 ee | a7 44 de 9d | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= 31 91 a7 e4 1f 1e 39 2b | natd_hash: rcookie= 3c ff 26 95 49 7e 55 86 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 0c b0 56 2e ed 28 d2 10 0f a5 5b 50 e0 ea 20 ee | natd_hash: hash= a7 44 de 9d | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=3DES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f160c006788: transferring ownership from state #21 to helper IKEv2 DH | adding ikev2_inR1outI2 KE work-order 22 for state #21 | state #21 requesting EVENT_RETRANSMIT to be deleted | #21 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x55fd4c4e8d08 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f160c002b78 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f160c002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #21 | libevent_malloc: new ptr-libevent@0x7f160c0060e8 size 128 | #21 spent 0.268 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | [RE]START processing: state #21 connection "3des" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #21 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #21 and saving MD | crypto helper 1 resuming | #21 is busy; has a suspended MD | crypto helper 1 starting work-order 22 for state #21 | [RE]START processing: state #21 connection "3des" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) | crypto helper 1 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 22 | "3des" #21 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | peer's g: 2f c2 e4 d2 02 ee df 01 45 9f 87 55 13 94 c0 5c | peer's g: 19 4e 6d 9f 48 7a 8f df 5d 23 9e 55 6b bf 07 36 | peer's g: af 0a d5 71 c2 78 ab 14 78 b8 45 3a 73 8f 98 46 | peer's g: 60 41 88 72 b6 6d 01 f7 4e 20 b6 d7 75 be ee 58 | peer's g: 4f 5f 4f 19 e2 e2 06 3d 66 9d 1a 50 3e 5a 35 af | peer's g: c0 3e d9 aa b4 d8 bc e0 1f bb 4c 46 ac b0 d2 95 | peer's g: aa cf 7f 9a 23 90 b1 6d 7b a7 4a 88 37 63 37 dd | peer's g: 64 c4 b8 3d 96 90 79 ee 7e 7e 6d 51 06 f4 44 54 | peer's g: fc 36 ff f1 13 ac 66 bd a6 dc aa 11 45 a8 2c 2a | peer's g: 4c b7 2e 44 91 ef b2 1a e1 56 c3 d7 de b7 79 70 | peer's g: d1 61 02 d9 6e 32 5b 5b 4e b9 94 34 13 97 78 1f | peer's g: d6 cd 1e ba 9f 40 bb 2c 34 4e 4c 93 b4 aa 85 7b | peer's g: 82 a4 34 d8 80 ac bc bf 72 98 1e e9 e9 9a bf 18 | peer's g: de 43 03 15 d7 d5 6b ac 64 0b 19 83 b3 8c a0 1b | peer's g: 81 33 12 98 7b c1 4e 27 b7 7c 6f 45 4e 4e ed 51 | peer's g: b9 31 62 d4 ac 0f 9b b2 6f b4 69 b2 33 02 73 77 | stop processing: state #21 connection "3des" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | Started DH shared-secret computation in NSS: | #21 spent 0.557 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.572 milliseconds in comm_handle_cb() reading and processing packet | new : g_ir-key@0x7f161800d840 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f160c006788: computed shared DH secret key@0x7f161800d840 | dh-shared : g^ir-key@0x7f161800d840 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=24 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f16200014e8 (length 64) | 52 42 a6 4f b9 ae d7 f0 18 e1 f6 13 b3 0b 6b b8 | f0 35 2d cd b9 3e 0a 80 df 34 34 5c e7 12 d0 26 | 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a 7a 20 e0 9c | cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 48 39 54 9a | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162a6316e0 | result: Ni | Nr-key@0x55fd4c4ecc80 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x55fd4c4ecc80 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a6316c8 | result: Ni | Nr-key@0x7f1618006bb0 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x55fd4c4ecc80 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f1620003b00 from Ni | Nr-key@0x7f1618006bb0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f1620003b00 from Ni | Nr-key@0x7f1618006bb0 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x7f1618006bb0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f1620002b28 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x7f161800d840 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x7f161800d840 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x7f161800d840 | nss hmac digest hack: symkey-key@0x7f161800d840 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)1272357058: 6b 95 43 96 73 56 f9 90 db 2a be 01 38 13 cf 6c 6a 2d d8 cc 21 b6 c0 a2 1e b3 78 0c 9e 94 fb 19 12 12 31 80 d1 81 c0 cd 29 f4 9a f8 1d 50 ba 33 19 6e 27 03 63 8e fc 71 2b 85 49 46 9a 12 7a a2 51 3d 38 ec 46 7d d8 97 66 2f c4 23 29 df dc 37 9a bd 90 3d 08 be 00 9f 73 94 e0 0c f6 db 95 ef 41 49 54 fd 22 4b 0e d8 5f c2 e5 1f 00 a8 ee 7d 99 7d fa 78 5c 86 90 7f e0 89 a7 af e5 12 e5 f7 7a 59 7f 67 b5 a0 46 11 c9 d7 5b d9 16 46 4a 53 d7 4d 21 04 14 c3 0e 2f f3 e1 2b 95 62 d3 72 52 14 7e a0 8b 8a c6 ad 5f ff 1c 74 fc 96 e6 90 c8 db c7 bb f6 73 99 76 15 49 78 c0 d0 09 f6 77 33 d9 1e a1 c7 82 67 b6 5a 30 9a 91 a6 35 cf 5a d7 05 33 50 72 cf 5b 3e ed 87 fb be e0 06 ab b9 f9 57 af 81 ab 18 31 4a 2c f2 94 6b f0 b1 28 a5 85 98 0e 51 09 d7 27 47 81 a2 e6 7e 02 f5 67 4a e6 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 256 bytes at 0x7f1620006b28 | unwrapped: 7c 26 7d dc 6b d7 46 4b 70 56 4b c4 b8 9a b2 ac | unwrapped: ca 82 31 29 7a 90 5c ba c3 35 32 97 70 32 73 bc | unwrapped: 7e 5e b0 15 50 0f ce 64 6c a4 29 c7 7c 68 2e 57 | unwrapped: 76 a6 4a 58 fd e5 f8 4f 1c ed 58 13 d5 3e 20 2b | unwrapped: 0c 1d 7d ab bd 09 bf 92 67 75 39 04 b1 09 6c ee | unwrapped: 5d 1d 3f f1 75 56 53 4c 78 ce a9 03 c6 21 d6 d0 | unwrapped: f4 3a 11 8e 98 a8 14 c7 d3 59 8d df db a3 a1 33 | unwrapped: 85 ed 0d f3 e6 91 99 19 4e 00 24 cd d6 7d a9 23 | unwrapped: 92 39 91 62 27 d9 d0 73 1b db 1c ac 7c d4 9d ce | unwrapped: 9f 3e 0e f3 c7 52 27 24 a7 85 88 7f 94 0b 6e 18 | unwrapped: cb c4 e2 b1 0f 37 59 f8 7a fd fe ef ae 8b 43 01 | unwrapped: e1 ef 0c a3 84 04 ac 1d d5 43 97 28 43 d4 78 12 | unwrapped: 08 10 c2 5d c9 04 3d 1c e5 bd a0 7d 54 aa 4d b6 | unwrapped: c0 c2 4f c0 26 aa d2 04 3a 43 d6 ba 7e 8a 01 5e | unwrapped: 8d 90 2d e0 ad 03 f7 76 0c a8 4f 8a 20 e0 9f 47 | unwrapped: 0d 8f 5c bb f9 90 cc 97 25 a2 7c 8a aa be 7a f4 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162a631700 | result: final-key@0x55fd4c4ecc80 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4ecc80 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a6316e8 | result: final-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4ecc80 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x7f1618006bb0 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162a631670 | result: data=Ni-key@0x55fd4c4cd5b0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x55fd4c4cd5b0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a631658 | result: data=Ni-key@0x55fd4c4ecc80 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x55fd4c4cd5b0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4ecc80 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f162a631660 | result: data+=Nr-key@0x55fd4c4cd5b0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55fd4c4ecc80 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4cd5b0 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f162a631660 | result: data+=SPIi-key@0x55fd4c4ecc80 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55fd4c4cd5b0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4ecc80 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f162a631660 | result: data+=SPIr-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55fd4c4ecc80 | prf+0 PRF sha init key-key@0x7f1618006bb0 (size 20) | prf+0: key-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a631588 | result: clone-key@0x55fd4c4ecc80 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f1620003b00 from key-key@0x55fd4c4ecc80 | prf+0 prf: begin sha with context 0x7f1620003b00 from key-key@0x55fd4c4ecc80 | prf+0: release clone-key@0x55fd4c4ecc80 | prf+0 PRF sha crypt-prf@0x7f1620004c28 | prf+0 PRF sha update seed-key@0x55fd4c4cd5b0 (size 80) | prf+0: seed-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c4cd5b0 | nss hmac digest hack: symkey-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 22 d8 18 77 fc dc fb d4 13 d2 8d ff d3 ff 74 9b 60 35 bc 0f a8 d2 f1 37 5c 1b 9e 60 13 3a 88 1d 16 7e 6b 35 b8 b2 2d ac 7c 41 15 fa 8f 09 e3 38 17 c6 ab 41 ed 27 4c 5b 44 76 88 2d 0e 84 52 be 98 89 bb 41 f6 cd b9 dc 67 dd df 4c ff aa 8f 8d | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f1620005ab8 | unwrapped: 52 42 a6 4f b9 ae d7 f0 18 e1 f6 13 b3 0b 6b b8 | unwrapped: f0 35 2d cd b9 3e 0a 80 df 34 34 5c e7 12 d0 26 | unwrapped: 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a 7a 20 e0 9c | unwrapped: cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 48 39 54 9a | unwrapped: 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162a631590 | result: final-key@0x55fd4c4d3130 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d3130 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a631578 | result: final-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4d3130 | prf+0 PRF sha final-key@0x55fd4c4ecc80 (size 20) | prf+0: key-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x55fd4c4ecc80 | prf+N PRF sha init key-key@0x7f1618006bb0 (size 20) | prf+N: key-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a631588 | result: clone-key@0x55fd4c4d3130 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f1620003b00 from key-key@0x55fd4c4d3130 | prf+N prf: begin sha with context 0x7f1620003b00 from key-key@0x55fd4c4d3130 | prf+N: release clone-key@0x55fd4c4d3130 | prf+N PRF sha crypt-prf@0x7f1620005cb8 | prf+N PRF sha update old_t-key@0x55fd4c4ecc80 (size 20) | prf+N: old_t-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4ecc80 | nss hmac digest hack: symkey-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 0d db d5 78 07 5c cf c5 da 1d 6e 08 3c 79 38 42 ed fc 18 24 19 68 53 e5 1f 08 64 e2 3a 1b 90 64 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f1620002168 | unwrapped: 8b 95 d7 86 43 b6 50 ef 14 e7 31 e1 e8 e3 db fa | unwrapped: 17 75 2c d6 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4cd5b0 (size 80) | prf+N: seed-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c4cd5b0 | nss hmac digest hack: symkey-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 22 d8 18 77 fc dc fb d4 13 d2 8d ff d3 ff 74 9b 60 35 bc 0f a8 d2 f1 37 5c 1b 9e 60 13 3a 88 1d 16 7e 6b 35 b8 b2 2d ac 7c 41 15 fa 8f 09 e3 38 17 c6 ab 41 ed 27 4c 5b 44 76 88 2d 0e 84 52 be 98 89 bb 41 f6 cd b9 dc 67 dd df 4c ff aa 8f 8d | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f1620005a38 | unwrapped: 52 42 a6 4f b9 ae d7 f0 18 e1 f6 13 b3 0b 6b b8 | unwrapped: f0 35 2d cd b9 3e 0a 80 df 34 34 5c e7 12 d0 26 | unwrapped: 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a 7a 20 e0 9c | unwrapped: cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 48 39 54 9a | unwrapped: 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162a631590 | result: final-key@0x55fd4c4d6a20 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d6a20 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a631578 | result: final-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4d6a20 | prf+N PRF sha final-key@0x55fd4c4d3130 (size 20) | prf+N: key-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f162a631608 | result: result-key@0x55fd4c4d6a20 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4ecc80 | prfplus: release old_t[N]-key@0x55fd4c4ecc80 | prf+N PRF sha init key-key@0x7f1618006bb0 (size 20) | prf+N: key-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a631588 | result: clone-key@0x55fd4c4ecc80 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f1620003b00 from key-key@0x55fd4c4ecc80 | prf+N prf: begin sha with context 0x7f1620003b00 from key-key@0x55fd4c4ecc80 | prf+N: release clone-key@0x55fd4c4ecc80 | prf+N PRF sha crypt-prf@0x7f1620004c28 | prf+N PRF sha update old_t-key@0x55fd4c4d3130 (size 20) | prf+N: old_t-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4d3130 | nss hmac digest hack: symkey-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 7b 8f 6d 6b b6 bd c8 30 a3 00 5c 7c 7b b5 e4 f9 d6 a3 da 31 ea a4 23 c8 88 1d 27 21 e5 d9 22 5f | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f1620002b28 | unwrapped: 78 d7 7a 3d 41 ef d2 67 e8 a7 64 de 28 4e 67 27 | unwrapped: a5 2c ea 5b 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4cd5b0 (size 80) | prf+N: seed-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c4cd5b0 | nss hmac digest hack: symkey-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 22 d8 18 77 fc dc fb d4 13 d2 8d ff d3 ff 74 9b 60 35 bc 0f a8 d2 f1 37 5c 1b 9e 60 13 3a 88 1d 16 7e 6b 35 b8 b2 2d ac 7c 41 15 fa 8f 09 e3 38 17 c6 ab 41 ed 27 4c 5b 44 76 88 2d 0e 84 52 be 98 89 bb 41 f6 cd b9 dc 67 dd df 4c ff aa 8f 8d | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f1620005ab8 | unwrapped: 52 42 a6 4f b9 ae d7 f0 18 e1 f6 13 b3 0b 6b b8 | unwrapped: f0 35 2d cd b9 3e 0a 80 df 34 34 5c e7 12 d0 26 | unwrapped: 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a 7a 20 e0 9c | unwrapped: cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 48 39 54 9a | unwrapped: 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162a631590 | result: final-key@0x55fd4c4d4be0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a631578 | result: final-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4d4be0 | prf+N PRF sha final-key@0x55fd4c4ecc80 (size 20) | prf+N: key-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d6a20 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f162a631608 | result: result-key@0x55fd4c4d4be0 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4d6a20 | prfplus: release old_t[N]-key@0x55fd4c4d3130 | prf+N PRF sha init key-key@0x7f1618006bb0 (size 20) | prf+N: key-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a631588 | result: clone-key@0x55fd4c4d3130 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f1620003b00 from key-key@0x55fd4c4d3130 | prf+N prf: begin sha with context 0x7f1620003b00 from key-key@0x55fd4c4d3130 | prf+N: release clone-key@0x55fd4c4d3130 | prf+N PRF sha crypt-prf@0x7f1620002168 | prf+N PRF sha update old_t-key@0x55fd4c4ecc80 (size 20) | prf+N: old_t-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4ecc80 | nss hmac digest hack: symkey-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 40 da 10 2f 14 d9 c4 e9 69 3f 30 11 39 0c 76 a9 9b 03 b8 0a 08 31 71 81 ba 3e 57 5d 9f a2 1c df | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f16200049a8 | unwrapped: 0e ea 0d 3d 4c f0 92 31 af 3a fe 2c b6 1f 79 7a | unwrapped: d3 f9 3a 6a 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4cd5b0 (size 80) | prf+N: seed-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c4cd5b0 | nss hmac digest hack: symkey-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 22 d8 18 77 fc dc fb d4 13 d2 8d ff d3 ff 74 9b 60 35 bc 0f a8 d2 f1 37 5c 1b 9e 60 13 3a 88 1d 16 7e 6b 35 b8 b2 2d ac 7c 41 15 fa 8f 09 e3 38 17 c6 ab 41 ed 27 4c 5b 44 76 88 2d 0e 84 52 be 98 89 bb 41 f6 cd b9 dc 67 dd df 4c ff aa 8f 8d | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f1620005a38 | unwrapped: 52 42 a6 4f b9 ae d7 f0 18 e1 f6 13 b3 0b 6b b8 | unwrapped: f0 35 2d cd b9 3e 0a 80 df 34 34 5c e7 12 d0 26 | unwrapped: 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a 7a 20 e0 9c | unwrapped: cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 48 39 54 9a | unwrapped: 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162a631590 | result: final-key@0x55fd4c4d6a20 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d6a20 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a631578 | result: final-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4d6a20 | prf+N PRF sha final-key@0x55fd4c4d3130 (size 20) | prf+N: key-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d4be0 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f162a631608 | result: result-key@0x55fd4c4d6a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4d4be0 | prfplus: release old_t[N]-key@0x55fd4c4ecc80 | prf+N PRF sha init key-key@0x7f1618006bb0 (size 20) | prf+N: key-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a631588 | result: clone-key@0x55fd4c4ecc80 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f1620003b00 from key-key@0x55fd4c4ecc80 | prf+N prf: begin sha with context 0x7f1620003b00 from key-key@0x55fd4c4ecc80 | prf+N: release clone-key@0x55fd4c4ecc80 | prf+N PRF sha crypt-prf@0x7f1620005cb8 | prf+N PRF sha update old_t-key@0x55fd4c4d3130 (size 20) | prf+N: old_t-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4d3130 | nss hmac digest hack: symkey-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 7c 23 5c a0 a9 7a c0 f6 b4 eb 59 df e5 04 44 4a 6a 6a f7 7b a0 60 39 7f 75 2e ab e5 da 9e 10 3f | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f1620002b28 | unwrapped: c9 8a 7f 61 25 ce 32 a1 fe 6c 6e c5 4d 5c c8 81 | unwrapped: 49 fa d8 b8 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4cd5b0 (size 80) | prf+N: seed-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c4cd5b0 | nss hmac digest hack: symkey-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 22 d8 18 77 fc dc fb d4 13 d2 8d ff d3 ff 74 9b 60 35 bc 0f a8 d2 f1 37 5c 1b 9e 60 13 3a 88 1d 16 7e 6b 35 b8 b2 2d ac 7c 41 15 fa 8f 09 e3 38 17 c6 ab 41 ed 27 4c 5b 44 76 88 2d 0e 84 52 be 98 89 bb 41 f6 cd b9 dc 67 dd df 4c ff aa 8f 8d | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f1620005ab8 | unwrapped: 52 42 a6 4f b9 ae d7 f0 18 e1 f6 13 b3 0b 6b b8 | unwrapped: f0 35 2d cd b9 3e 0a 80 df 34 34 5c e7 12 d0 26 | unwrapped: 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a 7a 20 e0 9c | unwrapped: cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 48 39 54 9a | unwrapped: 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162a631590 | result: final-key@0x55fd4c4d4be0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a631578 | result: final-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4d4be0 | prf+N PRF sha final-key@0x55fd4c4ecc80 (size 20) | prf+N: key-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d6a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f162a631608 | result: result-key@0x55fd4c4d4be0 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4d6a20 | prfplus: release old_t[N]-key@0x55fd4c4d3130 | prf+N PRF sha init key-key@0x7f1618006bb0 (size 20) | prf+N: key-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a631588 | result: clone-key@0x55fd4c4d3130 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f1620001530 from key-key@0x55fd4c4d3130 | prf+N prf: begin sha with context 0x7f1620001530 from key-key@0x55fd4c4d3130 | prf+N: release clone-key@0x55fd4c4d3130 | prf+N PRF sha crypt-prf@0x7f1620004c28 | prf+N PRF sha update old_t-key@0x55fd4c4ecc80 (size 20) | prf+N: old_t-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4ecc80 | nss hmac digest hack: symkey-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 9d b0 a0 94 eb d6 2a c2 6a 52 31 91 f9 af 0e 97 ad 10 db a4 fd 01 30 ef 31 90 3a 9d dc a3 1f e2 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f1620002168 | unwrapped: a9 3c 7a 7c 05 15 90 5f b9 ba 86 10 e4 f7 80 e8 | unwrapped: 28 72 03 43 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4cd5b0 (size 80) | prf+N: seed-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c4cd5b0 | nss hmac digest hack: symkey-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 22 d8 18 77 fc dc fb d4 13 d2 8d ff d3 ff 74 9b 60 35 bc 0f a8 d2 f1 37 5c 1b 9e 60 13 3a 88 1d 16 7e 6b 35 b8 b2 2d ac 7c 41 15 fa 8f 09 e3 38 17 c6 ab 41 ed 27 4c 5b 44 76 88 2d 0e 84 52 be 98 89 bb 41 f6 cd b9 dc 67 dd df 4c ff aa 8f 8d | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f1620005a38 | unwrapped: 52 42 a6 4f b9 ae d7 f0 18 e1 f6 13 b3 0b 6b b8 | unwrapped: f0 35 2d cd b9 3e 0a 80 df 34 34 5c e7 12 d0 26 | unwrapped: 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a 7a 20 e0 9c | unwrapped: cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 48 39 54 9a | unwrapped: 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162a631590 | result: final-key@0x55fd4c4d6a20 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d6a20 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a631578 | result: final-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4d6a20 | prf+N PRF sha final-key@0x55fd4c4d3130 (size 20) | prf+N: key-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d4be0 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f162a631608 | result: result-key@0x55fd4c4d6a20 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4d4be0 | prfplus: release old_t[N]-key@0x55fd4c4ecc80 | prf+N PRF sha init key-key@0x7f1618006bb0 (size 20) | prf+N: key-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a631588 | result: clone-key@0x55fd4c4ecc80 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f1620003b00 from key-key@0x55fd4c4ecc80 | prf+N prf: begin sha with context 0x7f1620003b00 from key-key@0x55fd4c4ecc80 | prf+N: release clone-key@0x55fd4c4ecc80 | prf+N PRF sha crypt-prf@0x7f1620005cb8 | prf+N PRF sha update old_t-key@0x55fd4c4d3130 (size 20) | prf+N: old_t-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4d3130 | nss hmac digest hack: symkey-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: a5 48 ba cd 84 25 30 66 3f 3b 31 fb 99 d5 53 96 b9 76 94 22 38 fe c7 1f a4 04 5c ad d8 7a a2 de | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f1620002b28 | unwrapped: 6f 8b 53 33 c7 6c 1c af e2 2a 64 8a 80 00 8a b2 | unwrapped: a6 10 73 03 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4cd5b0 (size 80) | prf+N: seed-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c4cd5b0 | nss hmac digest hack: symkey-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 22 d8 18 77 fc dc fb d4 13 d2 8d ff d3 ff 74 9b 60 35 bc 0f a8 d2 f1 37 5c 1b 9e 60 13 3a 88 1d 16 7e 6b 35 b8 b2 2d ac 7c 41 15 fa 8f 09 e3 38 17 c6 ab 41 ed 27 4c 5b 44 76 88 2d 0e 84 52 be 98 89 bb 41 f6 cd b9 dc 67 dd df 4c ff aa 8f 8d | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f1620006748 | unwrapped: 52 42 a6 4f b9 ae d7 f0 18 e1 f6 13 b3 0b 6b b8 | unwrapped: f0 35 2d cd b9 3e 0a 80 df 34 34 5c e7 12 d0 26 | unwrapped: 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a 7a 20 e0 9c | unwrapped: cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 48 39 54 9a | unwrapped: 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162a631590 | result: final-key@0x55fd4c4d4be0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d4be0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a631578 | result: final-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4d4be0 | prf+N PRF sha final-key@0x55fd4c4ecc80 (size 20) | prf+N: key-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d6a20 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f162a631608 | result: result-key@0x55fd4c4d4be0 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4d6a20 | prfplus: release old_t[N]-key@0x55fd4c4d3130 | prf+N PRF sha init key-key@0x7f1618006bb0 (size 20) | prf+N: key-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a631588 | result: clone-key@0x55fd4c4d3130 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f1620003b00 from key-key@0x55fd4c4d3130 | prf+N prf: begin sha with context 0x7f1620003b00 from key-key@0x55fd4c4d3130 | prf+N: release clone-key@0x55fd4c4d3130 | prf+N PRF sha crypt-prf@0x7f1620004c28 | prf+N PRF sha update old_t-key@0x55fd4c4ecc80 (size 20) | prf+N: old_t-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4ecc80 | nss hmac digest hack: symkey-key@0x55fd4c4ecc80 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: b7 42 21 d4 d9 a3 c1 a8 c1 f3 81 a9 d6 78 f5 60 58 bb 98 55 ba 9f 8b fb db 11 0a e2 89 1a d3 c9 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x7f1620002168 | unwrapped: c2 67 94 e6 ee 4f 72 a6 9c 21 72 28 5d 0f 80 94 | unwrapped: c0 8e 6d b5 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4cd5b0 (size 80) | prf+N: seed-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55fd4c4cd5b0 | nss hmac digest hack: symkey-key@0x55fd4c4cd5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1272451581: 22 d8 18 77 fc dc fb d4 13 d2 8d ff d3 ff 74 9b 60 35 bc 0f a8 d2 f1 37 5c 1b 9e 60 13 3a 88 1d 16 7e 6b 35 b8 b2 2d ac 7c 41 15 fa 8f 09 e3 38 17 c6 ab 41 ed 27 4c 5b 44 76 88 2d 0e 84 52 be 98 89 bb 41 f6 cd b9 dc 67 dd df 4c ff aa 8f 8d | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 80 bytes at 0x7f1620005ab8 | unwrapped: 52 42 a6 4f b9 ae d7 f0 18 e1 f6 13 b3 0b 6b b8 | unwrapped: f0 35 2d cd b9 3e 0a 80 df 34 34 5c e7 12 d0 26 | unwrapped: 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a 7a 20 e0 9c | unwrapped: cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 48 39 54 9a | unwrapped: 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | prf+N PRF sha update N++-byte@0x8 (8) | 08 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f162a631590 | result: final-key@0x55fd4c4d6a20 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d6a20 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a631578 | result: final-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4d6a20 | prf+N PRF sha final-key@0x55fd4c4d3130 (size 20) | prf+N: key-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d4be0 (140-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f162a631608 | result: result-key@0x55fd4c4d6a20 (160-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4d4be0 | prfplus: release old_t[N]-key@0x55fd4c4ecc80 | prfplus: release old_t[final]-key@0x55fd4c4d3130 | ike_sa_keymat: release data-key@0x55fd4c4cd5b0 | calc_skeyseed_v2: release skeyseed_k-key@0x7f1618006bb0 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d6a20 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a6317a8 | result: result-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d6a20 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a6317a8 | result: result-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d6a20 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a6317a8 | result: result-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: DES3_CBC | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x55fd4c4d6a20 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a6317b8 | result: SK_ei_k-key@0x55fd4c4ecc80 (24-bytes, DES3_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 84, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: DES3_CBC | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x55fd4c4d6a20 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a6317b8 | result: SK_er_k-key@0x55fd4c4d4be0 (24-bytes, DES3_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 108, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d6a20 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a6317b8 | result: result-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x7f161800a0e0 | chunk_SK_pi: symkey-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: 66 ed 3b 5c 10 41 60 33 06 c0 72 70 fc 8f 14 f2 ad e2 a9 52 b2 93 c4 19 7f 89 3b 14 03 a0 8b 51 | chunk_SK_pi: release slot-key-key@0x55fd4c4cfe50 | chunk_SK_pi extracted len 32 bytes at 0x7f1620005cb8 | unwrapped: e2 2a 64 8a 80 00 8a b2 a6 10 73 03 c2 67 94 e6 | unwrapped: ee 4f 72 a6 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 128, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d6a20 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f162a6317b8 | result: result-key@0x55fd4c4ed620 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x55fd4c4ed620 | chunk_SK_pr: symkey-key@0x55fd4c4ed620 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: b4 a3 7b 6e 1e 24 4e 0e ed e4 1a f1 95 94 16 21 6a 76 e2 e1 d9 37 bc 04 b1 86 28 00 9f ea 52 50 | chunk_SK_pr: release slot-key-key@0x55fd4c4cfe50 | chunk_SK_pr extracted len 32 bytes at 0x7f1620002168 | unwrapped: 9c 21 72 28 5d 0f 80 94 c0 8e 6d b5 15 0b e0 99 | unwrapped: 10 86 44 44 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x55fd4c4d6a20 | calc_skeyseed_v2 pointers: shared-key@0x7f161800d840, SK_d-key@0x7f1618006bb0, SK_ai-key@0x55fd4c4cd5b0, SK_ar-key@0x55fd4c4d3130, SK_ei-key@0x55fd4c4ecc80, SK_er-key@0x55fd4c4d4be0, SK_pi-key@0x7f161800a0e0, SK_pr-key@0x55fd4c4ed620 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | e2 2a 64 8a 80 00 8a b2 a6 10 73 03 c2 67 94 e6 | ee 4f 72 a6 | calc_skeyseed_v2 SK_pr | 9c 21 72 28 5d 0f 80 94 c0 8e 6d b5 15 0b e0 99 | 10 86 44 44 | crypto helper 1 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 22 time elapsed 0.003115 seconds | (#21) spent 3.07 milliseconds in crypto helper computing work-order 22: ikev2_inR1outI2 KE (pcr) | crypto helper 1 sending results from work-order 22 for state #21 to event queue | scheduling resume sending helper answer for #21 | libevent_malloc: new ptr-libevent@0x7f16200048f8 size 128 | crypto helper 1 waiting (nothing to do) | processing resume sending helper answer for #21 | start processing: state #21 connection "3des" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 22 | calling continuation function 0x55fd4bceeb50 | ikev2_parent_inR1outI2_continue for #21: calculating g^{xy}, sending I2 | DH secret MODP2048@0x7f160c006788: transferring ownership from helper IKEv2 DH to state #21 | finish_dh_v2: release st_shared_nss-key@NULL | creating state object #22 at 0x55fd4c4f34a8 | State DB: adding IKEv2 state #22 in UNDEFINED | pstats #22 ikev2.child started | duplicating state object #21 "3des" as #22 for IPSEC SA | #22 setting local endpoint to 192.1.2.45:500 from #21.st_localport (in duplicate_state() at state.c:1484) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x7f1618006bb0 | duplicate_state: reference st_skey_ai_nss-key@0x55fd4c4cd5b0 | duplicate_state: reference st_skey_ar_nss-key@0x55fd4c4d3130 | duplicate_state: reference st_skey_ei_nss-key@0x55fd4c4ecc80 | duplicate_state: reference st_skey_er_nss-key@0x55fd4c4d4be0 | duplicate_state: reference st_skey_pi_nss-key@0x7f161800a0e0 | duplicate_state: reference st_skey_pr_nss-key@0x55fd4c4ed620 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #21.#22; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #21 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #21.#22 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #21 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f160c0060e8 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f160c002b78 | event_schedule: new EVENT_SA_REPLACE-pe@0x7f160c002b78 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #21 | libevent_malloc: new ptr-libevent@0x7f160c0060e8 size 128 | parent state #21: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | 31 91 a7 e4 1f 1e 39 2b | responder cookie: | 3c ff 26 95 49 7e 55 86 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | IDr payload will be sent | hmac PRF sha init symkey-key@0x7f161800a0e0 (size 20) | hmac: symkey-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f161800a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398659e8 | result: clone-key@0x55fd4c4d6a20 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f1610002b50 from symkey-key@0x55fd4c4d6a20 | hmac prf: begin sha with context 0x7f1610002b50 from symkey-key@0x55fd4c4d6a20 | hmac: release clone-key@0x55fd4c4d6a20 | hmac PRF sha crypt-prf@0x55fd4c4eae68 | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 77 65 73 74 | emitting length of IKEv2 Identification - Initiator - Payload: 12 | idhash calc I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x55fd4bdec8ec (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7ffc39865d80 (length 20) | f9 04 03 fc 9d c0 98 74 04 66 0b 81 28 f1 6c 03 | 2c 9b 87 d2 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload | IDr 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x55fd4c441b58 (line=1) | concluding with best_match=014 best=0x55fd4c441b58 (lineno=1) | inputs to hash1 (first packet) | 31 91 a7 e4 1f 1e 39 2b 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 46 71 e7 56 e8 56 e2 84 f7 80 b1 1e | ce d9 e0 1a e9 d8 6a 1b 5d 2d 03 9b ef 6f 27 3f | 50 1c a3 b8 55 91 84 1c 14 9b 9e 45 89 09 86 5d | dc 91 49 c0 18 9f e5 dc 25 6c 33 aa 83 23 94 73 | 76 70 c2 f7 d8 6b 99 02 d4 47 f4 21 14 eb 01 33 | 5e 07 8c 79 b1 c6 a7 1f 70 19 14 24 c9 dd 12 0d | b7 d3 ee 91 83 77 65 b4 29 2c 65 4d ac e3 c8 cc | 41 cc 84 2a fe ed 9f cb 25 ae 1e c6 6d 52 f9 67 | 04 42 69 03 9d b3 6b 11 b9 9f bc 7d 55 47 a4 7b | 40 78 fe 96 ee fa 59 66 0a 70 a8 bc 94 5a c9 8d | a4 88 ba 18 24 b0 8b 5d 93 63 37 cd 6a ae b1 92 | 60 72 75 cb 17 fe 93 f7 1b 45 11 52 e4 31 99 6e | a5 f3 df 00 ee 1d 3a e8 5a f3 3e 9b 8f 4e 76 d3 | 88 2f 12 0c 02 58 af e8 92 2f e0 d6 29 c5 1f e9 | 10 de 74 16 1a 50 4e 98 6f e2 a3 75 a4 f7 cd b6 | da 83 cf d7 02 ad 83 34 f5 b7 45 e6 64 a6 8d 11 | 90 b8 d9 0d 29 00 00 24 52 42 a6 4f b9 ae d7 f0 | 18 e1 f6 13 b3 0b 6b b8 f0 35 2d cd b9 3e 0a 80 | df 34 34 5c e7 12 d0 26 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 03 00 a3 52 49 3e fe a5 | 38 fc db fa 93 87 a2 04 d8 af dc 29 00 00 00 1c | 00 00 40 05 15 5b 2e 20 43 8e 57 54 6c 02 96 4e | d2 c9 5e 89 af 57 d6 d1 | create: initiator inputs to hash2 (responder nonce) | 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a 7a 20 e0 9c | cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 48 39 54 9a | idhash f9 04 03 fc 9d c0 98 74 04 66 0b 81 28 f1 6c 03 | idhash 2c 9b 87 d2 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x55fd4c4cfda8 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398657d0 | result: shared secret-key@0x55fd4c4e7620 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x55fd4c4e7620 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398657b8 | result: shared secret-key@0x55fd4c4d6a20 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x55fd4c4e7620 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f1610002b50 from shared secret-key@0x55fd4c4d6a20 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f1610002b50 from shared secret-key@0x55fd4c4d6a20 | = prf(,"Key Pad for IKEv2"): release clone-key@0x55fd4c4d6a20 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x55fd4c4e9108 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x55fd4bd814d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc398657f0 | result: final-key@0x55fd4c4e7620 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4e7620 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398657d8 | result: final-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4e7620 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x55fd4c4d6a20 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x55fd4c4d6a20 (size 20) | = prf(, ): -key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398657e8 | result: clone-key@0x55fd4c4e7620 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f1610002b50 from -key@0x55fd4c4e7620 | = prf(, ) prf: begin sha with context 0x7f1610002b50 from -key@0x55fd4c4e7620 | = prf(, ): release clone-key@0x55fd4c4e7620 | = prf(, ) PRF sha crypt-prf@0x55fd4c4eae68 | = prf(, ) PRF sha update first-packet-bytes@0x55fd4c4eb4b8 (length 440) | 31 91 a7 e4 1f 1e 39 2b 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 46 71 e7 56 e8 56 e2 84 f7 80 b1 1e | ce d9 e0 1a e9 d8 6a 1b 5d 2d 03 9b ef 6f 27 3f | 50 1c a3 b8 55 91 84 1c 14 9b 9e 45 89 09 86 5d | dc 91 49 c0 18 9f e5 dc 25 6c 33 aa 83 23 94 73 | 76 70 c2 f7 d8 6b 99 02 d4 47 f4 21 14 eb 01 33 | 5e 07 8c 79 b1 c6 a7 1f 70 19 14 24 c9 dd 12 0d | b7 d3 ee 91 83 77 65 b4 29 2c 65 4d ac e3 c8 cc | 41 cc 84 2a fe ed 9f cb 25 ae 1e c6 6d 52 f9 67 | 04 42 69 03 9d b3 6b 11 b9 9f bc 7d 55 47 a4 7b | 40 78 fe 96 ee fa 59 66 0a 70 a8 bc 94 5a c9 8d | a4 88 ba 18 24 b0 8b 5d 93 63 37 cd 6a ae b1 92 | 60 72 75 cb 17 fe 93 f7 1b 45 11 52 e4 31 99 6e | a5 f3 df 00 ee 1d 3a e8 5a f3 3e 9b 8f 4e 76 d3 | 88 2f 12 0c 02 58 af e8 92 2f e0 d6 29 c5 1f e9 | 10 de 74 16 1a 50 4e 98 6f e2 a3 75 a4 f7 cd b6 | da 83 cf d7 02 ad 83 34 f5 b7 45 e6 64 a6 8d 11 | 90 b8 d9 0d 29 00 00 24 52 42 a6 4f b9 ae d7 f0 | 18 e1 f6 13 b3 0b 6b b8 f0 35 2d cd b9 3e 0a 80 | df 34 34 5c e7 12 d0 26 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 03 00 a3 52 49 3e fe a5 | 38 fc db fa 93 87 a2 04 d8 af dc 29 00 00 00 1c | 00 00 40 05 15 5b 2e 20 43 8e 57 54 6c 02 96 4e | d2 c9 5e 89 af 57 d6 d1 | = prf(, ) PRF sha update nonce-bytes@0x55fd4c4eecb8 (length 32) | 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a 7a 20 e0 9c | cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 48 39 54 9a | = prf(, ) PRF sha update hash-bytes@0x7ffc39865d80 (length 20) | f9 04 03 fc 9d c0 98 74 04 66 0b 81 28 f1 6c 03 | 2c 9b 87 d2 | = prf(, ) PRF sha final-chunk@0x55fd4c4eb468 (length 20) | 8d 11 65 2b 50 3a 04 7e dd 9e 5b 0a 78 b3 07 19 | c3 64 1a d4 | psk_auth: release prf-psk-key@0x55fd4c4d6a20 | PSK auth octets 8d 11 65 2b 50 3a 04 7e dd 9e 5b 0a 78 b3 07 19 | PSK auth octets c3 64 1a d4 | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth 8d 11 65 2b 50 3a 04 7e dd 9e 5b 0a 78 b3 07 19 | PSK auth c3 64 1a d4 | emitting length of IKEv2 Authentication Payload: 28 | getting first pending from state #21 | netlink_get_spi: allocated 0xa6041364 for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for 3des (IKE SA initiator emitting ESP/AH proposals) | converting proposal 3DES_CBC-HMAC_SHA1_96-MODP2048 to ikev2 ... | omitting IKEv2 PROTO_v2_ESP 3des_cbc ENCRYPT transform key-length | ... ikev2_proposal: 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED "3des": constructed local ESP/AH proposals for 3des (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi a6 04 13 64 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 36 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 40 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 01 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 02 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 168 | emitting length of ISAKMP Message: 196 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 63 5e 1b 85 73 17 ab f2 | data before encryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | 8d 11 65 2b 50 3a 04 7e dd 9e 5b 0a 78 b3 07 19 | c3 64 1a d4 2c 00 00 28 00 00 00 24 01 03 04 03 | a6 04 13 64 03 00 00 08 01 00 00 03 03 00 00 08 | 03 00 00 02 00 00 00 08 05 00 00 00 2d 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 01 00 | c0 00 01 ff 00 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 02 00 c0 00 02 ff 00 01 02 03 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | 4a f8 b1 73 50 be 8a 41 d3 cb 4a 75 07 50 bc a4 | 3b 84 71 1d 3d 52 fb fc e8 77 c4 85 9f 9b a5 79 | 95 ed e5 61 54 33 ea a9 1e 94 55 ac c0 23 8d 1c | 75 35 9d 09 f5 a1 d4 f6 29 85 c2 59 49 7f fd 85 | 20 c0 db 98 55 83 97 a3 66 d3 86 a2 4e 4d aa 1a | 21 fc 05 0e 60 a8 0e 48 92 cb 54 97 f9 8c 0f e5 | 60 40 8d f2 63 39 cc 96 9d 1d 82 6d bc c5 9b 44 | 1e 68 8c 0a 19 48 2b 03 80 98 c5 cd ef fb 52 0e | ae e6 84 ab 60 cb 38 fb 8f 02 ad 57 bf 1b cc 2b | hmac PRF sha init symkey-key@0x55fd4c4cd5b0 (size 20) | hmac: symkey-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398658f8 | result: clone-key@0x55fd4c4d6a20 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f1610002b50 from symkey-key@0x55fd4c4d6a20 | hmac prf: begin sha with context 0x7f1610002b50 from symkey-key@0x55fd4c4d6a20 | hmac: release clone-key@0x55fd4c4d6a20 | hmac PRF sha crypt-prf@0x55fd4c4e9108 | hmac PRF sha update data-bytes@0x55fd4bdec8c0 (length 184) | 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | 63 5e 1b 85 73 17 ab f2 4a f8 b1 73 50 be 8a 41 | d3 cb 4a 75 07 50 bc a4 3b 84 71 1d 3d 52 fb fc | e8 77 c4 85 9f 9b a5 79 95 ed e5 61 54 33 ea a9 | 1e 94 55 ac c0 23 8d 1c 75 35 9d 09 f5 a1 d4 f6 | 29 85 c2 59 49 7f fd 85 20 c0 db 98 55 83 97 a3 | 66 d3 86 a2 4e 4d aa 1a 21 fc 05 0e 60 a8 0e 48 | 92 cb 54 97 f9 8c 0f e5 60 40 8d f2 63 39 cc 96 | 9d 1d 82 6d bc c5 9b 44 1e 68 8c 0a 19 48 2b 03 | 80 98 c5 cd ef fb 52 0e ae e6 84 ab 60 cb 38 fb | 8f 02 ad 57 bf 1b cc 2b | hmac PRF sha final-bytes@0x55fd4bdec978 (length 20) | d6 49 5f 14 0f ab cc a7 e6 16 2b 68 d4 f1 48 31 | 3b 34 95 79 | data being hmac: 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | data being hmac: 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | data being hmac: 63 5e 1b 85 73 17 ab f2 4a f8 b1 73 50 be 8a 41 | data being hmac: d3 cb 4a 75 07 50 bc a4 3b 84 71 1d 3d 52 fb fc | data being hmac: e8 77 c4 85 9f 9b a5 79 95 ed e5 61 54 33 ea a9 | data being hmac: 1e 94 55 ac c0 23 8d 1c 75 35 9d 09 f5 a1 d4 f6 | data being hmac: 29 85 c2 59 49 7f fd 85 20 c0 db 98 55 83 97 a3 | data being hmac: 66 d3 86 a2 4e 4d aa 1a 21 fc 05 0e 60 a8 0e 48 | data being hmac: 92 cb 54 97 f9 8c 0f e5 60 40 8d f2 63 39 cc 96 | data being hmac: 9d 1d 82 6d bc c5 9b 44 1e 68 8c 0a 19 48 2b 03 | data being hmac: 80 98 c5 cd ef fb 52 0e ae e6 84 ab 60 cb 38 fb | data being hmac: 8f 02 ad 57 bf 1b cc 2b | out calculated auth: | d6 49 5f 14 0f ab cc a7 e6 16 2b 68 | suspend processing: state #21 connection "3des" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | start processing: state #22 connection "3des" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #22 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #22: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #22 to 0 after switching state | Message ID: recv #21.#22 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #21.#22 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "3des" #22: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=3DES_CBC_192 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 196 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #21) | 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | 63 5e 1b 85 73 17 ab f2 4a f8 b1 73 50 be 8a 41 | d3 cb 4a 75 07 50 bc a4 3b 84 71 1d 3d 52 fb fc | e8 77 c4 85 9f 9b a5 79 95 ed e5 61 54 33 ea a9 | 1e 94 55 ac c0 23 8d 1c 75 35 9d 09 f5 a1 d4 f6 | 29 85 c2 59 49 7f fd 85 20 c0 db 98 55 83 97 a3 | 66 d3 86 a2 4e 4d aa 1a 21 fc 05 0e 60 a8 0e 48 | 92 cb 54 97 f9 8c 0f e5 60 40 8d f2 63 39 cc 96 | 9d 1d 82 6d bc c5 9b 44 1e 68 8c 0a 19 48 2b 03 | 80 98 c5 cd ef fb 52 0e ae e6 84 ab 60 cb 38 fb | 8f 02 ad 57 bf 1b cc 2b d6 49 5f 14 0f ab cc a7 | e6 16 2b 68 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x7f1610002b78 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #22 | libevent_malloc: new ptr-libevent@0x55fd4c4eaeb8 size 128 | #22 STATE_PARENT_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29304.996282 | resume sending helper answer for #21 suppresed complete_v2_state_transition() | #21 spent 1.06 milliseconds in resume sending helper answer | stop processing: state #22 connection "3des" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f16200048f8 | spent 0.00256 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 188 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | 56 8b d3 e3 89 2e 81 51 cf b6 a8 f7 7c 02 52 b7 | 26 4f 4b a4 2c c7 c4 02 15 81 d2 09 6f cd 7b 2e | 92 ef 40 20 15 3c 7e d2 d4 96 5e 45 32 ab 76 cc | bf 2a 44 36 17 ad ab ff 39 99 b9 b2 55 f2 95 46 | 2a b1 07 92 8c 32 7f df 6c 67 c6 cb 48 36 6e 98 | e6 25 57 fe 7b 36 21 39 d4 42 9a cc 66 25 2a fa | e3 f2 02 dd 9e ee 2c 03 a0 4b 75 5e 67 16 8a 0f | 83 0c 29 4c e1 e7 5e 9d bb c5 04 da e5 b6 af 6a | a1 0f 3a d6 35 88 7b c6 5c 77 46 f2 db f5 88 01 | ef d3 5b 01 37 95 22 5c 47 52 c6 d6 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 31 91 a7 e4 1f 1e 39 2b | responder cookie: | 3c ff 26 95 49 7e 55 86 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 188 (0xbc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #21 in PARENT_I2 (find_v2_ike_sa) | start processing: state #21 connection "3des" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #22 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #21 connection "3des" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | start processing: state #22 connection "3des" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #22 is idle | #22 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 160 (0xa0) | processing payload: ISAKMP_NEXT_v2SK (len=156) | #22 in state PARENT_I2: sent v2I2, expected v2R2 | hmac PRF sha init symkey-key@0x55fd4c4d3130 (size 20) | hmac: symkey-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d3130 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865748 | result: clone-key@0x55fd4c4d6a20 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f161c002b50 from symkey-key@0x55fd4c4d6a20 | hmac prf: begin sha with context 0x7f161c002b50 from symkey-key@0x55fd4c4d6a20 | hmac: release clone-key@0x55fd4c4d6a20 | hmac PRF sha crypt-prf@0x55fd4c4eae68 | hmac PRF sha update data-bytes@0x55fd4c441c48 (length 176) | 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | 56 8b d3 e3 89 2e 81 51 cf b6 a8 f7 7c 02 52 b7 | 26 4f 4b a4 2c c7 c4 02 15 81 d2 09 6f cd 7b 2e | 92 ef 40 20 15 3c 7e d2 d4 96 5e 45 32 ab 76 cc | bf 2a 44 36 17 ad ab ff 39 99 b9 b2 55 f2 95 46 | 2a b1 07 92 8c 32 7f df 6c 67 c6 cb 48 36 6e 98 | e6 25 57 fe 7b 36 21 39 d4 42 9a cc 66 25 2a fa | e3 f2 02 dd 9e ee 2c 03 a0 4b 75 5e 67 16 8a 0f | 83 0c 29 4c e1 e7 5e 9d bb c5 04 da e5 b6 af 6a | a1 0f 3a d6 35 88 7b c6 5c 77 46 f2 db f5 88 01 | hmac PRF sha final-bytes@0x7ffc39865910 (length 20) | ef d3 5b 01 37 95 22 5c 47 52 c6 d6 d8 97 9b f3 | 7f 95 9b e9 | data for hmac: 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | data for hmac: 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | data for hmac: 56 8b d3 e3 89 2e 81 51 cf b6 a8 f7 7c 02 52 b7 | data for hmac: 26 4f 4b a4 2c c7 c4 02 15 81 d2 09 6f cd 7b 2e | data for hmac: 92 ef 40 20 15 3c 7e d2 d4 96 5e 45 32 ab 76 cc | data for hmac: bf 2a 44 36 17 ad ab ff 39 99 b9 b2 55 f2 95 46 | data for hmac: 2a b1 07 92 8c 32 7f df 6c 67 c6 cb 48 36 6e 98 | data for hmac: e6 25 57 fe 7b 36 21 39 d4 42 9a cc 66 25 2a fa | data for hmac: e3 f2 02 dd 9e ee 2c 03 a0 4b 75 5e 67 16 8a 0f | data for hmac: 83 0c 29 4c e1 e7 5e 9d bb c5 04 da e5 b6 af 6a | data for hmac: a1 0f 3a d6 35 88 7b c6 5c 77 46 f2 db f5 88 01 | calculated auth: ef d3 5b 01 37 95 22 5c 47 52 c6 d6 | provided auth: ef d3 5b 01 37 95 22 5c 47 52 c6 d6 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 56 8b d3 e3 89 2e 81 51 | payload before decryption: | cf b6 a8 f7 7c 02 52 b7 26 4f 4b a4 2c c7 c4 02 | 15 81 d2 09 6f cd 7b 2e 92 ef 40 20 15 3c 7e d2 | d4 96 5e 45 32 ab 76 cc bf 2a 44 36 17 ad ab ff | 39 99 b9 b2 55 f2 95 46 2a b1 07 92 8c 32 7f df | 6c 67 c6 cb 48 36 6e 98 e6 25 57 fe 7b 36 21 39 | d4 42 9a cc 66 25 2a fa e3 f2 02 dd 9e ee 2c 03 | a0 4b 75 5e 67 16 8a 0f 83 0c 29 4c e1 e7 5e 9d | bb c5 04 da e5 b6 af 6a a1 0f 3a d6 35 88 7b c6 | 5c 77 46 f2 db f5 88 01 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | payload after decryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 55 5e 7a 22 c0 b3 cd 6d 56 29 9b a1 | 59 58 d1 83 af 82 41 c1 2c 00 00 28 00 00 00 24 | 01 03 04 03 d7 ad 90 9d 03 00 00 08 01 00 00 03 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 | stripping 8 octets as pad | #22 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SA (len=36) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Initiator: process IKE_AUTH response | Now let's proceed with state specific processing | calling processor Initiator: process IKE_AUTH response | offered CA: '%none' "3des" #22: IKEv2 mode peer ID is ID_FQDN: '@east' | hmac PRF sha init symkey-key@0x55fd4c4ed620 (size 20) | hmac: symkey-key@0x55fd4c4ed620 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4ed620 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865878 | result: clone-key@0x55fd4c4d6a20 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f161c002b50 from symkey-key@0x55fd4c4d6a20 | hmac prf: begin sha with context 0x7f161c002b50 from symkey-key@0x55fd4c4d6a20 | hmac: release clone-key@0x55fd4c4d6a20 | hmac PRF sha crypt-prf@0x55fd4c4e9108 | idhash auth R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x55fd4c441c74 (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7ffc398659d0 (length 20) | a8 be 21 94 55 06 9f df 6c e6 89 db a9 c2 f9 60 | 83 95 4f a4 | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x55fd4c441b58 (line=1) | concluding with best_match=014 best=0x55fd4c441b58 (lineno=1) | inputs to hash1 (first packet) | 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | 2f c2 e4 d2 02 ee df 01 45 9f 87 55 13 94 c0 5c | 19 4e 6d 9f 48 7a 8f df 5d 23 9e 55 6b bf 07 36 | af 0a d5 71 c2 78 ab 14 78 b8 45 3a 73 8f 98 46 | 60 41 88 72 b6 6d 01 f7 4e 20 b6 d7 75 be ee 58 | 4f 5f 4f 19 e2 e2 06 3d 66 9d 1a 50 3e 5a 35 af | c0 3e d9 aa b4 d8 bc e0 1f bb 4c 46 ac b0 d2 95 | aa cf 7f 9a 23 90 b1 6d 7b a7 4a 88 37 63 37 dd | 64 c4 b8 3d 96 90 79 ee 7e 7e 6d 51 06 f4 44 54 | fc 36 ff f1 13 ac 66 bd a6 dc aa 11 45 a8 2c 2a | 4c b7 2e 44 91 ef b2 1a e1 56 c3 d7 de b7 79 70 | d1 61 02 d9 6e 32 5b 5b 4e b9 94 34 13 97 78 1f | d6 cd 1e ba 9f 40 bb 2c 34 4e 4c 93 b4 aa 85 7b | 82 a4 34 d8 80 ac bc bf 72 98 1e e9 e9 9a bf 18 | de 43 03 15 d7 d5 6b ac 64 0b 19 83 b3 8c a0 1b | 81 33 12 98 7b c1 4e 27 b7 7c 6f 45 4e 4e ed 51 | b9 31 62 d4 ac 0f 9b b2 6f b4 69 b2 33 02 73 77 | 29 00 00 24 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a | 7a 20 e0 9c cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 | 48 39 54 9a 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 0c b0 56 2e ed 28 d2 10 0f a5 5b 50 | e0 ea 20 ee a7 44 de 9d 00 00 00 1c 00 00 40 05 | 4a fb 76 88 f0 e9 69 db f5 bf 78 75 73 09 5a a7 | 4e a4 a3 46 | verify: initiator inputs to hash2 (initiator nonce) | 52 42 a6 4f b9 ae d7 f0 18 e1 f6 13 b3 0b 6b b8 | f0 35 2d cd b9 3e 0a 80 df 34 34 5c e7 12 d0 26 | idhash a8 be 21 94 55 06 9f df 6c e6 89 db a9 c2 f9 60 | idhash 83 95 4f a4 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x55fd4c4cfda8 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39865670 | result: shared secret-key@0x55fd4c4e7620 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x55fd4c4e7620 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865658 | result: shared secret-key@0x55fd4c4d6a20 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x55fd4c4e7620 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f161c002b50 from shared secret-key@0x55fd4c4d6a20 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f161c002b50 from shared secret-key@0x55fd4c4d6a20 | = prf(,"Key Pad for IKEv2"): release clone-key@0x55fd4c4d6a20 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x55fd4c4eae68 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x55fd4bd814d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39865690 | result: final-key@0x55fd4c4e7620 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4e7620 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865678 | result: final-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4e7620 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x55fd4c4d6a20 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x55fd4c4d6a20 (size 20) | = prf(, ): -key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865688 | result: clone-key@0x55fd4c4e7620 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f161c002b50 from -key@0x55fd4c4e7620 | = prf(, ) prf: begin sha with context 0x7f161c002b50 from -key@0x55fd4c4e7620 | = prf(, ): release clone-key@0x55fd4c4e7620 | = prf(, ) PRF sha crypt-prf@0x55fd4c4e9108 | = prf(, ) PRF sha update first-packet-bytes@0x55fd4c4eaf68 (length 436) | 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | 2f c2 e4 d2 02 ee df 01 45 9f 87 55 13 94 c0 5c | 19 4e 6d 9f 48 7a 8f df 5d 23 9e 55 6b bf 07 36 | af 0a d5 71 c2 78 ab 14 78 b8 45 3a 73 8f 98 46 | 60 41 88 72 b6 6d 01 f7 4e 20 b6 d7 75 be ee 58 | 4f 5f 4f 19 e2 e2 06 3d 66 9d 1a 50 3e 5a 35 af | c0 3e d9 aa b4 d8 bc e0 1f bb 4c 46 ac b0 d2 95 | aa cf 7f 9a 23 90 b1 6d 7b a7 4a 88 37 63 37 dd | 64 c4 b8 3d 96 90 79 ee 7e 7e 6d 51 06 f4 44 54 | fc 36 ff f1 13 ac 66 bd a6 dc aa 11 45 a8 2c 2a | 4c b7 2e 44 91 ef b2 1a e1 56 c3 d7 de b7 79 70 | d1 61 02 d9 6e 32 5b 5b 4e b9 94 34 13 97 78 1f | d6 cd 1e ba 9f 40 bb 2c 34 4e 4c 93 b4 aa 85 7b | 82 a4 34 d8 80 ac bc bf 72 98 1e e9 e9 9a bf 18 | de 43 03 15 d7 d5 6b ac 64 0b 19 83 b3 8c a0 1b | 81 33 12 98 7b c1 4e 27 b7 7c 6f 45 4e 4e ed 51 | b9 31 62 d4 ac 0f 9b b2 6f b4 69 b2 33 02 73 77 | 29 00 00 24 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a | 7a 20 e0 9c cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 | 48 39 54 9a 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 0c b0 56 2e ed 28 d2 10 0f a5 5b 50 | e0 ea 20 ee a7 44 de 9d 00 00 00 1c 00 00 40 05 | 4a fb 76 88 f0 e9 69 db f5 bf 78 75 73 09 5a a7 | 4e a4 a3 46 | = prf(, ) PRF sha update nonce-bytes@0x7f160c0016c8 (length 32) | 52 42 a6 4f b9 ae d7 f0 18 e1 f6 13 b3 0b 6b b8 | f0 35 2d cd b9 3e 0a 80 df 34 34 5c e7 12 d0 26 | = prf(, ) PRF sha update hash-bytes@0x7ffc398659d0 (length 20) | a8 be 21 94 55 06 9f df 6c e6 89 db a9 c2 f9 60 | 83 95 4f a4 | = prf(, ) PRF sha final-chunk@0x55fd4c4f18d8 (length 20) | 55 5e 7a 22 c0 b3 cd 6d 56 29 9b a1 59 58 d1 83 | af 82 41 c1 | psk_auth: release prf-psk-key@0x55fd4c4d6a20 | Received PSK auth octets | 55 5e 7a 22 c0 b3 cd 6d 56 29 9b a1 59 58 d1 83 | af 82 41 c1 | Calculated PSK auth octets | 55 5e 7a 22 c0 b3 cd 6d 56 29 9b a1 59 58 d1 83 | af 82 41 c1 "3des" #22: Authenticated using authby=secret | parent state #21: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) | #21 will start re-keying in 2911 seconds with margin of 689 seconds (attempting re-key) | state #21 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f160c0060e8 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f160c002b78 | event_schedule: new EVENT_SA_REKEY-pe@0x7f160c002b78 | inserting event EVENT_SA_REKEY, timeout in 2911 seconds for #21 | libevent_malloc: new ptr-libevent@0x7f16200048f8 size 128 | pstats #21 ikev2.ike established | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | evaluating our conn="3des" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found an acceptable TSi/TSr Traffic Selector | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | using existing local ESP/AH proposals for 3des (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 36 (0x24) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI d7 ad 90 9d | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | remote proposal 1 transform 0 (ENCR=3DES) matches local proposal 1 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=d7ad909d;ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: 3DES=3, found 3DES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | integ=sha: .key_size=20 encrypt=3des_cbc: .key_size=24 .salt_size=0 keymat_len=44 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39865760 | result: data=Ni-key@0x55fd4c4e7620 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x55fd4c4e7620 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865748 | result: data=Ni-key@0x55fd4c4d6a20 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x55fd4c4e7620 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d6a20 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc39865750 | result: data+=Nr-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55fd4c4d6a20 | prf+0 PRF sha init key-key@0x7f1618006bb0 (size 20) | prf+0: key-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865678 | result: clone-key@0x55fd4c4d6a20 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f161c002b50 from key-key@0x55fd4c4d6a20 | prf+0 prf: begin sha with context 0x7f161c002b50 from key-key@0x55fd4c4d6a20 | prf+0: release clone-key@0x55fd4c4d6a20 | prf+0 PRF sha crypt-prf@0x55fd4c4e8c28 | prf+0 PRF sha update seed-key@0x55fd4c4e7620 (size 64) | prf+0: seed-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55fd4c4e7620 | nss hmac digest hack: symkey-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1272451581: 22 d8 18 77 fc dc fb d4 13 d2 8d ff d3 ff 74 9b 60 35 bc 0f a8 d2 f1 37 5c 1b 9e 60 13 3a 88 1d 16 7e 6b 35 b8 b2 2d ac 7c 41 15 fa 8f 09 e3 38 17 c6 ab 41 ed 27 4c 5b 44 76 88 2d 0e 84 52 be | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 64 bytes at 0x7f1620002b78 | unwrapped: 52 42 a6 4f b9 ae d7 f0 18 e1 f6 13 b3 0b 6b b8 | unwrapped: f0 35 2d cd b9 3e 0a 80 df 34 34 5c e7 12 d0 26 | unwrapped: 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a 7a 20 e0 9c | unwrapped: cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 48 39 54 9a | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39865680 | result: final-key@0x55fd4c44c080 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c44c080 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865668 | result: final-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c44c080 | prf+0 PRF sha final-key@0x55fd4c4d6a20 (size 20) | prf+0: key-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x55fd4c4d6a20 | prf+N PRF sha init key-key@0x7f1618006bb0 (size 20) | prf+N: key-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865678 | result: clone-key@0x55fd4c44c080 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f161c002b50 from key-key@0x55fd4c44c080 | prf+N prf: begin sha with context 0x7f161c002b50 from key-key@0x55fd4c44c080 | prf+N: release clone-key@0x55fd4c44c080 | prf+N PRF sha crypt-prf@0x55fd4c4eae68 | prf+N PRF sha update old_t-key@0x55fd4c4d6a20 (size 20) | prf+N: old_t-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4d6a20 | nss hmac digest hack: symkey-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 14 44 d2 a0 54 66 e4 d7 7c 30 08 4e 3b 49 ea 21 a4 86 e8 4f ac df bf 9b 71 9e 07 dd 03 b0 5c 04 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x55fd4c4e9778 | unwrapped: 2f 49 96 3f 63 9e ba 69 1d d7 cf 43 b7 a4 84 3c | unwrapped: b8 58 e5 d2 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4e7620 (size 64) | prf+N: seed-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55fd4c4e7620 | nss hmac digest hack: symkey-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1272451581: 22 d8 18 77 fc dc fb d4 13 d2 8d ff d3 ff 74 9b 60 35 bc 0f a8 d2 f1 37 5c 1b 9e 60 13 3a 88 1d 16 7e 6b 35 b8 b2 2d ac 7c 41 15 fa 8f 09 e3 38 17 c6 ab 41 ed 27 4c 5b 44 76 88 2d 0e 84 52 be | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 64 bytes at 0x55fd4c4e9158 | unwrapped: 52 42 a6 4f b9 ae d7 f0 18 e1 f6 13 b3 0b 6b b8 | unwrapped: f0 35 2d cd b9 3e 0a 80 df 34 34 5c e7 12 d0 26 | unwrapped: 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a 7a 20 e0 9c | unwrapped: cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 48 39 54 9a | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39865680 | result: final-key@0x55fd4c4ee4d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4ee4d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865668 | result: final-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4ee4d0 | prf+N PRF sha final-key@0x55fd4c44c080 (size 20) | prf+N: key-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffc398656f8 | result: result-key@0x55fd4c4ee4d0 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4d6a20 | prfplus: release old_t[N]-key@0x55fd4c4d6a20 | prf+N PRF sha init key-key@0x7f1618006bb0 (size 20) | prf+N: key-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865678 | result: clone-key@0x55fd4c4d6a20 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f161c002b50 from key-key@0x55fd4c4d6a20 | prf+N prf: begin sha with context 0x7f161c002b50 from key-key@0x55fd4c4d6a20 | prf+N: release clone-key@0x55fd4c4d6a20 | prf+N PRF sha crypt-prf@0x55fd4c4e8c28 | prf+N PRF sha update old_t-key@0x55fd4c44c080 (size 20) | prf+N: old_t-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c44c080 | nss hmac digest hack: symkey-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 6b 80 9e 1f 9c c7 45 c8 77 7e 95 ca 02 7e 23 e7 bc d8 f2 d2 75 db 89 26 6b 0b f2 4f 52 cf a5 d8 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x55fd4c4e8f98 | unwrapped: 44 41 38 59 4c ee 99 60 d1 6d f3 88 53 73 b1 d2 | unwrapped: be 60 20 2a 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4e7620 (size 64) | prf+N: seed-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55fd4c4e7620 | nss hmac digest hack: symkey-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1272451581: 22 d8 18 77 fc dc fb d4 13 d2 8d ff d3 ff 74 9b 60 35 bc 0f a8 d2 f1 37 5c 1b 9e 60 13 3a 88 1d 16 7e 6b 35 b8 b2 2d ac 7c 41 15 fa 8f 09 e3 38 17 c6 ab 41 ed 27 4c 5b 44 76 88 2d 0e 84 52 be | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 64 bytes at 0x7f1620002b78 | unwrapped: 52 42 a6 4f b9 ae d7 f0 18 e1 f6 13 b3 0b 6b b8 | unwrapped: f0 35 2d cd b9 3e 0a 80 df 34 34 5c e7 12 d0 26 | unwrapped: 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a 7a 20 e0 9c | unwrapped: cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 48 39 54 9a | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39865680 | result: final-key@0x55fd4c4d6640 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d6640 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865668 | result: final-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4d6640 | prf+N PRF sha final-key@0x55fd4c4d6a20 (size 20) | prf+N: key-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4ee4d0 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffc398656f8 | result: result-key@0x55fd4c4d6640 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4ee4d0 | prfplus: release old_t[N]-key@0x55fd4c44c080 | prf+N PRF sha init key-key@0x7f1618006bb0 (size 20) | prf+N: key-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865678 | result: clone-key@0x55fd4c44c080 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f161c002b50 from key-key@0x55fd4c44c080 | prf+N prf: begin sha with context 0x7f161c002b50 from key-key@0x55fd4c44c080 | prf+N: release clone-key@0x55fd4c44c080 | prf+N PRF sha crypt-prf@0x55fd4c4e9778 | prf+N PRF sha update old_t-key@0x55fd4c4d6a20 (size 20) | prf+N: old_t-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c4d6a20 | nss hmac digest hack: symkey-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 26 d8 d0 3f 7a 55 08 96 d8 36 7f 2d 9d 09 80 72 97 ea f8 2e 1a 2c f6 42 8b c4 25 61 7a de bf 78 | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x55fd4c4ee358 | unwrapped: 63 4f 72 02 ad 3b 10 21 4a 1f f9 ce f7 37 63 8c | unwrapped: 8b e3 3d 2a 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4e7620 (size 64) | prf+N: seed-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55fd4c4e7620 | nss hmac digest hack: symkey-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1272451581: 22 d8 18 77 fc dc fb d4 13 d2 8d ff d3 ff 74 9b 60 35 bc 0f a8 d2 f1 37 5c 1b 9e 60 13 3a 88 1d 16 7e 6b 35 b8 b2 2d ac 7c 41 15 fa 8f 09 e3 38 17 c6 ab 41 ed 27 4c 5b 44 76 88 2d 0e 84 52 be | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 64 bytes at 0x55fd4c4e9158 | unwrapped: 52 42 a6 4f b9 ae d7 f0 18 e1 f6 13 b3 0b 6b b8 | unwrapped: f0 35 2d cd b9 3e 0a 80 df 34 34 5c e7 12 d0 26 | unwrapped: 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a 7a 20 e0 9c | unwrapped: cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 48 39 54 9a | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39865680 | result: final-key@0x55fd4c4ee4d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4ee4d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865668 | result: final-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4ee4d0 | prf+N PRF sha final-key@0x55fd4c44c080 (size 20) | prf+N: key-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4d6640 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffc398656f8 | result: result-key@0x55fd4c4ee4d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4d6640 | prfplus: release old_t[N]-key@0x55fd4c4d6a20 | prf+N PRF sha init key-key@0x7f1618006bb0 (size 20) | prf+N: key-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f1618006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865678 | result: clone-key@0x55fd4c4d6a20 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f161c002b50 from key-key@0x55fd4c4d6a20 | prf+N prf: begin sha with context 0x7f161c002b50 from key-key@0x55fd4c4d6a20 | prf+N: release clone-key@0x55fd4c4d6a20 | prf+N PRF sha crypt-prf@0x55fd4c4eae68 | prf+N PRF sha update old_t-key@0x55fd4c44c080 (size 20) | prf+N: old_t-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55fd4c44c080 | nss hmac digest hack: symkey-key@0x55fd4c44c080 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1272451680: 84 48 c1 c8 57 15 61 38 6e 88 c8 2a 32 9a e7 07 b7 8b 9e a9 f6 01 f4 04 a6 1e 5b 88 fa dc fa 5d | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 32 bytes at 0x55fd4c4e8f98 | unwrapped: 51 23 f3 89 e9 58 17 04 fd 2b d2 46 2b d4 9f bb | unwrapped: ed 56 c5 bc 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55fd4c4e7620 (size 64) | prf+N: seed-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55fd4c4e7620 | nss hmac digest hack: symkey-key@0x55fd4c4e7620 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55fd4c4cfe50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1272451581: 22 d8 18 77 fc dc fb d4 13 d2 8d ff d3 ff 74 9b 60 35 bc 0f a8 d2 f1 37 5c 1b 9e 60 13 3a 88 1d 16 7e 6b 35 b8 b2 2d ac 7c 41 15 fa 8f 09 e3 38 17 c6 ab 41 ed 27 4c 5b 44 76 88 2d 0e 84 52 be | nss hmac digest hack: release slot-key-key@0x55fd4c4cfe50 | nss hmac digest hack extracted len 64 bytes at 0x7f1620002b78 | unwrapped: 52 42 a6 4f b9 ae d7 f0 18 e1 f6 13 b3 0b 6b b8 | unwrapped: f0 35 2d cd b9 3e 0a 80 df 34 34 5c e7 12 d0 26 | unwrapped: 78 47 f7 9d 90 1c dc e9 c5 f0 fe 6a 7a 20 e0 9c | unwrapped: cc 81 0f b4 83 ab 5a 90 a0 20 bb 67 48 39 54 9a | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc39865680 | result: final-key@0x55fd4c4d6640 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55fd4c4d6640 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39865668 | result: final-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55fd4c4d6640 | prf+N PRF sha final-key@0x55fd4c4d6a20 (size 20) | prf+N: key-key@0x55fd4c4d6a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55fd4c4ee4d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffc398656f8 | result: result-key@0x55fd4c4d6640 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55fd4c4ee4d0 | prfplus: release old_t[N]-key@0x55fd4c44c080 | prfplus: release old_t[final]-key@0x55fd4c4d6a20 | child_sa_keymat: release data-key@0x55fd4c4e7620 | key-offset: 0, key-size: 44 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 44-bytes | base: base-key@0x55fd4c4d6640 (100-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398657d8 | result: result-key@0x55fd4c4e7620 (44-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 44 bytes of key@0x55fd4c4e7620 | initiator to responder keys: symkey-key@0x55fd4c4e7620 (44-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x55fd4c4cfe50 (44-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)874526514: 14 44 d2 a0 54 66 e4 d7 7c 30 08 4e 3b 49 ea 21 41 23 ad b1 09 a2 0a 4e 44 ed 7f 0d 82 62 2e 37 d3 2e 33 c6 44 38 70 9b b6 45 7d 86 d5 76 a2 b8 | initiator to responder keys: release slot-key-key@0x55fd4c4cfe50 | initiator to responder keys extracted len 48 bytes at 0x7f160c001378 | unwrapped: 2f 49 96 3f 63 9e ba 69 1d d7 cf 43 b7 a4 84 3c | unwrapped: b8 58 e5 d2 44 41 38 59 4c ee 99 60 d1 6d f3 88 | unwrapped: 53 73 b1 d2 be 60 20 2a 63 4f 72 02 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x55fd4c4e7620 | key-offset: 44, key-size: 44 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 44-bytes | base: base-key@0x55fd4c4d6640 (100-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc398657d8 | result: result-key@0x55fd4c4e7620 (44-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 44 bytes of key@0x55fd4c4e7620 | responder to initiator keys:: symkey-key@0x55fd4c4e7620 (44-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55fd4c445ec0 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x55fd4c4cfe50 (44-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)874526514: ce bd ae 9f c9 9b 4b e0 82 92 26 42 4c 09 d9 8e 84 48 c1 c8 57 15 61 38 6e 88 c8 2a 32 9a e7 07 49 2e 40 98 88 4d b6 1c 00 a1 65 2f ba b7 4f 8a | responder to initiator keys:: release slot-key-key@0x55fd4c4cfe50 | responder to initiator keys: extracted len 48 bytes at 0x7f1608001858 | unwrapped: ad 3b 10 21 4a 1f f9 ce f7 37 63 8c 8b e3 3d 2a | unwrapped: 51 23 f3 89 e9 58 17 04 fd 2b d2 46 2b d4 9f bb | unwrapped: ed 56 c5 bc 92 b2 65 07 cd 81 de 06 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x55fd4c4e7620 | ikev2_derive_child_keys: release keymat-key@0x55fd4c4d6640 | #21 spent 1.56 milliseconds | install_ipsec_sa() for #22: inbound and outbound | could_route called for 3des (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn 3des mark 0/00000000, 0/00000000 vs | conn 3des mark 0/00000000, 0/00000000 | route owner of "3des" unrouted: NULL; eroute owner: NULL | looking for alg with encrypt: 3DES_CBC keylen: 192 integ: HMAC_SHA1_96 | encrypt 3DES_CBC keylen=192 transid=3, key_size=24, encryptalg=3 | st->st_esp.keymat_len=44 is encrypt_keymat_size=24 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection '3des' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.d7ad909d@192.1.2.23 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: 3DES_CBC keylen: 192 integ: HMAC_SHA1_96 | encrypt 3DES_CBC keylen=192 transid=3, key_size=24, encryptalg=3 | st->st_esp.keymat_len=44 is encrypt_keymat_size=24 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection '3des' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.a6041364@192.1.2.45 included non-error error | priority calculation of connection "3des" is 0xfe7e7 | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #22: unrouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn 3des mark 0/00000000, 0/00000000 vs | conn 3des mark 0/00000000, 0/00000000 | route owner of "3des" unrouted: NULL; eroute owner: NULL | route_and_eroute with c: 3des (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #22 | priority calculation of connection "3des" is 0xfe7e7 | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16428' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xd7ad909d SPI_OUT=0x | popen cmd is 1023 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFA: | cmd( 80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' : | cmd( 160):PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_M: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1642: | cmd( 320):8' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_: | cmd( 400):CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK=': | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+: | cmd( 640):IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PL: | cmd( 720):UTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS: | cmd( 800):_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLU: | cmd( 880):TO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR: | cmd( 960):ED='no' SPI_IN=0xd7ad909d SPI_OUT=0xa6041364 ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | running updown command "ipsec _updown" for verb prepare | command executing prepare-client | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16428' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xd7ad909d | popen cmd is 1028 chars long | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_IN: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@w: | cmd( 160):est' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLI: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: | cmd( 320):'16428' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_: | cmd( 400):PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_M: | cmd( 480):ASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='': | cmd( 560): PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PF: | cmd( 640):S+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANEN: | cmd( 720):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: | cmd( 800):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: | cmd( 880):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: | cmd( 960):_SHARED='no' SPI_IN=0xd7ad909d SPI_OUT=0xa6041364 ipsec _updown 2>&1: | running updown command "ipsec _updown" for verb route | command executing route-client | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16428' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xd7ad909d SPI_ | popen cmd is 1026 chars long | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTE: | cmd( 80):RFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@wes: | cmd( 160):t' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIEN: | cmd( 240):T_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1: | cmd( 320):6428' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PE: | cmd( 400):ER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MAS: | cmd( 480):K='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' P: | cmd( 560):LUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+: | cmd( 640):UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT': | cmd( 720): PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_: | cmd( 800):DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' : | cmd( 880):PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S: | cmd( 960):HARED='no' SPI_IN=0xd7ad909d SPI_OUT=0xa6041364 ipsec _updown 2>&1: | route_and_eroute: instance "3des", setting eroute_owner {spd=0x55fd4c4ee818,sr=0x55fd4c4ee818} to #22 (was #0) (newest_ipsec_sa=#0) | #21 spent 2.02 milliseconds in install_ipsec_sa() | inR2: instance 3des[0], setting IKEv2 newest_ipsec_sa to #22 (was #0) (spd.eroute=#22) cloned from #21 | state #22 requesting EVENT_RETRANSMIT to be deleted | #22 STATE_PARENT_I2: retransmits: cleared | libevent_free: release ptr-libevent@0x55fd4c4eaeb8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f1610002b78 | #22 spent 3.39 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() | [RE]START processing: state #22 connection "3des" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #22 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I | child state #22: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) | Message ID: updating counters for #22 to 1 after switching state | Message ID: recv #21.#22 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 | Message ID: #21.#22 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 | pstats #22 ikev2.child established "3des" #22: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] | NAT-T: encaps is 'auto' "3des" #22: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xd7ad909d <0xa6041364 xfrm=3DES_CBC-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | releasing whack for #22 (sock=fd@25) | close_any(fd@25) (in release_whack() at state.c:654) | releasing whack and unpending for parent #21 | unpending state #21 connection "3des" | delete from pending Child SA with 192.1.2.23 "3des" | removing pending policy for no connection {0x55fd4c4db198} | close_any(fd@24) (in release_whack() at state.c:654) | #22 will start re-keying in 27961 seconds with margin of 839 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x7f1610002b78 | inserting event EVENT_SA_REKEY, timeout in 27961 seconds for #22 | libevent_malloc: new ptr-libevent@0x55fd4c4eb208 size 128 | stop processing: state #22 connection "3des" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #21 spent 3.73 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 3.75 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00435 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00263 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00547 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | get_sa_info esp.a6041364@192.1.2.45 | get_sa_info esp.d7ad909d@192.1.2.23 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.525 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in terminate_a_connection() at terminate.c:69) "3des": terminating SAs using this connection | connection '3des' -POLICY_UP | FOR_EACH_STATE_... in shared_phase1_connection | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #22 | suspend processing: connection "3des" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #22 connection "3des" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #22 ikev2.child deleted completed | #22 spent 3.39 milliseconds in total | [RE]START processing: state #22 connection "3des" from 192.1.2.23 (in delete_state() at state.c:879) "3des" #22: deleting state (STATE_V2_IPSEC_I) aged 0.083s and sending notification | child state #22: V2_IPSEC_I(established CHILD SA) => delete | get_sa_info esp.d7ad909d@192.1.2.23 | get_sa_info esp.a6041364@192.1.2.45 "3des" #22: ESP traffic information: in=84B out=84B | #22 send IKEv2 delete notification for STATE_V2_IPSEC_I | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | 31 91 a7 e4 1f 1e 39 2b | responder cookie: | 3c ff 26 95 49 7e 55 86 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting 4 raw bytes of local spis into IKEv2 Delete Payload | local spis a6 04 13 64 | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 40 | emitting length of ISAKMP Message: 68 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 0e 4b f1 0d c3 3e 15 d7 | data before encryption: | 00 00 00 0c 03 04 00 01 a6 04 13 64 00 01 02 03 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | 50 5b fa 8e 21 d1 e9 82 62 83 a7 81 6c 3d 7a 2b | hmac PRF sha init symkey-key@0x55fd4c4cd5b0 (size 20) | hmac: symkey-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39862628 | result: clone-key@0x55fd4c4d6640 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f161c002b50 from symkey-key@0x55fd4c4d6640 | hmac prf: begin sha with context 0x7f161c002b50 from symkey-key@0x55fd4c4d6640 | hmac: release clone-key@0x55fd4c4d6640 | hmac PRF sha crypt-prf@0x55fd4c4eae68 | hmac PRF sha update data-bytes@0x7ffc39862a00 (length 56) | 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | 0e 4b f1 0d c3 3e 15 d7 50 5b fa 8e 21 d1 e9 82 | 62 83 a7 81 6c 3d 7a 2b | hmac PRF sha final-bytes@0x7ffc39862a38 (length 20) | 5c 27 3b 31 13 8f a2 ca fc 8d 4b 22 eb e4 44 d7 | e2 a9 e0 2f | data being hmac: 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | data being hmac: 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | data being hmac: 0e 4b f1 0d c3 3e 15 d7 50 5b fa 8e 21 d1 e9 82 | data being hmac: 62 83 a7 81 6c 3d 7a 2b | out calculated auth: | 5c 27 3b 31 13 8f a2 ca fc 8d 4b 22 | sending 68 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #22) | 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | 0e 4b f1 0d c3 3e 15 d7 50 5b fa 8e 21 d1 e9 82 | 62 83 a7 81 6c 3d 7a 2b 5c 27 3b 31 13 8f a2 ca | fc 8d 4b 22 | Message ID: IKE #21 sender #22 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 | Message ID: IKE #21 sender #22 in send_delete hacking around record ' send | Message ID: sent #21 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->2 wip.responder=-1 | state #22 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x55fd4c4eb208 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f1610002b78 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16428' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844019' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xd7ad909d | popen cmd is 1031 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west: | cmd( 160):' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):428' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='1566844019' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUN: | cmd( 640):NEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMA: | cmd( 720):NENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_: | cmd( 800):PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER: | cmd( 880):='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' : | cmd( 960):VTI_SHARED='no' SPI_IN=0xd7ad909d SPI_OUT=0xa6041364 ipsec _updown 2>&1: | shunt_eroute() called for connection '3des' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "3des" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.d7ad909d@192.1.2.23 | netlink response for Del SA esp.d7ad909d@192.1.2.23 included non-error error | priority calculation of connection "3des" is 0xfe7e7 | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | delete esp.a6041364@192.1.2.45 | netlink response for Del SA esp.a6041364@192.1.2.45 included non-error error | stop processing: connection "3des" (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection 3des | State DB: deleting IKEv2 state #22 in V2_IPSEC_I | child state #22: V2_IPSEC_I(established CHILD SA) => UNDEFINED(ignore) | stop processing: state #22 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f1618006bb0 | delete_state: release st->st_skey_ai_nss-key@0x55fd4c4cd5b0 | delete_state: release st->st_skey_ar_nss-key@0x55fd4c4d3130 | delete_state: release st->st_skey_ei_nss-key@0x55fd4c4ecc80 | delete_state: release st->st_skey_er_nss-key@0x55fd4c4d4be0 | delete_state: release st->st_skey_pi_nss-key@0x7f161800a0e0 | delete_state: release st->st_skey_pr_nss-key@0x55fd4c4ed620 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #21 | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #21 | start processing: state #21 connection "3des" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #21 ikev2.ike deleted completed | #21 spent 9.71 milliseconds in total | [RE]START processing: state #21 connection "3des" from 192.1.2.23 (in delete_state() at state.c:879) "3des" #21: deleting state (STATE_PARENT_I3) aged 0.101s and sending notification | parent state #21: PARENT_I3(established IKE SA) => delete | #21 send IKEv2 delete notification for STATE_PARENT_I3 | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | 31 91 a7 e4 1f 1e 39 2b | responder cookie: | 3c ff 26 95 49 7e 55 86 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting length of IKEv2 Delete Payload: 8 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 40 | emitting length of ISAKMP Message: 68 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 98 ba 46 3c 94 d2 e2 27 | data before encryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | a6 e8 aa d9 b9 bc a9 8a a6 4e 5e 3b 82 36 8f ec | hmac PRF sha init symkey-key@0x55fd4c4cd5b0 (size 20) | hmac: symkey-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55fd4c4cd5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc39862628 | result: clone-key@0x55fd4c4d6640 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f1610002b50 from symkey-key@0x55fd4c4d6640 | hmac prf: begin sha with context 0x7f1610002b50 from symkey-key@0x55fd4c4d6640 | hmac: release clone-key@0x55fd4c4d6640 | hmac PRF sha crypt-prf@0x55fd4c4e9108 | hmac PRF sha update data-bytes@0x7ffc39862a00 (length 56) | 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | 98 ba 46 3c 94 d2 e2 27 a6 e8 aa d9 b9 bc a9 8a | a6 4e 5e 3b 82 36 8f ec | hmac PRF sha final-bytes@0x7ffc39862a38 (length 20) | b8 4e 86 61 03 ae ed 7a ae 4a cf 2b c5 3c 31 55 | 06 46 9e 21 | data being hmac: 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | data being hmac: 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | data being hmac: 98 ba 46 3c 94 d2 e2 27 a6 e8 aa d9 b9 bc a9 8a | data being hmac: a6 4e 5e 3b 82 36 8f ec | out calculated auth: | b8 4e 86 61 03 ae ed 7a ae 4a cf 2b | sending 68 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #21) | 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | 98 ba 46 3c 94 d2 e2 27 a6 e8 aa d9 b9 bc a9 8a | a6 4e 5e 3b 82 36 8f ec b8 4e 86 61 03 ae ed 7a | ae 4a cf 2b | Message ID: IKE #21 sender #21 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 | Message ID: IKE #21 sender #21 in send_delete hacking around record ' send | Message ID: #21 XXX: expecting sender.wip.initiator 2 == -1 - suspect record'n'send out-of-order?); initiator.sent=3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=3 wip.responder=-1 | Message ID: sent #21 request 3; ike: initiator.sent=2->3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=2->3 wip.responder=-1 | state #21 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7f16200048f8 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f160c002b78 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection 3des | State DB: deleting IKEv2 state #21 in PARENT_I3 | parent state #21: PARENT_I3(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f160c006788: destroyed | stop processing: state #21 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x7f161800d840 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f1618006bb0 | delete_state: release st->st_skey_ai_nss-key@0x55fd4c4cd5b0 | delete_state: release st->st_skey_ar_nss-key@0x55fd4c4d3130 | delete_state: release st->st_skey_ei_nss-key@0x55fd4c4ecc80 | delete_state: release st->st_skey_er_nss-key@0x55fd4c4d4be0 | delete_state: release st->st_skey_pi_nss-key@0x7f161800a0e0 | delete_state: release st->st_skey_pr_nss-key@0x55fd4c4ed620 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.57 milliseconds in whack | spent 0.00154 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 68 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | 2e 20 25 20 00 00 00 02 00 00 00 44 2a 00 00 28 | b8 1c 96 d0 d1 c8 2e bd 01 c9 0b 12 af 8f 61 54 | 94 eb 59 d0 b1 7c c6 f3 1d 9e 3d a2 1f e0 c0 06 | e5 99 ce ba | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 31 91 a7 e4 1f 1e 39 2b | responder cookie: | 3c ff 26 95 49 7e 55 86 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | length: 68 (0x44) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0584 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00442 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00234 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 60 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 31 91 a7 e4 1f 1e 39 2b 3c ff 26 95 49 7e 55 86 | 2e 20 25 20 00 00 00 03 00 00 00 3c 00 00 00 20 | 95 7e e1 63 91 38 56 1e ef ca 19 a0 00 d8 d8 40 | f7 58 20 87 42 f0 9c 2c ed 43 f4 61 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 31 91 a7 e4 1f 1e 39 2b | responder cookie: | 3c ff 26 95 49 7e 55 86 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | length: 60 (0x3c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0625 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in terminate_a_connection() at terminate.c:69) "3des": terminating SAs using this connection | connection '3des' -POLICY_UP | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | stop processing: connection "3des" (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | shunt_eroute() called for connection '3des' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "3des" is 0xfe7e7 | priority calculation of connection "3des" is 0xfe7e7 | FOR_EACH_CONNECTION_... in route_owner | conn 3des mark 0/00000000, 0/00000000 vs | conn 3des mark 0/00000000, 0/00000000 | route owner of "3des" unrouted: NULL | running updown command "ipsec _updown" for verb unroute | command executing unroute-client | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16428' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0 | popen cmd is 1012 chars long | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_IN: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@w: | cmd( 160):est' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLI: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: | cmd( 320):'16428' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO: | cmd( 400):_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_: | cmd( 480):MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=': | cmd( 560):' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+P: | cmd( 640):FS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT': | cmd( 720): PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_: | cmd( 800):DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' : | cmd( 880):PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S: | cmd( 960):HARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. | free hp@0x55fd4c4e8e78 | flush revival: connection '3des' wasn't on the list | stop processing: connection "3des" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.03 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00395 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | ike-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0484 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + delete-on-retransmit | base impairing = delete-on-retransmit | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.293 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | ike-key-length-attribute:192 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0654 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection 3des with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: 3DES_CBC-HMAC_SHA1-MODP2048 | from whack: got --esp=3des-sha1;modp2048 | ESP/AH string values: 3DES_CBC-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x55fd4c4e8e78 added connection description "3des" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.111 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in initiate_a_connection() at initiate.c:186) | connection '3des' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #23 at 0x55fd4c4ed818 | State DB: adding IKEv2 state #23 in UNDEFINED | pstats #23 ikev2.ike started | Message ID: init #23: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #23: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #23; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "3des" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #23 connection "3des" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "3des" IKE SA #23 "3des" "3des" #23: initiating v2 parent SA | constructing local IKE proposals for 3des (IKE SA initiator selecting KE) | converting ike_info 3DES_CBC-HMAC_SHA1-MODP2048 to ikev2 ... | omitting IKEv2 PROTO_v2_IKE 3des_cbc ENCRYPT transform key-length | ... ikev2_proposal: 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "3des": constructed local IKE proposals for 3des (IKE SA initiator selecting KE): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 23 for state #23 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f160c002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #23 | libevent_malloc: new ptr-libevent@0x55fd4c4e8b78 size 128 | #23 spent 0.092 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #23 connection "3des" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "3des" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.14 milliseconds in whack | crypto helper 3 resuming | crypto helper 3 starting work-order 23 for state #23 | crypto helper 3 doing build KE and nonce (ikev2_outI1 KE); request ID 23 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f16180103b8: created | NSS: Local DH MODP2048 secret (pointer): 0x7f16180103b8 | NSS: Public DH wire value: | bc 9f 5a 93 d6 fd 00 f2 f9 11 53 29 0d f0 8d ca | 32 8b a3 41 5d 3e 2e 7f 50 2f 85 5d 43 5a 34 80 | 1b ea c2 de ee b9 64 e5 ff e7 68 0c 1f 8b 3b 83 | d6 8d 15 7a 7c 8f a3 83 45 8c 5c 57 f4 cf 40 59 | eb 92 02 db 8e 90 ee 84 1f cc 5a 53 07 37 2b 7f | 3c b7 18 71 a7 79 41 5a c0 fc 46 3e a7 b2 9a 44 | 60 96 09 e3 3f 6c 5e 55 84 84 de bd c3 31 cf 1e | 60 11 26 a0 89 5c f3 a2 9f 86 7c 02 9d 19 bc 82 | 22 61 5b 01 57 ea 22 16 d4 56 b8 bc 40 9b 73 30 | 27 c1 4a b0 d8 2d 2e 50 ab 93 e9 f0 1c bb 4e b2 | 35 0d 18 86 15 d0 27 05 79 16 96 85 93 f9 0f 14 | e6 e8 51 98 6d d4 a9 00 0a 70 84 3e 36 19 ae 5e | ea 0c d4 72 4c ff 31 cf 1e 10 2b b5 d5 7b 98 35 | 81 2f fe 32 98 0d bf 7f 04 0b c1 f5 0c e2 ad 18 | 90 b2 c5 19 46 e3 da 1f c2 54 f3 9d c5 a8 de 32 | 1f 55 3f 36 67 b6 d7 d2 25 bb 49 41 cc 2a 8d bc | Generated nonce: 4a f3 c0 9d 48 6e 09 c3 30 61 d5 ba 4c 0f 53 96 | Generated nonce: 1e 06 c2 ab 8a 4a 63 e2 1c 6d f0 c7 36 b1 e0 03 | crypto helper 3 finished build KE and nonce (ikev2_outI1 KE); request ID 23 time elapsed 0.000629 seconds | (#23) spent 0.628 milliseconds in crypto helper computing work-order 23: ikev2_outI1 KE (pcr) | crypto helper 3 sending results from work-order 23 for state #23 to event queue | scheduling resume sending helper answer for #23 | libevent_malloc: new ptr-libevent@0x7f1618005088 size 128 | crypto helper 3 waiting (nothing to do) | processing resume sending helper answer for #23 | start processing: state #23 connection "3des" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 23 | calling continuation function 0x55fd4bceeb50 | ikev2_parent_outI1_continue for #23 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f16180103b8: transferring ownership from helper KE to state #23 | **emit ISAKMP Message: | initiator cookie: | f5 87 e4 83 5b ca 11 7d | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection 3des (IKE SA initiator emitting local proposals): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "3des" #23: IMPAIR: emitting fixed-length key-length attribute with 192 key | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 192 (0xc0) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x bc 9f 5a 93 d6 fd 00 f2 f9 11 53 29 0d f0 8d ca | ikev2 g^x 32 8b a3 41 5d 3e 2e 7f 50 2f 85 5d 43 5a 34 80 | ikev2 g^x 1b ea c2 de ee b9 64 e5 ff e7 68 0c 1f 8b 3b 83 | ikev2 g^x d6 8d 15 7a 7c 8f a3 83 45 8c 5c 57 f4 cf 40 59 | ikev2 g^x eb 92 02 db 8e 90 ee 84 1f cc 5a 53 07 37 2b 7f | ikev2 g^x 3c b7 18 71 a7 79 41 5a c0 fc 46 3e a7 b2 9a 44 | ikev2 g^x 60 96 09 e3 3f 6c 5e 55 84 84 de bd c3 31 cf 1e | ikev2 g^x 60 11 26 a0 89 5c f3 a2 9f 86 7c 02 9d 19 bc 82 | ikev2 g^x 22 61 5b 01 57 ea 22 16 d4 56 b8 bc 40 9b 73 30 | ikev2 g^x 27 c1 4a b0 d8 2d 2e 50 ab 93 e9 f0 1c bb 4e b2 | ikev2 g^x 35 0d 18 86 15 d0 27 05 79 16 96 85 93 f9 0f 14 | ikev2 g^x e6 e8 51 98 6d d4 a9 00 0a 70 84 3e 36 19 ae 5e | ikev2 g^x ea 0c d4 72 4c ff 31 cf 1e 10 2b b5 d5 7b 98 35 | ikev2 g^x 81 2f fe 32 98 0d bf 7f 04 0b c1 f5 0c e2 ad 18 | ikev2 g^x 90 b2 c5 19 46 e3 da 1f c2 54 f3 9d c5 a8 de 32 | ikev2 g^x 1f 55 3f 36 67 b6 d7 d2 25 bb 49 41 cc 2a 8d bc | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 4a f3 c0 9d 48 6e 09 c3 30 61 d5 ba 4c 0f 53 96 | IKEv2 nonce 1e 06 c2 ab 8a 4a 63 e2 1c 6d f0 c7 36 b1 e0 03 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865e90 (length 8) | f5 87 e4 83 5b ca 11 7d | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865e98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffc39865dc4 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffc39865db6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865e40 (length 20) | a1 ec 32 fa 73 7c f0 f6 68 19 de 9b 8d c6 c2 d7 | 53 ff 13 c9 | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= f5 87 e4 83 5b ca 11 7d | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= a1 ec 32 fa 73 7c f0 f6 68 19 de 9b 8d c6 c2 d7 | natd_hash: hash= 53 ff 13 c9 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data a1 ec 32 fa 73 7c f0 f6 68 19 de 9b 8d c6 c2 d7 | Notify data 53 ff 13 c9 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865e90 (length 8) | f5 87 e4 83 5b ca 11 7d | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865e98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffc39865dc4 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffc39865db6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865e40 (length 20) | be f9 a2 9c 8d 80 14 a7 7e 43 bc 28 73 17 7d e4 | c8 4c 04 08 | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= f5 87 e4 83 5b ca 11 7d | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= be f9 a2 9c 8d 80 14 a7 7e 43 bc 28 73 17 7d e4 | natd_hash: hash= c8 4c 04 08 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data be f9 a2 9c 8d 80 14 a7 7e 43 bc 28 73 17 7d e4 | Notify data c8 4c 04 08 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #23 connection "3des" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #23 connection "3des" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #23 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #23: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #23 to 4294967295 after switching state | Message ID: IKE #23 skipping update_recv as MD is fake | Message ID: sent #23 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "3des" #23: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #23) | f5 87 e4 83 5b ca 11 7d 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 c0 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 bc 9f 5a 93 d6 fd 00 f2 f9 11 53 29 | 0d f0 8d ca 32 8b a3 41 5d 3e 2e 7f 50 2f 85 5d | 43 5a 34 80 1b ea c2 de ee b9 64 e5 ff e7 68 0c | 1f 8b 3b 83 d6 8d 15 7a 7c 8f a3 83 45 8c 5c 57 | f4 cf 40 59 eb 92 02 db 8e 90 ee 84 1f cc 5a 53 | 07 37 2b 7f 3c b7 18 71 a7 79 41 5a c0 fc 46 3e | a7 b2 9a 44 60 96 09 e3 3f 6c 5e 55 84 84 de bd | c3 31 cf 1e 60 11 26 a0 89 5c f3 a2 9f 86 7c 02 | 9d 19 bc 82 22 61 5b 01 57 ea 22 16 d4 56 b8 bc | 40 9b 73 30 27 c1 4a b0 d8 2d 2e 50 ab 93 e9 f0 | 1c bb 4e b2 35 0d 18 86 15 d0 27 05 79 16 96 85 | 93 f9 0f 14 e6 e8 51 98 6d d4 a9 00 0a 70 84 3e | 36 19 ae 5e ea 0c d4 72 4c ff 31 cf 1e 10 2b b5 | d5 7b 98 35 81 2f fe 32 98 0d bf 7f 04 0b c1 f5 | 0c e2 ad 18 90 b2 c5 19 46 e3 da 1f c2 54 f3 9d | c5 a8 de 32 1f 55 3f 36 67 b6 d7 d2 25 bb 49 41 | cc 2a 8d bc 29 00 00 24 4a f3 c0 9d 48 6e 09 c3 | 30 61 d5 ba 4c 0f 53 96 1e 06 c2 ab 8a 4a 63 e2 | 1c 6d f0 c7 36 b1 e0 03 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 a1 ec 32 fa 73 7c f0 f6 | 68 19 de 9b 8d c6 c2 d7 53 ff 13 c9 00 00 00 1c | 00 00 40 05 be f9 a2 9c 8d 80 14 a7 7e 43 bc 28 | 73 17 7d e4 c8 4c 04 08 | state #23 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55fd4c4e8b78 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f160c002b78 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x7f160c002b78 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #23 | libevent_malloc: new ptr-libevent@0x55fd4c4eb208 size 128 | #23 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29305.527609 | resume sending helper answer for #23 suppresed complete_v2_state_transition() and stole MD | #23 spent 0.513 milliseconds in resume sending helper answer | stop processing: state #23 connection "3des" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f1618005088 | spent 0.00213 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | f5 87 e4 83 5b ca 11 7d 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | f5 87 e4 83 5b ca 11 7d | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #23 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #23 connection "3des" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #23 connection "3des" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #23 is idle | #23 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #23 IKE SPIi and SPI[ir] | #23 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "3des" #23: STATE_PARENT_I1: received unauthenticated v2N_NO_PROPOSAL_CHOSEN - ignored | #23 spent 0.00777 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #23 connection "3des" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #23 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #23 connection "3des" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #23 spent 0.113 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.121 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x7f160c002b78 | handling event EVENT_RETRANSMIT for parent state #23 | start processing: state #23 connection "3des" from 192.1.2.23 (in timer_event_cb() at timer.c:250) | IKEv2 retransmit event | [RE]START processing: state #23 connection "3des" from 192.1.2.23 (in retransmit_v2_msg() at retry.c:144) | handling event EVENT_RETRANSMIT for 192.1.2.23 "3des" #23 attempt 2 of 0 | and parent for 192.1.2.23 "3des" #23 keying attempt 1 of 0; retransmit 1 "3des" #23: IMPAIR: retransmit so deleting SA | maximum number of keyingtries reached - deleting state | [RE]START processing: state #23 connection "3des" from 192.1.2.23 (in retransmit_v2_msg() at retry.c:234) | pstats #23 ikev2.ike failed too-many-retransmits | pstats #23 ikev2.ike deleted too-many-retransmits | #23 spent 1.35 milliseconds in total | [RE]START processing: state #23 connection "3des" from 192.1.2.23 (in delete_state() at state.c:879) "3des" #23: deleting state (STATE_PARENT_I1) aged 0.502s and NOT sending notification | parent state #23: PARENT_I1(half-open IKE SA) => delete | in connection_discard for connection 3des | close_any(fd@25) (in delete_pending() at pending.c:244) | removing pending policy for "3des" {0x55fd4c4db198} | State DB: IKEv2 state not found (flush_incomplete_children) | picked newest_isakmp_sa #0 for #23 "3des" #23: deleting IKE SA for connection '3des' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS | add revival: connection '3des' added to the list and scheduled for 0 seconds | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds | in connection_discard for connection 3des | State DB: deleting IKEv2 state #23 in PARENT_I1 | parent state #23: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | close_any(fd@24) (in release_whack() at state.c:654) | DH secret MODP2048@0x7f16180103b8: destroyed | stop processing: state #23 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | libevent_free: release ptr-libevent@0x55fd4c4eb208 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f160c002b78 | in statetime_stop() and could not find #23 | processing: STOP state #0 (in timer_event_cb() at timer.c:557) | processing global timer EVENT_REVIVE_CONNS Initiating connection 3des which received a Delete/Notify but must remain up per local policy | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in initiate_a_connection() at initiate.c:186) | connection '3des' +POLICY_UP | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #24 at 0x55fd4c4ed818 | State DB: adding IKEv2 state #24 in UNDEFINED | pstats #24 ikev2.ike started | Message ID: init #24: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #24: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #24; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "3des" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #24 connection "3des" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "3des" IKE SA #24 "3des" "3des" #24: initiating v2 parent SA | using existing local IKE proposals for connection 3des (IKE SA initiator selecting KE): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 24 for state #24 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f160c002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #24 | libevent_malloc: new ptr-libevent@0x7f1618005088 size 128 | #24 spent 0.108 milliseconds in ikev2_parent_outI1() | RESET processing: state #24 connection "3des" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 5 resuming | crypto helper 5 starting work-order 24 for state #24 | RESET processing: connection "3des" (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 5 doing build KE and nonce (ikev2_outI1 KE); request ID 24 | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | spent 0.152 milliseconds in global timer EVENT_REVIVE_CONNS | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f161c001278: created | NSS: Local DH MODP2048 secret (pointer): 0x7f161c001278 | NSS: Public DH wire value: | 47 ce d0 53 89 d7 b9 35 3d f7 da c1 71 4e af 19 | b8 2b b6 42 f0 36 99 32 ea d2 76 b9 3a 37 22 e3 | 0b 07 70 16 8b f7 2e af 4e ee 73 39 74 3c cf d5 | e4 cb 90 6a 68 0b 14 40 38 1b cd de e2 64 c0 56 | 43 52 68 b4 05 15 6a e0 ac 59 a9 2f b8 51 6c 88 | 6c fe 82 22 45 6b 65 44 24 cc b5 f9 05 49 81 d8 | 2f 8d ad d9 2b 76 dc 54 fa ef b0 71 35 6b eb 28 | 1d 85 91 fa c9 de 61 ec 45 a0 89 f7 2e c8 ab 28 | 03 fa 87 6e a4 f2 cd 7c 52 b3 88 ce 36 6d d1 0c | 95 b7 5b f2 f0 1a ac 4e 5a a9 b7 02 82 1a e9 4b | 6c b1 a0 d9 e3 8c 07 90 2b 9b 56 ba 06 b9 f5 b8 | a8 c9 50 24 31 1a 02 8b cc 52 f5 58 bb e1 f3 98 | bb e3 73 76 bb 5e 33 ad b8 94 9b 77 6b 58 43 eb | ad 43 54 db 96 d6 f4 3e c7 b4 7f 61 c2 bb 09 6b | 39 9f a1 0a 19 dd 33 d8 25 1d 31 b5 51 7a 49 08 | a5 13 53 7e 72 39 f6 3f d8 2d fc c0 e7 33 68 36 | Generated nonce: 7f 3c 6c 83 6d c8 86 12 44 40 e3 4a ff 9b 00 f0 | Generated nonce: 4d fd 6b 75 de 09 1e 9c 4a 7f 1b 5d f3 8d 53 32 | crypto helper 5 finished build KE and nonce (ikev2_outI1 KE); request ID 24 time elapsed 0.000993 seconds | (#24) spent 0.98 milliseconds in crypto helper computing work-order 24: ikev2_outI1 KE (pcr) | crypto helper 5 sending results from work-order 24 for state #24 to event queue | scheduling resume sending helper answer for #24 | libevent_malloc: new ptr-libevent@0x7f161c0014a8 size 128 | crypto helper 5 waiting (nothing to do) | processing resume sending helper answer for #24 | start processing: state #24 connection "3des" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 5 replies to request ID 24 | calling continuation function 0x55fd4bceeb50 | ikev2_parent_outI1_continue for #24 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f161c001278: transferring ownership from helper KE to state #24 | **emit ISAKMP Message: | initiator cookie: | 66 c2 d1 b5 26 39 da 11 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection 3des (IKE SA initiator emitting local proposals): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "3des" #24: IMPAIR: emitting fixed-length key-length attribute with 192 key | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 192 (0xc0) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 47 ce d0 53 89 d7 b9 35 3d f7 da c1 71 4e af 19 | ikev2 g^x b8 2b b6 42 f0 36 99 32 ea d2 76 b9 3a 37 22 e3 | ikev2 g^x 0b 07 70 16 8b f7 2e af 4e ee 73 39 74 3c cf d5 | ikev2 g^x e4 cb 90 6a 68 0b 14 40 38 1b cd de e2 64 c0 56 | ikev2 g^x 43 52 68 b4 05 15 6a e0 ac 59 a9 2f b8 51 6c 88 | ikev2 g^x 6c fe 82 22 45 6b 65 44 24 cc b5 f9 05 49 81 d8 | ikev2 g^x 2f 8d ad d9 2b 76 dc 54 fa ef b0 71 35 6b eb 28 | ikev2 g^x 1d 85 91 fa c9 de 61 ec 45 a0 89 f7 2e c8 ab 28 | ikev2 g^x 03 fa 87 6e a4 f2 cd 7c 52 b3 88 ce 36 6d d1 0c | ikev2 g^x 95 b7 5b f2 f0 1a ac 4e 5a a9 b7 02 82 1a e9 4b | ikev2 g^x 6c b1 a0 d9 e3 8c 07 90 2b 9b 56 ba 06 b9 f5 b8 | ikev2 g^x a8 c9 50 24 31 1a 02 8b cc 52 f5 58 bb e1 f3 98 | ikev2 g^x bb e3 73 76 bb 5e 33 ad b8 94 9b 77 6b 58 43 eb | ikev2 g^x ad 43 54 db 96 d6 f4 3e c7 b4 7f 61 c2 bb 09 6b | ikev2 g^x 39 9f a1 0a 19 dd 33 d8 25 1d 31 b5 51 7a 49 08 | ikev2 g^x a5 13 53 7e 72 39 f6 3f d8 2d fc c0 e7 33 68 36 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 7f 3c 6c 83 6d c8 86 12 44 40 e3 4a ff 9b 00 f0 | IKEv2 nonce 4d fd 6b 75 de 09 1e 9c 4a 7f 1b 5d f3 8d 53 32 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865e90 (length 8) | 66 c2 d1 b5 26 39 da 11 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865e98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffc39865dc4 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffc39865db6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865e40 (length 20) | 6f 3b 8f 8a fd 5b 76 85 0c d3 04 d6 2a 74 ae ab | ef 97 9f e8 | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= 66 c2 d1 b5 26 39 da 11 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 6f 3b 8f 8a fd 5b 76 85 0c d3 04 d6 2a 74 ae ab | natd_hash: hash= ef 97 9f e8 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 6f 3b 8f 8a fd 5b 76 85 0c d3 04 d6 2a 74 ae ab | Notify data ef 97 9f e8 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc39865e90 (length 8) | 66 c2 d1 b5 26 39 da 11 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc39865e98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffc39865dc4 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffc39865db6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc39865e40 (length 20) | 1c 9f e1 53 74 10 e7 b8 f0 64 77 8e 9b db db f8 | 6f 1e e5 93 | natd_hash: hasher=0x55fd4bdc3800(20) | natd_hash: icookie= 66 c2 d1 b5 26 39 da 11 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 1c 9f e1 53 74 10 e7 b8 f0 64 77 8e 9b db db f8 | natd_hash: hash= 6f 1e e5 93 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 1c 9f e1 53 74 10 e7 b8 f0 64 77 8e 9b db db f8 | Notify data 6f 1e e5 93 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #24 connection "3des" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #24 connection "3des" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #24 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #24: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #24 to 4294967295 after switching state | Message ID: IKE #24 skipping update_recv as MD is fake | Message ID: sent #24 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "3des" #24: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #24) | 66 c2 d1 b5 26 39 da 11 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 c0 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 47 ce d0 53 89 d7 b9 35 3d f7 da c1 | 71 4e af 19 b8 2b b6 42 f0 36 99 32 ea d2 76 b9 | 3a 37 22 e3 0b 07 70 16 8b f7 2e af 4e ee 73 39 | 74 3c cf d5 e4 cb 90 6a 68 0b 14 40 38 1b cd de | e2 64 c0 56 43 52 68 b4 05 15 6a e0 ac 59 a9 2f | b8 51 6c 88 6c fe 82 22 45 6b 65 44 24 cc b5 f9 | 05 49 81 d8 2f 8d ad d9 2b 76 dc 54 fa ef b0 71 | 35 6b eb 28 1d 85 91 fa c9 de 61 ec 45 a0 89 f7 | 2e c8 ab 28 03 fa 87 6e a4 f2 cd 7c 52 b3 88 ce | 36 6d d1 0c 95 b7 5b f2 f0 1a ac 4e 5a a9 b7 02 | 82 1a e9 4b 6c b1 a0 d9 e3 8c 07 90 2b 9b 56 ba | 06 b9 f5 b8 a8 c9 50 24 31 1a 02 8b cc 52 f5 58 | bb e1 f3 98 bb e3 73 76 bb 5e 33 ad b8 94 9b 77 | 6b 58 43 eb ad 43 54 db 96 d6 f4 3e c7 b4 7f 61 | c2 bb 09 6b 39 9f a1 0a 19 dd 33 d8 25 1d 31 b5 | 51 7a 49 08 a5 13 53 7e 72 39 f6 3f d8 2d fc c0 | e7 33 68 36 29 00 00 24 7f 3c 6c 83 6d c8 86 12 | 44 40 e3 4a ff 9b 00 f0 4d fd 6b 75 de 09 1e 9c | 4a 7f 1b 5d f3 8d 53 32 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 6f 3b 8f 8a fd 5b 76 85 | 0c d3 04 d6 2a 74 ae ab ef 97 9f e8 00 00 00 1c | 00 00 40 05 1c 9f e1 53 74 10 e7 b8 f0 64 77 8e | 9b db db f8 6f 1e e5 93 | state #24 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f1618005088 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f160c002b78 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x7f160c002b78 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #24 | libevent_malloc: new ptr-libevent@0x55fd4c4eb208 size 128 | #24 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29306.030597 | resume sending helper answer for #24 suppresed complete_v2_state_transition() and stole MD | #24 spent 0.59 milliseconds in resume sending helper answer | stop processing: state #24 connection "3des" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f161c0014a8 | spent 0.00338 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 66 c2 d1 b5 26 39 da 11 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 66 c2 d1 b5 26 39 da 11 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #24 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #24 connection "3des" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #24 connection "3des" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #24 is idle | #24 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #24 IKE SPIi and SPI[ir] | #24 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "3des" #24: STATE_PARENT_I1: received unauthenticated v2N_NO_PROPOSAL_CHOSEN - ignored | #24 spent 0.00557 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #24 connection "3des" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #24 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #24 connection "3des" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #24 spent 0.16 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.176 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0487 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in terminate_a_connection() at terminate.c:69) "3des": terminating SAs using this connection | connection '3des' -POLICY_UP | removing pending policy for no connection {0x55fd4c4db198} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #24 | suspend processing: connection "3des" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #24 connection "3des" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #24 ikev2.ike deleted other | #24 spent 1.84 milliseconds in total | [RE]START processing: state #24 connection "3des" from 192.1.2.23 (in delete_state() at state.c:879) "3des" #24: deleting state (STATE_PARENT_I1) aged 0.017s and NOT sending notification | parent state #24: PARENT_I1(half-open IKE SA) => delete | state #24 requesting EVENT_RETRANSMIT to be deleted | #24 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x55fd4c4eb208 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f160c002b78 | State DB: IKEv2 state not found (flush_incomplete_children) | stop processing: connection "3des" (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection 3des | State DB: deleting IKEv2 state #24 in PARENT_I1 | parent state #24: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f161c001278: destroyed | stop processing: state #24 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x55fd4c4e8e78 | flush revival: connection '3des' wasn't on the list | stop processing: connection "3des" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.205 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | ike-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0628 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_STATE_... in show_states_status (sort_states) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.343 milliseconds in whack | spent 0.00308 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 8f 95 81 70 ae b8 a3 89 94 07 0e 6f 00 e5 08 47 | 2e 20 25 00 00 00 00 00 00 00 00 4c 2a 00 00 30 | 9c 56 65 5c 40 aa 41 c0 a3 24 8b c8 2b 53 14 0b | 57 67 93 c6 6b a2 bf ba 46 f9 85 7c 0f 7d b3 f7 | 10 ee 56 2d 61 bc 17 a9 aa a4 05 fb | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 8f 95 81 70 ae b8 a3 89 | responder cookie: | 94 07 0e 6f 00 e5 08 47 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: none (0x0) | Message ID: 0 (0x0) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: INFORMATIONAL message request has no corresponding IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0507 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00181 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 26 fd 91 00 6e 77 b5 b1 21 84 58 56 c8 5b a4 f1 | 2e 20 25 00 00 00 00 00 00 00 00 4c 2a 00 00 30 | d7 20 f2 29 70 ff 74 e7 db 01 a0 2c a0 ab 28 73 | da 2e 7c ef fb a4 81 7e 1a aa 31 b2 51 4d d6 52 | 39 88 0d 32 f1 53 23 ba db 07 29 f3 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 26 fd 91 00 6e 77 b5 b1 | responder cookie: | 21 84 58 56 c8 5b a4 f1 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: none (0x0) | Message ID: 0 (0x0) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: INFORMATIONAL message request has no corresponding IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0473 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) shutting down | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' | crl fetch request list locked by 'free_crl_fetch' | crl fetch request list unlocked by 'free_crl_fetch' shutting down interface lo/lo 127.0.0.1:4500 shutting down interface lo/lo 127.0.0.1:500 shutting down interface eth0/eth0 192.0.1.254:4500 shutting down interface eth0/eth0 192.0.1.254:500 shutting down interface eth1/eth1 192.1.2.45:4500 shutting down interface eth1/eth1 192.1.2.45:500 | FOR_EACH_STATE_... in delete_states_dead_interfaces | libevent_free: release ptr-libevent@0x55fd4c4dbd88 | free_event_entry: release EVENT_NULL-pe@0x55fd4c4e7b58 | libevent_free: release ptr-libevent@0x55fd4c46f898 | free_event_entry: release EVENT_NULL-pe@0x55fd4c4e7c08 | libevent_free: release ptr-libevent@0x55fd4c471ed8 | free_event_entry: release EVENT_NULL-pe@0x55fd4c4e7cb8 | libevent_free: release ptr-libevent@0x55fd4c472aa8 | free_event_entry: release EVENT_NULL-pe@0x55fd4c4e7d68 | libevent_free: release ptr-libevent@0x55fd4c4464e8 | free_event_entry: release EVENT_NULL-pe@0x55fd4c4e7e18 | libevent_free: release ptr-libevent@0x55fd4c4461d8 | free_event_entry: release EVENT_NULL-pe@0x55fd4c4e7ec8 | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | libevent_free: release ptr-libevent@0x55fd4c4dbe38 | free_event_entry: release EVENT_NULL-pe@0x55fd4c4cfaf8 | libevent_free: release ptr-libevent@0x55fd4c471448 | free_event_entry: release EVENT_NULL-pe@0x55fd4c4cfa88 | libevent_free: release ptr-libevent@0x55fd4c4b34a8 | free_event_entry: release EVENT_NULL-pe@0x55fd4c4cef48 | global timer EVENT_REINIT_SECRET uninitialized | global timer EVENT_SHUNT_SCAN uninitialized | global timer EVENT_PENDING_DDNS uninitialized | global timer EVENT_PENDING_PHASE2 uninitialized | global timer EVENT_CHECK_CRLS uninitialized | global timer EVENT_REVIVE_CONNS uninitialized | global timer EVENT_FREE_ROOT_CERTS uninitialized | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized | global timer EVENT_NAT_T_KEEPALIVE uninitialized | libevent_free: release ptr-libevent@0x55fd4c46efa8 | signal event handler PLUTO_SIGCHLD uninstalled | libevent_free: release ptr-libevent@0x55fd4c472f38 | signal event handler PLUTO_SIGTERM uninstalled | libevent_free: release ptr-libevent@0x55fd4c4e7338 | signal event handler PLUTO_SIGHUP uninstalled | libevent_free: release ptr-libevent@0x55fd4c4e7578 | signal event handler PLUTO_SIGSYS uninstalled | releasing event base | libevent_free: release ptr-libevent@0x55fd4c4e7448 | libevent_free: release ptr-libevent@0x55fd4c4ca3f8 | libevent_free: release ptr-libevent@0x55fd4c4ca3a8 | libevent_free: release ptr-libevent@0x55fd4c4ca338 | libevent_free: release ptr-libevent@0x55fd4c4ca2f8 | libevent_free: release ptr-libevent@0x55fd4c4e7008 | libevent_free: release ptr-libevent@0x55fd4c4e7278 | libevent_free: release ptr-libevent@0x55fd4c4ca5a8 | libevent_free: release ptr-libevent@0x55fd4c4cf718 | libevent_free: release ptr-libevent@0x55fd4c4cfc08 | libevent_free: release ptr-libevent@0x55fd4c4e7f38 | libevent_free: release ptr-libevent@0x55fd4c4e7e88 | libevent_free: release ptr-libevent@0x55fd4c4e7dd8 | libevent_free: release ptr-libevent@0x55fd4c4e7d28 | libevent_free: release ptr-libevent@0x55fd4c4e7c78 | libevent_free: release ptr-libevent@0x55fd4c4e7bc8 | libevent_free: release ptr-libevent@0x55fd4c46e0d8 | libevent_free: release ptr-libevent@0x55fd4c4e72f8 | libevent_free: release ptr-libevent@0x55fd4c4e72b8 | libevent_free: release ptr-libevent@0x55fd4c4e7178 | libevent_free: release ptr-libevent@0x55fd4c4e7408 | libevent_free: release ptr-libevent@0x55fd4c4e7048 | libevent_free: release ptr-libevent@0x55fd4c445908 | libevent_free: release ptr-libevent@0x55fd4c445d38 | libevent_free: release ptr-libevent@0x55fd4c46e448 | releasing global libevent data | libevent_free: release ptr-libevent@0x55fd4c44b138 | libevent_free: release ptr-libevent@0x55fd4c445cd8 | libevent_free: release ptr-libevent@0x55fd4c445dd8 leak detective found no leaks