FIPS Product: YES FIPS Kernel: NO FIPS Mode: NO NSS DB directory: sql:/etc/ipsec.d Initializing NSS Opening NSS database "sql:/etc/ipsec.d" read-only NSS initialized NSS crypto library initialized FIPS HMAC integrity support [enabled] FIPS mode disabled for pluto daemon FIPS HMAC integrity verification self-test FAILED libcap-ng support [enabled] Linux audit support [enabled] Linux audit activated Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:10859 core dump dir: /tmp secrets file: /etc/ipsec.secrets leak-detective disabled NSS crypto [enabled] XAUTH PAM support [enabled] | libevent is using pluto's memory allocator Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) | libevent_malloc: new ptr-libevent@0x564e2d19b070 size 40 | libevent_malloc: new ptr-libevent@0x564e2d19b0a0 size 40 | libevent_malloc: new ptr-libevent@0x564e2d19c300 size 40 | creating event base | libevent_malloc: new ptr-libevent@0x564e2d19c2c0 size 56 | libevent_malloc: new ptr-libevent@0x564e2d19c330 size 664 | libevent_malloc: new ptr-libevent@0x564e2d19c5d0 size 24 | libevent_malloc: new ptr-libevent@0x564e2d18deb0 size 384 | libevent_malloc: new ptr-libevent@0x564e2d19c5f0 size 16 | libevent_malloc: new ptr-libevent@0x564e2d19c610 size 40 | libevent_malloc: new ptr-libevent@0x564e2d19c640 size 48 | libevent_realloc: new ptr-libevent@0x564e2d11e370 size 256 | libevent_malloc: new ptr-libevent@0x564e2d19c680 size 16 | libevent_free: release ptr-libevent@0x564e2d19c2c0 | libevent initialized | libevent_realloc: new ptr-libevent@0x564e2d19c6a0 size 64 | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds | init_nat_traversal() initialized with keep_alive=0s NAT-Traversal support [enabled] | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized | global one-shot timer EVENT_FREE_ROOT_CERTS initialized | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds | global one-shot timer EVENT_REVIVE_CONNS initialized | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds | encryption algorithm assertion checks | encryption algorithm AES_CCM_16, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 16, IKEv2 id: 16 | IKEv1 ESP ID id: 16 enum name: AES_CCM_C | IKEv2 ID id: 16 enum name: AES_CCM_C | encryption algorithm AES_CCM_12, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 15, IKEv2 id: 15 | IKEv1 ESP ID id: 15 enum name: AES_CCM_B | IKEv2 ID id: 15 enum name: AES_CCM_B | encryption algorithm AES_CCM_8, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 14, IKEv2 id: 14 | IKEv1 ESP ID id: 14 enum name: AES_CCM_A | IKEv2 ID id: 14 enum name: AES_CCM_A | encryption algorithm 3DES_CBC, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: 3, IKEv2 id: 3 | IKEv1 OAKLEY ID id: 5 enum name: 3DES_CBC | IKEv1 ESP ID id: 3 enum name: 3DES | IKEv2 ID id: 3 enum name: 3DES | encryption algorithm CAMELLIA_CTR, IKEv1 OAKLEY id: 24, IKEv1 ESP_INFO id: 24, IKEv2 id: 24 | IKEv1 OAKLEY ID id: 24 enum name: CAMELLIA_CTR | IKEv1 ESP ID id: 24 enum name: CAMELLIA_CTR | IKEv2 ID id: 24 enum name: CAMELLIA_CTR | encryption algorithm CAMELLIA_CBC, IKEv1 OAKLEY id: 8, IKEv1 ESP_INFO id: 22, IKEv2 id: 23 | IKEv1 OAKLEY ID id: 8 enum name: CAMELLIA_CBC | IKEv1 ESP ID id: 22 enum name: CAMELLIA | IKEv2 ID id: 23 enum name: CAMELLIA_CBC | encryption algorithm AES_GCM_16, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 20, IKEv2 id: 20 | IKEv1 ESP ID id: 20 enum name: AES_GCM_C | IKEv2 ID id: 20 enum name: AES_GCM_C | encryption algorithm AES_GCM_12, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 19, IKEv2 id: 19 | IKEv1 ESP ID id: 19 enum name: AES_GCM_B | IKEv2 ID id: 19 enum name: AES_GCM_B | encryption algorithm AES_GCM_8, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 18, IKEv2 id: 18 | IKEv1 ESP ID id: 18 enum name: AES_GCM_A | IKEv2 ID id: 18 enum name: AES_GCM_A | encryption algorithm AES_CTR, IKEv1 OAKLEY id: 13, IKEv1 ESP_INFO id: 13, IKEv2 id: 13 | IKEv1 OAKLEY ID id: 13 enum name: AES_CTR | IKEv1 ESP ID id: 13 enum name: AES_CTR | IKEv2 ID id: 13 enum name: AES_CTR | encryption algorithm AES_CBC, IKEv1 OAKLEY id: 7, IKEv1 ESP_INFO id: 12, IKEv2 id: 12 | IKEv1 OAKLEY ID id: 7 enum name: AES_CBC | IKEv1 ESP ID id: 12 enum name: AES | IKEv2 ID id: 12 enum name: AES_CBC | encryption algorithm SERPENT_CBC, IKEv1 OAKLEY id: 65004, IKEv1 ESP_INFO id: 252, IKEv2 id: 65004 | IKEv1 OAKLEY ID id: 65004 enum name: SERPENT_CBC | IKEv1 ESP ID id: 252 enum name: SERPENT | IKEv2 ID id: 65004 enum name: SERPENT_CBC | encryption algorithm TWOFISH_CBC, IKEv1 OAKLEY id: 65005, IKEv1 ESP_INFO id: 253, IKEv2 id: 65005 | IKEv1 OAKLEY ID id: 65005 enum name: TWOFISH_CBC | IKEv1 ESP ID id: 253 enum name: TWOFISH | IKEv2 ID id: 65005 enum name: TWOFISH_CBC | encryption algorithm TWOFISH_SSH, IKEv1 OAKLEY id: 65289, IKEv1 ESP_INFO id: -1, IKEv2 id: 65289 | IKEv1 OAKLEY ID id: 65289 enum name: TWOFISH_CBC_SSH | IKEv2 ID id: 65289 enum name: TWOFISH_CBC_SSH | encryption algorithm NULL_AUTH_AES_GMAC, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 23, IKEv2 id: 21 | IKEv1 ESP ID id: 23 enum name: NULL_AUTH_AES_GMAC | IKEv2 ID id: 21 enum name: NULL_AUTH_AES_GMAC | encryption algorithm NULL, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 11, IKEv2 id: 11 | IKEv1 ESP ID id: 11 enum name: NULL | IKEv2 ID id: 11 enum name: NULL | encryption algorithm CHACHA20_POLY1305, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: -1, IKEv2 id: 28 | IKEv2 ID id: 28 enum name: CHACHA20_POLY1305 Encryption algorithms: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac NULL IKEv1: ESP IKEv2: ESP [] CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 | hash algorithm assertion checks | hash algorithm MD5, IKEv1 OAKLEY id: 1, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 1 enum name: MD5 | hash algorithm SHA1, IKEv1 OAKLEY id: 2, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 2 enum name: SHA1 | hash algorithm SHA2_256, IKEv1 OAKLEY id: 4, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 4 enum name: SHA2_256 | hash algorithm SHA2_384, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 5 enum name: SHA2_384 | hash algorithm SHA2_512, IKEv1 OAKLEY id: 6, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 6 enum name: SHA2_512 Hash algorithms: MD5 IKEv1: IKE IKEv2: SHA1 IKEv1: IKE IKEv2: FIPS sha SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 | PRF algorithm assertion checks | PRF algorithm HMAC_MD5, IKEv1 OAKLEY id: 1, IKEv1 ESP_INFO id: -1, IKEv2 id: 1 | IKEv1 OAKLEY ID id: 1 enum name: MD5 | IKEv2 ID id: 1 enum name: HMAC_MD5 | PRF algorithm HMAC_SHA1, IKEv1 OAKLEY id: 2, IKEv1 ESP_INFO id: -1, IKEv2 id: 2 | IKEv1 OAKLEY ID id: 2 enum name: SHA1 | IKEv2 ID id: 2 enum name: HMAC_SHA1 | PRF algorithm HMAC_SHA2_256, IKEv1 OAKLEY id: 4, IKEv1 ESP_INFO id: -1, IKEv2 id: 5 | IKEv1 OAKLEY ID id: 4 enum name: SHA2_256 | IKEv2 ID id: 5 enum name: HMAC_SHA2_256 | PRF algorithm HMAC_SHA2_384, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: -1, IKEv2 id: 6 | IKEv1 OAKLEY ID id: 5 enum name: SHA2_384 | IKEv2 ID id: 6 enum name: HMAC_SHA2_384 | PRF algorithm HMAC_SHA2_512, IKEv1 OAKLEY id: 6, IKEv1 ESP_INFO id: -1, IKEv2 id: 7 | IKEv1 OAKLEY ID id: 6 enum name: SHA2_512 | IKEv2 ID id: 7 enum name: HMAC_SHA2_512 | PRF algorithm AES_XCBC, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: -1, IKEv2 id: 4 | IKEv2 ID id: 4 enum name: AES128_XCBC PRF algorithms: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc | integrity algorithm assertion checks | integrity algorithm HMAC_MD5_96, IKEv1 OAKLEY id: 1, IKEv1 ESP_INFO id: 1, IKEv2 id: 1 | IKEv1 OAKLEY ID id: 1 enum name: MD5 | IKEv1 ESP ID id: 1 enum name: HMAC_MD5 | IKEv2 ID id: 1 enum name: HMAC_MD5_96 | integrity algorithm HMAC_SHA1_96, IKEv1 OAKLEY id: 2, IKEv1 ESP_INFO id: 2, IKEv2 id: 2 | IKEv1 OAKLEY ID id: 2 enum name: SHA1 | IKEv1 ESP ID id: 2 enum name: HMAC_SHA1 | IKEv2 ID id: 2 enum name: HMAC_SHA1_96 | integrity algorithm HMAC_SHA2_512_256, IKEv1 OAKLEY id: 6, IKEv1 ESP_INFO id: 7, IKEv2 id: 14 | IKEv1 OAKLEY ID id: 6 enum name: SHA2_512 | IKEv1 ESP ID id: 7 enum name: HMAC_SHA2_512 | IKEv2 ID id: 14 enum name: HMAC_SHA2_512_256 | integrity algorithm HMAC_SHA2_384_192, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: 6, IKEv2 id: 13 | IKEv1 OAKLEY ID id: 5 enum name: SHA2_384 | IKEv1 ESP ID id: 6 enum name: HMAC_SHA2_384 | IKEv2 ID id: 13 enum name: HMAC_SHA2_384_192 | integrity algorithm HMAC_SHA2_256_128, IKEv1 OAKLEY id: 4, IKEv1 ESP_INFO id: 5, IKEv2 id: 12 | IKEv1 OAKLEY ID id: 4 enum name: SHA2_256 | IKEv1 ESP ID id: 5 enum name: HMAC_SHA2_256 | IKEv2 ID id: 12 enum name: HMAC_SHA2_256_128 | integrity algorithm HMAC_SHA2_256_TRUNCBUG, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 252, IKEv2 id: -1 | IKEv1 ESP ID id: 252 enum name: HMAC_SHA2_256_TRUNCBUG | integrity algorithm AES_XCBC_96, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 9, IKEv2 id: 5 | IKEv1 ESP ID id: 9 enum name: AES_XCBC | IKEv2 ID id: 5 enum name: AES_XCBC_96 | integrity algorithm AES_CMAC_96, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 250, IKEv2 id: 8 | IKEv1 ESP ID id: 250 enum name: AES_CMAC_96 | IKEv2 ID id: 8 enum name: AES_CMAC_96 | integrity algorithm NONE, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 0, IKEv2 id: 0 | IKEv1 ESP ID id: 0 enum name: NONE | IKEv2 ID id: 0 enum name: NONE Integrity algorithms: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac NONE IKEv1: ESP IKEv2: IKE ESP FIPS null | DH algorithm assertion checks | DH algorithm NONE, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: -1, IKEv2 id: 0 | IKEv2 ID id: 0 enum name: NONE | DH algorithm MODP1536, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: 5, IKEv2 id: 5 | IKEv1 OAKLEY ID id: 5 enum name: MODP1536 | IKEv1 ESP ID id: 5 enum name: MODP1536 | IKEv2 ID id: 5 enum name: MODP1536 | DH algorithm MODP2048, IKEv1 OAKLEY id: 14, IKEv1 ESP_INFO id: 14, IKEv2 id: 14 | IKEv1 OAKLEY ID id: 14 enum name: MODP2048 | IKEv1 ESP ID id: 14 enum name: MODP2048 | IKEv2 ID id: 14 enum name: MODP2048 | DH algorithm MODP3072, IKEv1 OAKLEY id: 15, IKEv1 ESP_INFO id: 15, IKEv2 id: 15 | IKEv1 OAKLEY ID id: 15 enum name: MODP3072 | IKEv1 ESP ID id: 15 enum name: MODP3072 | IKEv2 ID id: 15 enum name: MODP3072 | DH algorithm MODP4096, IKEv1 OAKLEY id: 16, IKEv1 ESP_INFO id: 16, IKEv2 id: 16 | IKEv1 OAKLEY ID id: 16 enum name: MODP4096 | IKEv1 ESP ID id: 16 enum name: MODP4096 | IKEv2 ID id: 16 enum name: MODP4096 | DH algorithm MODP6144, IKEv1 OAKLEY id: 17, IKEv1 ESP_INFO id: 17, IKEv2 id: 17 | IKEv1 OAKLEY ID id: 17 enum name: MODP6144 | IKEv1 ESP ID id: 17 enum name: MODP6144 | IKEv2 ID id: 17 enum name: MODP6144 | DH algorithm MODP8192, IKEv1 OAKLEY id: 18, IKEv1 ESP_INFO id: 18, IKEv2 id: 18 | IKEv1 OAKLEY ID id: 18 enum name: MODP8192 | IKEv1 ESP ID id: 18 enum name: MODP8192 | IKEv2 ID id: 18 enum name: MODP8192 | DH algorithm DH19, IKEv1 OAKLEY id: 19, IKEv1 ESP_INFO id: -1, IKEv2 id: 19 | IKEv1 OAKLEY ID id: 19 enum name: ECP_256 | IKEv2 ID id: 19 enum name: ECP_256 | DH algorithm DH20, IKEv1 OAKLEY id: 20, IKEv1 ESP_INFO id: -1, IKEv2 id: 20 | IKEv1 OAKLEY ID id: 20 enum name: ECP_384 | IKEv2 ID id: 20 enum name: ECP_384 | DH algorithm DH21, IKEv1 OAKLEY id: 21, IKEv1 ESP_INFO id: -1, IKEv2 id: 21 | IKEv1 OAKLEY ID id: 21 enum name: ECP_521 | IKEv2 ID id: 21 enum name: ECP_521 | DH algorithm DH31, IKEv1 OAKLEY id: 31, IKEv1 ESP_INFO id: -1, IKEv2 id: 31 | IKEv1 OAKLEY ID id: 31 enum name: CURVE25519 | IKEv2 ID id: 31 enum name: CURVE25519 DH algorithms: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 testing CAMELLIA_CBC: Camellia: 16 bytes with 128-bit key | decode_to_chunk: raw_key: input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f80 | result: symkey-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: CAMELLIA_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f68 | result: symkey-key@0x564e2d19df20 (16-bytes, CAMELLIA_CBC) | symkey: release tmp-key@0x564e2d19f7a0 | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C" | decode_to_chunk: output: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: ciphertext: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C" | decode_to_chunk: output: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C" | decode_to_chunk: output: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c | decode_to_chunk: cipertext: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C" | decode_to_chunk: output: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x564e2d19df20 | test_ctr_vector: Camellia: 16 bytes with 128-bit key passed Camellia: 16 bytes with 128-bit key | decode_to_chunk: raw_key: input "0x00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF" | decode_to_chunk: output: | 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f80 | result: symkey-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: CAMELLIA_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f68 | result: symkey-key@0x564e2d19df20 (16-bytes, CAMELLIA_CBC) | symkey: release tmp-key@0x564e2d19f7a0 | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37" | decode_to_chunk: output: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37 | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 " | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 | decode_to_chunk: ciphertext: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37" | decode_to_chunk: output: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37" | decode_to_chunk: output: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37 | decode_to_chunk: cipertext: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37" | decode_to_chunk: output: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37 | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 " | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x564e2d19df20 | test_ctr_vector: Camellia: 16 bytes with 128-bit key passed Camellia: 16 bytes with 256-bit key | decode_to_chunk: raw_key: input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f80 | result: symkey-key@0x564e2d19f7a0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: CAMELLIA_CBC | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x564e2d19f7a0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f68 | result: symkey-key@0x564e2d19df20 (32-bytes, CAMELLIA_CBC) | symkey: release tmp-key@0x564e2d19f7a0 | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D" | decode_to_chunk: output: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: ciphertext: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D" | decode_to_chunk: output: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D" | decode_to_chunk: output: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d | decode_to_chunk: cipertext: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D" | decode_to_chunk: output: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x564e2d19df20 | test_ctr_vector: Camellia: 16 bytes with 256-bit key passed Camellia: 16 bytes with 256-bit key | decode_to_chunk: raw_key: input "0x00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF FF EE DD CC BB AA 99 88 77 66 55 44 33 22 11 00" | decode_to_chunk: output: | 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff | ff ee dd cc bb aa 99 88 77 66 55 44 33 22 11 00 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f80 | result: symkey-key@0x564e2d19f7a0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: CAMELLIA_CBC | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x564e2d19f7a0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f68 | result: symkey-key@0x564e2d19df20 (32-bytes, CAMELLIA_CBC) | symkey: release tmp-key@0x564e2d19f7a0 | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 " | decode_to_chunk: output: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23 | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 | decode_to_chunk: ciphertext: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 " | decode_to_chunk: output: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 " | decode_to_chunk: output: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23 | decode_to_chunk: cipertext: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 " | decode_to_chunk: output: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23 | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x564e2d19df20 | test_ctr_vector: Camellia: 16 bytes with 256-bit key passed testing AES_GCM_16: empty string | decode_to_chunk: raw_key: input "0xcf063a34d4a9a76c2c86787d3f96db71" | decode_to_chunk: output: | cf 06 3a 34 d4 a9 a7 6c 2c 86 78 7d 3f 96 db 71 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f20 | result: symkey-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_GCM | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f08 | result: symkey-key@0x564e2d19df20 (16-bytes, AES_GCM) | symkey: release tmp-key@0x564e2d19f7a0 | decode_to_chunk: salted IV: input "0x113b9785971864c83b01c787" | decode_to_chunk: output: | 11 3b 97 85 97 18 64 c8 3b 01 c7 87 | decode_to_chunk: AAD: input "" | decode_to_chunk: output: | | decode_to_chunk: plaintext: input "" | decode_to_chunk: output: | | decode_to_chunk: ciphertext: input "" | decode_to_chunk: output: | | decode_to_chunk: tag: input "0x72ac8493e3a5228b5d130a69d2510e42" | decode_to_chunk: output: | 72 ac 84 93 e3 a5 22 8b 5d 13 0a 69 d2 51 0e 42 | test_gcm_vector: decrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=0 tag-size=16 | test_gcm_vector: text+tag on call | 72 ac 84 93 e3 a5 22 8b 5d 13 0a 69 d2 51 0e 42 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 72 ac 84 93 e3 a5 22 8b 5d 13 0a 69 d2 51 0e 42 | test_gcm_vector: encrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=0 tag-size=16 | test_gcm_vector: text+tag on call | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 72 ac 84 93 e3 a5 22 8b 5d 13 0a 69 d2 51 0e 42 | test_gcm_vector: release sym_key-key@0x564e2d19df20 | test_gcm_vector: passed one block | decode_to_chunk: raw_key: input "0xe98b72a9881a84ca6b76e0f43e68647a" | decode_to_chunk: output: | e9 8b 72 a9 88 1a 84 ca 6b 76 e0 f4 3e 68 64 7a | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f20 | result: symkey-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_GCM | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f08 | result: symkey-key@0x564e2d19df20 (16-bytes, AES_GCM) | symkey: release tmp-key@0x564e2d19f7a0 | decode_to_chunk: salted IV: input "0x8b23299fde174053f3d652ba" | decode_to_chunk: output: | 8b 23 29 9f de 17 40 53 f3 d6 52 ba | decode_to_chunk: AAD: input "" | decode_to_chunk: output: | | decode_to_chunk: plaintext: input "0x28286a321293253c3e0aa2704a278032" | decode_to_chunk: output: | 28 28 6a 32 12 93 25 3c 3e 0a a2 70 4a 27 80 32 | decode_to_chunk: ciphertext: input "0x5a3c1cf1985dbb8bed818036fdd5ab42" | decode_to_chunk: output: | 5a 3c 1c f1 98 5d bb 8b ed 81 80 36 fd d5 ab 42 | decode_to_chunk: tag: input "0x23c7ab0f952b7091cd324835043b5eb5" | decode_to_chunk: output: | 23 c7 ab 0f 95 2b 70 91 cd 32 48 35 04 3b 5e b5 | test_gcm_vector: decrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=16 tag-size=16 | test_gcm_vector: text+tag on call | 5a 3c 1c f1 98 5d bb 8b ed 81 80 36 fd d5 ab 42 | 23 c7 ab 0f 95 2b 70 91 cd 32 48 35 04 3b 5e b5 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 28 28 6a 32 12 93 25 3c 3e 0a a2 70 4a 27 80 32 | 23 c7 ab 0f 95 2b 70 91 cd 32 48 35 04 3b 5e b5 | test_gcm_vector: encrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=16 tag-size=16 | test_gcm_vector: text+tag on call | 28 28 6a 32 12 93 25 3c 3e 0a a2 70 4a 27 80 32 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 5a 3c 1c f1 98 5d bb 8b ed 81 80 36 fd d5 ab 42 | 23 c7 ab 0f 95 2b 70 91 cd 32 48 35 04 3b 5e b5 | test_gcm_vector: release sym_key-key@0x564e2d19df20 | test_gcm_vector: passed two blocks | decode_to_chunk: raw_key: input "0xbfd414a6212958a607a0f5d3ab48471d" | decode_to_chunk: output: | bf d4 14 a6 21 29 58 a6 07 a0 f5 d3 ab 48 47 1d | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f20 | result: symkey-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_GCM | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f08 | result: symkey-key@0x564e2d19df20 (16-bytes, AES_GCM) | symkey: release tmp-key@0x564e2d19f7a0 | decode_to_chunk: salted IV: input "0x86d8ea0ab8e40dcc481cd0e2" | decode_to_chunk: output: | 86 d8 ea 0a b8 e4 0d cc 48 1c d0 e2 | decode_to_chunk: AAD: input "" | decode_to_chunk: output: | | decode_to_chunk: plaintext: input "0xa6b76a066e63392c9443e60272ceaeb9d25c991b0f2e55e2804e168c05ea591a" | decode_to_chunk: output: | a6 b7 6a 06 6e 63 39 2c 94 43 e6 02 72 ce ae b9 | d2 5c 99 1b 0f 2e 55 e2 80 4e 16 8c 05 ea 59 1a | decode_to_chunk: ciphertext: input "0x62171db33193292d930bf6647347652c1ef33316d7feca99d54f1db4fcf513f8" | decode_to_chunk: output: | 62 17 1d b3 31 93 29 2d 93 0b f6 64 73 47 65 2c | 1e f3 33 16 d7 fe ca 99 d5 4f 1d b4 fc f5 13 f8 | decode_to_chunk: tag: input "0xc28280aa5c6c7a8bd366f28c1cfd1f6e" | decode_to_chunk: output: | c2 82 80 aa 5c 6c 7a 8b d3 66 f2 8c 1c fd 1f 6e | test_gcm_vector: decrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=32 tag-size=16 | test_gcm_vector: text+tag on call | 62 17 1d b3 31 93 29 2d 93 0b f6 64 73 47 65 2c | 1e f3 33 16 d7 fe ca 99 d5 4f 1d b4 fc f5 13 f8 | c2 82 80 aa 5c 6c 7a 8b d3 66 f2 8c 1c fd 1f 6e | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | a6 b7 6a 06 6e 63 39 2c 94 43 e6 02 72 ce ae b9 | d2 5c 99 1b 0f 2e 55 e2 80 4e 16 8c 05 ea 59 1a | c2 82 80 aa 5c 6c 7a 8b d3 66 f2 8c 1c fd 1f 6e | test_gcm_vector: encrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=32 tag-size=16 | test_gcm_vector: text+tag on call | a6 b7 6a 06 6e 63 39 2c 94 43 e6 02 72 ce ae b9 | d2 5c 99 1b 0f 2e 55 e2 80 4e 16 8c 05 ea 59 1a | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 62 17 1d b3 31 93 29 2d 93 0b f6 64 73 47 65 2c | 1e f3 33 16 d7 fe ca 99 d5 4f 1d b4 fc f5 13 f8 | c2 82 80 aa 5c 6c 7a 8b d3 66 f2 8c 1c fd 1f 6e | test_gcm_vector: release sym_key-key@0x564e2d19df20 | test_gcm_vector: passed two blocks with associated data | decode_to_chunk: raw_key: input "0x006c458100fc5f4d62949d2c833b82d1" | decode_to_chunk: output: | 00 6c 45 81 00 fc 5f 4d 62 94 9d 2c 83 3b 82 d1 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f20 | result: symkey-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_GCM | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f08 | result: symkey-key@0x564e2d19df20 (16-bytes, AES_GCM) | symkey: release tmp-key@0x564e2d19f7a0 | decode_to_chunk: salted IV: input "0xa4e9c4bc5725a21ff42c82b2" | decode_to_chunk: output: | a4 e9 c4 bc 57 25 a2 1f f4 2c 82 b2 | decode_to_chunk: AAD: input "0x2efb14fb3657cdd6b9a8ff1a5f5a39b9" | decode_to_chunk: output: | 2e fb 14 fb 36 57 cd d6 b9 a8 ff 1a 5f 5a 39 b9 | decode_to_chunk: plaintext: input "0xf381d3bfbee0a879f7a4e17b623278cedd6978053dd313530a18f1a836100950" | decode_to_chunk: output: | f3 81 d3 bf be e0 a8 79 f7 a4 e1 7b 62 32 78 ce | dd 69 78 05 3d d3 13 53 0a 18 f1 a8 36 10 09 50 | decode_to_chunk: ciphertext: input "0xf39b4db3542d8542fb73fd2d66be568f26d7f814b3f87d1eceac3dd09a8d697e" | decode_to_chunk: output: | f3 9b 4d b3 54 2d 85 42 fb 73 fd 2d 66 be 56 8f | 26 d7 f8 14 b3 f8 7d 1e ce ac 3d d0 9a 8d 69 7e | decode_to_chunk: tag: input "0x39f045cb23b698c925db134d56c5" | decode_to_chunk: output: | 39 f0 45 cb 23 b6 98 c9 25 db 13 4d 56 c5 | test_gcm_vector: decrypt: aad-size=16 salt-size=4 wire-IV-size=8 text-size=32 tag-size=14 | test_gcm_vector: text+tag on call | f3 9b 4d b3 54 2d 85 42 fb 73 fd 2d 66 be 56 8f | 26 d7 f8 14 b3 f8 7d 1e ce ac 3d d0 9a 8d 69 7e | 39 f0 45 cb 23 b6 98 c9 25 db 13 4d 56 c5 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | f3 81 d3 bf be e0 a8 79 f7 a4 e1 7b 62 32 78 ce | dd 69 78 05 3d d3 13 53 0a 18 f1 a8 36 10 09 50 | 39 f0 45 cb 23 b6 98 c9 25 db 13 4d 56 c5 | test_gcm_vector: encrypt: aad-size=16 salt-size=4 wire-IV-size=8 text-size=32 tag-size=14 | test_gcm_vector: text+tag on call | f3 81 d3 bf be e0 a8 79 f7 a4 e1 7b 62 32 78 ce | dd 69 78 05 3d d3 13 53 0a 18 f1 a8 36 10 09 50 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | f3 9b 4d b3 54 2d 85 42 fb 73 fd 2d 66 be 56 8f | 26 d7 f8 14 b3 f8 7d 1e ce ac 3d d0 9a 8d 69 7e | 39 f0 45 cb 23 b6 98 c9 25 db 13 4d 56 c5 | test_gcm_vector: release sym_key-key@0x564e2d19df20 | test_gcm_vector: passed testing AES_CTR: Encrypting 16 octets using AES-CTR with 128-bit key | decode_to_chunk: raw_key: input "0x AE 68 52 F8 12 10 67 CC 4B F7 A5 76 55 77 F3 9E" | decode_to_chunk: output: | ae 68 52 f8 12 10 67 cc 4b f7 a5 76 55 77 f3 9e | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f80 | result: symkey-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f68 | result: symkey-key@0x564e2d19df20 (16-bytes, AES_CTR) | symkey: release tmp-key@0x564e2d19f7a0 | decode_to_chunk: input counter-block: : input "0x 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01" | decode_to_chunk: output: | 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: Ciphertext: input "0x E4 09 5D 4F B7 A7 B3 79 2D 61 75 A3 26 13 11 B8" | decode_to_chunk: output: | e4 09 5d 4f b7 a7 b3 79 2d 61 75 a3 26 13 11 b8 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 02" | decode_to_chunk: output: | 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01" | decode_to_chunk: output: | 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x E4 09 5D 4F B7 A7 B3 79 2D 61 75 A3 26 13 11 B8" | decode_to_chunk: output: | e4 09 5d 4f b7 a7 b3 79 2d 61 75 a3 26 13 11 b8 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 02" | decode_to_chunk: output: | 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x564e2d19df20 | test_ctr_vector: Encrypting 16 octets using AES-CTR with 128-bit key passed Encrypting 32 octets using AES-CTR with 128-bit key | decode_to_chunk: raw_key: input "0x 7E 24 06 78 17 FA E0 D7 43 D6 CE 1F 32 53 91 63" | decode_to_chunk: output: | 7e 24 06 78 17 fa e0 d7 43 d6 ce 1f 32 53 91 63 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f80 | result: symkey-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f68 | result: symkey-key@0x564e2d19df20 (16-bytes, AES_CTR) | symkey: release tmp-key@0x564e2d19f7a0 | decode_to_chunk: input counter-block: : input "0x 00 6C B6 DB C0 54 3B 59 DA 48 D9 0B 00 00 00 01" | decode_to_chunk: output: | 00 6c b6 db c0 54 3b 59 da 48 d9 0b 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: Ciphertext: input "0x51 04 A1 06 16 8A 72 D9 79 0D 41 EE 8E DA D3 88EB 2E 1E FC 46 DA 57 C8 FC E6 30 DF 91 41 BE 28" | decode_to_chunk: output: | 51 04 a1 06 16 8a 72 d9 79 0d 41 ee 8e da d3 88 | eb 2e 1e fc 46 da 57 c8 fc e6 30 df 91 41 be 28 | decode_to_chunk: expected counter-block: : input "0x 00 6C B6 DB C0 54 3B 59 DA 48 D9 0B 00 00 00 03" | decode_to_chunk: output: | 00 6c b6 db c0 54 3b 59 da 48 d9 0b 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 6C B6 DB C0 54 3B 59 DA 48 D9 0B 00 00 00 01" | decode_to_chunk: output: | 00 6c b6 db c0 54 3b 59 da 48 d9 0b 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x51 04 A1 06 16 8A 72 D9 79 0D 41 EE 8E DA D3 88EB 2E 1E FC 46 DA 57 C8 FC E6 30 DF 91 41 BE 28" | decode_to_chunk: output: | 51 04 a1 06 16 8a 72 d9 79 0d 41 ee 8e da d3 88 | eb 2e 1e fc 46 da 57 c8 fc e6 30 df 91 41 be 28 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: expected counter-block: : input "0x 00 6C B6 DB C0 54 3B 59 DA 48 D9 0B 00 00 00 03" | decode_to_chunk: output: | 00 6c b6 db c0 54 3b 59 da 48 d9 0b 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x564e2d19df20 | test_ctr_vector: Encrypting 32 octets using AES-CTR with 128-bit key passed Encrypting 36 octets using AES-CTR with 128-bit key | decode_to_chunk: raw_key: input "0x 76 91 BE 03 5E 50 20 A8 AC 6E 61 85 29 F9 A0 DC" | decode_to_chunk: output: | 76 91 be 03 5e 50 20 a8 ac 6e 61 85 29 f9 a0 dc | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f80 | result: symkey-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f68 | result: symkey-key@0x564e2d19df20 (16-bytes, AES_CTR) | symkey: release tmp-key@0x564e2d19f7a0 | decode_to_chunk: input counter-block: : input "0x 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 01" | decode_to_chunk: output: | 00 e0 01 7b 27 77 7f 3f 4a 17 86 f0 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: Ciphertext: input "0xC1 CF 48 A8 9F 2F FD D9 CF 46 52 E9 EF DB 72 D745 40 A4 2B DE 6D 78 36 D5 9A 5C EA AE F3 10 5325 B2 07 2F" | decode_to_chunk: output: | c1 cf 48 a8 9f 2f fd d9 cf 46 52 e9 ef db 72 d7 | 45 40 a4 2b de 6d 78 36 d5 9a 5c ea ae f3 10 53 | 25 b2 07 2f | decode_to_chunk: expected counter-block: : input "0x 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 04" | decode_to_chunk: output: | 00 e0 01 7b 27 77 7f 3f 4a 17 86 f0 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 01" | decode_to_chunk: output: | 00 e0 01 7b 27 77 7f 3f 4a 17 86 f0 00 00 00 01 | decode_to_chunk: Ciphertext: input "0xC1 CF 48 A8 9F 2F FD D9 CF 46 52 E9 EF DB 72 D745 40 A4 2B DE 6D 78 36 D5 9A 5C EA AE F3 10 5325 B2 07 2F" | decode_to_chunk: output: | c1 cf 48 a8 9f 2f fd d9 cf 46 52 e9 ef db 72 d7 | 45 40 a4 2b de 6d 78 36 d5 9a 5c ea ae f3 10 53 | 25 b2 07 2f | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: expected counter-block: : input "0x 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 04" | decode_to_chunk: output: | 00 e0 01 7b 27 77 7f 3f 4a 17 86 f0 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x564e2d19df20 | test_ctr_vector: Encrypting 36 octets using AES-CTR with 128-bit key passed Encrypting 16 octets using AES-CTR with 192-bit key | decode_to_chunk: raw_key: input "0x16 AF 5B 14 5F C9 F5 79 C1 75 F9 3E 3B FB 0E ED86 3D 06 CC FD B7 85 15" | decode_to_chunk: output: | 16 af 5b 14 5f c9 f5 79 c1 75 f9 3e 3b fb 0e ed | 86 3d 06 cc fd b7 85 15 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f80 | result: symkey-key@0x564e2d19f7a0 (40-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x564e2d19f7a0 (40-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f68 | result: symkey-key@0x564e2d19df20 (24-bytes, AES_CTR) | symkey: release tmp-key@0x564e2d19f7a0 | decode_to_chunk: input counter-block: : input "0x 00 00 00 48 36 73 3C 14 7D 6D 93 CB 00 00 00 01" | decode_to_chunk: output: | 00 00 00 48 36 73 3c 14 7d 6d 93 cb 00 00 00 01 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: Ciphertext: input "0x 4B 55 38 4F E2 59 C9 C8 4E 79 35 A0 03 CB E9 28" | decode_to_chunk: output: | 4b 55 38 4f e2 59 c9 c8 4e 79 35 a0 03 cb e9 28 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 48 36 73 3C 14 7D 6D 93 CB 00 00 00 02" | decode_to_chunk: output: | 00 00 00 48 36 73 3c 14 7d 6d 93 cb 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 00 00 48 36 73 3C 14 7D 6D 93 CB 00 00 00 01" | decode_to_chunk: output: | 00 00 00 48 36 73 3c 14 7d 6d 93 cb 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x 4B 55 38 4F E2 59 C9 C8 4E 79 35 A0 03 CB E9 28" | decode_to_chunk: output: | 4b 55 38 4f e2 59 c9 c8 4e 79 35 a0 03 cb e9 28 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 48 36 73 3C 14 7D 6D 93 CB 00 00 00 02" | decode_to_chunk: output: | 00 00 00 48 36 73 3c 14 7d 6d 93 cb 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x564e2d19df20 | test_ctr_vector: Encrypting 16 octets using AES-CTR with 192-bit key passed Encrypting 32 octets using AES-CTR with 192-bit key | decode_to_chunk: raw_key: input "0x7C 5C B2 40 1B 3D C3 3C 19 E7 34 08 19 E0 F6 9C67 8C 3D B8 E6 F6 A9 1A" | decode_to_chunk: output: | 7c 5c b2 40 1b 3d c3 3c 19 e7 34 08 19 e0 f6 9c | 67 8c 3d b8 e6 f6 a9 1a | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f80 | result: symkey-key@0x564e2d19f7a0 (40-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x564e2d19f7a0 (40-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f68 | result: symkey-key@0x564e2d19df20 (24-bytes, AES_CTR) | symkey: release tmp-key@0x564e2d19f7a0 | decode_to_chunk: input counter-block: : input "0x 00 96 B0 3B 02 0C 6E AD C2 CB 50 0D 00 00 00 01" | decode_to_chunk: output: | 00 96 b0 3b 02 0c 6e ad c2 cb 50 0d 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: Ciphertext: input "0x45 32 43 FC 60 9B 23 32 7E DF AA FA 71 31 CD 9F84 90 70 1C 5A D4 A7 9C FC 1F E0 FF 42 F4 FB 00" | decode_to_chunk: output: | 45 32 43 fc 60 9b 23 32 7e df aa fa 71 31 cd 9f | 84 90 70 1c 5a d4 a7 9c fc 1f e0 ff 42 f4 fb 00 | decode_to_chunk: expected counter-block: : input "0x 00 96 B0 3B 02 0C 6E AD C2 CB 50 0D 00 00 00 03" | decode_to_chunk: output: | 00 96 b0 3b 02 0c 6e ad c2 cb 50 0d 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 96 B0 3B 02 0C 6E AD C2 CB 50 0D 00 00 00 01" | decode_to_chunk: output: | 00 96 b0 3b 02 0c 6e ad c2 cb 50 0d 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x45 32 43 FC 60 9B 23 32 7E DF AA FA 71 31 CD 9F84 90 70 1C 5A D4 A7 9C FC 1F E0 FF 42 F4 FB 00" | decode_to_chunk: output: | 45 32 43 fc 60 9b 23 32 7e df aa fa 71 31 cd 9f | 84 90 70 1c 5a d4 a7 9c fc 1f e0 ff 42 f4 fb 00 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: expected counter-block: : input "0x 00 96 B0 3B 02 0C 6E AD C2 CB 50 0D 00 00 00 03" | decode_to_chunk: output: | 00 96 b0 3b 02 0c 6e ad c2 cb 50 0d 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x564e2d19df20 | test_ctr_vector: Encrypting 32 octets using AES-CTR with 192-bit key passed Encrypting 36 octets using AES-CTR with 192-bit key | decode_to_chunk: raw_key: input "0x02 BF 39 1E E8 EC B1 59 B9 59 61 7B 09 65 27 9BF5 9B 60 A7 86 D3 E0 FE" | decode_to_chunk: output: | 02 bf 39 1e e8 ec b1 59 b9 59 61 7b 09 65 27 9b | f5 9b 60 a7 86 d3 e0 fe | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f80 | result: symkey-key@0x564e2d19f7a0 (40-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x564e2d19f7a0 (40-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f68 | result: symkey-key@0x564e2d19df20 (24-bytes, AES_CTR) | symkey: release tmp-key@0x564e2d19f7a0 | decode_to_chunk: input counter-block: : input "0x 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 01" | decode_to_chunk: output: | 00 07 bd fd 5c bd 60 27 8d cc 09 12 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: Ciphertext: input "0x96 89 3F C5 5E 5C 72 2F 54 0B 7D D1 DD F7 E7 58D2 88 BC 95 C6 91 65 88 45 36 C8 11 66 2F 21 88AB EE 09 35" | decode_to_chunk: output: | 96 89 3f c5 5e 5c 72 2f 54 0b 7d d1 dd f7 e7 58 | d2 88 bc 95 c6 91 65 88 45 36 c8 11 66 2f 21 88 | ab ee 09 35 | decode_to_chunk: expected counter-block: : input "0x 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 04" | decode_to_chunk: output: | 00 07 bd fd 5c bd 60 27 8d cc 09 12 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 01" | decode_to_chunk: output: | 00 07 bd fd 5c bd 60 27 8d cc 09 12 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x96 89 3F C5 5E 5C 72 2F 54 0B 7D D1 DD F7 E7 58D2 88 BC 95 C6 91 65 88 45 36 C8 11 66 2F 21 88AB EE 09 35" | decode_to_chunk: output: | 96 89 3f c5 5e 5c 72 2f 54 0b 7d d1 dd f7 e7 58 | d2 88 bc 95 c6 91 65 88 45 36 c8 11 66 2f 21 88 | ab ee 09 35 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: expected counter-block: : input "0x 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 04" | decode_to_chunk: output: | 00 07 bd fd 5c bd 60 27 8d cc 09 12 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x564e2d19df20 | test_ctr_vector: Encrypting 36 octets using AES-CTR with 192-bit key passed Encrypting 16 octets using AES-CTR with 256-bit key | decode_to_chunk: raw_key: input "0x77 6B EF F2 85 1D B0 6F 4C 8A 05 42 C8 69 6F 6C6A 81 AF 1E EC 96 B4 D3 7F C1 D6 89 E6 C1 C1 04" | decode_to_chunk: output: | 77 6b ef f2 85 1d b0 6f 4c 8a 05 42 c8 69 6f 6c | 6a 81 af 1e ec 96 b4 d3 7f c1 d6 89 e6 c1 c1 04 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f80 | result: symkey-key@0x564e2d19f7a0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x564e2d19f7a0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f68 | result: symkey-key@0x564e2d19df20 (32-bytes, AES_CTR) | symkey: release tmp-key@0x564e2d19f7a0 | decode_to_chunk: input counter-block: : input "0x 00 00 00 60 DB 56 72 C9 7A A8 F0 B2 00 00 00 01" | decode_to_chunk: output: | 00 00 00 60 db 56 72 c9 7a a8 f0 b2 00 00 00 01 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: Ciphertext: input "0x 14 5A D0 1D BF 82 4E C7 56 08 63 DC 71 E3 E0 C0" | decode_to_chunk: output: | 14 5a d0 1d bf 82 4e c7 56 08 63 dc 71 e3 e0 c0 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 60 DB 56 72 C9 7A A8 F0 B2 00 00 00 02" | decode_to_chunk: output: | 00 00 00 60 db 56 72 c9 7a a8 f0 b2 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 00 00 60 DB 56 72 C9 7A A8 F0 B2 00 00 00 01" | decode_to_chunk: output: | 00 00 00 60 db 56 72 c9 7a a8 f0 b2 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x 14 5A D0 1D BF 82 4E C7 56 08 63 DC 71 E3 E0 C0" | decode_to_chunk: output: | 14 5a d0 1d bf 82 4e c7 56 08 63 dc 71 e3 e0 c0 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 60 DB 56 72 C9 7A A8 F0 B2 00 00 00 02" | decode_to_chunk: output: | 00 00 00 60 db 56 72 c9 7a a8 f0 b2 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x564e2d19df20 | test_ctr_vector: Encrypting 16 octets using AES-CTR with 256-bit key passed Encrypting 32 octets using AES-CTR with 256-bit key | decode_to_chunk: raw_key: input "0xF6 D6 6D 6B D5 2D 59 BB 07 96 36 58 79 EF F8 86C6 6D D5 1A 5B 6A 99 74 4B 50 59 0C 87 A2 38 84" | decode_to_chunk: output: | f6 d6 6d 6b d5 2d 59 bb 07 96 36 58 79 ef f8 86 | c6 6d d5 1a 5b 6a 99 74 4b 50 59 0c 87 a2 38 84 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f80 | result: symkey-key@0x564e2d19f7a0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x564e2d19f7a0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f68 | result: symkey-key@0x564e2d19df20 (32-bytes, AES_CTR) | symkey: release tmp-key@0x564e2d19f7a0 | decode_to_chunk: input counter-block: : input "0x 00 FA AC 24 C1 58 5E F1 5A 43 D8 75 00 00 00 01" | decode_to_chunk: output: | 00 fa ac 24 c1 58 5e f1 5a 43 d8 75 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: Ciphertext: input "0xF0 5E 23 1B 38 94 61 2C 49 EE 00 0B 80 4E B2 A9B8 30 6B 50 8F 83 9D 6A 55 30 83 1D 93 44 AF 1C" | decode_to_chunk: output: | f0 5e 23 1b 38 94 61 2c 49 ee 00 0b 80 4e b2 a9 | b8 30 6b 50 8f 83 9d 6a 55 30 83 1d 93 44 af 1c | decode_to_chunk: expected counter-block: : input "0x 00 FA AC 24 C1 58 5E F1 5A 43 D8 75 00 00 00 03" | decode_to_chunk: output: | 00 fa ac 24 c1 58 5e f1 5a 43 d8 75 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 FA AC 24 C1 58 5E F1 5A 43 D8 75 00 00 00 01" | decode_to_chunk: output: | 00 fa ac 24 c1 58 5e f1 5a 43 d8 75 00 00 00 01 | decode_to_chunk: Ciphertext: input "0xF0 5E 23 1B 38 94 61 2C 49 EE 00 0B 80 4E B2 A9B8 30 6B 50 8F 83 9D 6A 55 30 83 1D 93 44 AF 1C" | decode_to_chunk: output: | f0 5e 23 1b 38 94 61 2c 49 ee 00 0b 80 4e b2 a9 | b8 30 6b 50 8f 83 9d 6a 55 30 83 1d 93 44 af 1c | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: expected counter-block: : input "0x 00 FA AC 24 C1 58 5E F1 5A 43 D8 75 00 00 00 03" | decode_to_chunk: output: | 00 fa ac 24 c1 58 5e f1 5a 43 d8 75 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x564e2d19df20 | test_ctr_vector: Encrypting 32 octets using AES-CTR with 256-bit key passed Encrypting 36 octets using AES-CTR with 256-bit key | decode_to_chunk: raw_key: input "0xFF 7A 61 7C E6 91 48 E4 F1 72 6E 2F 43 58 1D E2AA 62 D9 F8 05 53 2E DF F1 EE D6 87 FB 54 15 3D" | decode_to_chunk: output: | ff 7a 61 7c e6 91 48 e4 f1 72 6e 2f 43 58 1d e2 | aa 62 d9 f8 05 53 2e df f1 ee d6 87 fb 54 15 3d | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f80 | result: symkey-key@0x564e2d19f7a0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x564e2d19f7a0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f68 | result: symkey-key@0x564e2d19df20 (32-bytes, AES_CTR) | symkey: release tmp-key@0x564e2d19f7a0 | decode_to_chunk: input counter-block: : input "0x 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 01" | decode_to_chunk: output: | 00 1c c5 b7 51 a5 1d 70 a1 c1 11 48 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: Ciphertext: input "0xEB 6C 52 82 1D 0B BB F7 CE 75 94 46 2A CA 4F AAB4 07 DF 86 65 69 FD 07 F4 8C C0 B5 83 D6 07 1F1E C0 E6 B8" | decode_to_chunk: output: | eb 6c 52 82 1d 0b bb f7 ce 75 94 46 2a ca 4f aa | b4 07 df 86 65 69 fd 07 f4 8c c0 b5 83 d6 07 1f | 1e c0 e6 b8 | decode_to_chunk: expected counter-block: : input "0x 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 04" | decode_to_chunk: output: | 00 1c c5 b7 51 a5 1d 70 a1 c1 11 48 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 01" | decode_to_chunk: output: | 00 1c c5 b7 51 a5 1d 70 a1 c1 11 48 00 00 00 01 | decode_to_chunk: Ciphertext: input "0xEB 6C 52 82 1D 0B BB F7 CE 75 94 46 2A CA 4F AAB4 07 DF 86 65 69 FD 07 F4 8C C0 B5 83 D6 07 1F1E C0 E6 B8" | decode_to_chunk: output: | eb 6c 52 82 1d 0b bb f7 ce 75 94 46 2a ca 4f aa | b4 07 df 86 65 69 fd 07 f4 8c c0 b5 83 d6 07 1f | 1e c0 e6 b8 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: expected counter-block: : input "0x 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 04" | decode_to_chunk: output: | 00 1c c5 b7 51 a5 1d 70 a1 c1 11 48 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x564e2d19df20 | test_ctr_vector: Encrypting 36 octets using AES-CTR with 256-bit key passed testing AES_CBC: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key | decode_to_chunk: raw_key: input "0x06a9214036b8a15b512e03d534120006" | decode_to_chunk: output: | 06 a9 21 40 36 b8 a1 5b 51 2e 03 d5 34 12 00 06 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f80 | result: symkey-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f68 | result: symkey-key@0x564e2d19df20 (16-bytes, AES_CBC) | symkey: release tmp-key@0x564e2d19f7a0 | decode_to_chunk: IV: : input "0x3dafba429d9eb430b422da802c9fac41" | decode_to_chunk: output: | 3d af ba 42 9d 9e b4 30 b4 22 da 80 2c 9f ac 41 | decode_to_chunk: new IV: : input "0xe353779c1079aeb82708942dbe77181a" | decode_to_chunk: output: | e3 53 77 9c 10 79 ae b8 27 08 94 2d be 77 18 1a | decode_to_chunk: plaintext: : input "Single block msg" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: ciphertext: : input "0xe353779c1079aeb82708942dbe77181a" | decode_to_chunk: output: | e3 53 77 9c 10 79 ae b8 27 08 94 2d be 77 18 1a | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x3dafba429d9eb430b422da802c9fac41" | decode_to_chunk: output: | 3d af ba 42 9d 9e b4 30 b4 22 da 80 2c 9f ac 41 | decode_to_chunk: new IV: : input "0xe353779c1079aeb82708942dbe77181a" | decode_to_chunk: output: | e3 53 77 9c 10 79 ae b8 27 08 94 2d be 77 18 1a | decode_to_chunk: cipertext: : input "0xe353779c1079aeb82708942dbe77181a" | decode_to_chunk: output: | e3 53 77 9c 10 79 ae b8 27 08 94 2d be 77 18 1a | decode_to_chunk: plaintext: : input "Single block msg" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x564e2d19df20 | test_ctr_vector: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key passed Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key | decode_to_chunk: raw_key: input "0xc286696d887c9aa0611bbb3e2025a45a" | decode_to_chunk: output: | c2 86 69 6d 88 7c 9a a0 61 1b bb 3e 20 25 a4 5a | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f80 | result: symkey-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f68 | result: symkey-key@0x564e2d19df20 (16-bytes, AES_CBC) | symkey: release tmp-key@0x564e2d19f7a0 | decode_to_chunk: IV: : input "0x562e17996d093d28ddb3ba695a2e6f58" | decode_to_chunk: output: | 56 2e 17 99 6d 09 3d 28 dd b3 ba 69 5a 2e 6f 58 | decode_to_chunk: new IV: : input "0xd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1" | decode_to_chunk: output: | d2 96 cd 94 c2 cc cf 8a 3a 86 30 28 b5 e1 dc 0a | 75 86 60 2d 25 3c ff f9 1b 82 66 be a6 d6 1a b1 | decode_to_chunk: plaintext: : input "0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: ciphertext: : input "0xd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1" | decode_to_chunk: output: | d2 96 cd 94 c2 cc cf 8a 3a 86 30 28 b5 e1 dc 0a | 75 86 60 2d 25 3c ff f9 1b 82 66 be a6 d6 1a b1 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x562e17996d093d28ddb3ba695a2e6f58" | decode_to_chunk: output: | 56 2e 17 99 6d 09 3d 28 dd b3 ba 69 5a 2e 6f 58 | decode_to_chunk: new IV: : input "0xd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1" | decode_to_chunk: output: | d2 96 cd 94 c2 cc cf 8a 3a 86 30 28 b5 e1 dc 0a | 75 86 60 2d 25 3c ff f9 1b 82 66 be a6 d6 1a b1 | decode_to_chunk: cipertext: : input "0xd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1" | decode_to_chunk: output: | d2 96 cd 94 c2 cc cf 8a 3a 86 30 28 b5 e1 dc 0a | 75 86 60 2d 25 3c ff f9 1b 82 66 be a6 d6 1a b1 | decode_to_chunk: plaintext: : input "0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x564e2d19df20 | test_ctr_vector: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key passed Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key | decode_to_chunk: raw_key: input "0x6c3ea0477630ce21a2ce334aa746c2cd" | decode_to_chunk: output: | 6c 3e a0 47 76 30 ce 21 a2 ce 33 4a a7 46 c2 cd | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f80 | result: symkey-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f68 | result: symkey-key@0x564e2d19df20 (16-bytes, AES_CBC) | symkey: release tmp-key@0x564e2d19f7a0 | decode_to_chunk: IV: : input "0xc782dc4c098c66cbd9cd27d825682c81" | decode_to_chunk: output: | c7 82 dc 4c 09 8c 66 cb d9 cd 27 d8 25 68 2c 81 | decode_to_chunk: new IV: : input "0xd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684" | decode_to_chunk: output: | d0 a0 2b 38 36 45 17 53 d4 93 66 5d 33 f0 e8 86 | 2d ea 54 cd b2 93 ab c7 50 69 39 27 67 72 f8 d5 | 02 1c 19 21 6b ad 52 5c 85 79 69 5d 83 ba 26 84 | decode_to_chunk: plaintext: : input "This is a 48-byte message (exactly 3 AES blocks)" | decode_to_chunk: output: | 54 68 69 73 20 69 73 20 61 20 34 38 2d 62 79 74 | 65 20 6d 65 73 73 61 67 65 20 28 65 78 61 63 74 | 6c 79 20 33 20 41 45 53 20 62 6c 6f 63 6b 73 29 | decode_to_chunk: ciphertext: : input "0xd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684" | decode_to_chunk: output: | d0 a0 2b 38 36 45 17 53 d4 93 66 5d 33 f0 e8 86 | 2d ea 54 cd b2 93 ab c7 50 69 39 27 67 72 f8 d5 | 02 1c 19 21 6b ad 52 5c 85 79 69 5d 83 ba 26 84 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0xc782dc4c098c66cbd9cd27d825682c81" | decode_to_chunk: output: | c7 82 dc 4c 09 8c 66 cb d9 cd 27 d8 25 68 2c 81 | decode_to_chunk: new IV: : input "0xd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684" | decode_to_chunk: output: | d0 a0 2b 38 36 45 17 53 d4 93 66 5d 33 f0 e8 86 | 2d ea 54 cd b2 93 ab c7 50 69 39 27 67 72 f8 d5 | 02 1c 19 21 6b ad 52 5c 85 79 69 5d 83 ba 26 84 | decode_to_chunk: cipertext: : input "0xd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684" | decode_to_chunk: output: | d0 a0 2b 38 36 45 17 53 d4 93 66 5d 33 f0 e8 86 | 2d ea 54 cd b2 93 ab c7 50 69 39 27 67 72 f8 d5 | 02 1c 19 21 6b ad 52 5c 85 79 69 5d 83 ba 26 84 | decode_to_chunk: plaintext: : input "This is a 48-byte message (exactly 3 AES blocks)" | decode_to_chunk: output: | 54 68 69 73 20 69 73 20 61 20 34 38 2d 62 79 74 | 65 20 6d 65 73 73 61 67 65 20 28 65 78 61 63 74 | 6c 79 20 33 20 41 45 53 20 62 6c 6f 63 6b 73 29 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x564e2d19df20 | test_ctr_vector: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key passed Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key | decode_to_chunk: raw_key: input "0x56e47a38c5598974bc46903dba290349" | decode_to_chunk: output: | 56 e4 7a 38 c5 59 89 74 bc 46 90 3d ba 29 03 49 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f80 | result: symkey-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f68 | result: symkey-key@0x564e2d19df20 (16-bytes, AES_CBC) | symkey: release tmp-key@0x564e2d19f7a0 | decode_to_chunk: IV: : input "0x8ce82eefbea0da3c44699ed7db51b7d9" | decode_to_chunk: output: | 8c e8 2e ef be a0 da 3c 44 69 9e d7 db 51 b7 d9 | decode_to_chunk: new IV: : input "0xc30e32ffedc0774e6aff6af0869f71aa0f3af07a9a31a9c684db207eb0ef8e4e35907aa632c3ffdf868bb7b29d3d46ad83ce9f9a102ee99d49a53e87f4c3da55" | decode_to_chunk: output: | c3 0e 32 ff ed c0 77 4e 6a ff 6a f0 86 9f 71 aa | 0f 3a f0 7a 9a 31 a9 c6 84 db 20 7e b0 ef 8e 4e | 35 90 7a a6 32 c3 ff df 86 8b b7 b2 9d 3d 46 ad | 83 ce 9f 9a 10 2e e9 9d 49 a5 3e 87 f4 c3 da 55 | decode_to_chunk: plaintext: : input "0xa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedf" | decode_to_chunk: output: | a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 aa ab ac ad ae af | b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf | c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf | d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df | decode_to_chunk: ciphertext: : input "0xc30e32ffedc0774e6aff6af0869f71aa0f3af07a9a31a9c684db207eb0ef8e4e35907aa632c3ffdf868bb7b29d3d46ad83ce9f9a102ee99d49a53e87f4c3da55" | decode_to_chunk: output: | c3 0e 32 ff ed c0 77 4e 6a ff 6a f0 86 9f 71 aa | 0f 3a f0 7a 9a 31 a9 c6 84 db 20 7e b0 ef 8e 4e | 35 90 7a a6 32 c3 ff df 86 8b b7 b2 9d 3d 46 ad | 83 ce 9f 9a 10 2e e9 9d 49 a5 3e 87 f4 c3 da 55 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x8ce82eefbea0da3c44699ed7db51b7d9" | decode_to_chunk: output: | 8c e8 2e ef be a0 da 3c 44 69 9e d7 db 51 b7 d9 | decode_to_chunk: new IV: : input "0xc30e32ffedc0774e6aff6af0869f71aa0f3af07a9a31a9c684db207eb0ef8e4e35907aa632c3ffdf868bb7b29d3d46ad83ce9f9a102ee99d49a53e87f4c3da55" | decode_to_chunk: output: | c3 0e 32 ff ed c0 77 4e 6a ff 6a f0 86 9f 71 aa | 0f 3a f0 7a 9a 31 a9 c6 84 db 20 7e b0 ef 8e 4e | 35 90 7a a6 32 c3 ff df 86 8b b7 b2 9d 3d 46 ad | 83 ce 9f 9a 10 2e e9 9d 49 a5 3e 87 f4 c3 da 55 | decode_to_chunk: cipertext: : input "0xc30e32ffedc0774e6aff6af0869f71aa0f3af07a9a31a9c684db207eb0ef8e4e35907aa632c3ffdf868bb7b29d3d46ad83ce9f9a102ee99d49a53e87f4c3da55" | decode_to_chunk: output: | c3 0e 32 ff ed c0 77 4e 6a ff 6a f0 86 9f 71 aa | 0f 3a f0 7a 9a 31 a9 c6 84 db 20 7e b0 ef 8e 4e | 35 90 7a a6 32 c3 ff df 86 8b b7 b2 9d 3d 46 ad | 83 ce 9f 9a 10 2e e9 9d 49 a5 3e 87 f4 c3 da 55 | decode_to_chunk: plaintext: : input "0xa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedf" | decode_to_chunk: output: | a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 aa ab ac ad ae af | b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf | c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf | d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x564e2d19df20 | test_ctr_vector: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key passed testing AES_XCBC: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "" | decode_to_chunk: output: | | decode_to_chunk: test_prf_vector: input "0x75f0251d528ac01c4573dfd584d79f29" | decode_to_chunk: output: | 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | PRF chunk interface PRF aes_xcbc init key-chunk@0x564e2d1a11d0 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f00 | result: key-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ee8 | result: key-key@0x564e2d19df20 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x564e2d19f7a0 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d19df20 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ec8 | result: key-key@0x564e2d19f7a0 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x564e2d19df20 | PRF chunk interface PRF aes_xcbc crypt-prf@0x564e2d1a1040 | PRF chunk interface PRF aes_xcbc update message-bytes@0x564e2d19c6f0 (length 0) | | XCBC: data | K extracting all 16 bytes of key@0x564e2d19f7a0 | K: symkey-key@0x564e2d19f7a0 (16-bytes, AES_ECB) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564e2d1a1c00 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)-1921615232: ffffffdb 74 ffffff90 56 38 55 ffffffeb ffffffef ffffffdb 78 ffffffd0 ffffffec ffffff9c 7f ffffffcb 66 | K: release slot-key-key@0x564e2d1a1c00 | K extracted len 16 bytes at 0x564e2d1a12a0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767e60 | result: k1-key@0x564e2d1a1e90 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d1a1e90 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767e48 | result: k1-key@0x564e2d19df20 (16-bytes, AES_ECB) | k1: release tmp-key@0x564e2d1a1e90 | Computing E[0] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] | XCBC: M[n] | XCBC: M[n]:80...^E[n-1]^K3 | 41 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: MAC 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | xcbc: release k1-key@0x564e2d19df20 | PRF chunk interface: release key-key@0x564e2d19f7a0 | PRF chunk interface PRF aes_xcbc final-chunk@0x564e2d1a1060 (length 16) | 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | chunk output 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | verify_chunk_data: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: ok | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f70 | result: key symkey-key@0x564e2d19df20 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d19df20 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f58 | result: key symkey-key@0x564e2d19f7a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x564e2d19df20 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x564e2d19f7a0 (size 16) | PRF symkey interface: key symkey-key@0x564e2d19f7a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d19f7a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ef8 | result: key symkey-key@0x564e2d19df20 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x564e2d1a1040 | PRF symkey interface PRF aes_xcbc update symkey message-key@(nil) (size 0) | PRF symkey interface: symkey message-key@NULL | symkey message NULL key has no bytes | XCBC: data | K extracting all 16 bytes of key@0x564e2d19df20 | K: symkey-key@0x564e2d19df20 (16-bytes, AES_ECB) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564e2d1a1c00 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1023: ffffffdb 74 ffffff90 56 38 55 ffffffeb ffffffef ffffffdb 78 ffffffd0 ffffffec ffffff9c 7f ffffffcb 66 | K: release slot-key-key@0x564e2d1a1c00 | K extracted len 16 bytes at 0x564e2d1a1c90 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767e80 | result: k1-key@0x564e2d1a3780 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d1a3780 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767e68 | result: k1-key@0x564e2d1a1e90 (16-bytes, AES_ECB) | k1: release tmp-key@0x564e2d1a3780 | Computing E[0] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] | XCBC: M[n] | XCBC: M[n]:80...^E[n-1]^K3 | 41 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: MAC 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | xcbc: release k1-key@0x564e2d1a1e90 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f10 | result: xcbc-key@0x564e2d1a3780 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d1a3780 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ef8 | result: xcbc-key@0x564e2d1a1e90 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x564e2d1a3780 | PRF symkey interface: release key-key@0x564e2d19df20 | PRF symkey interface PRF aes_xcbc final-key@0x564e2d1a1e90 (size 16) | PRF symkey interface: key-key@0x564e2d1a1e90 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x564e2d1a1e90 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input extracting all 16 bytes of key@0x564e2d1a1e90 | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: symkey-key@0x564e2d1a1e90 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: new slot-key@0x564e2d1a1c00 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)726323673: ffffffc4 ffffff9d 07 36 ffffff91 33 ffffffa5 ffffffeb fffffff6 ffffffaf ffffff8c ffffffbb 74 3f 77 35 | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: release slot-key-key@0x564e2d1a1c00 | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input extracted len 16 bytes at 0x564e2d1a11f0 | unwrapped: 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | verify_chunk_data: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: ok | test_prf_vector: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input passed | test_prf_vector: release symkey-key@0x564e2d1a1e90 | test_prf_vector: release message-key@NULL | test_prf_vector: release key-key@0x564e2d19f7a0 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102" | decode_to_chunk: output: | 00 01 02 | decode_to_chunk: test_prf_vector: input "0x5b376580ae2f19afe7219ceef172756f" | decode_to_chunk: output: | 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | PRF chunk interface PRF aes_xcbc init key-chunk@0x564e2d1a1040 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f00 | result: key-key@0x564e2d1a1e90 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d1a1e90 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ee8 | result: key-key@0x564e2d19f7a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x564e2d1a1e90 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d19f7a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ec8 | result: key-key@0x564e2d1a1e90 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x564e2d19f7a0 | PRF chunk interface PRF aes_xcbc crypt-prf@0x564e2d1a1400 | PRF chunk interface PRF aes_xcbc update message-bytes@0x564e2d1a11f0 (length 3) | 00 01 02 | XCBC: data 00 01 02 | K extracting all 16 bytes of key@0x564e2d1a1e90 | K: symkey-key@0x564e2d1a1e90 (16-bytes, AES_ECB) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564e2d1a1c00 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)-1921615232: ffffffdb 74 ffffff90 56 38 55 ffffffeb ffffffef ffffffdb 78 ffffffd0 ffffffec ffffff9c 7f ffffffcb 66 | K: release slot-key-key@0x564e2d1a1c00 | K extracted len 16 bytes at 0x564e2d1a11d0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767e60 | result: k1-key@0x564e2d19df20 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d19df20 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767e48 | result: k1-key@0x564e2d19f7a0 (16-bytes, AES_ECB) | k1: release tmp-key@0x564e2d19df20 | Computing E[1] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 01 02 | XCBC: M[n] 00 01 02 | XCBC: M[n]:80...^E[n-1]^K3 | c1 a6 a9 21 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: MAC 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | xcbc: release k1-key@0x564e2d19f7a0 | PRF chunk interface: release key-key@0x564e2d1a1e90 | PRF chunk interface PRF aes_xcbc final-chunk@0x564e2d1a1020 (length 16) | 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | chunk output 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | verify_chunk_data: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: ok | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f70 | result: key symkey-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f58 | result: key symkey-key@0x564e2d1a1e90 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x564e2d19f7a0 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x564e2d1a1e90 (size 16) | PRF symkey interface: key symkey-key@0x564e2d1a1e90 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d1a1e90 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ef8 | result: key symkey-key@0x564e2d19f7a0 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x564e2d1a12a0 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f70 | result: message symkey-key@0x564e2d1a3780 (19-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 3 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 3-bytes | base: base-key@0x564e2d1a3780 (19-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f58 | result: message symkey-key@0x564e2d19df20 (3-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x564e2d1a3780 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x564e2d19df20 (size 3) | PRF symkey interface: symkey message-key@0x564e2d19df20 (3-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 3 bytes of key@0x564e2d19df20 | symkey message: symkey-key@0x564e2d19df20 (3-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x564e2d1a1c00 (3-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)-1921615024: ffffffef ffffff8c 09 ffffff98 ffffff89 fffffffd 73 ffffffde ffffff8e ffffffe2 0b ffffff9f ffffffad 05 45 75 | symkey message: release slot-key-key@0x564e2d1a1c00 | symkey message extracted len 16 bytes at 0x564e2d1a1f20 | unwrapped: 00 01 02 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 | K extracting all 16 bytes of key@0x564e2d19f7a0 | K: symkey-key@0x564e2d19f7a0 (16-bytes, AES_ECB) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564e2d1a1c00 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: ffffffdb 74 ffffff90 56 38 55 ffffffeb ffffffef ffffffdb 78 ffffffd0 ffffffec ffffff9c 7f ffffffcb 66 | K: release slot-key-key@0x564e2d1a1c00 | K extracted len 16 bytes at 0x564e2d1a1400 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767e80 | result: k1-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767e68 | result: k1-key@0x564e2d1a3780 (16-bytes, AES_ECB) | k1: release tmp-key@0x564e2d1a5000 | Computing E[1] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 01 02 | XCBC: M[n] 00 01 02 | XCBC: M[n]:80...^E[n-1]^K3 | c1 a6 a9 21 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: MAC 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | xcbc: release k1-key@0x564e2d1a3780 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f10 | result: xcbc-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ef8 | result: xcbc-key@0x564e2d1a3780 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x564e2d1a5000 | PRF symkey interface: release key-key@0x564e2d19f7a0 | PRF symkey interface PRF aes_xcbc final-key@0x564e2d1a3780 (size 16) | PRF symkey interface: key-key@0x564e2d1a3780 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x564e2d1a3780 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input extracting all 16 bytes of key@0x564e2d1a3780 | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: symkey-key@0x564e2d1a3780 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: new slot-key@0x564e2d1a1c00 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)726323673: 59 ffffffe8 ffffffef 45 15 ffffffca ffffffb7 ffffffb9 ffffffc7 ffffffc0 61 ffffffe0 1e ffffffcc 0b ffffffcc | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: release slot-key-key@0x564e2d1a1c00 | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input extracted len 16 bytes at 0x564e2d1a1400 | unwrapped: 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | verify_chunk_data: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: ok | test_prf_vector: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input passed | test_prf_vector: release symkey-key@0x564e2d1a3780 | test_prf_vector: release message-key@0x564e2d19df20 | test_prf_vector: release key-key@0x564e2d1a1e90 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0xd2a246fa349b68a79998a4394ff7a263" | decode_to_chunk: output: | d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | PRF chunk interface PRF aes_xcbc init key-chunk@0x564e2d1a1f20 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f00 | result: key-key@0x564e2d19df20 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d19df20 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ee8 | result: key-key@0x564e2d1a1e90 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x564e2d19df20 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d1a1e90 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ec8 | result: key-key@0x564e2d19df20 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x564e2d1a1e90 | PRF chunk interface PRF aes_xcbc crypt-prf@0x564e2d1a11d0 | PRF chunk interface PRF aes_xcbc update message-bytes@0x564e2d1a1400 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | K extracting all 16 bytes of key@0x564e2d19df20 | K: symkey-key@0x564e2d19df20 (16-bytes, AES_ECB) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564e2d1a1c00 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: ffffffdb 74 ffffff90 56 38 55 ffffffeb ffffffef ffffffdb 78 ffffffd0 ffffffec ffffff9c 7f ffffffcb 66 | K: release slot-key-key@0x564e2d1a1c00 | K extracted len 16 bytes at 0x564e2d1a11f0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767e60 | result: k1-key@0x564e2d1a3780 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d1a3780 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767e48 | result: k1-key@0x564e2d1a1e90 (16-bytes, AES_ECB) | k1: release tmp-key@0x564e2d1a3780 | XCBC: Computing E[1] using K2 | XCBC: K2 bd 86 2f fb 97 ad 2f b8 f8 b8 91 f6 03 2f 36 cb | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: M[n]^E[n-1]^K2 | bd 87 2d f8 93 a8 29 bf f0 b1 9b fd 0f 22 38 c4 | XCBC: MAC d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | xcbc: release k1-key@0x564e2d1a1e90 | PRF chunk interface: release key-key@0x564e2d19df20 | PRF chunk interface PRF aes_xcbc final-chunk@0x564e2d1a1020 (length 16) | d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | chunk output d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | verify_chunk_data: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: ok | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f70 | result: key symkey-key@0x564e2d1a1e90 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d1a1e90 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f58 | result: key symkey-key@0x564e2d19df20 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x564e2d1a1e90 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x564e2d19df20 (size 16) | PRF symkey interface: key symkey-key@0x564e2d19df20 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d19df20 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ef8 | result: key symkey-key@0x564e2d1a1e90 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x564e2d1a1060 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f70 | result: message symkey-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f58 | result: message symkey-key@0x564e2d1a3780 (16-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x564e2d19f7a0 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x564e2d1a3780 (size 16) | PRF symkey interface: symkey message-key@0x564e2d1a3780 (16-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 16 bytes of key@0x564e2d1a3780 | symkey message: symkey-key@0x564e2d1a3780 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x564e2d1a1c00 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)-1921615024: ffffffdb 74 ffffff90 56 38 55 ffffffeb ffffffef ffffffdb 78 ffffffd0 ffffffec ffffff9c 7f ffffffcb 66 | symkey message: release slot-key-key@0x564e2d1a1c00 | symkey message extracted len 16 bytes at 0x564e2d1a1040 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | K extracting all 16 bytes of key@0x564e2d1a1e90 | K: symkey-key@0x564e2d1a1e90 (16-bytes, AES_ECB) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564e2d1a1c00 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: ffffffdb 74 ffffff90 56 38 55 ffffffeb ffffffef ffffffdb 78 ffffffd0 ffffffec ffffff9c 7f ffffffcb 66 | K: release slot-key-key@0x564e2d1a1c00 | K extracted len 16 bytes at 0x564e2d1a1c90 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767e80 | result: k1-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767e68 | result: k1-key@0x564e2d19f7a0 (16-bytes, AES_ECB) | k1: release tmp-key@0x564e2d1a5000 | XCBC: Computing E[1] using K2 | XCBC: K2 bd 86 2f fb 97 ad 2f b8 f8 b8 91 f6 03 2f 36 cb | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: M[n]^E[n-1]^K2 | bd 87 2d f8 93 a8 29 bf f0 b1 9b fd 0f 22 38 c4 | XCBC: MAC d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | xcbc: release k1-key@0x564e2d19f7a0 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f10 | result: xcbc-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ef8 | result: xcbc-key@0x564e2d19f7a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x564e2d1a5000 | PRF symkey interface: release key-key@0x564e2d1a1e90 | PRF symkey interface PRF aes_xcbc final-key@0x564e2d19f7a0 (size 16) | PRF symkey interface: key-key@0x564e2d19f7a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x564e2d19f7a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input extracting all 16 bytes of key@0x564e2d19f7a0 | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: symkey-key@0x564e2d19f7a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: new slot-key@0x564e2d1a1c00 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)726323673: 34 ffffff80 77 24 58 ffffffdd ffffffe3 ffffff95 ffffff90 1f ffffff86 ffffffff 27 5c 7b 22 | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: release slot-key-key@0x564e2d1a1c00 | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input extracted len 16 bytes at 0x564e2d1a1c90 | unwrapped: d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | verify_chunk_data: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: ok | test_prf_vector: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input passed | test_prf_vector: release symkey-key@0x564e2d19f7a0 | test_prf_vector: release message-key@0x564e2d1a3780 | test_prf_vector: release key-key@0x564e2d19df20 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f10111213" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | decode_to_chunk: test_prf_vector: input "0x47f51b4564966215b8985c63055ed308" | decode_to_chunk: output: | 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | PRF chunk interface PRF aes_xcbc init key-chunk@0x564e2d1a1040 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f00 | result: key-key@0x564e2d1a3780 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d1a3780 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ee8 | result: key-key@0x564e2d19df20 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x564e2d1a3780 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d19df20 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ec8 | result: key-key@0x564e2d1a3780 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x564e2d19df20 | PRF chunk interface PRF aes_xcbc crypt-prf@0x564e2d1a11f0 | PRF chunk interface PRF aes_xcbc update message-bytes@0x564e2d1a1c90 (length 20) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x564e2d1a3780 | K: symkey-key@0x564e2d1a3780 (16-bytes, AES_ECB) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564e2d1a1c00 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: ffffffdb 74 ffffff90 56 38 55 ffffffeb ffffffef ffffffdb 78 ffffffd0 ffffffec ffffff9c 7f ffffffcb 66 | K: release slot-key-key@0x564e2d1a1c00 | K extracted len 16 bytes at 0x564e2d1a1400 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767e60 | result: k1-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767e48 | result: k1-key@0x564e2d19df20 (16-bytes, AES_ECB) | k1: release tmp-key@0x564e2d19f7a0 | Computing E[2] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | cc b2 f1 48 ed 77 08 69 0d be 33 56 c1 6e ed dd | XCBC: MAC 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | xcbc: release k1-key@0x564e2d19df20 | PRF chunk interface: release key-key@0x564e2d1a3780 | PRF chunk interface PRF aes_xcbc final-chunk@0x564e2d1a12a0 (length 16) | 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | chunk output 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | verify_chunk_data: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: ok | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f70 | result: key symkey-key@0x564e2d19df20 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d19df20 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f58 | result: key symkey-key@0x564e2d1a3780 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x564e2d19df20 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x564e2d1a3780 (size 16) | PRF symkey interface: key symkey-key@0x564e2d1a3780 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d1a3780 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ef8 | result: key symkey-key@0x564e2d19df20 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x564e2d1a11d0 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f70 | result: message symkey-key@0x564e2d1a1e90 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d1a1e90 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f58 | result: message symkey-key@0x564e2d19f7a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x564e2d1a1e90 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x564e2d19f7a0 (size 20) | PRF symkey interface: symkey message-key@0x564e2d19f7a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 20 bytes of key@0x564e2d19f7a0 | symkey message: symkey-key@0x564e2d19f7a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1921615024: ffffffdb 74 ffffff90 56 38 55 ffffffeb ffffffef ffffffdb 78 ffffffd0 ffffffec ffffff9c 7f ffffffcb 66 fffffff2 ffffff98 ffffffca 6f 33 ffffffc8 67 2b ffffffdd ffffff97 ffffffc2 ffffffca 2d 41 1a ffffff88 | symkey message: release slot-key-key@0x564e2d1a1c00 | symkey message extracted len 32 bytes at 0x564e2d1a1860 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x564e2d19df20 | K: symkey-key@0x564e2d19df20 (16-bytes, AES_ECB) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564e2d1a1c00 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: ffffffdb 74 ffffff90 56 38 55 ffffffeb ffffffef ffffffdb 78 ffffffd0 ffffffec ffffff9c 7f ffffffcb 66 | K: release slot-key-key@0x564e2d1a1c00 | K extracted len 16 bytes at 0x564e2d19c6f0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767e80 | result: k1-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767e68 | result: k1-key@0x564e2d1a1e90 (16-bytes, AES_ECB) | k1: release tmp-key@0x564e2d1a5000 | Computing E[2] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | cc b2 f1 48 ed 77 08 69 0d be 33 56 c1 6e ed dd | XCBC: MAC 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | xcbc: release k1-key@0x564e2d1a1e90 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f10 | result: xcbc-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ef8 | result: xcbc-key@0x564e2d1a1e90 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x564e2d1a5000 | PRF symkey interface: release key-key@0x564e2d19df20 | PRF symkey interface PRF aes_xcbc final-key@0x564e2d1a1e90 (size 16) | PRF symkey interface: key-key@0x564e2d1a1e90 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x564e2d1a1e90 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input extracting all 16 bytes of key@0x564e2d1a1e90 | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: symkey-key@0x564e2d1a1e90 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: new slot-key@0x564e2d1a1c00 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)726323673: ffffff98 fffffff8 1c fffffff3 79 ffffffd8 5e ffffffc9 4b 0e ffffffdc ffffffef ffffffe6 71 61 46 | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: release slot-key-key@0x564e2d1a1c00 | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input extracted len 16 bytes at 0x564e2d19c6f0 | unwrapped: 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | verify_chunk_data: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: ok | test_prf_vector: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input passed | test_prf_vector: release symkey-key@0x564e2d1a1e90 | test_prf_vector: release message-key@0x564e2d19f7a0 | test_prf_vector: release key-key@0x564e2d1a3780 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: test_prf_vector: input "0xf54f0ec8d2b9f3d36807734bd5283fd4" | decode_to_chunk: output: | f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | PRF chunk interface PRF aes_xcbc init key-chunk@0x564e2d1a1400 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f00 | result: key-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ee8 | result: key-key@0x564e2d1a3780 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x564e2d19f7a0 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d1a3780 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ec8 | result: key-key@0x564e2d19f7a0 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x564e2d1a3780 | PRF chunk interface PRF aes_xcbc crypt-prf@0x564e2d19c8b0 | PRF chunk interface PRF aes_xcbc update message-bytes@0x564e2d19c980 (length 32) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | K extracting all 16 bytes of key@0x564e2d19f7a0 | K: symkey-key@0x564e2d19f7a0 (16-bytes, AES_ECB) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564e2d1a1c00 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540619040: ffffffdb 74 ffffff90 56 38 55 ffffffeb ffffffef ffffffdb 78 ffffffd0 ffffffec ffffff9c 7f ffffffcb 66 | K: release slot-key-key@0x564e2d1a1c00 | K extracted len 16 bytes at 0x564e2d19c7e0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767e60 | result: k1-key@0x564e2d1a1e90 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d1a1e90 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767e48 | result: k1-key@0x564e2d1a3780 (16-bytes, AES_ECB) | k1: release tmp-key@0x564e2d1a1e90 | XCBC: Computing E[2] using K2 | XCBC: K2 bd 86 2f fb 97 ad 2f b8 f8 b8 91 f6 03 2f 36 cb | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: M[n]^E[n-1]^K2 | b0 93 75 12 4c f5 a5 c0 b5 18 18 37 16 b2 15 67 | XCBC: MAC f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | xcbc: release k1-key@0x564e2d1a3780 | PRF chunk interface: release key-key@0x564e2d19f7a0 | PRF chunk interface PRF aes_xcbc final-chunk@0x564e2d1a1f20 (length 16) | f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | chunk output f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | verify_chunk_data: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: ok | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f70 | result: key symkey-key@0x564e2d1a3780 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d1a3780 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f58 | result: key symkey-key@0x564e2d19f7a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x564e2d1a3780 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x564e2d19f7a0 (size 16) | PRF symkey interface: key symkey-key@0x564e2d19f7a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d19f7a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ef8 | result: key symkey-key@0x564e2d1a3780 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x564e2d1a1060 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f70 | result: message symkey-key@0x564e2d19df20 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x564e2d19df20 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f58 | result: message symkey-key@0x564e2d1a1e90 (32-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x564e2d19df20 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x564e2d1a1e90 (size 32) | PRF symkey interface: symkey message-key@0x564e2d1a1e90 (32-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 32 bytes of key@0x564e2d1a1e90 | symkey message: symkey-key@0x564e2d1a1e90 (32-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x564e2d1a1c00 (32-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1921615024: ffffffdb 74 ffffff90 56 38 55 ffffffeb ffffffef ffffffdb 78 ffffffd0 ffffffec ffffff9c 7f ffffffcb 66 ffffffce ffffffb9 ffffffa7 02 75 32 ffffffd7 07 ffffffed ffffffb3 ffffff93 ffffff9c ffffffcb 52 50 04 | symkey message: release slot-key-key@0x564e2d1a1c00 | symkey message extracted len 32 bytes at 0x564e2d1a1cb0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | K extracting all 16 bytes of key@0x564e2d1a3780 | K: symkey-key@0x564e2d1a3780 (16-bytes, AES_ECB) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564e2d1a1c00 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: ffffffdb 74 ffffff90 56 38 55 ffffffeb ffffffef ffffffdb 78 ffffffd0 ffffffec ffffff9c 7f ffffffcb 66 | K: release slot-key-key@0x564e2d1a1c00 | K extracted len 16 bytes at 0x564e2d1a1c90 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767e80 | result: k1-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767e68 | result: k1-key@0x564e2d19df20 (16-bytes, AES_ECB) | k1: release tmp-key@0x564e2d1a5000 | XCBC: Computing E[2] using K2 | XCBC: K2 bd 86 2f fb 97 ad 2f b8 f8 b8 91 f6 03 2f 36 cb | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: M[n]^E[n-1]^K2 | b0 93 75 12 4c f5 a5 c0 b5 18 18 37 16 b2 15 67 | XCBC: MAC f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | xcbc: release k1-key@0x564e2d19df20 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f10 | result: xcbc-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ef8 | result: xcbc-key@0x564e2d19df20 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x564e2d1a5000 | PRF symkey interface: release key-key@0x564e2d1a3780 | PRF symkey interface PRF aes_xcbc final-key@0x564e2d19df20 (size 16) | PRF symkey interface: key-key@0x564e2d19df20 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x564e2d19df20 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input extracting all 16 bytes of key@0x564e2d19df20 | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: symkey-key@0x564e2d19df20 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: new slot-key@0x564e2d1a1c00 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)726323673: 1a ffffffdd ffffffbc 26 ffffffd4 5a 72 ffffff94 68 76 10 1c ffffffbb 08 21 ffffff9f | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: release slot-key-key@0x564e2d1a1c00 | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input extracted len 16 bytes at 0x564e2d1a1c90 | unwrapped: f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | verify_chunk_data: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: ok | test_prf_vector: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input passed | test_prf_vector: release symkey-key@0x564e2d19df20 | test_prf_vector: release message-key@0x564e2d1a1e90 | test_prf_vector: release key-key@0x564e2d19f7a0 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f2021" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 | decode_to_chunk: test_prf_vector: input "0xbecbb3bccdb518a30677d5481fb6b4d8" | decode_to_chunk: output: | be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | PRF chunk interface PRF aes_xcbc init key-chunk@0x564e2d1a1060 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f00 | result: key-key@0x564e2d1a1e90 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d1a1e90 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ee8 | result: key-key@0x564e2d19f7a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x564e2d1a1e90 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d19f7a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ec8 | result: key-key@0x564e2d1a1e90 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x564e2d19f7a0 | PRF chunk interface PRF aes_xcbc crypt-prf@0x564e2d19c7e0 | PRF chunk interface PRF aes_xcbc update message-bytes@0x564e2d19c9b0 (length 34) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: data 20 21 | K extracting all 16 bytes of key@0x564e2d1a1e90 | K: symkey-key@0x564e2d1a1e90 (16-bytes, AES_ECB) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564e2d1a1c00 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540619040: ffffffdb 74 ffffff90 56 38 55 ffffffeb ffffffef ffffffdb 78 ffffffd0 ffffffec ffffff9c 7f ffffffcb 66 | K: release slot-key-key@0x564e2d1a1c00 | K extracted len 16 bytes at 0x564e2d19c6f0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767e60 | result: k1-key@0x564e2d19df20 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d19df20 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767e48 | result: k1-key@0x564e2d19f7a0 (16-bytes, AES_ECB) | k1: release tmp-key@0x564e2d19df20 | Computing E[3] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 09 02 5e 5a 67 25 20 72 44 14 5c 6b 80 66 85 79 | XCBC: M[n] 20 21 | XCBC: M[n] 20 21 | XCBC: M[n]:80...^E[n-1]^K3 | e8 84 75 fb c5 1f b4 74 1c 13 fc e7 48 88 55 17 | XCBC: MAC be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | xcbc: release k1-key@0x564e2d19f7a0 | PRF chunk interface: release key-key@0x564e2d1a1e90 | PRF chunk interface PRF aes_xcbc final-chunk@0x564e2d1a11d0 (length 16) | be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | chunk output be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | verify_chunk_data: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: ok | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f70 | result: key symkey-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f58 | result: key symkey-key@0x564e2d1a1e90 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x564e2d19f7a0 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x564e2d1a1e90 (size 16) | PRF symkey interface: key symkey-key@0x564e2d1a1e90 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d1a1e90 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ef8 | result: key symkey-key@0x564e2d19f7a0 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x564e2d1a11f0 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f70 | result: message symkey-key@0x564e2d1a3780 (50-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 34 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 34-bytes | base: base-key@0x564e2d1a3780 (50-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f58 | result: message symkey-key@0x564e2d19df20 (34-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x564e2d1a3780 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x564e2d19df20 (size 34) | PRF symkey interface: symkey message-key@0x564e2d19df20 (34-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 34 bytes of key@0x564e2d19df20 | symkey message: symkey-key@0x564e2d19df20 (34-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x564e2d1a1c00 (34-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)-1921615024: ffffffdb 74 ffffff90 56 38 55 ffffffeb ffffffef ffffffdb 78 ffffffd0 ffffffec ffffff9c 7f ffffffcb 66 ffffffce ffffffb9 ffffffa7 02 75 32 ffffffd7 07 ffffffed ffffffb3 ffffff93 ffffff9c ffffffcb 52 50 04 ffffffcd ffffffcc ffffffce ffffffc2 5d ffffff89 2c 79 19 33 13 41 ffffffca 01 ffffff9b ffffff9a | symkey message: release slot-key-key@0x564e2d1a1c00 | symkey message extracted len 48 bytes at 0x564e2d1a1210 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | unwrapped: 20 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: data 20 21 | K extracting all 16 bytes of key@0x564e2d19f7a0 | K: symkey-key@0x564e2d19f7a0 (16-bytes, AES_ECB) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564e2d1a1c00 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: ffffffdb 74 ffffff90 56 38 55 ffffffeb ffffffef ffffffdb 78 ffffffd0 ffffffec ffffff9c 7f ffffffcb 66 | K: release slot-key-key@0x564e2d1a1c00 | K extracted len 16 bytes at 0x564e2d19c8b0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767e80 | result: k1-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767e68 | result: k1-key@0x564e2d1a3780 (16-bytes, AES_ECB) | k1: release tmp-key@0x564e2d1a5000 | Computing E[3] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 09 02 5e 5a 67 25 20 72 44 14 5c 6b 80 66 85 79 | XCBC: M[n] 20 21 | XCBC: M[n] 20 21 | XCBC: M[n]:80...^E[n-1]^K3 | e8 84 75 fb c5 1f b4 74 1c 13 fc e7 48 88 55 17 | XCBC: MAC be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | xcbc: release k1-key@0x564e2d1a3780 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f10 | result: xcbc-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ef8 | result: xcbc-key@0x564e2d1a3780 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x564e2d1a5000 | PRF symkey interface: release key-key@0x564e2d19f7a0 | PRF symkey interface PRF aes_xcbc final-key@0x564e2d1a3780 (size 16) | PRF symkey interface: key-key@0x564e2d1a3780 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x564e2d1a3780 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input extracting all 16 bytes of key@0x564e2d1a3780 | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: symkey-key@0x564e2d1a3780 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: new slot-key@0x564e2d1a1c00 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)726323673: 1f ffffffa7 07 31 ffffffe6 ffffffee ffffffdb ffffffb8 ffffffd2 01 ffffffd7 33 2c 15 ffffffc9 ffffff8d | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: release slot-key-key@0x564e2d1a1c00 | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input extracted len 16 bytes at 0x564e2d19c8b0 | unwrapped: be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | verify_chunk_data: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: ok | test_prf_vector: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input passed | test_prf_vector: release symkey-key@0x564e2d1a3780 | test_prf_vector: release message-key@0x564e2d19df20 | test_prf_vector: release key-key@0x564e2d1a1e90 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0xf0dafee895db30253761103b5d84528f" | decode_to_chunk: output: | f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | PRF chunk interface PRF aes_xcbc init key-chunk@0x564e2d1a11f0 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f00 | result: key-key@0x564e2d19df20 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d19df20 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ee8 | result: key-key@0x564e2d1a1e90 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x564e2d19df20 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d1a1e90 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ec8 | result: key-key@0x564e2d19df20 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x564e2d1a1e90 | PRF chunk interface PRF aes_xcbc crypt-prf@0x564e2d19c6f0 | PRF chunk interface PRF aes_xcbc update message-bytes@0x564e2d1a6880 (length 1000) | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 | K extracting all 16 bytes of key@0x564e2d19df20 | K: symkey-key@0x564e2d19df20 (16-bytes, AES_ECB) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564e2d1a1c00 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540028960: ffffffdb 74 ffffff90 56 38 55 ffffffeb ffffffef ffffffdb 78 ffffffd0 ffffffec ffffff9c 7f ffffffcb 66 | K: release slot-key-key@0x564e2d1a1c00 | K extracted len 16 bytes at 0x564e2d1a1c90 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767e60 | result: k1-key@0x564e2d1a3780 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d1a3780 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767e48 | result: k1-key@0x564e2d1a1e90 (16-bytes, AES_ECB) | k1: release tmp-key@0x564e2d1a3780 | Computing E[63] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 5c 88 af cc 1e 1e 83 fc c4 2c 0c e4 12 12 f5 17 | XCBC: M[n] 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 00 00 00 00 00 00 00 | XCBC: M[n]:80...^E[n-1]^K3 | 9d 2f 04 6d bc 24 17 fa 1c 2b ac 68 da fc 25 79 | XCBC: MAC f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | xcbc: release k1-key@0x564e2d1a1e90 | PRF chunk interface: release key-key@0x564e2d19df20 | PRF chunk interface PRF aes_xcbc final-chunk@0x564e2d1a12a0 (length 16) | f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | chunk output f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | verify_chunk_data: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: ok | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f70 | result: key symkey-key@0x564e2d1a1e90 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d1a1e90 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f58 | result: key symkey-key@0x564e2d19df20 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x564e2d1a1e90 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x564e2d19df20 (size 16) | PRF symkey interface: key symkey-key@0x564e2d19df20 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d19df20 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ef8 | result: key symkey-key@0x564e2d1a1e90 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x564e2d1a1020 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f70 | result: message symkey-key@0x564e2d19f7a0 (1016-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 1000 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 1000-bytes | base: base-key@0x564e2d19f7a0 (1016-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f58 | result: message symkey-key@0x564e2d1a3780 (1000-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x564e2d19f7a0 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x564e2d1a3780 (size 1000) | PRF symkey interface: symkey message-key@0x564e2d1a3780 (1000-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 1000 bytes of key@0x564e2d1a3780 | symkey message: symkey-key@0x564e2d1a3780 (1000-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x564e2d1a1c00 (1000-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 1008 | wrapper: (SECItemType)-1921615024: 49 55 6d 22 69 ffffffc4 ffffffce ffffff89 ffffff94 30 2e ffffffaa 33 11 ffffffa4 49 49 55 6d 22 69 ffffffc4 ffffffce ffffff89 ffffff94 30 2e ffffffaa 33 11 ffffffa4 49 49 55 6d 22 69 ffffffc4 ffffffce ffffff89 ffffff94 30 2e ffffffaa 33 11 ffffffa4 49 49 55 6d 22 69 ffffffc4 ffffffce ffffff89 ffffff94 30 2e ffffffaa 33 11 ffffffa4 49 49 55 6d 22 69 ffffffc4 ffffffce ffffff89 ffffff94 30 2e ffffffaa 33 11 ffffffa4 49 49 55 6d 22 69 ffffffc4 ffffffce ffffff89 ffffff94 30 2e ffffffaa 33 11 ffffffa4 49 49 55 6d 22 69 ffffffc4 ffffffce ffffff89 ffffff94 30 2e ffffffaa 33 11 ffffffa4 49 49 55 6d 22 69 ffffffc4 ffffffce ffffff89 ffffff94 30 2e ffffffaa 33 11 ffffffa4 49 49 55 6d 22 69 ffffffc4 ffffffce ffffff89 ffffff94 30 2e ffffffaa 33 11 ffffffa4 49 49 55 6d 22 69 ffffffc4 ffffffce ffffff89 ffffff94 30 2e ffffffaa 33 11 ffffffa4 49 49 55 6d 22 69 ffffffc4 ffffffce ffffff89 ffffff94 30 2e ffffffaa 33 11 ffffffa4 49 49 55 6d 22 6 | symkey message: release slot-key-key@0x564e2d1a1c00 | symkey message extracted len 1008 bytes at 0x564e2d1a8630 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 | K extracting all 16 bytes of key@0x564e2d1a1e90 | K: symkey-key@0x564e2d1a1e90 (16-bytes, AES_ECB) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564e2d1a1c00 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: ffffffdb 74 ffffff90 56 38 55 ffffffeb ffffffef ffffffdb 78 ffffffd0 ffffffec ffffff9c 7f ffffffcb 66 | K: release slot-key-key@0x564e2d1a1c00 | K extracted len 16 bytes at 0x564e2d19c7e0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767e80 | result: k1-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767e68 | result: k1-key@0x564e2d19f7a0 (16-bytes, AES_ECB) | k1: release tmp-key@0x564e2d1a5000 | Computing E[63] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 5c 88 af cc 1e 1e 83 fc c4 2c 0c e4 12 12 f5 17 | XCBC: M[n] 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 00 00 00 00 00 00 00 | XCBC: M[n]:80...^E[n-1]^K3 | 9d 2f 04 6d bc 24 17 fa 1c 2b ac 68 da fc 25 79 | XCBC: MAC f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | xcbc: release k1-key@0x564e2d19f7a0 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f10 | result: xcbc-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ef8 | result: xcbc-key@0x564e2d19f7a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x564e2d1a5000 | PRF symkey interface: release key-key@0x564e2d1a1e90 | PRF symkey interface PRF aes_xcbc final-key@0x564e2d19f7a0 (size 16) | PRF symkey interface: key-key@0x564e2d19f7a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x564e2d19f7a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input extracting all 16 bytes of key@0x564e2d19f7a0 | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: symkey-key@0x564e2d19f7a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: new slot-key@0x564e2d1a1c00 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)726323673: ffffffb5 08 fffffff4 4e ffffffc9 ffffffac 67 3d 2e ffffffc6 ffffffbc 30 17 32 ffffffcd 3b | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: release slot-key-key@0x564e2d1a1c00 | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input extracted len 16 bytes at 0x564e2d19c7e0 | unwrapped: f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | verify_chunk_data: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: ok | test_prf_vector: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input passed | test_prf_vector: release symkey-key@0x564e2d19f7a0 | test_prf_vector: release message-key@0x564e2d1a3780 | test_prf_vector: release key-key@0x564e2d19df20 | test_prf_vector: release output-key@NULL RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f10111213" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | decode_to_chunk: test_prf_vector: input "0x47f51b4564966215b8985c63055ed308" | decode_to_chunk: output: | 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | PRF chunk interface PRF aes_xcbc init key-chunk@0x564e2d1a1020 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f00 | result: key-key@0x564e2d1a3780 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d1a3780 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ee8 | result: key-key@0x564e2d19df20 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x564e2d1a3780 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d19df20 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ec8 | result: key-key@0x564e2d1a3780 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x564e2d19df20 | PRF chunk interface PRF aes_xcbc crypt-prf@0x564e2d1a1040 | PRF chunk interface PRF aes_xcbc update message-bytes@0x564e2d19c7e0 (length 20) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x564e2d1a3780 | K: symkey-key@0x564e2d1a3780 (16-bytes, AES_ECB) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564e2d1a1c00 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: ffffffdb 74 ffffff90 56 38 55 ffffffeb ffffffef ffffffdb 78 ffffffd0 ffffffec ffffff9c 7f ffffffcb 66 | K: release slot-key-key@0x564e2d1a1c00 | K extracted len 16 bytes at 0x564e2d1a1250 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767e60 | result: k1-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767e48 | result: k1-key@0x564e2d19df20 (16-bytes, AES_ECB) | k1: release tmp-key@0x564e2d19f7a0 | Computing E[2] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | cc b2 f1 48 ed 77 08 69 0d be 33 56 c1 6e ed dd | XCBC: MAC 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | xcbc: release k1-key@0x564e2d19df20 | PRF chunk interface: release key-key@0x564e2d1a3780 | PRF chunk interface PRF aes_xcbc final-chunk@0x564e2d1a1400 (length 16) | 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | chunk output 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): ok | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f70 | result: key symkey-key@0x564e2d19df20 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d19df20 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f58 | result: key symkey-key@0x564e2d1a3780 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x564e2d19df20 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x564e2d1a3780 (size 16) | PRF symkey interface: key symkey-key@0x564e2d1a3780 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d1a3780 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ef8 | result: key symkey-key@0x564e2d19df20 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x564e2d1a11d0 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f70 | result: message symkey-key@0x564e2d1a1e90 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d1a1e90 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f58 | result: message symkey-key@0x564e2d19f7a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x564e2d1a1e90 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x564e2d19f7a0 (size 20) | PRF symkey interface: symkey message-key@0x564e2d19f7a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 20 bytes of key@0x564e2d19f7a0 | symkey message: symkey-key@0x564e2d19f7a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1921615024: ffffffdb 74 ffffff90 56 38 55 ffffffeb ffffffef ffffffdb 78 ffffffd0 ffffffec ffffff9c 7f ffffffcb 66 fffffff2 ffffff98 ffffffca 6f 33 ffffffc8 67 2b ffffffdd ffffff97 ffffffc2 ffffffca 2d 41 1a ffffff88 | symkey message: release slot-key-key@0x564e2d1a1c00 | symkey message extracted len 32 bytes at 0x564e2d1a1ce0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x564e2d19df20 | K: symkey-key@0x564e2d19df20 (16-bytes, AES_ECB) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564e2d1a1c00 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: ffffffdb 74 ffffff90 56 38 55 ffffffeb ffffffef ffffffdb 78 ffffffd0 ffffffec ffffff9c 7f ffffffcb 66 | K: release slot-key-key@0x564e2d1a1c00 | K extracted len 16 bytes at 0x564e2d1a12a0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767e80 | result: k1-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767e68 | result: k1-key@0x564e2d1a1e90 (16-bytes, AES_ECB) | k1: release tmp-key@0x564e2d1a5000 | Computing E[2] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | cc b2 f1 48 ed 77 08 69 0d be 33 56 c1 6e ed dd | XCBC: MAC 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | xcbc: release k1-key@0x564e2d1a1e90 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f10 | result: xcbc-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ef8 | result: xcbc-key@0x564e2d1a1e90 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x564e2d1a5000 | PRF symkey interface: release key-key@0x564e2d19df20 | PRF symkey interface PRF aes_xcbc final-key@0x564e2d1a1e90 (size 16) | PRF symkey interface: key-key@0x564e2d1a1e90 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x564e2d1a1e90 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) extracting all 16 bytes of key@0x564e2d1a1e90 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): symkey-key@0x564e2d1a1e90 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): new slot-key@0x564e2d1a1c00 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)726323673: ffffff98 fffffff8 1c fffffff3 79 ffffffd8 5e ffffffc9 4b 0e ffffffdc ffffffef ffffffe6 71 61 46 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): release slot-key-key@0x564e2d1a1c00 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) extracted len 16 bytes at 0x564e2d1a1400 | unwrapped: 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): ok | test_prf_vector: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) passed | test_prf_vector: release symkey-key@0x564e2d1a1e90 | test_prf_vector: release message-key@0x564e2d19f7a0 | test_prf_vector: release key-key@0x564e2d1a3780 | test_prf_vector: release output-key@NULL RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) | decode_to_chunk: test_prf_vector: input "0x00010203040506070809" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f10111213" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | decode_to_chunk: test_prf_vector: input "0x0fa087af7d866e7653434e602fdde835" | decode_to_chunk: output: | 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | PRF chunk interface PRF aes_xcbc init key-chunk@0x564e2d1a1250 (length 10) | 00 01 02 03 04 05 06 07 08 09 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f00 | result: key-key@0x564e2d19f7a0 (26-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 10 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 10-bytes | base: base-key@0x564e2d19f7a0 (26-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ee8 | result: key-key@0x564e2d1a3780 (10-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x564e2d19f7a0 | XCBC: Key 10<16 too small, padding with zeros | xcbc: reference tmp-key@0x564e2d1a3780 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d1a3780 (10-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff8d767ea0 | result: tmp+=0-key@0x564e2d19f7a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564e2d1a3780 | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d19f7a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ec8 | result: PRF chunk interface-key@0x564e2d1a1e90 (16-bytes, AES_ECB) | PRF chunk interface: release tmp-key@0x564e2d19f7a0 | PRF chunk interface: release clone-key@0x564e2d1a3780 | PRF chunk interface PRF aes_xcbc crypt-prf@0x564e2d19c6f0 | PRF chunk interface PRF aes_xcbc update message-bytes@0x564e2d1a1400 (length 20) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x564e2d1a1e90 | K: symkey-key@0x564e2d1a1e90 (16-bytes, AES_ECB) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564e2d1a1c00 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: ffffffc8 44 3a ffffff87 ffffff88 22 61 ffffffe4 3f 59 08 73 ffffffdb 24 ffffffba ffffffdc | K: release slot-key-key@0x564e2d1a1c00 | K extracted len 16 bytes at 0x564e2d1a11d0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 00 00 00 00 00 00 | XCBC: K: 00 01 02 03 04 05 06 07 08 09 00 00 00 00 00 00 | XCBC: K1 50 ca b2 4d 03 34 45 5e 40 7b 25 0f dd 7c f8 d5 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767e60 | result: k1-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767e48 | result: k1-key@0x564e2d1a3780 (16-bytes, AES_ECB) | k1: release tmp-key@0x564e2d19f7a0 | Computing E[2] using K3 | XCBC: K3 8e f7 48 db 56 f1 f7 26 24 72 f2 c5 63 b0 3f 88 | XCBC: E[n-1] fe 1f 63 e9 65 1a 4b bb 3c cc cd 0d cc 83 e4 30 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | 60 f9 39 21 b3 eb bc 9d 18 be 3f c8 af 33 db b8 | XCBC: MAC 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | xcbc: release k1-key@0x564e2d1a3780 | PRF chunk interface: release key-key@0x564e2d1a1e90 | PRF chunk interface PRF aes_xcbc final-chunk@0x564e2d1a1060 (length 16) | 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | chunk output 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): ok | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f70 | result: key symkey-key@0x564e2d1a3780 (26-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 10 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 10-bytes | base: base-key@0x564e2d1a3780 (26-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f58 | result: key symkey-key@0x564e2d1a1e90 (10-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x564e2d1a3780 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x564e2d1a1e90 (size 10) | PRF symkey interface: key symkey-key@0x564e2d1a1e90 (10-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 10<16 too small, padding with zeros | xcbc: reference tmp-key@0x564e2d1a1e90 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d1a1e90 (10-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff8d767ed0 | result: tmp+=0-key@0x564e2d1a3780 (16-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564e2d1a1e90 | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d1a3780 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ef8 | result: PRF symkey interface-key@0x564e2d19f7a0 (16-bytes, AES_ECB) | PRF symkey interface: release tmp-key@0x564e2d1a3780 | PRF symkey interface PRF aes_xcbc crypt-prf@0x564e2d1a1c90 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f70 | result: message symkey-key@0x564e2d19df20 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d19df20 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f58 | result: message symkey-key@0x564e2d1a3780 (20-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x564e2d19df20 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x564e2d1a3780 (size 20) | PRF symkey interface: symkey message-key@0x564e2d1a3780 (20-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 20 bytes of key@0x564e2d1a3780 | symkey message: symkey-key@0x564e2d1a3780 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1921615024: ffffffdb 74 ffffff90 56 38 55 ffffffeb ffffffef ffffffdb 78 ffffffd0 ffffffec ffffff9c 7f ffffffcb 66 fffffff2 ffffff98 ffffffca 6f 33 ffffffc8 67 2b ffffffdd ffffff97 ffffffc2 ffffffca 2d 41 1a ffffff88 | symkey message: release slot-key-key@0x564e2d1a1c00 | symkey message extracted len 32 bytes at 0x564e2d1a8a30 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x564e2d19f7a0 | K: symkey-key@0x564e2d19f7a0 (16-bytes, AES_ECB) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564e2d1a1c00 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: ffffffc8 44 3a ffffff87 ffffff88 22 61 ffffffe4 3f 59 08 73 ffffffdb 24 ffffffba ffffffdc | K: release slot-key-key@0x564e2d1a1c00 | K extracted len 16 bytes at 0x564e2d19c8b0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 00 00 00 00 00 00 | XCBC: K: 00 01 02 03 04 05 06 07 08 09 00 00 00 00 00 00 | XCBC: K1 50 ca b2 4d 03 34 45 5e 40 7b 25 0f dd 7c f8 d5 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767e80 | result: k1-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767e68 | result: k1-key@0x564e2d19df20 (16-bytes, AES_ECB) | k1: release tmp-key@0x564e2d1a5000 | Computing E[2] using K3 | XCBC: K3 8e f7 48 db 56 f1 f7 26 24 72 f2 c5 63 b0 3f 88 | XCBC: E[n-1] fe 1f 63 e9 65 1a 4b bb 3c cc cd 0d cc 83 e4 30 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | 60 f9 39 21 b3 eb bc 9d 18 be 3f c8 af 33 db b8 | XCBC: MAC 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | xcbc: release k1-key@0x564e2d19df20 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f10 | result: xcbc-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ef8 | result: xcbc-key@0x564e2d19df20 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x564e2d1a5000 | PRF symkey interface: release key-key@0x564e2d19f7a0 | PRF symkey interface PRF aes_xcbc final-key@0x564e2d19df20 (size 16) | PRF symkey interface: key-key@0x564e2d19df20 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x564e2d19df20 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) extracting all 16 bytes of key@0x564e2d19df20 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): symkey-key@0x564e2d19df20 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): new slot-key@0x564e2d1a1c00 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)726323673: ffffffe8 ffffffcc 2f ffffffdc 3b ffffffcc 63 29 ffffffd4 6a 0f ffffff91 ffffffac 19 19 14 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): release slot-key-key@0x564e2d1a1c00 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) extracted len 16 bytes at 0x564e2d1a1060 | unwrapped: 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): ok | test_prf_vector: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) passed | test_prf_vector: release symkey-key@0x564e2d19df20 | test_prf_vector: release message-key@0x564e2d1a3780 | test_prf_vector: release key-key@0x564e2d1a1e90 | test_prf_vector: release output-key@NULL RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0fedcb" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | ed cb | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f10111213" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | decode_to_chunk: test_prf_vector: input "0x8cd3c93ae598a9803006ffb67c40e9e4" | decode_to_chunk: output: | 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | PRF chunk interface PRF aes_xcbc init key-chunk@0x564e2d1a11d0 (length 18) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | ed cb | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f00 | result: key-key@0x564e2d1a3780 (34-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 18 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 18-bytes | base: base-key@0x564e2d1a3780 (34-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ee8 | result: key-key@0x564e2d1a1e90 (18-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x564e2d1a3780 | XCBC: Key 18>16 too big, rehashing to size | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767ea0 | result: key-key@0x564e2d19df20 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d19df20 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767e88 | result: key-key@0x564e2d1a3780 (16-bytes, AES_ECB) | key: release tmp-key@0x564e2d19df20 | key extracting all 18 bytes of key@0x564e2d1a1e90 | key: symkey-key@0x564e2d1a1e90 (18-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | key: new slot-key@0x564e2d1a1c00 (18-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1701522796: ffffffdb 74 ffffff90 56 38 55 ffffffeb ffffffef ffffffdb 78 ffffffd0 ffffffec ffffff9c 7f ffffffcb 66 fffffff2 17 ffffffa2 ffffffdc 4b 3c 7c 11 ffffffe4 1a ffffffc5 02 2f fffffff1 41 0d | key: release slot-key-key@0x564e2d1a1c00 | key extracted len 32 bytes at 0x564e2d1a1860 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: ed cb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data ed cb | K extracting all 16 bytes of key@0x564e2d1a3780 | K: symkey-key@0x564e2d1a3780 (16-bytes, AES_ECB) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564e2d1a1c00 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)808460336: 49 55 6d 22 69 ffffffc4 ffffffce ffffff89 ffffff94 30 2e ffffffaa 33 11 ffffffa4 49 | K: release slot-key-key@0x564e2d1a1c00 | K extracted len 16 bytes at 0x564e2d1a11f0 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: K: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: K1 e1 4d 5d 0e e2 77 15 df 08 b4 15 2b a2 3d a8 e0 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767e20 | result: k1-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767e08 | result: k1-key@0x564e2d19df20 (16-bytes, AES_ECB) | k1: release tmp-key@0x564e2d19f7a0 | Computing E[2] using K3 | XCBC: K3 8d 34 ef cb 3b d5 45 ca 06 2a ec df ef 7c 0b fa | XCBC: E[n-1] 0b 72 b2 ae 0a 37 79 81 75 6a d5 9c 79 c0 e6 96 | XCBC: M[n] ed cb | XCBC: M[n] ed cb | XCBC: M[n]:80...^E[n-1]^K3 | 6b 8d dd 65 31 e2 3c 4b 73 40 39 43 96 bc ed 6c | XCBC: MAC 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | xcbc: release k1-key@0x564e2d19df20 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767ea0 | result: key-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767e88 | result: key-key@0x564e2d19df20 (16-bytes, AES_ECB) | key: release tmp-key@0x564e2d19f7a0 | PRF chunk interface: release clone-key@0x564e2d1a1e90 | PRF chunk interface PRF aes_xcbc crypt-prf@0x564e2d19c6f0 | PRF chunk interface PRF aes_xcbc update message-bytes@0x564e2d1a1060 (length 20) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x564e2d19df20 | K: symkey-key@0x564e2d19df20 (16-bytes, AES_ECB) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564e2d1a1c00 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: ffffffa7 0f ffffff91 01 ffffffaa 62 ffffffe7 32 fffffff8 fffffff1 19 69 73 24 ffffff96 ffffff9c | K: release slot-key-key@0x564e2d1a1c00 | K extracted len 16 bytes at 0x564e2d1a12a0 | unwrapped: 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | XCBC: K: 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | XCBC: K1 27 f3 88 2f b7 b9 4b a4 16 36 09 d5 d2 39 c5 7f | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767e60 | result: k1-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767e48 | result: k1-key@0x564e2d1a1e90 (16-bytes, AES_ECB) | k1: release tmp-key@0x564e2d19f7a0 | Computing E[2] using K3 | XCBC: K3 50 9e d8 ae 74 5a 75 4c 93 4d 6c 91 98 fe e2 1b | XCBC: E[n-1] ec 26 f6 dd e8 bb 1b d1 ec 76 c4 91 78 37 ca 4b | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | ac a9 3c 60 1c e1 6e 9d 7f 3b a8 00 e0 c9 28 50 | XCBC: MAC 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | xcbc: release k1-key@0x564e2d1a1e90 | PRF chunk interface: release key-key@0x564e2d19df20 | PRF chunk interface PRF aes_xcbc final-chunk@0x564e2d1a1c90 (length 16) | 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | chunk output 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): ok | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f70 | result: key symkey-key@0x564e2d1a1e90 (34-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 18 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 18-bytes | base: base-key@0x564e2d1a1e90 (34-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f58 | result: key symkey-key@0x564e2d19df20 (18-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x564e2d1a1e90 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x564e2d19df20 (size 18) | PRF symkey interface: key symkey-key@0x564e2d19df20 (18-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 18>16 too big, rehashing to size | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767ed0 | result: key symkey-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767eb8 | result: key symkey-key@0x564e2d1a1e90 (16-bytes, AES_ECB) | key symkey: release tmp-key@0x564e2d19f7a0 | key symkey extracting all 18 bytes of key@0x564e2d19df20 | key symkey: symkey-key@0x564e2d19df20 (18-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | key symkey: new slot-key@0x564e2d1a1c00 (18-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1701522796: ffffffdb 74 ffffff90 56 38 55 ffffffeb ffffffef ffffffdb 78 ffffffd0 ffffffec ffffff9c 7f ffffffcb 66 fffffff2 17 ffffffa2 ffffffdc 4b 3c 7c 11 ffffffe4 1a ffffffc5 02 2f fffffff1 41 0d | key symkey: release slot-key-key@0x564e2d1a1c00 | key symkey extracted len 32 bytes at 0x564e2d1a1860 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: ed cb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data ed cb | K extracting all 16 bytes of key@0x564e2d1a1e90 | K: symkey-key@0x564e2d1a1e90 (16-bytes, AES_ECB) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564e2d1a1c00 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)808460336: 49 55 6d 22 69 ffffffc4 ffffffce ffffff89 ffffff94 30 2e ffffffaa 33 11 ffffffa4 49 | K: release slot-key-key@0x564e2d1a1c00 | K extracted len 16 bytes at 0x564e2d19c8b0 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: K: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: K1 e1 4d 5d 0e e2 77 15 df 08 b4 15 2b a2 3d a8 e0 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767e50 | result: k1-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767e38 | result: k1-key@0x564e2d19f7a0 (16-bytes, AES_ECB) | k1: release tmp-key@0x564e2d1a5000 | Computing E[2] using K3 | XCBC: K3 8d 34 ef cb 3b d5 45 ca 06 2a ec df ef 7c 0b fa | XCBC: E[n-1] 0b 72 b2 ae 0a 37 79 81 75 6a d5 9c 79 c0 e6 96 | XCBC: M[n] ed cb | XCBC: M[n] ed cb | XCBC: M[n]:80...^E[n-1]^K3 | 6b 8d dd 65 31 e2 3c 4b 73 40 39 43 96 bc ed 6c | XCBC: MAC 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | xcbc: release k1-key@0x564e2d19f7a0 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767ed0 | result: key symkey-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767eb8 | result: key symkey-key@0x564e2d19f7a0 (16-bytes, AES_ECB) | key symkey: release tmp-key@0x564e2d1a5000 | PRF symkey interface PRF aes_xcbc crypt-prf@0x564e2d1a1400 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f70 | result: message symkey-key@0x564e2d1a8430 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d1a8430 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f58 | result: message symkey-key@0x564e2d1a5000 (20-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x564e2d1a8430 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x564e2d1a5000 (size 20) | PRF symkey interface: symkey message-key@0x564e2d1a5000 (20-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 20 bytes of key@0x564e2d1a5000 | symkey message: symkey-key@0x564e2d1a5000 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1921615024: ffffffdb 74 ffffff90 56 38 55 ffffffeb ffffffef ffffffdb 78 ffffffd0 ffffffec ffffff9c 7f ffffffcb 66 fffffff2 ffffff98 ffffffca 6f 33 ffffffc8 67 2b ffffffdd ffffff97 ffffffc2 ffffffca 2d 41 1a ffffff88 | symkey message: release slot-key-key@0x564e2d1a1c00 | symkey message extracted len 32 bytes at 0x564e2d1a1860 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x564e2d19f7a0 | K: symkey-key@0x564e2d19f7a0 (16-bytes, AES_ECB) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564e2d1a1c00 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: ffffffa7 0f ffffff91 01 ffffffaa 62 ffffffe7 32 fffffff8 fffffff1 19 69 73 24 ffffff96 ffffff9c | K: release slot-key-key@0x564e2d1a1c00 | K extracted len 16 bytes at 0x564e2d19c6f0 | unwrapped: 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | XCBC: K: 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | XCBC: K1 27 f3 88 2f b7 b9 4b a4 16 36 09 d5 d2 39 c5 7f | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767e80 | result: k1-key@0x564e2d1aa0f0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564e2d1aa0f0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767e68 | result: k1-key@0x564e2d1a8430 (16-bytes, AES_ECB) | k1: release tmp-key@0x564e2d1aa0f0 | Computing E[2] using K3 | XCBC: K3 50 9e d8 ae 74 5a 75 4c 93 4d 6c 91 98 fe e2 1b | XCBC: E[n-1] ec 26 f6 dd e8 bb 1b d1 ec 76 c4 91 78 37 ca 4b | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | ac a9 3c 60 1c e1 6e 9d 7f 3b a8 00 e0 c9 28 50 | XCBC: MAC 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | xcbc: release k1-key@0x564e2d1a8430 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f10 | result: xcbc-key@0x564e2d1aa0f0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d1aa0f0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ef8 | result: xcbc-key@0x564e2d1a8430 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x564e2d1aa0f0 | PRF symkey interface: release key-key@0x564e2d19f7a0 | PRF symkey interface PRF aes_xcbc final-key@0x564e2d1a8430 (size 16) | PRF symkey interface: key-key@0x564e2d1a8430 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x564e2d1a8430 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) extracting all 16 bytes of key@0x564e2d1a8430 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): symkey-key@0x564e2d1a8430 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): new slot-key@0x564e2d1a1c00 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)726323673: ffffffb4 ffffffd9 ffffffa2 53 53 ffffff9e 6a 15 ffffff96 3b ffffffa1 12 ffffffac ffffff83 ffffffb2 44 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): release slot-key-key@0x564e2d1a1c00 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) extracted len 16 bytes at 0x564e2d1a11f0 | unwrapped: 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): ok | test_prf_vector: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) passed | test_prf_vector: release symkey-key@0x564e2d1a8430 | test_prf_vector: release message-key@0x564e2d1a5000 | test_prf_vector: release key-key@0x564e2d19df20 | test_prf_vector: release output-key@NULL testing HMAC_MD5: RFC 2104: MD5_HMAC test 1 | decode_to_chunk: test_prf_vector: input "0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b" | decode_to_chunk: output: | 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b | decode_to_chunk: test_prf_vector: input "Hi There" | decode_to_chunk: output: | 48 69 20 54 68 65 72 65 | decode_to_chunk: test_prf_vector: input "0x9294727a3638bb1c13f48ef8158bfc9d" | decode_to_chunk: output: | 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | PRF chunk interface PRF md5 init key-chunk@0x564e2d1a1400 (length 16) | 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767ef0 | result: PRF chunk interface-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ed8 | result: PRF chunk interface-key@0x564e2d19df20 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF chunk interface: release tmp-key@0x564e2d1a5000 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d19df20 (16-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff8d767e30 | result: trimed key-key@0x564e2d1a5000 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564e2d19df20 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564e2d1a5000 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff8d767e70 | result: result-key@0x564e2d19df20 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF chunk interface PRF md5 crypt-prf@0x564e2d1a1250 | PRF chunk interface PRF md5 update message-bytes@0x564e2d1a11f0 (length 8) | 48 69 20 54 68 65 72 65 | CONCATENATE_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564e2d19df20 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 16-bytes@0x7fff8d767f60 | result: message-key@0x564e2d1a8430 (72-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_bytes: release lhs-key@0x564e2d19df20 | PRF HMAC inner hash hash md5 inner-key@0x564e2d1a8430 (size 72) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x564e2d1a8430 (size 72) | PRF HMAC inner hash: inner-key@0x564e2d1a8430 (72-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x564e2d1a1f20 (length 16) | 90 1d 23 73 2e dc c0 f1 a1 06 53 2f 6b e5 ec eb | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767df0 | result: PRF HMAC inner hash-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767dd8 | result: PRF HMAC inner hash-key@0x564e2d19df20 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x564e2d19f7a0 | PRF chunk interface: release inner-key@0x564e2d1a8430 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564e2d1a5000 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff8d767e60 | result: result-key@0x564e2d1a8430 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564e2d1a8430 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7fff8d767e48 | result: result-key@0x564e2d19f7a0 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x564e2d1a8430 | PRF chunk interface: release hashed-inner-key@0x564e2d19df20 | PRF chunk interface: release key-key@0x564e2d1a5000 | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x564e2d19f7a0 (size 80) | PRF HMAC outer hash: outer-key@0x564e2d19f7a0 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final bytes@0x564e2d19c6f0 (length 16) | 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | PRF chunk interface: release outer-key@0x564e2d19f7a0 | PRF chunk interface PRF md5 final-chunk@0x564e2d19c6f0 (length 16) | 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | chunk output 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | verify_chunk_data: RFC 2104: MD5_HMAC test 1: ok | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f70 | result: key symkey-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f58 | result: key symkey-key@0x564e2d19f7a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x564e2d1a5000 | PRF symkey interface PRF md5 init key symkey-key@0x564e2d19f7a0 (size 16) | PRF symkey interface: key symkey-key@0x564e2d19f7a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface: reference key-key@0x564e2d19f7a0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d19f7a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff8d767e30 | result: trimed key-key@0x564e2d1a5000 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564e2d19f7a0 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564e2d1a5000 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff8d767e70 | result: result-key@0x564e2d19df20 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF symkey interface PRF md5 crypt-prf@0x564e2d1a1c90 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f70 | result: message symkey-key@0x564e2d1aa0f0 (24-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 8 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 8-bytes | base: base-key@0x564e2d1aa0f0 (24-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f58 | result: message symkey-key@0x564e2d1a8430 (8-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x564e2d1aa0f0 | PRF symkey interface PRF md5 update symkey message-key@0x564e2d1a8430 (size 8) | PRF symkey interface: symkey message-key@0x564e2d1a8430 (8-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564e2d19df20 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7fff8d767f88 | result: result-key@0x564e2d1aa0f0 (72-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x564e2d19df20 | PRF HMAC inner hash hash md5 inner-key@0x564e2d1aa0f0 (size 72) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x564e2d1aa0f0 (size 72) | PRF HMAC inner hash: inner-key@0x564e2d1aa0f0 (72-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x564e2d1a1060 (length 16) | 90 1d 23 73 2e dc c0 f1 a1 06 53 2f 6b e5 ec eb | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767e10 | result: PRF HMAC inner hash-key@0x564e2d1aba50 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d1aba50 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767df8 | result: PRF HMAC inner hash-key@0x564e2d19df20 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x564e2d1aba50 | PRF symkey interface: release inner-key@0x564e2d1aa0f0 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564e2d1a5000 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff8d767e80 | result: result-key@0x564e2d1aa0f0 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564e2d1aa0f0 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7fff8d767e68 | result: result-key@0x564e2d1aba50 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x564e2d1aa0f0 | PRF symkey interface: release hashed-inner-key@0x564e2d19df20 | PRF symkey interface: release key-key@0x564e2d1a5000 | PRF HMAC outer hash hash md5 outer-key@0x564e2d1aba50 (size 80) | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x564e2d1aba50 (size 80) | PRF HMAC outer hash: outer-key@0x564e2d1aba50 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final chunk@0x564e2d1a1f20 (length 16) | 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767ed0 | result: PRF HMAC outer hash-key@0x564e2d19df20 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d19df20 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767eb8 | result: PRF HMAC outer hash-key@0x564e2d1a5000 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC outer hash: release tmp-key@0x564e2d19df20 | PRF symkey interface: release outer-key@0x564e2d1aba50 | : hashed-outer-key@0x564e2d1a5000 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface PRF md5 final-key@0x564e2d1a5000 (size 16) | PRF symkey interface: key-key@0x564e2d1a5000 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x564e2d1a5000 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 2104: MD5_HMAC test 1 extracting all 16 bytes of key@0x564e2d1a5000 | RFC 2104: MD5_HMAC test 1: symkey-key@0x564e2d1a5000 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | RFC 2104: MD5_HMAC test 1: new slot-key@0x564e2d1a1c00 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)726323673: 20 ffffff92 0b 53 ffffffb0 6f ffffffbd ffffffd4 ffffffc1 ffffffa7 7d ffffffe9 52 59 ffffffbf 6b | RFC 2104: MD5_HMAC test 1: release slot-key-key@0x564e2d1a1c00 | RFC 2104: MD5_HMAC test 1 extracted len 16 bytes at 0x564e2d1a1060 | unwrapped: 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | verify_chunk_data: RFC 2104: MD5_HMAC test 1: ok | test_prf_vector: RFC 2104: MD5_HMAC test 1 passed | test_prf_vector: release symkey-key@0x564e2d1a5000 | test_prf_vector: release message-key@0x564e2d1a8430 | test_prf_vector: release key-key@0x564e2d19f7a0 | test_prf_vector: release output-key@NULL RFC 2104: MD5_HMAC test 2 | decode_to_chunk: test_prf_vector: input "Jefe" | decode_to_chunk: output: | 4a 65 66 65 | decode_to_chunk: test_prf_vector: input "what do ya want for nothing?" | decode_to_chunk: output: | 77 68 61 74 20 64 6f 20 79 61 20 77 61 6e 74 20 | 66 6f 72 20 6e 6f 74 68 69 6e 67 3f | decode_to_chunk: test_prf_vector: input "0x750c783e6ab0b503eaa86e310a5db738" | decode_to_chunk: output: | 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | PRF chunk interface PRF md5 init key-chunk@0x564e2d1a1c90 (length 4) | 4a 65 66 65 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767ef0 | result: PRF chunk interface-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 4 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 4-bytes | base: base-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ed8 | result: PRF chunk interface-key@0x564e2d19f7a0 (4-bytes, EXTRACT_KEY_FROM_KEY) | PRF chunk interface: release tmp-key@0x564e2d1a8430 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d19f7a0 (4-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff8d767e30 | result: trimed key-key@0x564e2d1a8430 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564e2d19f7a0 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564e2d1a8430 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff8d767e70 | result: result-key@0x564e2d19f7a0 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF chunk interface PRF md5 crypt-prf@0x564e2d1a1f20 | PRF chunk interface PRF md5 update message-bytes@0x564e2d1a1860 (length 28) | 77 68 61 74 20 64 6f 20 79 61 20 77 61 6e 74 20 | 66 6f 72 20 6e 6f 74 68 69 6e 67 3f | CONCATENATE_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564e2d19f7a0 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 16-bytes@0x7fff8d767f60 | result: message-key@0x564e2d1a5000 (92-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_bytes: release lhs-key@0x564e2d19f7a0 | PRF HMAC inner hash hash md5 inner-key@0x564e2d1a5000 (size 92) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x564e2d1a5000 (size 92) | PRF HMAC inner hash: inner-key@0x564e2d1a5000 (92-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x564e2d19c7e0 (length 16) | c3 db 14 c0 65 f5 52 03 b0 33 c8 1a 69 7b 97 c5 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767df0 | result: PRF HMAC inner hash-key@0x564e2d1aba50 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d1aba50 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767dd8 | result: PRF HMAC inner hash-key@0x564e2d19f7a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x564e2d1aba50 | PRF chunk interface: release inner-key@0x564e2d1a5000 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564e2d1a8430 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff8d767e60 | result: result-key@0x564e2d1a5000 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564e2d1a5000 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7fff8d767e48 | result: result-key@0x564e2d1aba50 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x564e2d1a5000 | PRF chunk interface: release hashed-inner-key@0x564e2d19f7a0 | PRF chunk interface: release key-key@0x564e2d1a8430 | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x564e2d1aba50 (size 80) | PRF HMAC outer hash: outer-key@0x564e2d1aba50 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final bytes@0x564e2d1aa250 (length 16) | 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | PRF chunk interface: release outer-key@0x564e2d1aba50 | PRF chunk interface PRF md5 final-chunk@0x564e2d1aa250 (length 16) | 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | chunk output 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | verify_chunk_data: RFC 2104: MD5_HMAC test 2: ok | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f70 | result: key symkey-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 4 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 4-bytes | base: base-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f58 | result: key symkey-key@0x564e2d1aba50 (4-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x564e2d1a8430 | PRF symkey interface PRF md5 init key symkey-key@0x564e2d1aba50 (size 4) | PRF symkey interface: key symkey-key@0x564e2d1aba50 (4-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface: reference key-key@0x564e2d1aba50 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d1aba50 (4-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff8d767e30 | result: trimed key-key@0x564e2d1a8430 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564e2d1aba50 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564e2d1a8430 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff8d767e70 | result: result-key@0x564e2d19f7a0 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF symkey interface PRF md5 crypt-prf@0x564e2d1a1f20 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f70 | result: message symkey-key@0x564e2d19df20 (44-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 28 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 28-bytes | base: base-key@0x564e2d19df20 (44-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f58 | result: message symkey-key@0x564e2d1a5000 (28-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x564e2d19df20 | PRF symkey interface PRF md5 update symkey message-key@0x564e2d1a5000 (size 28) | PRF symkey interface: symkey message-key@0x564e2d1a5000 (28-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564e2d19f7a0 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7fff8d767f88 | result: result-key@0x564e2d19df20 (92-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x564e2d19f7a0 | PRF HMAC inner hash hash md5 inner-key@0x564e2d19df20 (size 92) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x564e2d19df20 (size 92) | PRF HMAC inner hash: inner-key@0x564e2d19df20 (92-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x564e2d1a11d0 (length 16) | c3 db 14 c0 65 f5 52 03 b0 33 c8 1a 69 7b 97 c5 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767e10 | result: PRF HMAC inner hash-key@0x564e2d1aa0f0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d1aa0f0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767df8 | result: PRF HMAC inner hash-key@0x564e2d19f7a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x564e2d1aa0f0 | PRF symkey interface: release inner-key@0x564e2d19df20 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564e2d1a8430 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff8d767e80 | result: result-key@0x564e2d19df20 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564e2d19df20 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7fff8d767e68 | result: result-key@0x564e2d1aa0f0 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x564e2d19df20 | PRF symkey interface: release hashed-inner-key@0x564e2d19f7a0 | PRF symkey interface: release key-key@0x564e2d1a8430 | PRF HMAC outer hash hash md5 outer-key@0x564e2d1aa0f0 (size 80) | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x564e2d1aa0f0 (size 80) | PRF HMAC outer hash: outer-key@0x564e2d1aa0f0 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final chunk@0x564e2d19c8b0 (length 16) | 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767ed0 | result: PRF HMAC outer hash-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767eb8 | result: PRF HMAC outer hash-key@0x564e2d1a8430 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC outer hash: release tmp-key@0x564e2d19f7a0 | PRF symkey interface: release outer-key@0x564e2d1aa0f0 | : hashed-outer-key@0x564e2d1a8430 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface PRF md5 final-key@0x564e2d1a8430 (size 16) | PRF symkey interface: key-key@0x564e2d1a8430 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x564e2d1a8430 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 2104: MD5_HMAC test 2 extracting all 16 bytes of key@0x564e2d1a8430 | RFC 2104: MD5_HMAC test 2: symkey-key@0x564e2d1a8430 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | RFC 2104: MD5_HMAC test 2: new slot-key@0x564e2d1a1c00 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)726323673: 64 ffffff82 37 ffffffd7 73 39 ffffffdc ffffffde ffffff8b 33 fffffff0 4a 06 20 74 ffffffb8 | RFC 2104: MD5_HMAC test 2: release slot-key-key@0x564e2d1a1c00 | RFC 2104: MD5_HMAC test 2 extracted len 16 bytes at 0x564e2d1a11d0 | unwrapped: 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | verify_chunk_data: RFC 2104: MD5_HMAC test 2: ok | test_prf_vector: RFC 2104: MD5_HMAC test 2 passed | test_prf_vector: release symkey-key@0x564e2d1a8430 | test_prf_vector: release message-key@0x564e2d1a5000 | test_prf_vector: release key-key@0x564e2d1aba50 | test_prf_vector: release output-key@NULL RFC 2104: MD5_HMAC test 3 | decode_to_chunk: test_prf_vector: input "0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" | decode_to_chunk: output: | aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa | decode_to_chunk: test_prf_vector: input "0xDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD" | decode_to_chunk: output: | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd | decode_to_chunk: test_prf_vector: input "0x56be34521d144c88dbb8c733f0e8b3f6" | decode_to_chunk: output: | 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | PRF chunk interface PRF md5 init key-chunk@0x564e2d1a1f20 (length 16) | aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767ef0 | result: PRF chunk interface-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767ed8 | result: PRF chunk interface-key@0x564e2d1aba50 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF chunk interface: release tmp-key@0x564e2d1a5000 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d1aba50 (16-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff8d767e30 | result: trimed key-key@0x564e2d1a5000 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564e2d1aba50 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564e2d1a5000 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff8d767e70 | result: result-key@0x564e2d1aba50 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF chunk interface PRF md5 crypt-prf@0x564e2d19c8b0 | PRF chunk interface PRF md5 update message-bytes@0x564e2d1a1210 (length 50) | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd | CONCATENATE_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564e2d1aba50 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 16-bytes@0x7fff8d767f60 | result: message-key@0x564e2d1a8430 (114-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_bytes: release lhs-key@0x564e2d1aba50 | PRF HMAC inner hash hash md5 inner-key@0x564e2d1a8430 (size 114) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x564e2d1a8430 (size 114) | PRF HMAC inner hash: inner-key@0x564e2d1a8430 (114-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x564e2d1a1400 (length 16) | 82 0a 6b 33 5d 18 7b 90 dc ba b1 7e f5 b4 26 ff | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767df0 | result: PRF HMAC inner hash-key@0x564e2d1aa0f0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d1aa0f0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767dd8 | result: PRF HMAC inner hash-key@0x564e2d1aba50 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x564e2d1aa0f0 | PRF chunk interface: release inner-key@0x564e2d1a8430 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564e2d1a5000 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff8d767e60 | result: result-key@0x564e2d1a8430 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564e2d1a8430 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7fff8d767e48 | result: result-key@0x564e2d1aa0f0 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x564e2d1a8430 | PRF chunk interface: release hashed-inner-key@0x564e2d1aba50 | PRF chunk interface: release key-key@0x564e2d1a5000 | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x564e2d1aa0f0 (size 80) | PRF HMAC outer hash: outer-key@0x564e2d1aa0f0 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final bytes@0x564e2d19c7e0 (length 16) | 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | PRF chunk interface: release outer-key@0x564e2d1aa0f0 | PRF chunk interface PRF md5 final-chunk@0x564e2d19c7e0 (length 16) | 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | chunk output 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | verify_chunk_data: RFC 2104: MD5_HMAC test 3: ok | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f70 | result: key symkey-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f58 | result: key symkey-key@0x564e2d1aa0f0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x564e2d1a5000 | PRF symkey interface PRF md5 init key symkey-key@0x564e2d1aa0f0 (size 16) | PRF symkey interface: key symkey-key@0x564e2d1aa0f0 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface: reference key-key@0x564e2d1aa0f0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d1aa0f0 (16-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff8d767e30 | result: trimed key-key@0x564e2d1a5000 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564e2d1aa0f0 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564e2d1a5000 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff8d767e70 | result: result-key@0x564e2d1aba50 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF symkey interface PRF md5 crypt-prf@0x564e2d19c8b0 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767f70 | result: message symkey-key@0x564e2d19f7a0 (66-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 50 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 50-bytes | base: base-key@0x564e2d19f7a0 (66-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767f58 | result: message symkey-key@0x564e2d1a8430 (50-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x564e2d19f7a0 | PRF symkey interface PRF md5 update symkey message-key@0x564e2d1a8430 (size 50) | PRF symkey interface: symkey message-key@0x564e2d1a8430 (50-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564e2d1aba50 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7fff8d767f88 | result: result-key@0x564e2d19f7a0 (114-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x564e2d1aba50 | PRF HMAC inner hash hash md5 inner-key@0x564e2d19f7a0 (size 114) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x564e2d19f7a0 (size 114) | PRF HMAC inner hash: inner-key@0x564e2d19f7a0 (114-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x564e2d1a12a0 (length 16) | 82 0a 6b 33 5d 18 7b 90 dc ba b1 7e f5 b4 26 ff | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767e10 | result: PRF HMAC inner hash-key@0x564e2d19df20 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d19df20 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767df8 | result: PRF HMAC inner hash-key@0x564e2d1aba50 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x564e2d19df20 | PRF symkey interface: release inner-key@0x564e2d19f7a0 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564e2d1a5000 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff8d767e80 | result: result-key@0x564e2d19f7a0 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564e2d19f7a0 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7fff8d767e68 | result: result-key@0x564e2d19df20 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x564e2d19f7a0 | PRF symkey interface: release hashed-inner-key@0x564e2d1aba50 | PRF symkey interface: release key-key@0x564e2d1a5000 | PRF HMAC outer hash hash md5 outer-key@0x564e2d19df20 (size 80) | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x564e2d19df20 (size 80) | PRF HMAC outer hash: outer-key@0x564e2d19df20 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final chunk@0x564e2d1a11f0 (length 16) | 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d767ed0 | result: PRF HMAC outer hash-key@0x564e2d1aba50 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564e2d1aba50 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d767eb8 | result: PRF HMAC outer hash-key@0x564e2d1a5000 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC outer hash: release tmp-key@0x564e2d1aba50 | PRF symkey interface: release outer-key@0x564e2d19df20 | : hashed-outer-key@0x564e2d1a5000 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface PRF md5 final-key@0x564e2d1a5000 (size 16) | PRF symkey interface: key-key@0x564e2d1a5000 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x564e2d1a5000 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 2104: MD5_HMAC test 3 extracting all 16 bytes of key@0x564e2d1a5000 | RFC 2104: MD5_HMAC test 3: symkey-key@0x564e2d1a5000 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | RFC 2104: MD5_HMAC test 3: new slot-key@0x564e2d1a1c00 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)726323673: ffffffa0 ffffffa3 7d 17 05 11 7e ffffffb5 38 7c 59 ffffffd9 7e ffffffe5 25 01 | RFC 2104: MD5_HMAC test 3: release slot-key-key@0x564e2d1a1c00 | RFC 2104: MD5_HMAC test 3 extracted len 16 bytes at 0x564e2d1a12a0 | unwrapped: 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | verify_chunk_data: RFC 2104: MD5_HMAC test 3: ok | test_prf_vector: RFC 2104: MD5_HMAC test 3 passed | test_prf_vector: release symkey-key@0x564e2d1a5000 | test_prf_vector: release message-key@0x564e2d1a8430 | test_prf_vector: release key-key@0x564e2d1aa0f0 | test_prf_vector: release output-key@NULL 8 CPU cores online starting up 7 crypto helpers started thread for crypto helper 0 started thread for crypto helper 1 started thread for crypto helper 2 started thread for crypto helper 3 started thread for crypto helper 4 started thread for crypto helper 5 started thread for crypto helper 6 | checking IKEv1 state table | MAIN_R0: category: half-open IKE SA flags: 0: | -> MAIN_R1 EVENT_SO_DISCARD | MAIN_I1: category: half-open IKE SA flags: 0: | -> MAIN_I2 EVENT_RETRANSMIT | MAIN_R1: category: open IKE SA flags: 200: | -> MAIN_R2 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_I2: category: open IKE SA flags: 0: | -> MAIN_I3 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_R2: category: open IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | -> MAIN_R3 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_I3: category: open IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | -> MAIN_I4 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_R3: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | MAIN_I4: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | AGGR_R0: category: half-open IKE SA flags: 0: | -> AGGR_R1 EVENT_SO_DISCARD | AGGR_I1: category: half-open IKE SA flags: 0: | -> AGGR_I2 EVENT_SA_REPLACE | -> AGGR_I2 EVENT_SA_REPLACE | AGGR_R1: category: open IKE SA flags: 200: | -> AGGR_R2 EVENT_SA_REPLACE | -> AGGR_R2 EVENT_SA_REPLACE | AGGR_I2: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | AGGR_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | QUICK_R0: category: established CHILD SA flags: 0: | -> QUICK_R1 EVENT_RETRANSMIT | QUICK_I1: category: established CHILD SA flags: 0: | -> QUICK_I2 EVENT_SA_REPLACE | QUICK_R1: category: established CHILD SA flags: 0: | -> QUICK_R2 EVENT_SA_REPLACE | QUICK_I2: category: established CHILD SA flags: 200: | -> UNDEFINED EVENT_NULL | QUICK_R2: category: established CHILD SA flags: 0: | -> UNDEFINED EVENT_NULL | INFO: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | INFO_PROTECTED: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | XAUTH_R0: category: established IKE SA flags: 0: | -> XAUTH_R1 EVENT_NULL | XAUTH_R1: category: established IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | MODE_CFG_R0: category: informational flags: 0: | -> MODE_CFG_R1 EVENT_SA_REPLACE | MODE_CFG_R1: category: established IKE SA flags: 0: | -> MODE_CFG_R2 EVENT_SA_REPLACE | MODE_CFG_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | MODE_CFG_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | XAUTH_I0: category: established IKE SA flags: 0: | -> XAUTH_I1 EVENT_RETRANSMIT | XAUTH_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_RETRANSMIT | checking IKEv2 state table | PARENT_I0: category: ignore flags: 0: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) | PARENT_I1: category: half-open IKE SA flags: 0: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) | PARENT_I2: category: open IKE SA flags: 0: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) | PARENT_I3: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) | PARENT_R0: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) | PARENT_R1: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) | PARENT_R2: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) | V2_CREATE_I0: category: established IKE SA flags: 0: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) | V2_CREATE_I: category: established IKE SA flags: 0: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) | V2_REKEY_IKE_I: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: | V2_CREATE_R: category: established IKE SA flags: 0: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) | V2_REKEY_IKE_R: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: | V2_IPSEC_I: category: established CHILD SA flags: 0: | V2_IPSEC_R: category: established CHILD SA flags: 0: | IKESA_DEL: category: established IKE SA flags: 0: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) | CHILDSA_DEL: category: informational flags: 0: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ | Hard-wiring algorithms | adding AES_CCM_16 to kernel algorithm db | adding AES_CCM_12 to kernel algorithm db | adding AES_CCM_8 to kernel algorithm db | adding 3DES_CBC to kernel algorithm db | adding CAMELLIA_CBC to kernel algorithm db | adding AES_GCM_16 to kernel algorithm db | adding AES_GCM_12 to kernel algorithm db | adding AES_GCM_8 to kernel algorithm db | adding AES_CTR to kernel algorithm db | adding AES_CBC to kernel algorithm db | adding SERPENT_CBC to kernel algorithm db | adding TWOFISH_CBC to kernel algorithm db | adding NULL_AUTH_AES_GMAC to kernel algorithm db | adding NULL to kernel algorithm db | adding CHACHA20_POLY1305 to kernel algorithm db | adding HMAC_MD5_96 to kernel algorithm db | adding HMAC_SHA1_96 to kernel algorithm db | adding HMAC_SHA2_512_256 to kernel algorithm db | adding HMAC_SHA2_384_192 to kernel algorithm db | adding HMAC_SHA2_256_128 to kernel algorithm db | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db | adding AES_XCBC_96 to kernel algorithm db | adding AES_CMAC_96 to kernel algorithm db | adding NONE to kernel algorithm db | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds | setup kernel fd callback | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x564e2d1a1210 | libevent_malloc: new ptr-libevent@0x564e2d1adfa0 size 128 | libevent_malloc: new ptr-libevent@0x564e2d19c8b0 size 16 | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x564e2d19c2c0 | libevent_malloc: new ptr-libevent@0x564e2d1ae030 size 128 | libevent_malloc: new ptr-libevent@0x564e2d1a12a0 size 16 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d146b (length 11) | 4b 41 4d 45 2f 72 61 63 6f 6f 6e | vendor id hash md5 final bytes@0x564e2d1a1060 (length 16) | 70 03 cb c1 09 7d be 9c 26 00 ba 69 83 bc 8b 35 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d2260 (length 46) | 4e 4c 42 53 5f 50 52 45 53 45 4e 54 28 4e 4c 42 | 2f 4d 53 43 53 20 66 61 73 74 20 66 61 69 6c 6f | 76 65 72 20 73 75 70 70 6f 72 74 65 64 29 | vendor id hash md5 final bytes@0x564e2d1a1c90 (length 16) | ec 22 62 b5 12 32 63 83 67 12 3b ce 3d 37 3c 5e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d2290 (length 32) | 4d 53 2d 4d 61 6d 69 65 45 78 69 73 74 73 28 41 | 75 74 68 49 50 20 73 75 70 70 6f 72 74 65 64 29 | vendor id hash md5 final bytes@0x564e2d1a11d0 (length 16) | 6f fe a4 ae ec 37 f4 9a 02 6f 97 cf b5 53 30 6d | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d15ee (length 17) | 49 4b 45 20 43 47 41 20 76 65 72 73 69 6f 6e 20 | 31 | vendor id hash md5 final bytes@0x564e2d19c7e0 (length 16) | e3 a5 96 6a 76 37 9f e7 07 22 82 31 e5 ce 86 52 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d22b8 (length 32) | 4d 53 2d 4e 65 67 6f 74 69 61 74 69 6f 6e 20 44 | 69 73 63 6f 76 65 72 79 20 43 61 70 61 62 6c 65 | vendor id hash md5 final bytes@0x564e2d1a1f20 (length 16) | fb 1d e3 cd f3 41 b7 ea 16 b7 e5 be 08 55 f1 20 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1600 (length 23) | 4d 69 63 72 6f 73 6f 66 74 20 58 62 6f 78 20 4f | 6e 65 20 32 30 31 33 | vendor id hash md5 final bytes@0x564e2d1aa230 (length 16) | 8a a3 94 cf 8a 55 77 dc 31 10 c1 13 b0 27 a4 f2 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1618 (length 22) | 58 62 6f 78 20 49 4b 45 76 32 20 4e 65 67 6f 74 | 69 61 74 69 6f 6e | vendor id hash md5 final bytes@0x564e2d1a1250 (length 16) | aa 28 1f cc d6 8c f8 a8 dc b8 5c c0 a7 10 40 2a | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d162f (length 28) | 4d 53 46 54 20 49 50 73 65 63 20 53 65 63 75 72 | 69 74 79 20 52 65 61 6c 6d 20 49 64 | vendor id hash md5 final bytes@0x564e2d19c6f0 (length 16) | 68 6a 8c bd fe 63 4b 40 51 46 fb 2b af 33 e9 e8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d22e0 (length 39) | 41 20 47 53 53 2d 41 50 49 20 41 75 74 68 65 6e | 74 69 63 61 74 69 6f 6e 20 4d 65 74 68 6f 64 20 | 66 6f 72 20 49 4b 45 | vendor id hash md5 final bytes@0x564e2d1aa250 (length 16) | ad 2c 0d d0 b9 c3 20 83 cc ba 25 b8 86 1e c4 55 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d164c (length 6) | 47 53 53 41 50 49 | vendor id hash md5 final bytes@0x564e2d1ae240 (length 16) | 62 1b 04 bb 09 88 2a c1 e1 59 35 fe fa 24 ae ee | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1653 (length 12) | 53 53 48 20 53 65 6e 74 69 6e 65 6c | vendor id hash md5 final bytes@0x564e2d1ae260 (length 16) | 05 41 82 a0 7c 7a e2 06 f9 d2 cf 9d 24 32 c4 82 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1660 (length 16) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 31 | vendor id hash md5 final bytes@0x564e2d1ae280 (length 16) | b9 16 23 e6 93 ca 18 a5 4c 6a 27 78 55 23 05 e8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1671 (length 16) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 32 | vendor id hash md5 final bytes@0x564e2d1ae2a0 (length 16) | 54 30 88 8d e0 1a 31 a6 fa 8f 60 22 4e 44 99 58 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1682 (length 16) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 33 | vendor id hash md5 final bytes@0x564e2d1ae2c0 (length 16) | 7e e5 cb 85 f7 1c e2 59 c9 4a 5c 73 1e e4 e7 52 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1693 (length 16) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 34 | vendor id hash md5 final bytes@0x564e2d1ae2e0 (length 16) | 63 d9 a1 a7 00 94 91 b5 a0 a6 fd eb 2a 82 84 f0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d16a4 (length 18) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 34 | 2e 31 | vendor id hash md5 final bytes@0x564e2d1ae300 (length 16) | eb 4b 0d 96 27 6b 4e 22 0a d1 62 21 a7 b2 a5 e6 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d2308 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 31 2e 30 | vendor id hash md5 final bytes@0x564e2d1ae320 (length 16) | fb f4 76 14 98 40 31 fa 8e 3b b6 19 80 89 b2 23 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d2340 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 31 2e 31 | vendor id hash md5 final bytes@0x564e2d1ae340 (length 16) | 19 52 dc 91 ac 20 f6 46 fb 01 cf 42 a3 3a ee 30 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d2378 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 31 2e 32 | vendor id hash md5 final bytes@0x564e2d1ae360 (length 16) | e8 bf fa 64 3e 5c 8f 2c d1 0f da 73 70 b6 eb e5 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d23b0 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 32 2e 31 | vendor id hash md5 final bytes@0x564e2d1ae380 (length 16) | c1 11 1b 2d ee 8c bc 3d 62 05 73 ec 57 aa b9 cb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d23e8 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 32 2e 32 | vendor id hash md5 final bytes@0x564e2d1ae3a0 (length 16) | 09 ec 27 bf bc 09 c7 58 23 cf ec bf fe 56 5a 2e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d2420 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 32 2e 30 2e 30 | vendor id hash md5 final bytes@0x564e2d1ae3c0 (length 16) | 7f 21 a5 96 e4 e3 18 f0 b2 f4 94 4c 23 84 cb 84 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d2458 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 32 2e 31 2e 30 | vendor id hash md5 final bytes@0x564e2d1ae3e0 (length 16) | 28 36 d1 fd 28 07 bc 9e 5a e3 07 86 32 04 51 ec | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d2490 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 32 2e 31 2e 31 | vendor id hash md5 final bytes@0x564e2d1ae400 (length 16) | a6 8d e7 56 a9 c5 22 9b ae 66 49 80 40 95 1a d5 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d24c8 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 32 2e 31 2e 32 | vendor id hash md5 final bytes@0x564e2d1ae420 (length 16) | 3f 23 72 86 7e 23 7c 1c d8 25 0a 75 55 9c ae 20 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d2500 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 33 2e 30 2e 30 | vendor id hash md5 final bytes@0x564e2d1ae440 (length 16) | 0e 58 d5 77 4d f6 02 00 7d 0b 02 44 36 60 f7 eb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d2538 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 33 2e 30 2e 31 | vendor id hash md5 final bytes@0x564e2d1ae460 (length 16) | f5 ce 31 eb c2 10 f4 43 50 cf 71 26 5b 57 38 0f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d2570 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 34 2e 30 2e 30 | vendor id hash md5 final bytes@0x564e2d1ae480 (length 16) | f6 42 60 af 2e 27 42 da dd d5 69 87 06 8a 99 a0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d25a8 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 34 2e 30 2e 31 | vendor id hash md5 final bytes@0x564e2d1ae4a0 (length 16) | 7a 54 d3 bd b3 b1 e6 d9 23 89 20 64 be 2d 98 1c | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d25e0 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 34 2e 31 2e 30 | vendor id hash md5 final bytes@0x564e2d1ae4c0 (length 16) | 9a a1 f3 b4 34 72 a4 5d 5f 50 6a eb 26 0c f2 14 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d2618 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 34 2e 32 2e 30 | vendor id hash md5 final bytes@0x564e2d1ae4e0 (length 16) | 68 80 c7 d0 26 09 91 14 e4 86 c5 54 30 e7 ab ee | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d2650 (length 41) | 4c 69 6e 75 78 20 46 72 65 65 53 2f 57 41 4e 20 | 32 2e 30 30 20 50 4c 55 54 4f 5f 53 45 4e 44 53 | 5f 56 45 4e 44 4f 52 49 44 | vendor id hash md5 final bytes@0x7fff8d768060 (length 16) | 44 76 1b d7 6b 80 85 41 74 87 ee 8a 51 cf fc f3 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d2680 (length 53) | 4c 69 6e 75 78 20 46 72 65 65 53 2f 57 41 4e 20 | 32 2e 30 30 20 58 2e 35 30 39 2d 31 2e 33 2e 31 | 20 50 4c 55 54 4f 5f 53 45 4e 44 53 5f 56 45 4e | 44 4f 52 49 44 | vendor id hash md5 final bytes@0x7fff8d768060 (length 16) | b7 0e 8a c3 92 b1 6e 05 48 2f c4 dc 36 10 91 68 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d26b8 (length 58) | 4c 69 6e 75 78 20 46 72 65 65 53 2f 57 41 4e 20 | 32 2e 30 30 20 58 2e 35 30 39 2d 31 2e 33 2e 31 | 20 4c 44 41 50 20 50 4c 55 54 4f 5f 53 45 4e 44 | 53 5f 56 45 4e 44 4f 52 49 44 | vendor id hash md5 final bytes@0x7fff8d768060 (length 16) | 97 1d ea 93 c3 c2 06 74 f9 ae 35 40 83 de 3e 2f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1791 (length 14) | 4f 70 65 6e 73 77 61 6e 20 32 2e 32 2e 30 | vendor id hash md5 final bytes@0x7fff8d768060 (length 16) | 08 72 0b ee 9e 28 95 3c e0 8f 0a 18 b6 e2 9d da | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d2720 (length 37) | 64 72 61 66 74 2d 73 74 65 6e 62 65 72 67 2d 69 | 70 73 65 63 2d 6e 61 74 2d 74 72 61 76 65 72 73 | 61 6c 2d 30 31 | vendor id hash md5 final bytes@0x564e2d1ae6e0 (length 16) | 27 ba b5 dc 01 ea 07 60 ea 4e 31 90 ac 27 c0 d0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d2748 (length 37) | 64 72 61 66 74 2d 73 74 65 6e 62 65 72 67 2d 69 | 70 73 65 63 2d 6e 61 74 2d 74 72 61 76 65 72 73 | 61 6c 2d 30 32 | vendor id hash md5 final bytes@0x564e2d1ae700 (length 16) | 61 05 c4 22 e7 68 47 e4 3f 96 84 80 12 92 ae cd | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d17b9 (length 10) | 45 53 50 54 68 72 75 4e 41 54 | vendor id hash md5 final bytes@0x564e2d1ae720 (length 16) | 50 76 0f 62 4c 63 e5 c5 3e ea 38 6c 68 5c a0 83 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d2770 (length 38) | 64 72 61 66 74 2d 68 75 74 74 75 6e 65 6e 2d 69 | 70 73 65 63 2d 65 73 70 2d 69 6e 2d 75 64 70 2d | 30 30 2e 74 78 74 | vendor id hash md5 final bytes@0x564e2d1ae740 (length 16) | 6a 74 34 c1 9d 7e 36 34 80 90 a0 23 34 c9 c8 05 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d17c4 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 30 | vendor id hash md5 final bytes@0x564e2d1ae760 (length 16) | 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d17e2 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 31 | vendor id hash md5 final bytes@0x564e2d1ae780 (length 16) | 16 f6 ca 16 e4 a4 06 6d 83 82 1a 0f 0a ea a8 62 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1800 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 32 | vendor id hash md5 final bytes@0x564e2d1ae7a0 (length 16) | cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d2798 (length 30) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 32 0a | vendor id hash md5 final bytes@0x564e2d1ae7c0 (length 16) | 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d181e (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 33 | vendor id hash md5 final bytes@0x564e2d1ae7e0 (length 16) | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d183c (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 34 | vendor id hash md5 final bytes@0x564e2d1ae800 (length 16) | 99 09 b6 4e ed 93 7c 65 73 de 52 ac e9 52 fa 6b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d185a (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 35 | vendor id hash md5 final bytes@0x564e2d1ae820 (length 16) | 80 d0 bb 3d ef 54 56 5e e8 46 45 d4 c8 5c e3 ee | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1878 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 36 | vendor id hash md5 final bytes@0x564e2d1ae840 (length 16) | 4d 1e 0e 13 6d ea fa 34 c4 f3 ea 9f 02 ec 72 85 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1896 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 37 | vendor id hash md5 final bytes@0x564e2d1ae860 (length 16) | 43 9b 59 f8 ba 67 6c 4c 77 37 ae 22 ea b8 f5 82 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d18b4 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 38 | vendor id hash md5 final bytes@0x564e2d1ae880 (length 16) | 8f 8d 83 82 6d 24 6b 6f c7 a8 a6 a4 28 c1 1d e8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d18d2 (length 26) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 | vendor id hash md5 final bytes@0x564e2d1ae8a0 (length 16) | 4d f3 79 28 e9 fc 4f d1 b3 26 21 70 d5 15 c6 62 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d18ed (length 8) | 52 46 43 20 33 39 34 37 | vendor id hash md5 final bytes@0x564e2d1ae8c0 (length 16) | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4da707 (length 13) | 46 52 41 47 4d 45 4e 54 41 54 49 4f 4e | vendor id hash md5 final bytes@0x564e2d1ae540 (length 16) | 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d199d (length 19) | 56 69 64 2d 49 6e 69 74 69 61 6c 2d 43 6f 6e 74 | 61 63 74 | vendor id hash md5 final bytes@0x564e2d1ae580 (length 16) | 26 24 4d 38 ed db 61 b3 17 2a 36 e3 d0 cf b8 19 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d22b8 (length 32) | 4d 53 2d 4e 65 67 6f 74 69 61 74 69 6f 6e 20 44 | 69 73 63 6f 76 65 72 79 20 43 61 70 61 62 6c 65 | vendor id hash md5 final bytes@0x564e2d1ae560 (length 16) | fb 1d e3 cd f3 41 b7 ea 16 b7 e5 be 08 55 f1 20 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d15ee (length 17) | 49 4b 45 20 43 47 41 20 76 65 72 73 69 6f 6e 20 | 31 | vendor id hash md5 final bytes@0x564e2d1ae610 (length 16) | e3 a5 96 6a 76 37 9f e7 07 22 82 31 e5 ce 86 52 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d19b1 (length 14) | 4d 53 2d 4d 61 6d 69 65 45 78 69 73 74 73 | vendor id hash md5 final bytes@0x564e2d1ae630 (length 16) | 21 4c a4 fa ff a7 f3 2d 67 48 e5 30 33 95 ae 83 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4c0bfd (length 10) | 73 74 72 6f 6e 67 53 77 61 6e | vendor id hash md5 final bytes@0x564e2d1ae650 (length 16) | 88 2f e5 6d 6f d2 0d bc 22 51 61 3b 2e be 5b eb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d19c0 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 30 | vendor id hash md5 final bytes@0x564e2d1ae5f0 (length 16) | 2c e9 c9 46 a4 c8 79 bf 11 b5 0b 76 cc 56 92 cb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d19d1 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 31 | vendor id hash md5 final bytes@0x564e2d1aea80 (length 16) | 9d bb af cf 1d b0 dd 59 5a e0 65 29 40 03 ad 3e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d19e2 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 32 | vendor id hash md5 final bytes@0x564e2d1aeaa0 (length 16) | 77 e8 ee a6 f5 56 a4 99 de 3f fe 7f 7f 95 66 1c | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d19f3 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 33 | vendor id hash md5 final bytes@0x564e2d1aeac0 (length 16) | b1 81 b1 8e 11 4f c2 09 b3 c6 e2 6c 3a 80 71 8e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1a04 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 34 | vendor id hash md5 final bytes@0x564e2d1aeae0 (length 16) | 1e f2 83 f8 35 49 b5 ff 96 08 b6 d6 34 f8 4d 75 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1a15 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 35 | vendor id hash md5 final bytes@0x564e2d1aeb00 (length 16) | dd 18 0d 21 e5 ce 65 5a 76 8b a3 22 11 dd 8a d9 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1a26 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 36 | vendor id hash md5 final bytes@0x564e2d1aeb20 (length 16) | 4c 90 13 69 46 57 7b 51 91 9d 8d 9a 6b 8e 4a 9f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1a37 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 37 | vendor id hash md5 final bytes@0x564e2d1aeb40 (length 16) | ab 07 46 22 1c c8 fd 0d 52 38 f7 3a 9b 3d a5 57 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1a48 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 30 | vendor id hash md5 final bytes@0x564e2d1aeb60 (length 16) | 47 94 ce f6 84 34 22 98 0d 1a 3d 06 af 41 c5 cd | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1a59 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 31 | vendor id hash md5 final bytes@0x564e2d1aeb80 (length 16) | d3 f1 c4 88 c3 68 17 5d 5f 40 a8 f5 ca 5f 5e 12 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1a6a (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 32 | vendor id hash md5 final bytes@0x564e2d1aeba0 (length 16) | 15 a1 ac e7 ee 52 fd df ef 04 f9 28 db 2d d1 34 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1a7b (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 33 | vendor id hash md5 final bytes@0x564e2d1aebc0 (length 16) | 58 49 ab 6d 8b ea bd 6e 4d 09 e5 a3 b8 8c 08 9a | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1a8c (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 34 | vendor id hash md5 final bytes@0x564e2d1aebe0 (length 16) | 31 2f 9c b1 a6 b9 0e 19 de 75 28 c9 04 ac 30 87 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1a9d (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 35 | vendor id hash md5 final bytes@0x564e2d1aec00 (length 16) | bf 0f bf 73 06 eb b7 82 70 42 d8 93 53 98 86 e2 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1aae (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 36 | vendor id hash md5 final bytes@0x564e2d1aec20 (length 16) | d1 96 83 36 8a f4 b0 ed c2 1c cd e9 82 b1 d1 b0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1abf (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 37 | vendor id hash md5 final bytes@0x564e2d1aec40 (length 16) | ea 84 0a a4 df c9 71 2d 6c 32 b5 a1 6e b3 29 a3 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1ad0 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 38 | vendor id hash md5 final bytes@0x564e2d1aec60 (length 16) | 66 a2 04 55 07 c1 19 da 78 a4 66 62 59 cd ea 48 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1ae1 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 39 | vendor id hash md5 final bytes@0x564e2d1aec80 (length 16) | 78 fd d2 87 de f0 1a 3f 07 4b 53 69 ea b4 fd 1c | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1af2 (length 17) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 31 | 30 | vendor id hash md5 final bytes@0x564e2d1aeca0 (length 16) | bf 3a 89 ae 5b ef 8e 72 d4 4d ac 8b b8 8d 7d 5f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1b04 (length 17) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 31 | 31 | vendor id hash md5 final bytes@0x564e2d1aecc0 (length 16) | b7 bd 9f 2f 97 8e 32 59 a7 aa 9f 7a 13 96 ad 6c | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1b16 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 32 2e 30 | vendor id hash md5 final bytes@0x564e2d1aece0 (length 16) | 9f 68 90 13 25 a9 72 89 43 35 30 2a 95 31 ab 9f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1b27 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 32 2e 31 | vendor id hash md5 final bytes@0x564e2d1aed00 (length 16) | ba b2 53 f4 cb 10 a8 10 8a 7c 92 7c 56 c8 78 86 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1b38 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 32 2e 32 | vendor id hash md5 final bytes@0x564e2d1aed20 (length 16) | 2a 51 7d 0d 23 c3 7d 08 bc e7 c2 92 a0 21 7b 39 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1b49 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 32 2e 33 | vendor id hash md5 final bytes@0x564e2d1aed40 (length 16) | 2d 1f 40 61 18 fb d5 d2 84 74 79 1f fa 00 48 8a | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1b5a (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 38 | vendor id hash md5 final bytes@0x564e2d1aed60 (length 16) | 8c 4a 3b cb 72 9b 11 f7 03 d2 2a 5b 39 64 0c a8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1b6b (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 37 | vendor id hash md5 final bytes@0x564e2d1aed80 (length 16) | 3a 0d 4e 7c a4 e4 92 ed 4d fe 47 6d 1a c6 01 8b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1b7c (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 36 | vendor id hash md5 final bytes@0x564e2d1aeda0 (length 16) | fe 3f 49 70 6e 26 a9 fb 36 a8 7b fc e9 ea 36 ce | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1b8d (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 35 | vendor id hash md5 final bytes@0x564e2d1aedc0 (length 16) | 4c 7e fa 31 b3 9e 51 04 32 a3 17 57 0d 97 bb b9 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1b9e (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 34 | vendor id hash md5 final bytes@0x564e2d1aede0 (length 16) | 76 c7 2b fd 39 84 24 dd 00 1b 86 d0 01 2f e0 61 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1baf (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 33 | vendor id hash md5 final bytes@0x564e2d1aee00 (length 16) | fb 46 41 ad 0e eb 2a 34 49 1d 15 f4 ef f5 10 63 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1bc0 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 32 | vendor id hash md5 final bytes@0x564e2d1aee20 (length 16) | 29 99 32 27 7b 7d fe 38 2c e2 34 65 33 3a 7d 23 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1bd1 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 31 | vendor id hash md5 final bytes@0x564e2d1aee40 (length 16) | e3 7f 2d 5b a8 9a 62 cd 20 2e e2 7d ac 06 c8 a8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1be2 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 30 | vendor id hash md5 final bytes@0x564e2d1aee60 (length 16) | 32 f0 e9 b9 c0 6d fe 8c 9a d5 59 9a 63 69 71 a1 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1bf3 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 37 2e 33 | vendor id hash md5 final bytes@0x564e2d1aee80 (length 16) | 7f 50 cc 4e bf 04 c2 d9 da 73 ab fd 69 b7 7a a2 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1c04 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 37 2e 32 | vendor id hash md5 final bytes@0x564e2d1aeea0 (length 16) | a1 94 e2 aa dd d0 ba fb 95 25 3d d9 6d c7 33 eb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1c15 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 37 2e 31 | vendor id hash md5 final bytes@0x564e2d1aeec0 (length 16) | 81 34 87 85 82 12 17 85 ba 65 ea 34 5d 6b a7 24 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1c26 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 37 2e 30 | vendor id hash md5 final bytes@0x564e2d1aeee0 (length 16) | 07 fa 12 8e 47 54 f9 44 7b 1d d4 63 74 ee f3 60 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1c37 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 34 | vendor id hash md5 final bytes@0x564e2d1aef00 (length 16) | b9 27 f9 52 19 a0 fe 36 00 db a3 c1 18 2a e5 5f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1c48 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 33 | vendor id hash md5 final bytes@0x564e2d1aef20 (length 16) | b2 86 0e 78 37 f7 11 be f3 d0 ee b1 06 87 2d ed | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1c59 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 32 | vendor id hash md5 final bytes@0x564e2d1aef40 (length 16) | 5b 1c d6 fe 7d 05 0e da 6c 93 87 1c 10 7d b3 d2 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1c6a (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 31 | vendor id hash md5 final bytes@0x564e2d1aef60 (length 16) | 66 af bc 12 bb fe 6c e1 08 b1 f6 9f 4b c9 17 b7 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1c7b (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 30 | vendor id hash md5 final bytes@0x564e2d1aef80 (length 16) | 3f 32 66 49 9f fd bd 85 95 0e 70 22 98 06 28 44 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1c8c (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 37 | vendor id hash md5 final bytes@0x564e2d1aefa0 (length 16) | 1f 44 42 29 6b 83 d7 e3 3a 8b 45 20 9b a0 e5 90 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1c9d (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 36 | vendor id hash md5 final bytes@0x564e2d1aefc0 (length 16) | 3c 5e ba 3d 85 64 92 8e 32 ae 43 c3 d9 92 4d ee | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1cae (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 35 | vendor id hash md5 final bytes@0x564e2d1aefe0 (length 16) | 3f 26 7e d6 21 ad a7 ee 6c 7d 88 93 cc b0 b1 4b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1cbf (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 34 | vendor id hash md5 final bytes@0x564e2d1af000 (length 16) | 7a 6b f5 b7 df 89 64 2a 75 a7 8e f7 d6 57 c1 c0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1cd0 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 33 | vendor id hash md5 final bytes@0x564e2d1af020 (length 16) | df 5b 1f 0f 1d 56 79 d9 f8 51 2b 16 c5 5a 60 65 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1ce1 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 32 | vendor id hash md5 final bytes@0x564e2d1af040 (length 16) | 86 1c e5 eb 72 16 4b 19 0e 9e 62 9a 31 cf 49 01 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1cf2 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 31 | vendor id hash md5 final bytes@0x564e2d1af060 (length 16) | 9a 4a 46 48 f6 0f 8e da 7c fc bf e2 71 ee 5b 7d | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1d03 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 30 | vendor id hash md5 final bytes@0x564e2d1af080 (length 16) | 9e b3 d9 07 ed 7a da 4e 3c bc ac b9 17 ab c8 e4 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1d14 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 34 | vendor id hash md5 final bytes@0x564e2d1af0a0 (length 16) | 48 5a 70 36 1b 44 33 b3 1d ea 1c 6b e0 df 24 3e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1d25 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 33 | vendor id hash md5 final bytes@0x564e2d1af0c0 (length 16) | 98 2b 7a 06 3a 33 c1 43 a8 ea dc 88 24 9f 6b cc | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1d36 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 32 | vendor id hash md5 final bytes@0x564e2d1af0e0 (length 16) | e7 a3 fd 0c 6d 77 1a 8f 1b 8a 86 a4 16 9c 9e a4 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1d47 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 31 | vendor id hash md5 final bytes@0x564e2d1af100 (length 16) | 75 b0 65 3c b2 81 eb 26 d3 1e de 38 c8 e1 e2 28 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1d58 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 30 | vendor id hash md5 final bytes@0x564e2d1af120 (length 16) | e8 29 c8 81 49 ba b3 c0 ce e8 5d a6 0e 18 ae 9b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1d69 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 33 2e 32 | vendor id hash md5 final bytes@0x564e2d1af140 (length 16) | 42 a4 83 4c 92 ab 9a 77 77 06 3a fa 25 4b cb 69 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1d7a (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 33 2e 31 | vendor id hash md5 final bytes@0x564e2d1af160 (length 16) | f6 97 c1 af cc 2e c8 dd cd f9 9d c7 af 03 a6 7f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1d8b (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 33 2e 30 | vendor id hash md5 final bytes@0x564e2d1af180 (length 16) | b8 f9 2b 2f a2 d3 fe 5f e1 58 34 4b da 1c c6 ae | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1d9c (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 32 2e 32 | vendor id hash md5 final bytes@0x564e2d1af1a0 (length 16) | 99 dc 7c c8 23 37 6b 3b 33 d0 43 57 89 6a e0 7b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1dad (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 32 2e 31 | vendor id hash md5 final bytes@0x564e2d1af1c0 (length 16) | d9 11 8b 1e 9d e5 ef ce d9 cc 9d 88 3f 21 68 ff | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4d1dbe (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 32 2e 30 | vendor id hash md5 final bytes@0x564e2d1af1e0 (length 16) | 85 b6 cb ec 48 0d 5c 8c d9 88 2c 82 5a c2 c2 44 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x564e2b4da707 (length 13) | 46 52 41 47 4d 45 4e 54 41 54 49 4f 4e | vendor id hash md5 final bytes@0x564e2d1af200 (length 16) | 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | global one-shot timer EVENT_CHECK_CRLS initialized selinux support is enabled. systemd watchdog not enabled - not sending watchdog keepalives | unbound context created - setting debug level to 5 | /etc/hosts lookups activated | /etc/resolv.conf usage activated | outgoing-port-avoid set 0-65535 | outgoing-port-permit set 32768-60999 | Loading dnssec root key from:/var/lib/unbound/root.key | No additional dnssec trust anchors defined via dnssec-trusted= option | Setting up events, loop start | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x564e2d1a1120 | libevent_malloc: new ptr-libevent@0x564e2d1b84e0 size 128 | libevent_malloc: new ptr-libevent@0x564e2d1b8570 size 16 | libevent_realloc: new ptr-libevent@0x564e2d11c5b0 size 256 | libevent_malloc: new ptr-libevent@0x564e2d1b8590 size 8 | libevent_realloc: new ptr-libevent@0x564e2d1ad230 size 144 | libevent_malloc: new ptr-libevent@0x564e2d1b85b0 size 152 | libevent_malloc: new ptr-libevent@0x564e2d1b8650 size 16 | signal event handler PLUTO_SIGCHLD installed | libevent_malloc: new ptr-libevent@0x564e2d1b8670 size 8 | libevent_malloc: new ptr-libevent@0x564e2d1b8690 size 152 | signal event handler PLUTO_SIGTERM installed | libevent_malloc: new ptr-libevent@0x564e2d1b8730 size 8 | libevent_malloc: new ptr-libevent@0x564e2d1b8750 size 152 | signal event handler PLUTO_SIGHUP installed | libevent_malloc: new ptr-libevent@0x564e2d1b87f0 size 8 | libevent_realloc: release ptr-libevent@0x564e2d1ad230 | libevent_realloc: new ptr-libevent@0x564e2d1b8810 size 256 | libevent_malloc: new ptr-libevent@0x564e2d1ad230 size 152 | signal event handler PLUTO_SIGSYS installed | created addconn helper (pid:11068) using fork+execve | forked child 11068 | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | pluto_sd: executing action action: reloading(4), status 0 listening for IKE messages | starting up helper thread 1 | status value returned by setting the priority of this thread (crypto helper 1) 22 | crypto helper 1 waiting (nothing to do) | starting up helper thread 2 | status value returned by setting the priority of this thread (crypto helper 2) 22 | crypto helper 2 waiting (nothing to do) | starting up helper thread 4 | status value returned by setting the priority of this thread (crypto helper 4) 22 | crypto helper 4 waiting (nothing to do) | starting up helper thread 5 | status value returned by setting the priority of this thread (crypto helper 5) 22 | crypto helper 5 waiting (nothing to do) | starting up helper thread 3 | status value returned by setting the priority of this thread (crypto helper 3) 22 | crypto helper 3 waiting (nothing to do) | starting up helper thread 0 | status value returned by setting the priority of this thread (crypto helper 0) 22 | crypto helper 0 waiting (nothing to do) | starting up helper thread 6 | status value returned by setting the priority of this thread (crypto helper 6) 22 | crypto helper 6 waiting (nothing to do) | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.2.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.23 Kernel supports NIC esp-hw-offload adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth1/eth1 192.1.2.23:4500 adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth0/eth0 192.0.2.254:4500 adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface lo/lo 127.0.0.1:4500 | no interfaces to sort | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | add_fd_read_event_handler: new ethX-pe@0x564e2d1b8bc0 | libevent_malloc: new ptr-libevent@0x564e2d1b8c00 size 128 | libevent_malloc: new ptr-libevent@0x564e2d1b8c90 size 16 | setup callback for interface lo 127.0.0.1:4500 fd 22 | add_fd_read_event_handler: new ethX-pe@0x564e2d1b8cb0 | libevent_malloc: new ptr-libevent@0x564e2d1b8cf0 size 128 | libevent_malloc: new ptr-libevent@0x564e2d1b8d80 size 16 | setup callback for interface lo 127.0.0.1:500 fd 21 | add_fd_read_event_handler: new ethX-pe@0x564e2d1b8da0 | libevent_malloc: new ptr-libevent@0x564e2d1b8de0 size 128 | libevent_malloc: new ptr-libevent@0x564e2d1b8e70 size 16 | setup callback for interface eth0 192.0.2.254:4500 fd 20 | add_fd_read_event_handler: new ethX-pe@0x564e2d1b8e90 | libevent_malloc: new ptr-libevent@0x564e2d1b8ed0 size 128 | libevent_malloc: new ptr-libevent@0x564e2d1b8f60 size 16 | setup callback for interface eth0 192.0.2.254:500 fd 19 | add_fd_read_event_handler: new ethX-pe@0x564e2d1b8f80 | libevent_malloc: new ptr-libevent@0x564e2d1b8fc0 size 128 | libevent_malloc: new ptr-libevent@0x564e2d1b9050 size 16 | setup callback for interface eth1 192.1.2.23:4500 fd 18 | add_fd_read_event_handler: new ethX-pe@0x564e2d1b9070 | libevent_malloc: new ptr-libevent@0x564e2d1b90b0 size 128 | libevent_malloc: new ptr-libevent@0x564e2d1b9140 size 16 | setup callback for interface eth1 192.1.2.23:500 fd 17 | certs and keys locked by 'free_preshared_secrets' | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | id type added to secret(0x564e2d1ae180) PKK_PSK: @east | id type added to secret(0x564e2d1ae180) PKK_PSK: @west | Processing PSK at line 1: passed | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | pluto_sd: executing action action: ready(5), status 0 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.55 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | pluto_sd: executing action action: reloading(4), status 0 listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.2.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.23 | no interfaces to sort | libevent_free: release ptr-libevent@0x564e2d1b8c00 | free_event_entry: release EVENT_NULL-pe@0x564e2d1b8bc0 | add_fd_read_event_handler: new ethX-pe@0x564e2d1b8bc0 | libevent_malloc: new ptr-libevent@0x564e2d1b8c00 size 128 | setup callback for interface lo 127.0.0.1:4500 fd 22 | libevent_free: release ptr-libevent@0x564e2d1b8cf0 | free_event_entry: release EVENT_NULL-pe@0x564e2d1b8cb0 | add_fd_read_event_handler: new ethX-pe@0x564e2d1b8cb0 | libevent_malloc: new ptr-libevent@0x564e2d1b8cf0 size 128 | setup callback for interface lo 127.0.0.1:500 fd 21 | libevent_free: release ptr-libevent@0x564e2d1b8de0 | free_event_entry: release EVENT_NULL-pe@0x564e2d1b8da0 | add_fd_read_event_handler: new ethX-pe@0x564e2d1b8da0 | libevent_malloc: new ptr-libevent@0x564e2d1b8de0 size 128 | setup callback for interface eth0 192.0.2.254:4500 fd 20 | libevent_free: release ptr-libevent@0x564e2d1b8ed0 | free_event_entry: release EVENT_NULL-pe@0x564e2d1b8e90 | add_fd_read_event_handler: new ethX-pe@0x564e2d1b8e90 | libevent_malloc: new ptr-libevent@0x564e2d1b8ed0 size 128 | setup callback for interface eth0 192.0.2.254:500 fd 19 | libevent_free: release ptr-libevent@0x564e2d1b8fc0 | free_event_entry: release EVENT_NULL-pe@0x564e2d1b8f80 | add_fd_read_event_handler: new ethX-pe@0x564e2d1b8f80 | libevent_malloc: new ptr-libevent@0x564e2d1b8fc0 size 128 | setup callback for interface eth1 192.1.2.23:4500 fd 18 | libevent_free: release ptr-libevent@0x564e2d1b90b0 | free_event_entry: release EVENT_NULL-pe@0x564e2d1b9070 | add_fd_read_event_handler: new ethX-pe@0x564e2d1b9070 | libevent_malloc: new ptr-libevent@0x564e2d1b90b0 size 128 | setup callback for interface eth1 192.1.2.23:500 fd 17 | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | id type added to secret(0x564e2d1ae180) PKK_PSK: @east | id type added to secret(0x564e2d1ae180) PKK_PSK: @west | Processing PSK at line 1: passed | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | pluto_sd: executing action action: ready(5), status 0 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.267 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned pid 11068 (exited with status 0) | reaped addconn helper child (status 0) | waitpid returned ECHILD (no child processes left) | spent 0.0178 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection east with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048, 3DES_CBC-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048,3des-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048, 3DES_CBC-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.23:500 192.1.2.45:500 -> hp@(nil): none | new hp@0x564e2d185640 added connection description "east" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.2.45<192.1.2.45>[@west]===192.0.1.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.147 milliseconds in whack | spent 0.0028 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 6f 65 ca 24 c5 3d b3 9a 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 6b 42 64 e0 45 5a 0d 4b c1 ee 98 6c | b3 bd 90 aa 6c 91 7e 1d 29 48 28 f5 0f 71 38 da | 6b b6 8b 61 25 eb 06 86 77 5a fd f2 57 66 c1 31 | 92 17 dd 24 d1 41 81 06 61 03 37 a1 7b 44 e1 14 | cc 9a 08 8e 2b 4f 44 98 be ac 72 3a 04 c0 eb a7 | 23 74 0d 2d b8 c5 aa f9 94 da 1e 2d bc 69 69 03 | 9c 79 bd d2 c4 34 81 6b b2 7a 05 24 58 f1 ee e8 | 48 0d 40 4e 14 30 04 af 00 87 47 bc a2 b1 cf 10 | 7a 19 1d 47 77 b9 10 77 39 e2 7d 98 d4 1a 6f 4b | 02 f7 df 9c 40 ae cc 2a 5b dc a2 bb 6a 8b e4 71 | 05 b9 33 ea 07 d4 cb 2b 68 a5 37 b0 b0 85 e1 30 | 2c 84 82 aa 20 9e 02 90 e7 a8 3d 1f a5 4e 0b 7e | fd 92 15 0b 52 cc 5f 1c 5d 0b 5e 1b 74 b9 c4 be | 9a d2 e8 0c 58 c3 c6 3f 08 e7 13 3e e1 12 cf c2 | 34 ec e7 a9 c7 31 6e f2 9f 68 ba c4 55 0e d5 ae | c8 49 9b 9d 4e 4c ae 43 4c 98 a8 99 71 cc 37 e9 | 11 c8 de 5a 29 00 00 24 75 16 39 aa a4 f3 92 bd | 79 72 27 a7 6e d7 e8 f9 9f 6f e3 6b 68 d9 37 97 | 08 ac 61 0c 1d f5 26 39 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 fd a7 e7 5b ae 19 23 50 | 0b 3f cd 6e aa 36 8c 21 f6 fe 29 4f 00 00 00 1c | 00 00 40 05 c3 97 49 86 fd 49 c5 3e 93 b1 e6 93 | 6f 19 96 b4 ee 0f ce c8 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 6f 65 ca 24 c5 3d b3 9a | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x564e2d1ba2a0 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x564e2b547700 (length 32) | 62 69 c2 24 61 0b eb 03 31 69 8e 34 fa 62 6b 0f | 9f 9c e7 e3 dc ef ed d7 ff d6 12 6f b4 c1 0b 04 | IKE SPIr hash sha2_256 digest counter-bytes@0x564e2b5476e0 (length 4) | 01 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff8d7668e0 (length 32) | be e6 fc 2c 4c bc e3 0e fb 3d b8 68 b3 03 40 7e | 28 75 8b a9 8f da 18 d8 a1 38 8c 57 dd 5e 2b 3c | creating state object #1 at 0x564e2d1bb8a0 | State DB: adding IKEv2 state #1 in UNDEFINED | pstats #1 ikev2.ike started | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #1 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | constructing local IKE proposals for east (IKE SA responder matching remote proposals) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | converting ike_info 3DES_CBC-HMAC_SHA1-MODP2048 to ikev2 ... | omitting IKEv2 PROTO_v2_IKE 3des_cbc ENCRYPT transform key-length | ... ikev2_proposal: 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "east": constructed local IKE proposals for east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 "east" #1: proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | DH public value received: | 6b 42 64 e0 45 5a 0d 4b c1 ee 98 6c b3 bd 90 aa | 6c 91 7e 1d 29 48 28 f5 0f 71 38 da 6b b6 8b 61 | 25 eb 06 86 77 5a fd f2 57 66 c1 31 92 17 dd 24 | d1 41 81 06 61 03 37 a1 7b 44 e1 14 cc 9a 08 8e | 2b 4f 44 98 be ac 72 3a 04 c0 eb a7 23 74 0d 2d | b8 c5 aa f9 94 da 1e 2d bc 69 69 03 9c 79 bd d2 | c4 34 81 6b b2 7a 05 24 58 f1 ee e8 48 0d 40 4e | 14 30 04 af 00 87 47 bc a2 b1 cf 10 7a 19 1d 47 | 77 b9 10 77 39 e2 7d 98 d4 1a 6f 4b 02 f7 df 9c | 40 ae cc 2a 5b dc a2 bb 6a 8b e4 71 05 b9 33 ea | 07 d4 cb 2b 68 a5 37 b0 b0 85 e1 30 2c 84 82 aa | 20 9e 02 90 e7 a8 3d 1f a5 4e 0b 7e fd 92 15 0b | 52 cc 5f 1c 5d 0b 5e 1b 74 b9 c4 be 9a d2 e8 0c | 58 c3 c6 3f 08 e7 13 3e e1 12 cf c2 34 ec e7 a9 | c7 31 6e f2 9f 68 ba c4 55 0e d5 ae c8 49 9b 9d | 4e 4c ae 43 4c 98 a8 99 71 cc 37 e9 11 c8 de 5a | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff8d7662e0 (length 8) | 6f 65 ca 24 c5 3d b3 9a | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff8d7662e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff8d766274 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff8d766266 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff8d7662f0 (length 20) | c3 97 49 86 fd 49 c5 3e 93 b1 e6 93 6f 19 96 b4 | ee 0f ce c8 | natd_hash: hasher=0x564e2b52a7a0(20) | natd_hash: icookie= 6f 65 ca 24 c5 3d b3 9a | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= c3 97 49 86 fd 49 c5 3e 93 b1 e6 93 6f 19 96 b4 | natd_hash: hash= ee 0f ce c8 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff8d7662e0 (length 8) | 6f 65 ca 24 c5 3d b3 9a | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff8d7662e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff8d766274 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff8d766266 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff8d766310 (length 20) | fd a7 e7 5b ae 19 23 50 0b 3f cd 6e aa 36 8c 21 | f6 fe 29 4f | natd_hash: hasher=0x564e2b52a7a0(20) | natd_hash: icookie= 6f 65 ca 24 c5 3d b3 9a | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= fd a7 e7 5b ae 19 23 50 0b 3f cd 6e aa 36 8c 21 | natd_hash: hash= f6 fe 29 4f | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 | adding ikev2_inI1outR1 KE work-order 1 for state #1 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564e2d1bb7d0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x564e2d1bd2c0 size 128 | #1 spent 0.31 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND | suspending state #1 and saving MD | #1 is busy; has a suspended MD | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266) | "east" #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #1 spent 0.704 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.716 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 1 resuming | crypto helper 1 starting work-order 1 for state #1 | crypto helper 1 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f2a58000d60: created | NSS: Local DH MODP2048 secret (pointer): 0x7f2a58000d60 | NSS: Public DH wire value: | a9 2c fb ec cc 02 b2 bf 50 53 f9 40 c7 3c 87 c3 | 04 65 e4 88 ac 8d bd 1b 54 75 24 61 b4 6a d1 8a | 9b eb 26 a6 33 72 98 30 26 78 23 ac 96 2d 71 84 | 98 2e 60 eb e2 0a 92 f2 f9 5d ac 58 33 9d eb c7 | 6b 95 69 d5 37 43 b5 75 d3 d2 be 0d 26 f5 3d 1e | 7f ec c3 1d d8 7f 8d df a9 e8 07 81 cf ee b5 f3 | 66 aa 48 29 47 97 ec f6 fe c1 47 65 65 4e 61 a9 | 1f 8c 29 1d 8c d7 42 dd 4b 0c 0e dd 7d 33 5f 9e | 93 f4 cb e4 93 a0 64 62 87 44 17 75 0e e4 41 12 | 28 b8 6e 86 60 96 fe f8 94 1f 0c a3 d5 5e c0 1a | fb 60 78 37 e3 8f 94 33 b0 f8 88 a1 34 06 d2 e3 | fe 9c 22 a3 f5 6c f9 50 73 67 6e 65 6e af 5a 1f | 01 e9 ab 02 c5 82 d4 04 43 36 4f d9 7b 01 61 19 | c7 ac a5 fa dc 2d 8f 4d b3 b9 79 17 24 02 89 30 | b3 fc 60 a3 66 36 5a 7a da f1 e3 1f b5 af 89 84 | 2d d6 32 9f 8c 17 bb e8 a8 57 d8 89 c7 a6 30 ce | Generated nonce: c0 59 f6 7e 21 cb 38 aa 55 5d e6 59 0f bd 8d 04 | Generated nonce: 53 ef 65 c1 30 c8 83 e9 a3 0c b6 1a dd 78 d6 b8 | crypto helper 1 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.00164 seconds | (#1) spent 1.12 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr) | crypto helper 1 sending results from work-order 1 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7f2a58006900 size 128 | crypto helper 1 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 1 | calling continuation function 0x564e2b454630 | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1 | **emit ISAKMP Message: | initiator cookie: | 6f 65 ca 24 c5 3d b3 9a | responder cookie: | be e6 fc 2c 4c bc e3 0e | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Emitting ikev2_proposal ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f2a58000d60: transferring ownership from helper KE to state #1 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x a9 2c fb ec cc 02 b2 bf 50 53 f9 40 c7 3c 87 c3 | ikev2 g^x 04 65 e4 88 ac 8d bd 1b 54 75 24 61 b4 6a d1 8a | ikev2 g^x 9b eb 26 a6 33 72 98 30 26 78 23 ac 96 2d 71 84 | ikev2 g^x 98 2e 60 eb e2 0a 92 f2 f9 5d ac 58 33 9d eb c7 | ikev2 g^x 6b 95 69 d5 37 43 b5 75 d3 d2 be 0d 26 f5 3d 1e | ikev2 g^x 7f ec c3 1d d8 7f 8d df a9 e8 07 81 cf ee b5 f3 | ikev2 g^x 66 aa 48 29 47 97 ec f6 fe c1 47 65 65 4e 61 a9 | ikev2 g^x 1f 8c 29 1d 8c d7 42 dd 4b 0c 0e dd 7d 33 5f 9e | ikev2 g^x 93 f4 cb e4 93 a0 64 62 87 44 17 75 0e e4 41 12 | ikev2 g^x 28 b8 6e 86 60 96 fe f8 94 1f 0c a3 d5 5e c0 1a | ikev2 g^x fb 60 78 37 e3 8f 94 33 b0 f8 88 a1 34 06 d2 e3 | ikev2 g^x fe 9c 22 a3 f5 6c f9 50 73 67 6e 65 6e af 5a 1f | ikev2 g^x 01 e9 ab 02 c5 82 d4 04 43 36 4f d9 7b 01 61 19 | ikev2 g^x c7 ac a5 fa dc 2d 8f 4d b3 b9 79 17 24 02 89 30 | ikev2 g^x b3 fc 60 a3 66 36 5a 7a da f1 e3 1f b5 af 89 84 | ikev2 g^x 2d d6 32 9f 8c 17 bb e8 a8 57 d8 89 c7 a6 30 ce | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce c0 59 f6 7e 21 cb 38 aa 55 5d e6 59 0f bd 8d 04 | IKEv2 nonce 53 ef 65 c1 30 c8 83 e9 a3 0c b6 1a dd 78 d6 b8 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff8d766830 (length 8) | 6f 65 ca 24 c5 3d b3 9a | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff8d766838 (length 8) | be e6 fc 2c 4c bc e3 0e | NATD hash sha digest IP addr-bytes@0x7fff8d766764 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff8d766756 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff8d7667e0 (length 20) | 19 22 f3 65 db 24 03 4c ec 3b db f0 20 a2 58 d0 | 86 35 68 cf | natd_hash: hasher=0x564e2b52a7a0(20) | natd_hash: icookie= 6f 65 ca 24 c5 3d b3 9a | natd_hash: rcookie= be e6 fc 2c 4c bc e3 0e | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 19 22 f3 65 db 24 03 4c ec 3b db f0 20 a2 58 d0 | natd_hash: hash= 86 35 68 cf | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 19 22 f3 65 db 24 03 4c ec 3b db f0 20 a2 58 d0 | Notify data 86 35 68 cf | emitting length of IKEv2 Notify Payload: 28 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff8d766830 (length 8) | 6f 65 ca 24 c5 3d b3 9a | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff8d766838 (length 8) | be e6 fc 2c 4c bc e3 0e | NATD hash sha digest IP addr-bytes@0x7fff8d766764 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff8d766756 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff8d7667e0 (length 20) | db c0 81 14 89 1a 6c cd 1c 2e a1 61 37 59 1f 34 | 8d 04 f6 9e | natd_hash: hasher=0x564e2b52a7a0(20) | natd_hash: icookie= 6f 65 ca 24 c5 3d b3 9a | natd_hash: rcookie= be e6 fc 2c 4c bc e3 0e | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= db c0 81 14 89 1a 6c cd 1c 2e a1 61 37 59 1f 34 | natd_hash: hash= 8d 04 f6 9e | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data db c0 81 14 89 1a 6c cd 1c 2e a1 61 37 59 1f 34 | Notify data 8d 04 f6 9e | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) | Message ID: updating counters for #1 to 0 after switching state | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 "east" #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 440 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 a9 2c fb ec cc 02 b2 bf 50 53 f9 40 | c7 3c 87 c3 04 65 e4 88 ac 8d bd 1b 54 75 24 61 | b4 6a d1 8a 9b eb 26 a6 33 72 98 30 26 78 23 ac | 96 2d 71 84 98 2e 60 eb e2 0a 92 f2 f9 5d ac 58 | 33 9d eb c7 6b 95 69 d5 37 43 b5 75 d3 d2 be 0d | 26 f5 3d 1e 7f ec c3 1d d8 7f 8d df a9 e8 07 81 | cf ee b5 f3 66 aa 48 29 47 97 ec f6 fe c1 47 65 | 65 4e 61 a9 1f 8c 29 1d 8c d7 42 dd 4b 0c 0e dd | 7d 33 5f 9e 93 f4 cb e4 93 a0 64 62 87 44 17 75 | 0e e4 41 12 28 b8 6e 86 60 96 fe f8 94 1f 0c a3 | d5 5e c0 1a fb 60 78 37 e3 8f 94 33 b0 f8 88 a1 | 34 06 d2 e3 fe 9c 22 a3 f5 6c f9 50 73 67 6e 65 | 6e af 5a 1f 01 e9 ab 02 c5 82 d4 04 43 36 4f d9 | 7b 01 61 19 c7 ac a5 fa dc 2d 8f 4d b3 b9 79 17 | 24 02 89 30 b3 fc 60 a3 66 36 5a 7a da f1 e3 1f | b5 af 89 84 2d d6 32 9f 8c 17 bb e8 a8 57 d8 89 | c7 a6 30 ce 29 00 00 24 c0 59 f6 7e 21 cb 38 aa | 55 5d e6 59 0f bd 8d 04 53 ef 65 c1 30 c8 83 e9 | a3 0c b6 1a dd 78 d6 b8 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 19 22 f3 65 db 24 03 4c | ec 3b db f0 20 a2 58 d0 86 35 68 cf 00 00 00 1c | 00 00 40 05 db c0 81 14 89 1a 6c cd 1c 2e a1 61 | 37 59 1f 34 8d 04 f6 9e | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x564e2d1bd2c0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564e2d1bb7d0 | event_schedule: new EVENT_SO_DISCARD-pe@0x564e2d1bb7d0 | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1 | libevent_malloc: new ptr-libevent@0x564e2d1bd2c0 size 128 | resume sending helper answer for #1 suppresed complete_v2_state_transition() | #1 spent 0.505 milliseconds in resume sending helper answer | stop processing: state #1 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f2a58006900 | spent 0.00248 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 220 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 73 30 2f 00 4f d5 5f 29 0e 70 8b f1 88 d0 be 9c | c5 49 79 d9 df 93 7c 26 fc c1 41 0d 28 7c 49 ce | 70 61 df 9b af 4c ef b6 fb b4 18 44 47 46 f7 95 | 41 81 c7 b7 a3 55 3d 89 65 2a ae dd 7a 69 10 3a | e6 44 42 e0 8d 58 70 49 6c bd 78 a4 e6 87 89 ae | ae e9 84 13 84 52 93 02 6e d7 c3 19 6a 50 46 94 | c2 11 fd 00 ca a9 fb 63 19 5b 0e c0 37 4e 6f d4 | f5 81 ee d5 b1 43 3e e4 78 60 a0 df b1 95 3a d5 | 8e 84 38 9f 55 8c 0b f4 ef fa 66 52 d2 25 97 72 | 1a 24 a8 a1 5f 48 3d d8 3e 3d e3 6c f7 c3 9a bc | 40 46 a0 ee e6 d8 e2 db 3d 01 b9 33 a5 e9 59 7f | 0b cd 3d d5 cd 33 fb 48 35 52 68 16 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 6f 65 ca 24 c5 3d b3 9a | responder cookie: | be e6 fc 2c 4c bc e3 0e | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 220 (0xdc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) | start processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 192 (0xc0) | processing payload: ISAKMP_NEXT_v2SK (len=188) | Message ID: start-responder #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 | #1 in state PARENT_R1: received v2I1, sent v2R1 | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request (no SKEYSEED) | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f2a58000d60: transferring ownership from state #1 to helper IKEv2 DH | adding ikev2_inI2outR2 KE work-order 2 for state #1 | state #1 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x564e2d1bd2c0 | free_event_entry: release EVENT_SO_DISCARD-pe@0x564e2d1bb7d0 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564e2d1bb7d0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x564e2d1bd2c0 size 128 | #1 spent 0.033 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND | suspending state #1 and saving MD | #1 is busy; has a suspended MD | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266) | "east" #1 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #1 spent 0.174 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.185 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 2 resuming | crypto helper 2 starting work-order 2 for state #1 | crypto helper 2 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 | peer's g: 6b 42 64 e0 45 5a 0d 4b c1 ee 98 6c b3 bd 90 aa | peer's g: 6c 91 7e 1d 29 48 28 f5 0f 71 38 da 6b b6 8b 61 | peer's g: 25 eb 06 86 77 5a fd f2 57 66 c1 31 92 17 dd 24 | peer's g: d1 41 81 06 61 03 37 a1 7b 44 e1 14 cc 9a 08 8e | peer's g: 2b 4f 44 98 be ac 72 3a 04 c0 eb a7 23 74 0d 2d | peer's g: b8 c5 aa f9 94 da 1e 2d bc 69 69 03 9c 79 bd d2 | peer's g: c4 34 81 6b b2 7a 05 24 58 f1 ee e8 48 0d 40 4e | peer's g: 14 30 04 af 00 87 47 bc a2 b1 cf 10 7a 19 1d 47 | peer's g: 77 b9 10 77 39 e2 7d 98 d4 1a 6f 4b 02 f7 df 9c | peer's g: 40 ae cc 2a 5b dc a2 bb 6a 8b e4 71 05 b9 33 ea | peer's g: 07 d4 cb 2b 68 a5 37 b0 b0 85 e1 30 2c 84 82 aa | peer's g: 20 9e 02 90 e7 a8 3d 1f a5 4e 0b 7e fd 92 15 0b | peer's g: 52 cc 5f 1c 5d 0b 5e 1b 74 b9 c4 be 9a d2 e8 0c | peer's g: 58 c3 c6 3f 08 e7 13 3e e1 12 cf c2 34 ec e7 a9 | peer's g: c7 31 6e f2 9f 68 ba c4 55 0e d5 ae c8 49 9b 9d | peer's g: 4e 4c ae 43 4c 98 a8 99 71 cc 37 e9 11 c8 de 5a | Started DH shared-secret computation in NSS: | new : g_ir-key@0x564e2d1aa0f0 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f2a58000d60: computed shared DH secret key@0x564e2d1aa0f0 | dh-shared : g^ir-key@0x564e2d1aa0f0 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f2a50001ef0 (length 64) | 75 16 39 aa a4 f3 92 bd 79 72 27 a7 6e d7 e8 f9 | 9f 6f e3 6b 68 d9 37 97 08 ac 61 0c 1d f5 26 39 | c0 59 f6 7e 21 cb 38 aa 55 5d e6 59 0f bd 8d 04 | 53 ef 65 c1 30 c8 83 e9 a3 0c b6 1a dd 78 d6 b8 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6082c670 | result: Ni | Nr-key@0x564e2d1a5000 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x564e2d1a5000 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6082c658 | result: Ni | Nr-key@0x564e2d1a8430 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x564e2d1a5000 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f2a50002e80 from Ni | Nr-key@0x564e2d1a8430 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f2a50002e80 from Ni | Nr-key@0x564e2d1a8430 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x564e2d1a8430 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f2a500016b0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x564e2d1aa0f0 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x564e2d1aa0f0 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x564e2d1aa0f0 | nss hmac digest hack: symkey-key@0x564e2d1aa0f0 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)1619182288: 01 ffffffdf 00 fffffff2 ffffffdb ffffff9a 44 ffffffdc 6c ffffff93 38 40 fffffffe 5b ffffffd0 ffffffda 59 ffffff9f 14 ffffffd1 ffffffac 72 12 ffffffd0 ffffff8d 22 ffffff96 50 ffffffb4 10 ffffff8d ffffffa3 72 1c 78 5c 3b 16 6c 38 43 19 ffffffec 5d 21 34 ffffffa4 15 ffffffb8 62 5d 6b 46 ffffffcb ffffffdb ffffffa0 05 0c 7d ffffffca ffffffe9 ffffffcc 6a 26 ffffffe0 ffffffd8 ffffffbd fffffff6 ffffffd7 39 3b 2a 1d ffffffd2 ffffffa7 ffffffa9 2a 70 78 52 ffffffbe ffffff9c ffffffef ffffffe5 ffffff96 2c ffffffef ffffff90 ffffffb6 ffffffe7 ffffff98 44 41 ffffffcb 12 ffffff89 55 57 14 01 59 61 02 ffffff97 25 31 ffffffe7 ffffffa5 ffffffe9 09 ffffffe6 ffffffe5 ffffffc2 ffffffee ffffff8b ffffffad ffffffe1 65 73 ffffffd1 fffffff9 ffffffa6 43 ffffff87 6f ffffffae 0d ffffff9b ffffffb8 17 ffffffdd ffffffec ffffffa7 78 ffffffdd 44 ffffffd2 ffffff9a 71 22 fffffffc 7b 67 62 ffffffd4 ffffff8d 70 01 3b 47 ffffffa9 ffffffb7 ffffff8d ffffffbf ffffffea ffffff | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 256 bytes at 0x7f2a50003dd0 | unwrapped: 47 27 a3 e0 ca f0 12 c0 e1 6e 4c 4c 1e 99 12 4d | unwrapped: 5c a4 b6 b2 44 4c b4 a4 ee 14 4c 73 82 70 c2 8d | unwrapped: b1 b6 40 39 ce 13 87 c8 b7 f4 d2 d0 32 82 bc 64 | unwrapped: cf 77 76 39 2c c2 45 fa 79 65 1c 67 a1 2a f4 a9 | unwrapped: 40 b6 f9 ef 4d 7c 9e 53 33 f0 31 f3 26 1c 0e 4c | unwrapped: 1e 99 1f 2b 49 79 b5 d6 7f 4d 78 07 7e d5 7a de | unwrapped: 93 56 70 e6 9b 1c 64 31 2b df fd a2 ad 50 80 53 | unwrapped: b6 54 9c a7 e4 ed 36 03 de 0d 9d 82 e8 aa 29 39 | unwrapped: 37 83 9c 23 ab d5 9b 08 7c 1e ad c8 12 68 22 b2 | unwrapped: 0a fb f6 06 bc b6 43 c9 f1 6e 14 9c 65 d8 e1 da | unwrapped: 81 f7 24 54 ab 39 a7 95 8c de fd c4 48 7d 4a eb | unwrapped: 52 41 c8 ce 66 3f 74 dd 8f ce 39 f8 7c db aa 60 | unwrapped: 36 b5 39 c3 f7 9e fc 12 d7 1e b5 b5 4b c2 e1 ff | unwrapped: a1 ba 84 99 d7 47 4e 3b 6f 65 ce 1d 56 02 75 67 | unwrapped: 35 78 d5 97 2e c0 b2 45 86 10 e1 b9 77 bd e2 ad | unwrapped: b5 b6 b5 ff 86 e5 ee 26 d2 30 90 23 8a 29 cb 47 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6082c690 | result: final-key@0x564e2d1a5000 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d1a5000 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6082c678 | result: final-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564e2d1a5000 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x564e2d1a8430 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6082c600 | result: data=Ni-key@0x564e2d19df20 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x564e2d19df20 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6082c5e8 | result: data=Ni-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x564e2d19df20 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d1a5000 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f2a6082c5f0 | result: data+=Nr-key@0x564e2d19df20 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564e2d1a5000 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d19df20 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f2a6082c5f0 | result: data+=SPIi-key@0x564e2d1a5000 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564e2d19df20 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d1a5000 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f2a6082c5f0 | result: data+=SPIr-key@0x564e2d19df20 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564e2d1a5000 | prf+0 PRF sha init key-key@0x564e2d1a8430 (size 20) | prf+0: key-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6082c518 | result: clone-key@0x564e2d1a5000 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f2a50002e80 from key-key@0x564e2d1a5000 | prf+0 prf: begin sha with context 0x7f2a50002e80 from key-key@0x564e2d1a5000 | prf+0: release clone-key@0x564e2d1a5000 | prf+0 PRF sha crypt-prf@0x7f2a500018a0 | prf+0 PRF sha update seed-key@0x564e2d19df20 (size 80) | prf+0: seed-key@0x564e2d19df20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564e2d19df20 | nss hmac digest hack: symkey-key@0x564e2d19df20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1619181920: ffffff80 0f ffffffb4 ffffffaa 2d 2e 5d ffffffc1 ffffffa3 ffffff81 ffffffd4 ffffffde ffffffb7 ffffffc2 23 fffffff7 ffffffc1 ffffffcb 1b 63 ffffff86 04 ffffffb6 ffffff83 3a 3b ffffffb1 2d ffffff93 4f ffffffb1 4b 06 22 ffffffee ffffffcd 50 27 1c 69 ffffffea ffffffe8 04 0c ffffffd7 70 43 0e ffffffe8 4f fffffff8 ffffffe4 fffffff7 6d 32 ffffffa5 24 ffffffb1 ffffffb7 ffffffd5 ffffff97 47 ffffff97 08 ffffffc0 78 ffffff91 78 ffffffb6 4a ffffffcd 15 3c 30 ffffffe8 3e ffffffbf ffffffbe ffffff80 40 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a500067f0 | unwrapped: 75 16 39 aa a4 f3 92 bd 79 72 27 a7 6e d7 e8 f9 | unwrapped: 9f 6f e3 6b 68 d9 37 97 08 ac 61 0c 1d f5 26 39 | unwrapped: c0 59 f6 7e 21 cb 38 aa 55 5d e6 59 0f bd 8d 04 | unwrapped: 53 ef 65 c1 30 c8 83 e9 a3 0c b6 1a dd 78 d6 b8 | unwrapped: 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6082c520 | result: final-key@0x564e2d1aba50 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d1aba50 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6082c508 | result: final-key@0x564e2d1a5000 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564e2d1aba50 | prf+0 PRF sha final-key@0x564e2d1a5000 (size 20) | prf+0: key-key@0x564e2d1a5000 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x564e2d1a5000 | prf+N PRF sha init key-key@0x564e2d1a8430 (size 20) | prf+N: key-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6082c518 | result: clone-key@0x564e2d1aba50 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a50002e80 from key-key@0x564e2d1aba50 | prf+N prf: begin sha with context 0x7f2a50002e80 from key-key@0x564e2d1aba50 | prf+N: release clone-key@0x564e2d1aba50 | prf+N PRF sha crypt-prf@0x7f2a50001f40 | prf+N PRF sha update old_t-key@0x564e2d1a5000 (size 20) | prf+N: old_t-key@0x564e2d1a5000 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564e2d1a5000 | nss hmac digest hack: symkey-key@0x564e2d1a5000 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1619181920: ffffffd3 ffffff9c ffffff9d ffffffc8 fffffff1 3b fffffff8 22 fffffff4 ffffffba ffffffc6 43 62 0e 76 5f 0e 3b 17 ffffffdd 20 0d 1a ffffffa6 ffffffc8 ffffffbe 04 ffffffd2 ffffffcd 72 5e ffffffc6 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a50006850 | unwrapped: ae 59 ed ac de fd 50 f3 d7 37 d2 b1 68 1b b2 11 | unwrapped: ff 40 62 ec 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564e2d19df20 (size 80) | prf+N: seed-key@0x564e2d19df20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564e2d19df20 | nss hmac digest hack: symkey-key@0x564e2d19df20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1619181920: ffffff80 0f ffffffb4 ffffffaa 2d 2e 5d ffffffc1 ffffffa3 ffffff81 ffffffd4 ffffffde ffffffb7 ffffffc2 23 fffffff7 ffffffc1 ffffffcb 1b 63 ffffff86 04 ffffffb6 ffffff83 3a 3b ffffffb1 2d ffffff93 4f ffffffb1 4b 06 22 ffffffee ffffffcd 50 27 1c 69 ffffffea ffffffe8 04 0c ffffffd7 70 43 0e ffffffe8 4f fffffff8 ffffffe4 fffffff7 6d 32 ffffffa5 24 ffffffb1 ffffffb7 ffffffd5 ffffff97 47 ffffff97 08 ffffffc0 78 ffffff91 78 ffffffb6 4a ffffffcd 15 3c 30 ffffffe8 3e ffffffbf ffffffbe ffffff80 40 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a50006790 | unwrapped: 75 16 39 aa a4 f3 92 bd 79 72 27 a7 6e d7 e8 f9 | unwrapped: 9f 6f e3 6b 68 d9 37 97 08 ac 61 0c 1d f5 26 39 | unwrapped: c0 59 f6 7e 21 cb 38 aa 55 5d e6 59 0f bd 8d 04 | unwrapped: 53 ef 65 c1 30 c8 83 e9 a3 0c b6 1a dd 78 d6 b8 | unwrapped: 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6082c520 | result: final-key@0x564e2d19f7a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d19f7a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6082c508 | result: final-key@0x564e2d1aba50 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564e2d19f7a0 | prf+N PRF sha final-key@0x564e2d1aba50 (size 20) | prf+N: key-key@0x564e2d1aba50 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d1a5000 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a6082c598 | result: result-key@0x564e2d19f7a0 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564e2d1a5000 | prfplus: release old_t[N]-key@0x564e2d1a5000 | prf+N PRF sha init key-key@0x564e2d1a8430 (size 20) | prf+N: key-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6082c518 | result: clone-key@0x564e2d1a5000 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a50002e80 from key-key@0x564e2d1a5000 | prf+N prf: begin sha with context 0x7f2a50002e80 from key-key@0x564e2d1a5000 | prf+N: release clone-key@0x564e2d1a5000 | prf+N PRF sha crypt-prf@0x7f2a50001270 | prf+N PRF sha update old_t-key@0x564e2d1aba50 (size 20) | prf+N: old_t-key@0x564e2d1aba50 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564e2d1aba50 | nss hmac digest hack: symkey-key@0x564e2d1aba50 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1619181920: 2b 14 54 4b 41 ffffff93 4e ffffffa0 6e ffffffa7 42 ffffffc3 4c 08 ffffffc8 ffffffcf 01 ffffff8e 5e 0a 4d 1a ffffffeb ffffffa5 ffffffed ffffff93 18 ffffffd8 71 fffffffa 78 ffffffe2 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a5000a0b0 | unwrapped: 9c 7a 4e 92 fc bd 0a 78 40 be 01 df 4c d7 84 17 | unwrapped: e4 c7 d0 3f 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564e2d19df20 (size 80) | prf+N: seed-key@0x564e2d19df20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564e2d19df20 | nss hmac digest hack: symkey-key@0x564e2d19df20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1619181920: ffffff80 0f ffffffb4 ffffffaa 2d 2e 5d ffffffc1 ffffffa3 ffffff81 ffffffd4 ffffffde ffffffb7 ffffffc2 23 fffffff7 ffffffc1 ffffffcb 1b 63 ffffff86 04 ffffffb6 ffffff83 3a 3b ffffffb1 2d ffffff93 4f ffffffb1 4b 06 22 ffffffee ffffffcd 50 27 1c 69 ffffffea ffffffe8 04 0c ffffffd7 70 43 0e ffffffe8 4f fffffff8 ffffffe4 fffffff7 6d 32 ffffffa5 24 ffffffb1 ffffffb7 ffffffd5 ffffff97 47 ffffff97 08 ffffffc0 78 ffffff91 78 ffffffb6 4a ffffffcd 15 3c 30 ffffffe8 3e ffffffbf ffffffbe ffffff80 40 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a50006730 | unwrapped: 75 16 39 aa a4 f3 92 bd 79 72 27 a7 6e d7 e8 f9 | unwrapped: 9f 6f e3 6b 68 d9 37 97 08 ac 61 0c 1d f5 26 39 | unwrapped: c0 59 f6 7e 21 cb 38 aa 55 5d e6 59 0f bd 8d 04 | unwrapped: 53 ef 65 c1 30 c8 83 e9 a3 0c b6 1a dd 78 d6 b8 | unwrapped: 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6082c520 | result: final-key@0x7f2a500069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a500069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6082c508 | result: final-key@0x564e2d1a5000 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a500069f0 | prf+N PRF sha final-key@0x564e2d1a5000 (size 20) | prf+N: key-key@0x564e2d1a5000 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d19f7a0 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a6082c598 | result: result-key@0x7f2a500069f0 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564e2d19f7a0 | prfplus: release old_t[N]-key@0x564e2d1aba50 | prf+N PRF sha init key-key@0x564e2d1a8430 (size 20) | prf+N: key-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6082c518 | result: clone-key@0x564e2d1aba50 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a50002e80 from key-key@0x564e2d1aba50 | prf+N prf: begin sha with context 0x7f2a50002e80 from key-key@0x564e2d1aba50 | prf+N: release clone-key@0x564e2d1aba50 | prf+N PRF sha crypt-prf@0x7f2a50002010 | prf+N PRF sha update old_t-key@0x564e2d1a5000 (size 20) | prf+N: old_t-key@0x564e2d1a5000 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564e2d1a5000 | nss hmac digest hack: symkey-key@0x564e2d1a5000 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1619181920: 06 5b 2e 5b 1f ffffff80 ffffffbd ffffff81 22 ffffffe8 fffffff3 45 ffffff8a 73 04 73 59 ffffff8d fffffff1 ffffffb9 4e ffffffa3 60 ffffffca 68 72 ffffffdc 6f ffffffae 7b 34 44 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a5000a400 | unwrapped: e6 bb ee 5c 94 c8 b5 c8 ab 43 4a 6e 9f b6 28 9e | unwrapped: 61 0d 96 1d 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564e2d19df20 (size 80) | prf+N: seed-key@0x564e2d19df20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564e2d19df20 | nss hmac digest hack: symkey-key@0x564e2d19df20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1619181920: ffffff80 0f ffffffb4 ffffffaa 2d 2e 5d ffffffc1 ffffffa3 ffffff81 ffffffd4 ffffffde ffffffb7 ffffffc2 23 fffffff7 ffffffc1 ffffffcb 1b 63 ffffff86 04 ffffffb6 ffffff83 3a 3b ffffffb1 2d ffffff93 4f ffffffb1 4b 06 22 ffffffee ffffffcd 50 27 1c 69 ffffffea ffffffe8 04 0c ffffffd7 70 43 0e ffffffe8 4f fffffff8 ffffffe4 fffffff7 6d 32 ffffffa5 24 ffffffb1 ffffffb7 ffffffd5 ffffff97 47 ffffff97 08 ffffffc0 78 ffffff91 78 ffffffb6 4a ffffffcd 15 3c 30 ffffffe8 3e ffffffbf ffffffbe ffffff80 40 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a50005030 | unwrapped: 75 16 39 aa a4 f3 92 bd 79 72 27 a7 6e d7 e8 f9 | unwrapped: 9f 6f e3 6b 68 d9 37 97 08 ac 61 0c 1d f5 26 39 | unwrapped: c0 59 f6 7e 21 cb 38 aa 55 5d e6 59 0f bd 8d 04 | unwrapped: 53 ef 65 c1 30 c8 83 e9 a3 0c b6 1a dd 78 d6 b8 | unwrapped: 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6082c520 | result: final-key@0x564e2d19f7a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d19f7a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6082c508 | result: final-key@0x564e2d1aba50 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564e2d19f7a0 | prf+N PRF sha final-key@0x564e2d1aba50 (size 20) | prf+N: key-key@0x564e2d1aba50 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a500069f0 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a6082c598 | result: result-key@0x564e2d19f7a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a500069f0 | prfplus: release old_t[N]-key@0x564e2d1a5000 | prf+N PRF sha init key-key@0x564e2d1a8430 (size 20) | prf+N: key-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6082c518 | result: clone-key@0x564e2d1a5000 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a50002e80 from key-key@0x564e2d1a5000 | prf+N prf: begin sha with context 0x7f2a50002e80 from key-key@0x564e2d1a5000 | prf+N: release clone-key@0x564e2d1a5000 | prf+N PRF sha crypt-prf@0x7f2a50001270 | prf+N PRF sha update old_t-key@0x564e2d1aba50 (size 20) | prf+N: old_t-key@0x564e2d1aba50 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564e2d1aba50 | nss hmac digest hack: symkey-key@0x564e2d1aba50 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1619181920: 29 ffffff84 ffffffe0 75 ffffffdf 78 ffffffc5 ffffff95 6e ffffffe3 fffffff9 ffffffbe 70 ffffffc8 ffffffac 04 ffffffc6 0c 5f fffffff5 ffffffca 6d 29 ffffffee 05 4c ffffff88 ffffffeb ffffffdd 5d 7c ffffffa5 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a5000a3d0 | unwrapped: f6 85 0d 19 e3 b0 0f 16 2d a6 46 c6 f9 1d 92 59 | unwrapped: 60 61 3c 69 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564e2d19df20 (size 80) | prf+N: seed-key@0x564e2d19df20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564e2d19df20 | nss hmac digest hack: symkey-key@0x564e2d19df20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1619181920: ffffff80 0f ffffffb4 ffffffaa 2d 2e 5d ffffffc1 ffffffa3 ffffff81 ffffffd4 ffffffde ffffffb7 ffffffc2 23 fffffff7 ffffffc1 ffffffcb 1b 63 ffffff86 04 ffffffb6 ffffff83 3a 3b ffffffb1 2d ffffff93 4f ffffffb1 4b 06 22 ffffffee ffffffcd 50 27 1c 69 ffffffea ffffffe8 04 0c ffffffd7 70 43 0e ffffffe8 4f fffffff8 ffffffe4 fffffff7 6d 32 ffffffa5 24 ffffffb1 ffffffb7 ffffffd5 ffffff97 47 ffffff97 08 ffffffc0 78 ffffff91 78 ffffffb6 4a ffffffcd 15 3c 30 ffffffe8 3e ffffffbf ffffffbe ffffff80 40 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a5000a430 | unwrapped: 75 16 39 aa a4 f3 92 bd 79 72 27 a7 6e d7 e8 f9 | unwrapped: 9f 6f e3 6b 68 d9 37 97 08 ac 61 0c 1d f5 26 39 | unwrapped: c0 59 f6 7e 21 cb 38 aa 55 5d e6 59 0f bd 8d 04 | unwrapped: 53 ef 65 c1 30 c8 83 e9 a3 0c b6 1a dd 78 d6 b8 | unwrapped: 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6082c520 | result: final-key@0x7f2a500069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a500069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6082c508 | result: final-key@0x564e2d1a5000 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a500069f0 | prf+N PRF sha final-key@0x564e2d1a5000 (size 20) | prf+N: key-key@0x564e2d1a5000 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d19f7a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a6082c598 | result: result-key@0x7f2a500069f0 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564e2d19f7a0 | prfplus: release old_t[N]-key@0x564e2d1aba50 | prf+N PRF sha init key-key@0x564e2d1a8430 (size 20) | prf+N: key-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6082c518 | result: clone-key@0x564e2d1aba50 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a50009f20 from key-key@0x564e2d1aba50 | prf+N prf: begin sha with context 0x7f2a50009f20 from key-key@0x564e2d1aba50 | prf+N: release clone-key@0x564e2d1aba50 | prf+N PRF sha crypt-prf@0x7f2a50002010 | prf+N PRF sha update old_t-key@0x564e2d1a5000 (size 20) | prf+N: old_t-key@0x564e2d1a5000 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564e2d1a5000 | nss hmac digest hack: symkey-key@0x564e2d1a5000 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1619181920: 04 ffffffb0 ffffffd0 ffffff99 78 ffffffd8 ffffff9a 39 fffffff2 5d 6d ffffffb9 1c 5b ffffffbe ffffffae ffffffa8 27 57 15 ffffff94 ffffffbf ffffffbb ffffff81 ffffff9c 66 0f ffffffcf 41 35 57 ffffffab | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a5000a380 | unwrapped: 35 01 80 72 e2 fc 33 f2 2a 49 07 ba ed 48 8d 7c | unwrapped: a5 7e a7 88 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564e2d19df20 (size 80) | prf+N: seed-key@0x564e2d19df20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564e2d19df20 | nss hmac digest hack: symkey-key@0x564e2d19df20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1619181920: ffffff80 0f ffffffb4 ffffffaa 2d 2e 5d ffffffc1 ffffffa3 ffffff81 ffffffd4 ffffffde ffffffb7 ffffffc2 23 fffffff7 ffffffc1 ffffffcb 1b 63 ffffff86 04 ffffffb6 ffffff83 3a 3b ffffffb1 2d ffffff93 4f ffffffb1 4b 06 22 ffffffee ffffffcd 50 27 1c 69 ffffffea ffffffe8 04 0c ffffffd7 70 43 0e ffffffe8 4f fffffff8 ffffffe4 fffffff7 6d 32 ffffffa5 24 ffffffb1 ffffffb7 ffffffd5 ffffff97 47 ffffff97 08 ffffffc0 78 ffffff91 78 ffffffb6 4a ffffffcd 15 3c 30 ffffffe8 3e ffffffbf ffffffbe ffffff80 40 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a50006790 | unwrapped: 75 16 39 aa a4 f3 92 bd 79 72 27 a7 6e d7 e8 f9 | unwrapped: 9f 6f e3 6b 68 d9 37 97 08 ac 61 0c 1d f5 26 39 | unwrapped: c0 59 f6 7e 21 cb 38 aa 55 5d e6 59 0f bd 8d 04 | unwrapped: 53 ef 65 c1 30 c8 83 e9 a3 0c b6 1a dd 78 d6 b8 | unwrapped: 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6082c520 | result: final-key@0x564e2d19f7a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d19f7a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6082c508 | result: final-key@0x564e2d1aba50 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564e2d19f7a0 | prf+N PRF sha final-key@0x564e2d1aba50 (size 20) | prf+N: key-key@0x564e2d1aba50 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a500069f0 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a6082c598 | result: result-key@0x564e2d19f7a0 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a500069f0 | prfplus: release old_t[N]-key@0x564e2d1a5000 | prf+N PRF sha init key-key@0x564e2d1a8430 (size 20) | prf+N: key-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6082c518 | result: clone-key@0x564e2d1a5000 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a50002e80 from key-key@0x564e2d1a5000 | prf+N prf: begin sha with context 0x7f2a50002e80 from key-key@0x564e2d1a5000 | prf+N: release clone-key@0x564e2d1a5000 | prf+N PRF sha crypt-prf@0x7f2a50001270 | prf+N PRF sha update old_t-key@0x564e2d1aba50 (size 20) | prf+N: old_t-key@0x564e2d1aba50 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564e2d1aba50 | nss hmac digest hack: symkey-key@0x564e2d1aba50 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1619181920: 3e ffffffb1 ffffffd9 ffffffb9 ffffff8d ffffffe9 ffffffda ffffffcf 2b ffffff8a ffffffde 62 3a fffffff4 52 7a ffffffd7 5a ffffffbe fffffff7 39 fffffff9 ffffff84 1f ffffffa0 ffffffea ffffffce ffffff9d 13 ffffffa4 ffffff92 33 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a5000a5c0 | unwrapped: 3b e2 92 47 d1 20 61 c1 b7 4a cd be 1c fe b0 39 | unwrapped: 95 a6 fd aa 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564e2d19df20 (size 80) | prf+N: seed-key@0x564e2d19df20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564e2d19df20 | nss hmac digest hack: symkey-key@0x564e2d19df20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1619181920: ffffff80 0f ffffffb4 ffffffaa 2d 2e 5d ffffffc1 ffffffa3 ffffff81 ffffffd4 ffffffde ffffffb7 ffffffc2 23 fffffff7 ffffffc1 ffffffcb 1b 63 ffffff86 04 ffffffb6 ffffff83 3a 3b ffffffb1 2d ffffff93 4f ffffffb1 4b 06 22 ffffffee ffffffcd 50 27 1c 69 ffffffea ffffffe8 04 0c ffffffd7 70 43 0e ffffffe8 4f fffffff8 ffffffe4 fffffff7 6d 32 ffffffa5 24 ffffffb1 ffffffb7 ffffffd5 ffffff97 47 ffffff97 08 ffffffc0 78 ffffff91 78 ffffffb6 4a ffffffcd 15 3c 30 ffffffe8 3e ffffffbf ffffffbe ffffff80 40 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a5000a430 | unwrapped: 75 16 39 aa a4 f3 92 bd 79 72 27 a7 6e d7 e8 f9 | unwrapped: 9f 6f e3 6b 68 d9 37 97 08 ac 61 0c 1d f5 26 39 | unwrapped: c0 59 f6 7e 21 cb 38 aa 55 5d e6 59 0f bd 8d 04 | unwrapped: 53 ef 65 c1 30 c8 83 e9 a3 0c b6 1a dd 78 d6 b8 | unwrapped: 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6082c520 | result: final-key@0x7f2a500069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a500069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6082c508 | result: final-key@0x564e2d1a5000 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a500069f0 | prf+N PRF sha final-key@0x564e2d1a5000 (size 20) | prf+N: key-key@0x564e2d1a5000 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d19f7a0 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a6082c598 | result: result-key@0x7f2a500069f0 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564e2d19f7a0 | prfplus: release old_t[N]-key@0x564e2d1aba50 | prfplus: release old_t[final]-key@0x564e2d1a5000 | ike_sa_keymat: release data-key@0x564e2d19df20 | calc_skeyseed_v2: release skeyseed_k-key@0x564e2d1a8430 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a500069f0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6082c738 | result: result-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a500069f0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6082c738 | result: result-key@0x564e2d19df20 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a500069f0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6082c738 | result: result-key@0x564e2d1a5000 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f2a500069f0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6082c748 | result: SK_ei_k-key@0x564e2d1aba50 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f2a500069f0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6082c748 | result: SK_er_k-key@0x564e2d19f7a0 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a500069f0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6082c748 | result: result-key@0x7f2a5000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x7f2a5000a510 | chunk_SK_pi: symkey-key@0x7f2a5000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1684432486: 55 ffffffbf ffffffe1 1d 1b 4d fffffffb fffffff4 ffffffe9 7b 11 ffffffb8 ffffffdd ffffff97 ffffff83 ffffffd9 10 ffffffbd ffffffaf fffffff7 4a ffffffae ffffff93 2b ffffffb2 6f ffffff99 ffffff85 7d 32 0c ffffffc9 | chunk_SK_pi: release slot-key-key@0x564e2d1a1c00 | chunk_SK_pi extracted len 32 bytes at 0x7f2a50002d20 | unwrapped: ed 48 8d 7c a5 7e a7 88 3b e2 92 47 d1 20 61 c1 | unwrapped: b7 4a cd be 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a500069f0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6082c748 | result: result-key@0x7f2a5000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x7f2a5000d640 | chunk_SK_pr: symkey-key@0x7f2a5000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1684432486: ffffffe0 ffffffd6 60 ffffff89 ffffffe7 ffffffa3 00 36 5a 10 ffffffdd 1c 7c ffffffbf 7c 49 ffffffd5 ffffffcc ffffff92 4c 24 ffffffbc 4b ffffff93 ffffffe4 20 ffffffa9 ffffffaa ffffff81 49 15 ffffffbc | chunk_SK_pr: release slot-key-key@0x564e2d1a1c00 | chunk_SK_pr extracted len 32 bytes at 0x7f2a50002d50 | unwrapped: 1c fe b0 39 95 a6 fd aa 2a d9 ce 63 9b eb 83 ba | unwrapped: a8 f3 3c 21 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x7f2a500069f0 | calc_skeyseed_v2 pointers: shared-key@0x564e2d1aa0f0, SK_d-key@0x564e2d1a8430, SK_ai-key@0x564e2d19df20, SK_ar-key@0x564e2d1a5000, SK_ei-key@0x564e2d1aba50, SK_er-key@0x564e2d19f7a0, SK_pi-key@0x7f2a5000a510, SK_pr-key@0x7f2a5000d640 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | ed 48 8d 7c a5 7e a7 88 3b e2 92 47 d1 20 61 c1 | b7 4a cd be | calc_skeyseed_v2 SK_pr | 1c fe b0 39 95 a6 fd aa 2a d9 ce 63 9b eb 83 ba | a8 f3 3c 21 | crypto helper 2 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 time elapsed 0.00338 seconds | (#1) spent 3.14 milliseconds in crypto helper computing work-order 2: ikev2_inI2outR2 KE (pcr) | crypto helper 2 sending results from work-order 2 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7f2a5000eec0 size 128 | crypto helper 2 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 2 replies to request ID 2 | calling continuation function 0x564e2b454630 | ikev2_parent_inI2outR2_continue for #1: calculating g^{xy}, sending R2 | DH secret MODP2048@0x7f2a58000d60: transferring ownership from helper IKEv2 DH to state #1 | finish_dh_v2: release st_shared_nss-key@NULL | #1 in state PARENT_R1: received v2I1, sent v2R1 | hmac PRF sha init symkey-key@0x564e2d19df20 (size 20) | hmac: symkey-key@0x564e2d19df20 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d19df20 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d766178 | result: clone-key@0x7f2a500069f0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x7f2a500069f0 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x7f2a500069f0 | hmac: release clone-key@0x7f2a500069f0 | hmac PRF sha crypt-prf@0x564e2d1bb840 | hmac PRF sha update data-bytes@0x564e2d1b9eb0 (length 208) | 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 73 30 2f 00 4f d5 5f 29 0e 70 8b f1 88 d0 be 9c | c5 49 79 d9 df 93 7c 26 fc c1 41 0d 28 7c 49 ce | 70 61 df 9b af 4c ef b6 fb b4 18 44 47 46 f7 95 | 41 81 c7 b7 a3 55 3d 89 65 2a ae dd 7a 69 10 3a | e6 44 42 e0 8d 58 70 49 6c bd 78 a4 e6 87 89 ae | ae e9 84 13 84 52 93 02 6e d7 c3 19 6a 50 46 94 | c2 11 fd 00 ca a9 fb 63 19 5b 0e c0 37 4e 6f d4 | f5 81 ee d5 b1 43 3e e4 78 60 a0 df b1 95 3a d5 | 8e 84 38 9f 55 8c 0b f4 ef fa 66 52 d2 25 97 72 | 1a 24 a8 a1 5f 48 3d d8 3e 3d e3 6c f7 c3 9a bc | 40 46 a0 ee e6 d8 e2 db 3d 01 b9 33 a5 e9 59 7f | hmac PRF sha final-bytes@0x7fff8d766340 (length 20) | 0b cd 3d d5 cd 33 fb 48 35 52 68 16 94 c0 62 be | 56 3a 18 f6 | data for hmac: 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | data for hmac: 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | data for hmac: 73 30 2f 00 4f d5 5f 29 0e 70 8b f1 88 d0 be 9c | data for hmac: c5 49 79 d9 df 93 7c 26 fc c1 41 0d 28 7c 49 ce | data for hmac: 70 61 df 9b af 4c ef b6 fb b4 18 44 47 46 f7 95 | data for hmac: 41 81 c7 b7 a3 55 3d 89 65 2a ae dd 7a 69 10 3a | data for hmac: e6 44 42 e0 8d 58 70 49 6c bd 78 a4 e6 87 89 ae | data for hmac: ae e9 84 13 84 52 93 02 6e d7 c3 19 6a 50 46 94 | data for hmac: c2 11 fd 00 ca a9 fb 63 19 5b 0e c0 37 4e 6f d4 | data for hmac: f5 81 ee d5 b1 43 3e e4 78 60 a0 df b1 95 3a d5 | data for hmac: 8e 84 38 9f 55 8c 0b f4 ef fa 66 52 d2 25 97 72 | data for hmac: 1a 24 a8 a1 5f 48 3d d8 3e 3d e3 6c f7 c3 9a bc | data for hmac: 40 46 a0 ee e6 d8 e2 db 3d 01 b9 33 a5 e9 59 7f | calculated auth: 0b cd 3d d5 cd 33 fb 48 35 52 68 16 | provided auth: 0b cd 3d d5 cd 33 fb 48 35 52 68 16 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 73 30 2f 00 4f d5 5f 29 0e 70 8b f1 88 d0 be 9c | payload before decryption: | c5 49 79 d9 df 93 7c 26 fc c1 41 0d 28 7c 49 ce | 70 61 df 9b af 4c ef b6 fb b4 18 44 47 46 f7 95 | 41 81 c7 b7 a3 55 3d 89 65 2a ae dd 7a 69 10 3a | e6 44 42 e0 8d 58 70 49 6c bd 78 a4 e6 87 89 ae | ae e9 84 13 84 52 93 02 6e d7 c3 19 6a 50 46 94 | c2 11 fd 00 ca a9 fb 63 19 5b 0e c0 37 4e 6f d4 | f5 81 ee d5 b1 43 3e e4 78 60 a0 df b1 95 3a d5 | 8e 84 38 9f 55 8c 0b f4 ef fa 66 52 d2 25 97 72 | 1a 24 a8 a1 5f 48 3d d8 3e 3d e3 6c f7 c3 9a bc | 40 46 a0 ee e6 d8 e2 db 3d 01 b9 33 a5 e9 59 7f | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | b3 47 4c 4e 75 cf 7e b4 18 24 17 d4 16 01 33 06 | 8c b3 e3 4a 2c 00 00 2c 00 00 00 28 01 03 04 03 | fe 85 8b e0 03 00 00 0c 01 00 00 0c 80 0e 00 80 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | stripping 16 octets as pad | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) | **parse IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDi (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Responder: process IKE_AUTH request | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request "east" #1: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | received IDr payload - extracting our alleged ID | refine_host_connection for IKEv2: starting with "east" | match_id a=@west | b=@west | results matched | refine_host_connection: checking "east" against "east", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) | Warning: not switching back to template of current instance | Peer expects us to be @east (ID_FQDN) according to its IDr payload | This connection's local id is @east (ID_FQDN) | refine_host_connection: checked east against east, now for see if best | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x564e2d1ae180 (line=1) | concluding with best_match=014 best=0x564e2d1ae180 (lineno=1) | returning because exact peer id match | offered CA: '%none' "east" #1: IKEv2 mode peer ID is ID_FQDN: '@west' | hmac PRF sha init symkey-key@0x7f2a5000a510 (size 20) | hmac: symkey-key@0x7f2a5000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a5000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765be8 | result: clone-key@0x7f2a500069f0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x7f2a500069f0 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x7f2a500069f0 | hmac: release clone-key@0x7f2a500069f0 | hmac PRF sha crypt-prf@0x564e2d1bd370 | idhash verify I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x564e2d1b9ee4 (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7fff8d765da0 (length 20) | d6 82 8c a2 54 53 36 83 24 58 e1 ab e7 5f 64 2d | 7d b5 b6 44 | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x564e2d1ae180 (line=1) | concluding with best_match=014 best=0x564e2d1ae180 (lineno=1) | inputs to hash1 (first packet) | 6f 65 ca 24 c5 3d b3 9a 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 6b 42 64 e0 45 5a 0d 4b c1 ee 98 6c | b3 bd 90 aa 6c 91 7e 1d 29 48 28 f5 0f 71 38 da | 6b b6 8b 61 25 eb 06 86 77 5a fd f2 57 66 c1 31 | 92 17 dd 24 d1 41 81 06 61 03 37 a1 7b 44 e1 14 | cc 9a 08 8e 2b 4f 44 98 be ac 72 3a 04 c0 eb a7 | 23 74 0d 2d b8 c5 aa f9 94 da 1e 2d bc 69 69 03 | 9c 79 bd d2 c4 34 81 6b b2 7a 05 24 58 f1 ee e8 | 48 0d 40 4e 14 30 04 af 00 87 47 bc a2 b1 cf 10 | 7a 19 1d 47 77 b9 10 77 39 e2 7d 98 d4 1a 6f 4b | 02 f7 df 9c 40 ae cc 2a 5b dc a2 bb 6a 8b e4 71 | 05 b9 33 ea 07 d4 cb 2b 68 a5 37 b0 b0 85 e1 30 | 2c 84 82 aa 20 9e 02 90 e7 a8 3d 1f a5 4e 0b 7e | fd 92 15 0b 52 cc 5f 1c 5d 0b 5e 1b 74 b9 c4 be | 9a d2 e8 0c 58 c3 c6 3f 08 e7 13 3e e1 12 cf c2 | 34 ec e7 a9 c7 31 6e f2 9f 68 ba c4 55 0e d5 ae | c8 49 9b 9d 4e 4c ae 43 4c 98 a8 99 71 cc 37 e9 | 11 c8 de 5a 29 00 00 24 75 16 39 aa a4 f3 92 bd | 79 72 27 a7 6e d7 e8 f9 9f 6f e3 6b 68 d9 37 97 | 08 ac 61 0c 1d f5 26 39 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 fd a7 e7 5b ae 19 23 50 | 0b 3f cd 6e aa 36 8c 21 f6 fe 29 4f 00 00 00 1c | 00 00 40 05 c3 97 49 86 fd 49 c5 3e 93 b1 e6 93 | 6f 19 96 b4 ee 0f ce c8 | verify: initiator inputs to hash2 (responder nonce) | c0 59 f6 7e 21 cb 38 aa 55 5d e6 59 0f bd 8d 04 | 53 ef 65 c1 30 c8 83 e9 a3 0c b6 1a dd 78 d6 b8 | idhash d6 82 8c a2 54 53 36 83 24 58 e1 ab e7 5f 64 2d | idhash 7d b5 b6 44 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x564e2d1b8960 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d7659f0 | result: shared secret-key@0x7f2a58006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7f2a58006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7659d8 | result: shared secret-key@0x7f2a500069f0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7f2a58006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x564e2d1a1160 from shared secret-key@0x7f2a500069f0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x564e2d1a1160 from shared secret-key@0x7f2a500069f0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f2a500069f0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x564e2d1bb840 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x564e2b4e7bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765a10 | result: final-key@0x7f2a58006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a58006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7659f8 | result: final-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a58006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f2a500069f0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f2a500069f0 (size 20) | = prf(, ): -key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765a08 | result: clone-key@0x7f2a58006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x564e2d1a1160 from -key@0x7f2a58006900 | = prf(, ) prf: begin sha with context 0x564e2d1a1160 from -key@0x7f2a58006900 | = prf(, ): release clone-key@0x7f2a58006900 | = prf(, ) PRF sha crypt-prf@0x564e2d1bb860 | = prf(, ) PRF sha update first-packet-bytes@0x564e2d1bdf40 (length 440) | 6f 65 ca 24 c5 3d b3 9a 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 6b 42 64 e0 45 5a 0d 4b c1 ee 98 6c | b3 bd 90 aa 6c 91 7e 1d 29 48 28 f5 0f 71 38 da | 6b b6 8b 61 25 eb 06 86 77 5a fd f2 57 66 c1 31 | 92 17 dd 24 d1 41 81 06 61 03 37 a1 7b 44 e1 14 | cc 9a 08 8e 2b 4f 44 98 be ac 72 3a 04 c0 eb a7 | 23 74 0d 2d b8 c5 aa f9 94 da 1e 2d bc 69 69 03 | 9c 79 bd d2 c4 34 81 6b b2 7a 05 24 58 f1 ee e8 | 48 0d 40 4e 14 30 04 af 00 87 47 bc a2 b1 cf 10 | 7a 19 1d 47 77 b9 10 77 39 e2 7d 98 d4 1a 6f 4b | 02 f7 df 9c 40 ae cc 2a 5b dc a2 bb 6a 8b e4 71 | 05 b9 33 ea 07 d4 cb 2b 68 a5 37 b0 b0 85 e1 30 | 2c 84 82 aa 20 9e 02 90 e7 a8 3d 1f a5 4e 0b 7e | fd 92 15 0b 52 cc 5f 1c 5d 0b 5e 1b 74 b9 c4 be | 9a d2 e8 0c 58 c3 c6 3f 08 e7 13 3e e1 12 cf c2 | 34 ec e7 a9 c7 31 6e f2 9f 68 ba c4 55 0e d5 ae | c8 49 9b 9d 4e 4c ae 43 4c 98 a8 99 71 cc 37 e9 | 11 c8 de 5a 29 00 00 24 75 16 39 aa a4 f3 92 bd | 79 72 27 a7 6e d7 e8 f9 9f 6f e3 6b 68 d9 37 97 | 08 ac 61 0c 1d f5 26 39 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 fd a7 e7 5b ae 19 23 50 | 0b 3f cd 6e aa 36 8c 21 f6 fe 29 4f 00 00 00 1c | 00 00 40 05 c3 97 49 86 fd 49 c5 3e 93 b1 e6 93 | 6f 19 96 b4 ee 0f ce c8 | = prf(, ) PRF sha update nonce-bytes@0x7f2a58002af0 (length 32) | c0 59 f6 7e 21 cb 38 aa 55 5d e6 59 0f bd 8d 04 | 53 ef 65 c1 30 c8 83 e9 a3 0c b6 1a dd 78 d6 b8 | = prf(, ) PRF sha update hash-bytes@0x7fff8d765da0 (length 20) | d6 82 8c a2 54 53 36 83 24 58 e1 ab e7 5f 64 2d | 7d b5 b6 44 | = prf(, ) PRF sha final-chunk@0x564e2d1bd370 (length 20) | b3 47 4c 4e 75 cf 7e b4 18 24 17 d4 16 01 33 06 | 8c b3 e3 4a | psk_auth: release prf-psk-key@0x7f2a500069f0 | Received PSK auth octets | b3 47 4c 4e 75 cf 7e b4 18 24 17 d4 16 01 33 06 | 8c b3 e3 4a | Calculated PSK auth octets | b3 47 4c 4e 75 cf 7e b4 18 24 17 d4 16 01 33 06 | 8c b3 e3 4a "east" #1: Authenticated using authby=secret | parent state #1: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) | #1 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x564e2d1bd2c0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564e2d1bb7d0 | event_schedule: new EVENT_SA_REKEY-pe@0x564e2d1bb7d0 | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #1 | libevent_malloc: new ptr-libevent@0x564e2d1bd2c0 size 128 | pstats #1 ikev2.ike established | **emit ISAKMP Message: | initiator cookie: | 6f 65 ca 24 c5 3d b3 9a | responder cookie: | be e6 fc 2c 4c bc e3 0e | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | hmac PRF sha init symkey-key@0x7f2a5000d640 (size 20) | hmac: symkey-key@0x7f2a5000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a5000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765558 | result: clone-key@0x7f2a500069f0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x7f2a500069f0 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x7f2a500069f0 | hmac: release clone-key@0x7f2a500069f0 | hmac PRF sha crypt-prf@0x564e2d1bd350 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload | my identity 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | idhash calc R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x564e2b553974 (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7fff8d765860 (length 20) | a6 0d 7c a2 42 74 2b fd cd 6a ad 19 ff ee 67 19 | c4 2e de 8f | assembled IDr payload | CHILD SA proposals received | going to assemble AUTH payload | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x564e2d1ae180 (line=1) | concluding with best_match=014 best=0x564e2d1ae180 (lineno=1) | inputs to hash1 (first packet) | 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 a9 2c fb ec cc 02 b2 bf 50 53 f9 40 | c7 3c 87 c3 04 65 e4 88 ac 8d bd 1b 54 75 24 61 | b4 6a d1 8a 9b eb 26 a6 33 72 98 30 26 78 23 ac | 96 2d 71 84 98 2e 60 eb e2 0a 92 f2 f9 5d ac 58 | 33 9d eb c7 6b 95 69 d5 37 43 b5 75 d3 d2 be 0d | 26 f5 3d 1e 7f ec c3 1d d8 7f 8d df a9 e8 07 81 | cf ee b5 f3 66 aa 48 29 47 97 ec f6 fe c1 47 65 | 65 4e 61 a9 1f 8c 29 1d 8c d7 42 dd 4b 0c 0e dd | 7d 33 5f 9e 93 f4 cb e4 93 a0 64 62 87 44 17 75 | 0e e4 41 12 28 b8 6e 86 60 96 fe f8 94 1f 0c a3 | d5 5e c0 1a fb 60 78 37 e3 8f 94 33 b0 f8 88 a1 | 34 06 d2 e3 fe 9c 22 a3 f5 6c f9 50 73 67 6e 65 | 6e af 5a 1f 01 e9 ab 02 c5 82 d4 04 43 36 4f d9 | 7b 01 61 19 c7 ac a5 fa dc 2d 8f 4d b3 b9 79 17 | 24 02 89 30 b3 fc 60 a3 66 36 5a 7a da f1 e3 1f | b5 af 89 84 2d d6 32 9f 8c 17 bb e8 a8 57 d8 89 | c7 a6 30 ce 29 00 00 24 c0 59 f6 7e 21 cb 38 aa | 55 5d e6 59 0f bd 8d 04 53 ef 65 c1 30 c8 83 e9 | a3 0c b6 1a dd 78 d6 b8 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 19 22 f3 65 db 24 03 4c | ec 3b db f0 20 a2 58 d0 86 35 68 cf 00 00 00 1c | 00 00 40 05 db c0 81 14 89 1a 6c cd 1c 2e a1 61 | 37 59 1f 34 8d 04 f6 9e | create: responder inputs to hash2 (initiator nonce) | 75 16 39 aa a4 f3 92 bd 79 72 27 a7 6e d7 e8 f9 | 9f 6f e3 6b 68 d9 37 97 08 ac 61 0c 1d f5 26 39 | idhash a6 0d 7c a2 42 74 2b fd cd 6a ad 19 ff ee 67 19 | idhash c4 2e de 8f | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x564e2d1b8960 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765350 | result: shared secret-key@0x7f2a58006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7f2a58006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765338 | result: shared secret-key@0x7f2a500069f0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7f2a58006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x564e2d1a1160 from shared secret-key@0x7f2a500069f0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x564e2d1a1160 from shared secret-key@0x7f2a500069f0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f2a500069f0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x564e2d1bd370 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x564e2b4e7bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765370 | result: final-key@0x7f2a58006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a58006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765358 | result: final-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a58006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f2a500069f0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f2a500069f0 (size 20) | = prf(, ): -key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765368 | result: clone-key@0x7f2a58006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x564e2d1a1160 from -key@0x7f2a58006900 | = prf(, ) prf: begin sha with context 0x564e2d1a1160 from -key@0x7f2a58006900 | = prf(, ): release clone-key@0x7f2a58006900 | = prf(, ) PRF sha crypt-prf@0x564e2d1bb840 | = prf(, ) PRF sha update first-packet-bytes@0x564e2d1be2c0 (length 440) | 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 a9 2c fb ec cc 02 b2 bf 50 53 f9 40 | c7 3c 87 c3 04 65 e4 88 ac 8d bd 1b 54 75 24 61 | b4 6a d1 8a 9b eb 26 a6 33 72 98 30 26 78 23 ac | 96 2d 71 84 98 2e 60 eb e2 0a 92 f2 f9 5d ac 58 | 33 9d eb c7 6b 95 69 d5 37 43 b5 75 d3 d2 be 0d | 26 f5 3d 1e 7f ec c3 1d d8 7f 8d df a9 e8 07 81 | cf ee b5 f3 66 aa 48 29 47 97 ec f6 fe c1 47 65 | 65 4e 61 a9 1f 8c 29 1d 8c d7 42 dd 4b 0c 0e dd | 7d 33 5f 9e 93 f4 cb e4 93 a0 64 62 87 44 17 75 | 0e e4 41 12 28 b8 6e 86 60 96 fe f8 94 1f 0c a3 | d5 5e c0 1a fb 60 78 37 e3 8f 94 33 b0 f8 88 a1 | 34 06 d2 e3 fe 9c 22 a3 f5 6c f9 50 73 67 6e 65 | 6e af 5a 1f 01 e9 ab 02 c5 82 d4 04 43 36 4f d9 | 7b 01 61 19 c7 ac a5 fa dc 2d 8f 4d b3 b9 79 17 | 24 02 89 30 b3 fc 60 a3 66 36 5a 7a da f1 e3 1f | b5 af 89 84 2d d6 32 9f 8c 17 bb e8 a8 57 d8 89 | c7 a6 30 ce 29 00 00 24 c0 59 f6 7e 21 cb 38 aa | 55 5d e6 59 0f bd 8d 04 53 ef 65 c1 30 c8 83 e9 | a3 0c b6 1a dd 78 d6 b8 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 19 22 f3 65 db 24 03 4c | ec 3b db f0 20 a2 58 d0 86 35 68 cf 00 00 00 1c | 00 00 40 05 db c0 81 14 89 1a 6c cd 1c 2e a1 61 | 37 59 1f 34 8d 04 f6 9e | = prf(, ) PRF sha update nonce-bytes@0x564e2d1bb810 (length 32) | 75 16 39 aa a4 f3 92 bd 79 72 27 a7 6e d7 e8 f9 | 9f 6f e3 6b 68 d9 37 97 08 ac 61 0c 1d f5 26 39 | = prf(, ) PRF sha update hash-bytes@0x7fff8d765860 (length 20) | a6 0d 7c a2 42 74 2b fd cd 6a ad 19 ff ee 67 19 | c4 2e de 8f | = prf(, ) PRF sha final-chunk@0x564e2d1bd350 (length 20) | 9d 9a 63 19 1c ff c8 eb 76 39 4d 74 96 4c a0 2f | 1a 2b 10 05 | psk_auth: release prf-psk-key@0x7f2a500069f0 | PSK auth octets 9d 9a 63 19 1c ff c8 eb 76 39 4d 74 96 4c a0 2f | PSK auth octets 1a 2b 10 05 | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth 9d 9a 63 19 1c ff c8 eb 76 39 4d 74 96 4c a0 2f | PSK auth 1a 2b 10 05 | emitting length of IKEv2 Authentication Payload: 28 | creating state object #2 at 0x564e2d1be6c0 | State DB: adding IKEv2 state #2 in UNDEFINED | pstats #2 ikev2.child started | duplicating state object #1 "east" as #2 for IPSEC SA | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1481) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x564e2d1a8430 | duplicate_state: reference st_skey_ai_nss-key@0x564e2d19df20 | duplicate_state: reference st_skey_ar_nss-key@0x564e2d1a5000 | duplicate_state: reference st_skey_ei_nss-key@0x564e2d1aba50 | duplicate_state: reference st_skey_er_nss-key@0x564e2d19f7a0 | duplicate_state: reference st_skey_pi_nss-key@0x7f2a5000a510 | duplicate_state: reference st_skey_pr_nss-key@0x7f2a5000d640 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #1.#2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 | Message ID: switch-to #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 | Child SA TS Request has ike->sa == md->st; so using parent connection | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | looking for best SPD in current connection | evaluating our conn="east" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found better spd route for TSi[0],TSr[0] | looking for better host pair | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | checking hostpair 192.0.2.0/24:0 -> 192.0.1.0/24:0 is found | investigating connection "east" as a better match | match_id a=@west | b=@west | results matched | evaluating our conn="east" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | did not find a better connection using host pair | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | constructing ESP/AH proposals with all DH removed for east (IKE_AUTH responder matching remote ESP/AH proposals) | converting proposal AES_CBC_128-HMAC_SHA1_96-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | converting proposal 3DES_CBC-HMAC_SHA1_96-MODP2048 to ikev2 ... | omitting IKEv2 PROTO_v2_ESP 3des_cbc ENCRYPT transform key-length | ... ikev2_proposal: 2:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED "east": constructed local ESP/AH proposals for east (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED 2:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 0 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 1 transforms | local proposal 2 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI fe 85 8b e0 | Comparing remote proposal 1 containing 3 transforms against local proposal [1..2] of 2 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | *****parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 1 "east" #1: proposal 1:ESP:SPI=fe858be0;ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=fe858be0;ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | netlink_get_spi: allocated 0xca49dac6 for esp.0@192.1.2.23 | Emitting ikev2_proposal ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi ca 49 da c6 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 01 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 02 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | integ=sha: .key_size=20 encrypt=aes: .key_size=16 .salt_size=0 keymat_len=36 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d7653e0 | result: data=Ni-key@0x7f2a58006900 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x7f2a58006900 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7653c8 | result: data=Ni-key@0x7f2a500069f0 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x7f2a58006900 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a500069f0 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff8d7653d0 | result: data+=Nr-key@0x7f2a58006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f2a500069f0 | prf+0 PRF sha init key-key@0x564e2d1a8430 (size 20) | prf+0: key-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652f8 | result: clone-key@0x7f2a500069f0 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x564e2d1a1160 from key-key@0x7f2a500069f0 | prf+0 prf: begin sha with context 0x564e2d1a1160 from key-key@0x7f2a500069f0 | prf+0: release clone-key@0x7f2a500069f0 | prf+0 PRF sha crypt-prf@0x564e2d1bd370 | prf+0 PRF sha update seed-key@0x7f2a58006900 (size 64) | prf+0: seed-key@0x7f2a58006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f2a58006900 | nss hmac digest hack: symkey-key@0x7f2a58006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1921626304: ffffff80 0f ffffffb4 ffffffaa 2d 2e 5d ffffffc1 ffffffa3 ffffff81 ffffffd4 ffffffde ffffffb7 ffffffc2 23 fffffff7 ffffffc1 ffffffcb 1b 63 ffffff86 04 ffffffb6 ffffff83 3a 3b ffffffb1 2d ffffff93 4f ffffffb1 4b 06 22 ffffffee ffffffcd 50 27 1c 69 ffffffea ffffffe8 04 0c ffffffd7 70 43 0e ffffffe8 4f fffffff8 ffffffe4 fffffff7 6d 32 ffffffa5 24 ffffffb1 ffffffb7 ffffffd5 ffffff97 47 ffffff97 08 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 64 bytes at 0x564e2d1c18f0 | unwrapped: 75 16 39 aa a4 f3 92 bd 79 72 27 a7 6e d7 e8 f9 | unwrapped: 9f 6f e3 6b 68 d9 37 97 08 ac 61 0c 1d f5 26 39 | unwrapped: c0 59 f6 7e 21 cb 38 aa 55 5d e6 59 0f bd 8d 04 | unwrapped: 53 ef 65 c1 30 c8 83 e9 a3 0c b6 1a dd 78 d6 b8 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765300 | result: final-key@0x564e2d1bff30 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d1bff30 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652e8 | result: final-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564e2d1bff30 | prf+0 PRF sha final-key@0x7f2a500069f0 (size 20) | prf+0: key-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x7f2a500069f0 | prf+N PRF sha init key-key@0x564e2d1a8430 (size 20) | prf+N: key-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652f8 | result: clone-key@0x564e2d1bff30 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x564e2d1a1160 from key-key@0x564e2d1bff30 | prf+N prf: begin sha with context 0x564e2d1a1160 from key-key@0x564e2d1bff30 | prf+N: release clone-key@0x564e2d1bff30 | prf+N PRF sha crypt-prf@0x564e2d1be610 | prf+N PRF sha update old_t-key@0x7f2a500069f0 (size 20) | prf+N: old_t-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f2a500069f0 | nss hmac digest hack: symkey-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1921626304: ffffffde 1e ffffffbf fffffffd ffffff94 49 ffffffb9 ffffffb7 fffffff5 ffffff9c ffffff82 ffffffef 21 ffffff87 73 53 0f fffffff3 ffffff9c 75 ffffff80 ffffffb2 ffffffbc ffffffa8 05 1f 7a 28 fffffff6 ffffffa2 0f fffffff0 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x564e2d1c0150 | unwrapped: c1 f6 25 f8 7e ae 4a dc d9 43 2a 64 50 35 49 cb | unwrapped: 32 94 33 fc 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f2a58006900 (size 64) | prf+N: seed-key@0x7f2a58006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f2a58006900 | nss hmac digest hack: symkey-key@0x7f2a58006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1921626304: ffffff80 0f ffffffb4 ffffffaa 2d 2e 5d ffffffc1 ffffffa3 ffffff81 ffffffd4 ffffffde ffffffb7 ffffffc2 23 fffffff7 ffffffc1 ffffffcb 1b 63 ffffff86 04 ffffffb6 ffffff83 3a 3b ffffffb1 2d ffffff93 4f ffffffb1 4b 06 22 ffffffee ffffffcd 50 27 1c 69 ffffffea ffffffe8 04 0c ffffffd7 70 43 0e ffffffe8 4f fffffff8 ffffffe4 fffffff7 6d 32 ffffffa5 24 ffffffb1 ffffffb7 ffffffd5 ffffff97 47 ffffff97 08 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 64 bytes at 0x564e2d1c1800 | unwrapped: 75 16 39 aa a4 f3 92 bd 79 72 27 a7 6e d7 e8 f9 | unwrapped: 9f 6f e3 6b 68 d9 37 97 08 ac 61 0c 1d f5 26 39 | unwrapped: c0 59 f6 7e 21 cb 38 aa 55 5d e6 59 0f bd 8d 04 | unwrapped: 53 ef 65 c1 30 c8 83 e9 a3 0c b6 1a dd 78 d6 b8 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765300 | result: final-key@0x564e2d1c1940 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d1c1940 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652e8 | result: final-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564e2d1c1940 | prf+N PRF sha final-key@0x564e2d1bff30 (size 20) | prf+N: key-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff8d765378 | result: result-key@0x564e2d1c1940 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a500069f0 | prfplus: release old_t[N]-key@0x7f2a500069f0 | prf+N PRF sha init key-key@0x564e2d1a8430 (size 20) | prf+N: key-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652f8 | result: clone-key@0x7f2a500069f0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x564e2d1a1160 from key-key@0x7f2a500069f0 | prf+N prf: begin sha with context 0x564e2d1a1160 from key-key@0x7f2a500069f0 | prf+N: release clone-key@0x7f2a500069f0 | prf+N PRF sha crypt-prf@0x564e2d1bb860 | prf+N PRF sha update old_t-key@0x564e2d1bff30 (size 20) | prf+N: old_t-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564e2d1bff30 | nss hmac digest hack: symkey-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1921626304: 6a 09 ffffff99 ffffffa3 60 34 25 26 59 08 ffffff8b ffffffc7 ffffff92 01 ffffffc5 ffffffc3 fffffff4 6d ffffff8a 57 ffffffd6 0f 34 ffffffa3 00 41 ffffffbd ffffffdb 13 ffffffdb ffffffae 37 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x564e2d1c1ac0 | unwrapped: 4b a8 20 8d e0 f5 60 6b 79 be 94 58 5f c4 63 55 | unwrapped: e6 47 85 fa 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f2a58006900 (size 64) | prf+N: seed-key@0x7f2a58006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f2a58006900 | nss hmac digest hack: symkey-key@0x7f2a58006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1921626304: ffffff80 0f ffffffb4 ffffffaa 2d 2e 5d ffffffc1 ffffffa3 ffffff81 ffffffd4 ffffffde ffffffb7 ffffffc2 23 fffffff7 ffffffc1 ffffffcb 1b 63 ffffff86 04 ffffffb6 ffffff83 3a 3b ffffffb1 2d ffffff93 4f ffffffb1 4b 06 22 ffffffee ffffffcd 50 27 1c 69 ffffffea ffffffe8 04 0c ffffffd7 70 43 0e ffffffe8 4f fffffff8 ffffffe4 fffffff7 6d 32 ffffffa5 24 ffffffb1 ffffffb7 ffffffd5 ffffff97 47 ffffff97 08 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 64 bytes at 0x564e2d1c17b0 | unwrapped: 75 16 39 aa a4 f3 92 bd 79 72 27 a7 6e d7 e8 f9 | unwrapped: 9f 6f e3 6b 68 d9 37 97 08 ac 61 0c 1d f5 26 39 | unwrapped: c0 59 f6 7e 21 cb 38 aa 55 5d e6 59 0f bd 8d 04 | unwrapped: 53 ef 65 c1 30 c8 83 e9 a3 0c b6 1a dd 78 d6 b8 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765300 | result: final-key@0x564e2d1c1a10 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d1c1a10 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652e8 | result: final-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564e2d1c1a10 | prf+N PRF sha final-key@0x7f2a500069f0 (size 20) | prf+N: key-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d1c1940 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff8d765378 | result: result-key@0x564e2d1c1a10 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564e2d1c1940 | prfplus: release old_t[N]-key@0x564e2d1bff30 | prf+N PRF sha init key-key@0x564e2d1a8430 (size 20) | prf+N: key-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652f8 | result: clone-key@0x564e2d1bff30 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x564e2d1a1160 from key-key@0x564e2d1bff30 | prf+N prf: begin sha with context 0x564e2d1a1160 from key-key@0x564e2d1bff30 | prf+N: release clone-key@0x564e2d1bff30 | prf+N PRF sha crypt-prf@0x564e2d1be610 | prf+N PRF sha update old_t-key@0x7f2a500069f0 (size 20) | prf+N: old_t-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f2a500069f0 | nss hmac digest hack: symkey-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1921626304: 1d ffffffae 73 ffffff96 ffffffc4 72 06 2d ffffffd9 2f 16 0d ffffffac ffffffcb ffffffc1 ffffffbd 40 ffffffb7 77 ffffffba ffffffb7 63 ffffff8f 1f ffffffd0 ffffffc7 ffffffa2 ffffff99 ffffffbb ffffff9c ffffffc0 72 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x564e2d1c33b0 | unwrapped: 9f b6 22 d2 40 a1 cd db 25 ff fe cf ae f8 a7 33 | unwrapped: 94 05 14 de 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f2a58006900 (size 64) | prf+N: seed-key@0x7f2a58006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f2a58006900 | nss hmac digest hack: symkey-key@0x7f2a58006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1921626304: ffffff80 0f ffffffb4 ffffffaa 2d 2e 5d ffffffc1 ffffffa3 ffffff81 ffffffd4 ffffffde ffffffb7 ffffffc2 23 fffffff7 ffffffc1 ffffffcb 1b 63 ffffff86 04 ffffffb6 ffffff83 3a 3b ffffffb1 2d ffffff93 4f ffffffb1 4b 06 22 ffffffee ffffffcd 50 27 1c 69 ffffffea ffffffe8 04 0c ffffffd7 70 43 0e ffffffe8 4f fffffff8 ffffffe4 fffffff7 6d 32 ffffffa5 24 ffffffb1 ffffffb7 ffffffd5 ffffff97 47 ffffff97 08 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 64 bytes at 0x564e2d1c4e20 | unwrapped: 75 16 39 aa a4 f3 92 bd 79 72 27 a7 6e d7 e8 f9 | unwrapped: 9f 6f e3 6b 68 d9 37 97 08 ac 61 0c 1d f5 26 39 | unwrapped: c0 59 f6 7e 21 cb 38 aa 55 5d e6 59 0f bd 8d 04 | unwrapped: 53 ef 65 c1 30 c8 83 e9 a3 0c b6 1a dd 78 d6 b8 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765300 | result: final-key@0x564e2d1c1940 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d1c1940 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652e8 | result: final-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564e2d1c1940 | prf+N PRF sha final-key@0x564e2d1bff30 (size 20) | prf+N: key-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d1c1a10 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff8d765378 | result: result-key@0x564e2d1c1940 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564e2d1c1a10 | prfplus: release old_t[N]-key@0x7f2a500069f0 | prfplus: release old_t[final]-key@0x564e2d1bff30 | child_sa_keymat: release data-key@0x7f2a58006900 | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x564e2d1c1940 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765458 | result: result-key@0x7f2a58006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 36 bytes of key@0x7f2a58006900 | initiator to responder keys: symkey-key@0x7f2a58006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x564e2d1a1c00 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)857743411: ffffffde 1e ffffffbf fffffffd ffffff94 49 ffffffb9 ffffffb7 fffffff5 ffffff9c ffffff82 ffffffef 21 ffffff87 73 53 ffffffa5 18 ffffffcc ffffffed 2e 29 2a ffffffa5 51 ffffffe7 ffffffeb ffffffb0 14 ffffff8a fffffffe ffffff82 ffffffc9 ffffffc0 2b 0a ffffffab 6e ffffff92 6e 63 4a ffffffad ffffffc6 2c 2c 3f 15 | initiator to responder keys: release slot-key-key@0x564e2d1a1c00 | initiator to responder keys extracted len 48 bytes at 0x564e2d1c33e0 | unwrapped: c1 f6 25 f8 7e ae 4a dc d9 43 2a 64 50 35 49 cb | unwrapped: 32 94 33 fc 4b a8 20 8d e0 f5 60 6b 79 be 94 58 | unwrapped: 5f c4 63 55 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x7f2a58006900 | key-offset: 36, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x564e2d1c1940 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765458 | result: result-key@0x7f2a58006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 36 bytes of key@0x7f2a58006900 | responder to initiator keys:: symkey-key@0x7f2a58006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x564e2d1a1c00 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)857743411: ffffff92 ffffffc2 07 66 ffffffe8 5a 4c ffffffb1 ffffff91 ffffff85 1d ffffff97 ffffffe7 58 ffffff90 65 33 ffffffe3 ffffffe8 5a 2a ffffffba 54 ffffffe0 20 5c 27 07 24 ffffff84 46 12 2f fffffff9 ffffff94 ffffffe3 ffffffba ffffffb5 51 4e 37 ffffffa7 ffffffab ffffffe3 54 ffffffda 76 ffffff9c | responder to initiator keys:: release slot-key-key@0x564e2d1a1c00 | responder to initiator keys: extracted len 48 bytes at 0x564e2d1c4cb0 | unwrapped: e6 47 85 fa 9f b6 22 d2 40 a1 cd db 25 ff fe cf | unwrapped: ae f8 a7 33 94 05 14 de e8 d6 b7 44 30 8f 39 11 | unwrapped: b2 16 44 98 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x7f2a58006900 | ikev2_derive_child_keys: release keymat-key@0x564e2d1c1940 | FOR_EACH_CONNECTION_... in ISAKMP_SA_established | #1 spent 2.56 milliseconds | install_ipsec_sa() for #2: inbound and outbound | could_route called for east (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" unrouted: NULL; eroute owner: NULL | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.fe858be0@192.1.2.45 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.ca49dac6@192.1.2.23 included non-error error | priority calculation of connection "east" is 0xfe7e7 | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #2: unrouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" unrouted: NULL; eroute owner: NULL | route_and_eroute with c: east (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 | priority calculation of connection "east" is 0xfe7e7 | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xfe858be0 SPI_OUT=0xca4 | popen cmd is 1020 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFA: | cmd( 80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' : | cmd( 160):PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_M: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1638: | cmd( 320):8' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_: | cmd( 400):CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK=': | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKE: | cmd( 640):V2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO: | cmd( 720):_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_IN: | cmd( 800):FO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_: | cmd( 880):CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=: | cmd( 960):'no' SPI_IN=0xfe858be0 SPI_OUT=0xca49dac6 ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | running updown command "ipsec _updown" for verb prepare | command executing prepare-client | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xfe858be0 SPI | popen cmd is 1025 chars long | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_IN: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@e: | cmd( 160):ast' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLI: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: | cmd( 320):'16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_: | cmd( 400):PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_M: | cmd( 480):ASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='': | cmd( 560): PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PF: | cmd( 640):S+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' : | cmd( 720):PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_D: | cmd( 800):NS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' P: | cmd( 880):LUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SH: | cmd( 960):ARED='no' SPI_IN=0xfe858be0 SPI_OUT=0xca49dac6 ipsec _updown 2>&1: | running updown command "ipsec _updown" for verb route | command executing route-client | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xfe858be0 SPI_OUT | popen cmd is 1023 chars long | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTE: | cmd( 80):RFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@eas: | cmd( 160):t' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIEN: | cmd( 240):T_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1: | cmd( 320):6388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PE: | cmd( 400):ER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MAS: | cmd( 480):K='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' P: | cmd( 560):LUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+: | cmd( 640):IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PL: | cmd( 720):UTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS: | cmd( 800):_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLU: | cmd( 880):TO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR: | cmd( 960):ED='no' SPI_IN=0xfe858be0 SPI_OUT=0xca49dac6 ipsec _updown 2>&1: | route_and_eroute: instance "east", setting eroute_owner {spd=0x564e2d1b9a50,sr=0x564e2d1b9a50} to #2 (was #0) (newest_ipsec_sa=#0) | #1 spent 0.811 milliseconds in install_ipsec_sa() | ISAKMP_v2_IKE_AUTH: instance east[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 | adding 12 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 176 | emitting length of ISAKMP Message: 204 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 87 18 25 60 50 c4 cd b0 6a 9f 44 db 86 5f 4b 12 | data before encryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 9d 9a 63 19 1c ff c8 eb 76 39 4d 74 | 96 4c a0 2f 1a 2b 10 05 2c 00 00 2c 00 00 00 28 | 01 03 04 03 ca 49 da c6 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 03 00 00 02 00 00 00 08 | 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 01 00 c0 00 01 ff 00 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 | c0 00 02 ff 00 01 02 03 04 05 06 07 08 09 0a 0b | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 4e 85 cf 40 f2 36 82 a3 30 52 4f 63 62 75 e0 3f | bc b8 33 f5 13 3c ca 14 c8 83 93 d5 ab c8 41 f7 | 42 9e cf 67 c5 5c a0 f7 df 1a e2 64 b6 96 d4 9b | d8 46 26 55 2f ea a6 9d bf 5a 59 ae 43 01 38 d4 | 7c 15 63 0d 2e 98 8e 85 40 6d c4 7e 63 8f e3 fb | 5a f5 76 48 3d 91 90 78 da 1e 8d 6a 51 2a 18 ef | 61 44 dc a7 df 18 1a 81 da ae 25 92 fd e1 44 51 | 39 76 d7 0c 74 25 aa 04 a1 f7 2a 52 93 26 24 2e | 94 f7 49 71 b8 90 b9 fe 24 cf 87 3d 97 d0 f1 04 | hmac PRF sha init symkey-key@0x564e2d1a5000 (size 20) | hmac: symkey-key@0x564e2d1a5000 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1a5000 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765468 | result: clone-key@0x564e2d1c1940 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x564e2d1c1940 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x564e2d1c1940 | hmac: release clone-key@0x564e2d1c1940 | hmac PRF sha crypt-prf@0x564e2d1bb860 | hmac PRF sha update data-bytes@0x564e2b553940 (length 192) | 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | 87 18 25 60 50 c4 cd b0 6a 9f 44 db 86 5f 4b 12 | 4e 85 cf 40 f2 36 82 a3 30 52 4f 63 62 75 e0 3f | bc b8 33 f5 13 3c ca 14 c8 83 93 d5 ab c8 41 f7 | 42 9e cf 67 c5 5c a0 f7 df 1a e2 64 b6 96 d4 9b | d8 46 26 55 2f ea a6 9d bf 5a 59 ae 43 01 38 d4 | 7c 15 63 0d 2e 98 8e 85 40 6d c4 7e 63 8f e3 fb | 5a f5 76 48 3d 91 90 78 da 1e 8d 6a 51 2a 18 ef | 61 44 dc a7 df 18 1a 81 da ae 25 92 fd e1 44 51 | 39 76 d7 0c 74 25 aa 04 a1 f7 2a 52 93 26 24 2e | 94 f7 49 71 b8 90 b9 fe 24 cf 87 3d 97 d0 f1 04 | hmac PRF sha final-bytes@0x564e2b553a00 (length 20) | 85 66 4b da e9 20 d1 34 02 57 5c fd 9a 03 a2 ac | e6 01 27 2f | data being hmac: 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | data being hmac: 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | data being hmac: 87 18 25 60 50 c4 cd b0 6a 9f 44 db 86 5f 4b 12 | data being hmac: 4e 85 cf 40 f2 36 82 a3 30 52 4f 63 62 75 e0 3f | data being hmac: bc b8 33 f5 13 3c ca 14 c8 83 93 d5 ab c8 41 f7 | data being hmac: 42 9e cf 67 c5 5c a0 f7 df 1a e2 64 b6 96 d4 9b | data being hmac: d8 46 26 55 2f ea a6 9d bf 5a 59 ae 43 01 38 d4 | data being hmac: 7c 15 63 0d 2e 98 8e 85 40 6d c4 7e 63 8f e3 fb | data being hmac: 5a f5 76 48 3d 91 90 78 da 1e 8d 6a 51 2a 18 ef | data being hmac: 61 44 dc a7 df 18 1a 81 da ae 25 92 fd e1 44 51 | data being hmac: 39 76 d7 0c 74 25 aa 04 a1 f7 2a 52 93 26 24 2e | data being hmac: 94 f7 49 71 b8 90 b9 fe 24 cf 87 3d 97 d0 f1 04 | out calculated auth: | 85 66 4b da e9 20 d1 34 02 57 5c fd | ikev2_parent_inI2outR2_continue_tail returned STF_OK | #1 spent 3.6 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() | suspend processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #2 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #2 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R | child state #2: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) | Message ID: updating counters for #2 to 1 after switching state | Message ID: recv #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 | Message ID: sent #1.#2 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 | pstats #2 ikev2.child established "east" #2: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0] | NAT-T: encaps is 'auto' "east" #2: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0xfe858be0 <0xca49dac6 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 204 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | 87 18 25 60 50 c4 cd b0 6a 9f 44 db 86 5f 4b 12 | 4e 85 cf 40 f2 36 82 a3 30 52 4f 63 62 75 e0 3f | bc b8 33 f5 13 3c ca 14 c8 83 93 d5 ab c8 41 f7 | 42 9e cf 67 c5 5c a0 f7 df 1a e2 64 b6 96 d4 9b | d8 46 26 55 2f ea a6 9d bf 5a 59 ae 43 01 38 d4 | 7c 15 63 0d 2e 98 8e 85 40 6d c4 7e 63 8f e3 fb | 5a f5 76 48 3d 91 90 78 da 1e 8d 6a 51 2a 18 ef | 61 44 dc a7 df 18 1a 81 da ae 25 92 fd e1 44 51 | 39 76 d7 0c 74 25 aa 04 a1 f7 2a 52 93 26 24 2e | 94 f7 49 71 b8 90 b9 fe 24 cf 87 3d 97 d0 f1 04 | 85 66 4b da e9 20 d1 34 02 57 5c fd | releasing whack for #2 (sock=fd@-1) | releasing whack and unpending for parent #1 | unpending state #1 connection "east" | #2 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x564e2d1c0180 | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #2 | libevent_malloc: new ptr-libevent@0x564e2d1c3300 size 128 | resume sending helper answer for #1 suppresed complete_v2_state_transition() | #1 spent 3.99 milliseconds in resume sending helper answer | stop processing: state #2 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f2a5000eec0 | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00431 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00262 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00264 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00247 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | 57 55 85 0c 0f 54 cf 66 51 df d5 09 02 43 7b ce | 6f d1 b3 46 8c 55 bb b3 dc e9 d8 c2 13 16 30 28 | e1 0a e0 c6 93 29 6e 29 ca b4 09 c6 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 6f 65 ca 24 c5 3d b3 9a | responder cookie: | be e6 fc 2c 4c bc e3 0e | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa) | start processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SK (len=44) | Message ID: start-responder #1 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 | #1 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x564e2d19df20 (size 20) | hmac: symkey-key@0x564e2d19df20 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d19df20 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7660b8 | result: clone-key@0x564e2d1c1940 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x564e2d1c1940 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x564e2d1c1940 | hmac: release clone-key@0x564e2d1c1940 | hmac PRF sha crypt-prf@0x564e2d1bd370 | hmac PRF sha update data-bytes@0x564e2d11cf50 (length 64) | 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | 57 55 85 0c 0f 54 cf 66 51 df d5 09 02 43 7b ce | 6f d1 b3 46 8c 55 bb b3 dc e9 d8 c2 13 16 30 28 | hmac PRF sha final-bytes@0x7fff8d766280 (length 20) | e1 0a e0 c6 93 29 6e 29 ca b4 09 c6 98 93 2c 7b | fa c0 b4 bc | data for hmac: 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | data for hmac: 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | data for hmac: 57 55 85 0c 0f 54 cf 66 51 df d5 09 02 43 7b ce | data for hmac: 6f d1 b3 46 8c 55 bb b3 dc e9 d8 c2 13 16 30 28 | calculated auth: e1 0a e0 c6 93 29 6e 29 ca b4 09 c6 | provided auth: e1 0a e0 c6 93 29 6e 29 ca b4 09 c6 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 57 55 85 0c 0f 54 cf 66 51 df d5 09 02 43 7b ce | payload before decryption: | 6f d1 b3 46 8c 55 bb b3 dc e9 d8 c2 13 16 30 28 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 00 00 00 0c 03 04 00 01 fe 85 8b e0 00 01 02 03 | stripping 4 octets as pad | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 12 (0xc) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | processing payload: ISAKMP_NEXT_v2D (len=4) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | 6f 65 ca 24 c5 3d b3 9a | responder cookie: | be e6 fc 2c 4c bc e3 0e | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | parsing 4 raw bytes of IKEv2 Delete Payload into SPI | SPI fe 85 8b e0 | delete PROTO_v2_ESP SA(0xfe858be0) | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_R | State DB: found IKEv2 state #2 in V2_IPSEC_R (find_v2_child_sa_by_outbound_spi) | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0xfe858be0) "east" #1: received Delete SA payload: delete IPsec State #2 now | pstats #2 ikev2.child deleted completed | suspend processing: state #1 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) | start processing: state #2 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #2: deleting other state #2 (STATE_V2_IPSEC_R) aged 0.345s and NOT sending notification | child state #2: V2_IPSEC_R(established CHILD SA) => delete | get_sa_info esp.fe858be0@192.1.2.45 | get_sa_info esp.ca49dac6@192.1.2.23 "east" #2: ESP traffic information: in=84B out=84B | child state #2: V2_IPSEC_R(established CHILD SA) => CHILDSA_DEL(informational) | state #2 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x564e2d1c3300 | free_event_entry: release EVENT_SA_REKEY-pe@0x564e2d1c0180 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050305' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xfe858be0 | popen cmd is 1031 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east: | cmd( 160):' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='1569050305' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUN: | cmd( 640):NEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMA: | cmd( 720):NENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_: | cmd( 800):PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER: | cmd( 880):='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' : | cmd( 960):VTI_SHARED='no' SPI_IN=0xfe858be0 SPI_OUT=0xca49dac6 ipsec _updown 2>&1: | shunt_eroute() called for connection 'east' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.2.0/24:0 --0->- 192.0.1.0/24:0 | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.1.0/24:0 | priority calculation of connection "east" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.fe858be0@192.1.2.45 | netlink response for Del SA esp.fe858be0@192.1.2.45 included non-error error | priority calculation of connection "east" is 0xfe7e7 | delete inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) | raw_eroute result=success | delete esp.ca49dac6@192.1.2.23 | netlink response for Del SA esp.ca49dac6@192.1.2.23 included non-error error | in connection_discard for connection east | State DB: deleting IKEv2 state #2 in CHILDSA_DEL | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #2 from 192.1.2.45:500 (in delete_state() at state.c:1143) | resume processing: state #1 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x564e2d1a8430 | delete_state: release st->st_skey_ai_nss-key@0x564e2d19df20 | delete_state: release st->st_skey_ar_nss-key@0x564e2d1a5000 | delete_state: release st->st_skey_ei_nss-key@0x564e2d1aba50 | delete_state: release st->st_skey_er_nss-key@0x564e2d19f7a0 | delete_state: release st->st_skey_pi_nss-key@0x7f2a5000a510 | delete_state: release st->st_skey_pr_nss-key@0x7f2a5000d640 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload | local SPIs ca 49 da c6 | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | f9 22 43 00 be 08 8d af 92 ea 50 06 6a f1 02 ff | data before encryption: | 00 00 00 0c 03 04 00 01 ca 49 da c6 00 01 02 03 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | ec 54 25 00 e5 ef 17 88 6b d7 02 c4 ab ca 6a e1 | hmac PRF sha init symkey-key@0x564e2d1a5000 (size 20) | hmac: symkey-key@0x564e2d1a5000 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1a5000 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765c78 | result: clone-key@0x564e2d1c1940 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x564e2d1c1940 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x564e2d1c1940 | hmac: release clone-key@0x564e2d1c1940 | hmac PRF sha crypt-prf@0x564e2d1bb840 | hmac PRF sha update data-bytes@0x564e2b553940 (length 64) | 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | f9 22 43 00 be 08 8d af 92 ea 50 06 6a f1 02 ff | ec 54 25 00 e5 ef 17 88 6b d7 02 c4 ab ca 6a e1 | hmac PRF sha final-bytes@0x564e2b553980 (length 20) | a4 af 8a 14 2a 3e 13 1c c0 72 ef f4 08 43 83 0b | a5 99 a3 6d | data being hmac: 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | data being hmac: 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | data being hmac: f9 22 43 00 be 08 8d af 92 ea 50 06 6a f1 02 ff | data being hmac: ec 54 25 00 e5 ef 17 88 6b d7 02 c4 ab ca 6a e1 | out calculated auth: | a4 af 8a 14 2a 3e 13 1c c0 72 ef f4 | sending 76 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | f9 22 43 00 be 08 8d af 92 ea 50 06 6a f1 02 ff | ec 54 25 00 e5 ef 17 88 6b d7 02 c4 ab ca 6a e1 | a4 af 8a 14 2a 3e 13 1c c0 72 ef f4 | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2 | Message ID: sent #1 response 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1->2 responder.recv=1 wip.initiator=-1 wip.responder=2 | #1 spent 0.797 milliseconds in processing: R2: process INFORMATIONAL Request in ikev2_process_state_packet() | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #1 complete_v2_state_transition() PARENT_R2->PARENT_R2 with status STF_OK | Message ID: updating counters for #1 to 2 after switching state | Message ID: recv #1 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=1->2 wip.initiator=-1 wip.responder=2->-1 | Message ID: #1 skipping update_send as nothing to send; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1 "east" #1: STATE_PARENT_R2: received v2I2, PARENT SA established | stop processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #1 spent 1.07 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.09 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00486 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00319 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | 0f bb 9b e3 74 30 9a a0 83 2a b0 1e 6e ce 23 a6 | 4e f2 ef 95 6d 0b 89 25 31 4b 17 1a 32 37 a9 c4 | 5d b0 b8 a5 c7 8e 23 3c e7 87 48 28 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 6f 65 ca 24 c5 3d b3 9a | responder cookie: | be e6 fc 2c 4c bc e3 0e | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa) | start processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #1 st.st_msgid_lastrecv 2 md.hdr.isa_msgid 00000003 | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SK (len=44) | Message ID: start-responder #1 request 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1->3 | #1 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x564e2d19df20 (size 20) | hmac: symkey-key@0x564e2d19df20 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d19df20 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7660b8 | result: clone-key@0x564e2d1c1940 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x564e2d1c1940 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x564e2d1c1940 | hmac: release clone-key@0x564e2d1c1940 | hmac PRF sha crypt-prf@0x564e2d1bd370 | hmac PRF sha update data-bytes@0x564e2d11cf50 (length 64) | 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | 0f bb 9b e3 74 30 9a a0 83 2a b0 1e 6e ce 23 a6 | 4e f2 ef 95 6d 0b 89 25 31 4b 17 1a 32 37 a9 c4 | hmac PRF sha final-bytes@0x7fff8d766280 (length 20) | 5d b0 b8 a5 c7 8e 23 3c e7 87 48 28 7e d0 4f 0d | cd 03 03 43 | data for hmac: 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | data for hmac: 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | data for hmac: 0f bb 9b e3 74 30 9a a0 83 2a b0 1e 6e ce 23 a6 | data for hmac: 4e f2 ef 95 6d 0b 89 25 31 4b 17 1a 32 37 a9 c4 | calculated auth: 5d b0 b8 a5 c7 8e 23 3c e7 87 48 28 | provided auth: 5d b0 b8 a5 c7 8e 23 3c e7 87 48 28 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 0f bb 9b e3 74 30 9a a0 83 2a b0 1e 6e ce 23 a6 | payload before decryption: | 4e f2 ef 95 6d 0b 89 25 31 4b 17 1a 32 37 a9 c4 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | stripping 8 octets as pad | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | processing payload: ISAKMP_NEXT_v2D (len=0) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | 6f 65 ca 24 c5 3d b3 9a | responder cookie: | be e6 fc 2c 4c bc e3 0e | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | adding 16 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0e repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0f repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 0c a3 37 e0 08 c8 2a b2 59 b7 50 df fe 74 7b 18 | data before encryption: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | a5 58 97 5d 29 60 6d f5 1f ed a6 92 80 39 84 fb | hmac PRF sha init symkey-key@0x564e2d1a5000 (size 20) | hmac: symkey-key@0x564e2d1a5000 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1a5000 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765c78 | result: clone-key@0x564e2d1c1940 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x564e2d1c1940 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x564e2d1c1940 | hmac: release clone-key@0x564e2d1c1940 | hmac PRF sha crypt-prf@0x564e2d1be630 | hmac PRF sha update data-bytes@0x564e2b553940 (length 64) | 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | 0c a3 37 e0 08 c8 2a b2 59 b7 50 df fe 74 7b 18 | a5 58 97 5d 29 60 6d f5 1f ed a6 92 80 39 84 fb | hmac PRF sha final-bytes@0x564e2b553980 (length 20) | 63 47 c0 3e 4f d5 3d bd d7 b5 d1 3e d6 8b ad ad | 0d b8 46 13 | data being hmac: 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | data being hmac: 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | data being hmac: 0c a3 37 e0 08 c8 2a b2 59 b7 50 df fe 74 7b 18 | data being hmac: a5 58 97 5d 29 60 6d f5 1f ed a6 92 80 39 84 fb | out calculated auth: | 63 47 c0 3e 4f d5 3d bd d7 b5 d1 3e | sending 76 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | 0c a3 37 e0 08 c8 2a b2 59 b7 50 df fe 74 7b 18 | a5 58 97 5d 29 60 6d f5 1f ed a6 92 80 39 84 fb | 63 47 c0 3e 4f d5 3d bd d7 b5 d1 3e | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=3 | Message ID: sent #1 response 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2->3 responder.recv=2 wip.initiator=-1 wip.responder=3 | State DB: IKEv2 state not found (delete_my_family) | parent state #1: PARENT_R2(established IKE SA) => IKESA_DEL(established IKE SA) | pstats #1 ikev2.ike deleted completed | #1 spent 10.7 milliseconds in total | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #1: deleting state (STATE_IKESA_DEL) aged 0.376s and NOT sending notification | parent state #1: IKESA_DEL(established IKE SA) => delete | state #1 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x564e2d1bd2c0 | free_event_entry: release EVENT_SA_REKEY-pe@0x564e2d1bb7d0 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #1 in IKESA_DEL | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f2a58000d60: destroyed | stop processing: state #1 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x564e2d1aa0f0 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x564e2d1a8430 | delete_state: release st->st_skey_ai_nss-key@0x564e2d19df20 | delete_state: release st->st_skey_ar_nss-key@0x564e2d1a5000 | delete_state: release st->st_skey_ei_nss-key@0x564e2d1aba50 | delete_state: release st->st_skey_er_nss-key@0x564e2d19f7a0 | delete_state: release st->st_skey_pi_nss-key@0x7f2a5000a510 | delete_state: release st->st_skey_pr_nss-key@0x7f2a5000d640 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | in statetime_stop() and could not find #1 | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3376) | #0 complete_v2_state_transition() md.from_state=PARENT_R2 md.svm.state[from]=PARENT_R2 UNDEFINED->PARENT_R2 with status STF_OK | STF_OK but no state object remains | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #1 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.678 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00243 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 33 37 04 64 9f a1 15 4d 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 56 25 24 48 d5 0c e0 16 82 be b7 c0 | a5 b1 f8 77 c0 92 c2 0d 6c 8f 90 ee b5 22 04 c2 | 01 76 12 49 71 21 91 79 ed 81 00 b4 6c e9 db d2 | 3b 7d e2 2f f6 be 55 42 95 ad b4 1a 79 2f 67 2a | 2f 64 04 94 fe 40 2e 94 de ee 9d ca 07 10 40 d4 | a9 ca fc b0 6e d5 ba 16 7c 4b d8 c4 31 60 6e 2c | 8b 62 fc 6e 81 7b 45 d0 2e 5c 21 f2 35 03 e5 f2 | c1 1d 6e 2b 59 33 35 4e b4 db fd dc 86 38 d9 3e | 2c 73 99 1b 95 2e 10 41 12 c5 55 f4 98 bc a1 32 | d7 1d d6 83 f8 09 0c 68 72 eb 3a a7 23 e6 5b 59 | a5 1a 98 00 4a d8 45 75 ae 88 dc a0 d7 cb ca c1 | c5 d5 f8 7b 7f 1b 17 74 f6 63 5b 50 9f 66 96 be | c0 fb 6d d9 d8 29 dd 97 e6 1a 33 12 de 50 aa 8d | 81 ca ce a9 2c 50 24 ed 1d 2f 3f a1 ed 90 56 a7 | 31 41 ba 11 d0 aa f6 85 99 32 dd 34 1b 03 eb 87 | 5d 8b 68 04 90 9a 58 0a ab a9 6f 77 eb 12 d6 b9 | fa e3 16 da 29 00 00 24 61 9c 37 37 13 aa 34 4b | ef 90 ae 46 53 ce f8 c3 5a 38 c1 30 71 f5 1f 03 | 02 17 f2 8e cb 0a 3d e2 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 11 4a 7f 6f 07 12 a6 ac | 66 9d 8b 41 f0 5b 27 b1 46 19 da 43 00 00 00 1c | 00 00 40 05 47 60 55 83 47 1e 15 ee d6 0a 25 75 | af 8d 9b 1f f8 29 68 0d | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 33 37 04 64 9f a1 15 4d | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x564e2d1ba2a0 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x564e2b547700 (length 32) | 62 69 c2 24 61 0b eb 03 31 69 8e 34 fa 62 6b 0f | 9f 9c e7 e3 dc ef ed d7 ff d6 12 6f b4 c1 0b 04 | IKE SPIr hash sha2_256 digest counter-bytes@0x564e2b5476e0 (length 4) | 02 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff8d7668e0 (length 32) | 24 d5 08 69 b2 78 ac f6 0c 5b 0a 08 10 ec 2f 7d | 92 1e 8a b6 dd 90 8d 1d dd 0f f9 a6 63 81 2a 62 | creating state object #3 at 0x564e2d1bb8a0 | State DB: adding IKEv2 state #3 in UNDEFINED | pstats #3 ikev2.ike started | Message ID: init #3: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #3: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #3; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #3 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #3 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #3 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #3 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #3 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #3 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #3 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 0 (0x0) | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: PRF+INTEG+DH; unmatched: ENCR | remote proposal 1 does not match; unmatched remote transforms: ENCR "east" #3: no local proposal matches remote proposals 1:IKE:ENCR=AES_CBC;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "east" #3: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification NO_PROPOSAL_CHOSEN | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | 33 37 04 64 9f a1 15 4d | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | 33 37 04 64 9f a1 15 4d 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | #3 spent 0.192 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #3 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #3 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #3 has no whack fd | pstats #3 ikev2.ike deleted other | [RE]START processing: state #3 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #3: deleting state (STATE_PARENT_R0) aged 0.000s and NOT sending notification | parent state #3: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #3 in PARENT_R0 | parent state #3: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #3 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #3 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.672 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00235 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | b5 3b 19 b2 c4 23 ba 4c 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 2f 83 dd 0f fd b4 83 8a f5 82 18 b4 | 3a 47 02 59 ef a6 a6 2b 3f 1e 6e 23 3a a1 ab c6 | ee 78 4c 39 37 92 f4 53 dc fa 14 69 01 a7 d5 29 | b3 66 9e 50 23 67 d2 ce 3c e0 9a 55 c1 e1 e9 38 | 4d cb 42 97 29 da 69 8d 30 ec 65 98 ca 02 96 7c | 7e 11 f0 60 cd 25 84 f9 c0 d0 48 99 d6 2c 38 76 | 0c b8 ff 34 54 86 19 e0 fc c9 86 ea 3c 97 56 1c | 5d ab 6c ce 85 3a d3 2b a1 c1 de a2 f1 18 40 59 | d2 4e 07 bc c5 c5 d1 2f 55 89 a1 98 50 4b 43 d6 | d1 99 c6 04 d6 56 37 1d e9 89 07 e7 ac cc 64 8e | ef e2 b5 0e fc 82 72 f7 5f e9 55 e7 e2 59 86 8d | ba 4f 22 af ca b4 d6 93 23 04 50 5c 5d ba 78 fe | 50 40 d1 e1 2f 70 88 f4 ac b4 86 8f 75 bc 55 38 | f1 78 c1 0e 28 d8 b4 78 5e 27 ba 9e a5 03 6b 72 | f2 56 77 a7 4a 16 23 4c ca 33 1f a2 3f 76 9a 0d | c9 60 09 10 d2 4e 3f 5a c1 9d e3 1b 65 1e 51 99 | 7d 8e be 25 29 00 00 24 e2 98 68 17 98 87 47 89 | b5 d1 cf 9c 18 0d 78 a1 61 d0 8d b3 ad b1 9f 4e | ed a5 dd a5 22 51 01 57 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 2f da 60 f0 6e 30 2d 63 | e3 de 14 fb a7 1a 3b cb a9 f0 58 ea 00 00 00 1c | 00 00 40 05 53 38 67 3f b3 48 7c 5e d0 53 c7 a9 | fc 91 c1 ff bf 85 2c b9 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | b5 3b 19 b2 c4 23 ba 4c | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x564e2d1ba2a0 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x564e2b547700 (length 32) | 62 69 c2 24 61 0b eb 03 31 69 8e 34 fa 62 6b 0f | 9f 9c e7 e3 dc ef ed d7 ff d6 12 6f b4 c1 0b 04 | IKE SPIr hash sha2_256 digest counter-bytes@0x564e2b5476e0 (length 4) | 03 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff8d7668e0 (length 32) | e1 e7 cc 69 59 ec f2 fa 48 57 38 10 06 0e 85 97 | c2 14 a3 f5 fc 6f 89 44 ed ea a1 b4 a4 32 eb 9d | creating state object #4 at 0x564e2d1bb8a0 | State DB: adding IKEv2 state #4 in UNDEFINED | pstats #4 ikev2.ike started | Message ID: init #4: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #4: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #4; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #4 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #4 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #4 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #4 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #4 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #4 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #4 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 0 (0x0) | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: PRF+INTEG+DH; unmatched: ENCR | remote proposal 1 does not match; unmatched remote transforms: ENCR "east" #4: no local proposal matches remote proposals 1:IKE:ENCR=AES_CBC;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "east" #4: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification NO_PROPOSAL_CHOSEN | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | b5 3b 19 b2 c4 23 ba 4c | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | b5 3b 19 b2 c4 23 ba 4c 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | #4 spent 0.198 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #4 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #4 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #4 has no whack fd | pstats #4 ikev2.ike deleted other | [RE]START processing: state #4 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #4: deleting state (STATE_PARENT_R0) aged 0.000s and NOT sending notification | parent state #4: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #4 in PARENT_R0 | parent state #4: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #4 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #4 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.674 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00288 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 82 4c a5 cc c5 8a 82 5d 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 09 c7 d8 8a b4 62 98 cc 8f 08 ef cb | 87 1d 10 d1 77 a2 b0 b8 be 29 34 3a 9c 37 e5 fc | f0 2f 62 1a fd 64 25 cd 36 59 ae dc d7 58 6c b1 | 96 af 41 2a 81 40 27 99 d9 75 c6 2b a9 d4 bf fe | 57 e5 51 b6 4c d6 06 2b 53 b9 05 d9 9f 91 47 e9 | 85 6c 06 7f df e3 9c df 4b 6d b9 8e 07 97 23 84 | 2b a9 98 39 32 66 6c bd c4 52 b5 39 a4 f1 67 2c | 3e d5 db 11 51 7c ce 75 13 77 26 d3 49 eb 9d 61 | 9c 64 45 d0 a0 1a 26 8d 16 86 40 f9 5e c7 9b e6 | bc a9 fd 5e 1e c1 cc 96 fe b9 f6 9e 4a bc 02 be | 7b bc 8a 80 bd 96 25 5f 6d 74 a4 95 c3 a8 df b6 | 91 8f c4 91 68 82 9e d9 c2 87 56 7d 74 27 86 10 | a5 0a ae 5a 2d 3c 58 97 43 a5 ef 4b 0e 11 7d 54 | 44 eb eb 62 97 3f 68 a7 fb 02 e3 68 96 76 34 3e | aa c8 a8 9f 83 22 10 c3 c3 14 d8 76 25 d2 65 1c | 4f 23 66 c7 d1 d3 8e 15 4b ae 80 06 6a f0 1b fb | a5 88 2b a6 29 00 00 24 24 0f 74 e7 9a b3 06 d9 | 8a 59 a3 4a 6f ed 7b 85 3c ea 05 58 47 51 27 24 | 65 01 f2 4c 1c 52 3e 99 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 9b 5c de 7c 09 c2 d8 70 | be b5 ff 2d 00 69 a0 6f 32 11 5c ef 00 00 00 1c | 00 00 40 05 fc a4 14 e1 6d 31 46 f2 b5 bc 73 9c | 40 04 7b 68 08 f0 79 72 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 82 4c a5 cc c5 8a 82 5d | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x564e2d1ba2a0 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x564e2b547700 (length 32) | 62 69 c2 24 61 0b eb 03 31 69 8e 34 fa 62 6b 0f | 9f 9c e7 e3 dc ef ed d7 ff d6 12 6f b4 c1 0b 04 | IKE SPIr hash sha2_256 digest counter-bytes@0x564e2b5476e0 (length 4) | 04 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff8d7668e0 (length 32) | f8 1a 3c da 95 9b 7d 53 e1 10 1b 67 c4 02 fa eb | 7b dd 91 5d f0 fc 8b 5a 83 75 43 3c c9 a7 86 c6 | creating state object #5 at 0x564e2d1bb8a0 | State DB: adding IKEv2 state #5 in UNDEFINED | pstats #5 ikev2.ike started | Message ID: init #5: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #5: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #5; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #5 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #5 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #5 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #5 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #5 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #5 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #5 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 "east" #5: proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | DH public value received: | 09 c7 d8 8a b4 62 98 cc 8f 08 ef cb 87 1d 10 d1 | 77 a2 b0 b8 be 29 34 3a 9c 37 e5 fc f0 2f 62 1a | fd 64 25 cd 36 59 ae dc d7 58 6c b1 96 af 41 2a | 81 40 27 99 d9 75 c6 2b a9 d4 bf fe 57 e5 51 b6 | 4c d6 06 2b 53 b9 05 d9 9f 91 47 e9 85 6c 06 7f | df e3 9c df 4b 6d b9 8e 07 97 23 84 2b a9 98 39 | 32 66 6c bd c4 52 b5 39 a4 f1 67 2c 3e d5 db 11 | 51 7c ce 75 13 77 26 d3 49 eb 9d 61 9c 64 45 d0 | a0 1a 26 8d 16 86 40 f9 5e c7 9b e6 bc a9 fd 5e | 1e c1 cc 96 fe b9 f6 9e 4a bc 02 be 7b bc 8a 80 | bd 96 25 5f 6d 74 a4 95 c3 a8 df b6 91 8f c4 91 | 68 82 9e d9 c2 87 56 7d 74 27 86 10 a5 0a ae 5a | 2d 3c 58 97 43 a5 ef 4b 0e 11 7d 54 44 eb eb 62 | 97 3f 68 a7 fb 02 e3 68 96 76 34 3e aa c8 a8 9f | 83 22 10 c3 c3 14 d8 76 25 d2 65 1c 4f 23 66 c7 | d1 d3 8e 15 4b ae 80 06 6a f0 1b fb a5 88 2b a6 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff8d7662e0 (length 8) | 82 4c a5 cc c5 8a 82 5d | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff8d7662e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff8d766274 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff8d766266 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff8d7662f0 (length 20) | fc a4 14 e1 6d 31 46 f2 b5 bc 73 9c 40 04 7b 68 | 08 f0 79 72 | natd_hash: hasher=0x564e2b52a7a0(20) | natd_hash: icookie= 82 4c a5 cc c5 8a 82 5d | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= fc a4 14 e1 6d 31 46 f2 b5 bc 73 9c 40 04 7b 68 | natd_hash: hash= 08 f0 79 72 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff8d7662e0 (length 8) | 82 4c a5 cc c5 8a 82 5d | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff8d7662e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff8d766274 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff8d766266 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff8d766310 (length 20) | 9b 5c de 7c 09 c2 d8 70 be b5 ff 2d 00 69 a0 6f | 32 11 5c ef | natd_hash: hasher=0x564e2b52a7a0(20) | natd_hash: icookie= 82 4c a5 cc c5 8a 82 5d | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 9b 5c de 7c 09 c2 d8 70 be b5 ff 2d 00 69 a0 6f | natd_hash: hash= 32 11 5c ef | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 | adding ikev2_inI1outR1 KE work-order 3 for state #5 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564e2d1bb7d0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 | libevent_malloc: new ptr-libevent@0x564e2d1bd2c0 size 128 | #5 spent 0.319 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | crypto helper 4 resuming | crypto helper 4 starting work-order 3 for state #5 | crypto helper 4 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 3 | [RE]START processing: state #5 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | #5 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND | suspending state #5 and saving MD | #5 is busy; has a suspended MD | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | [RE]START processing: state #5 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266) | "east" #5 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #5 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #5 spent 0.773 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.785 milliseconds in comm_handle_cb() reading and processing packet | DH secret MODP2048@0x7f2a54000d60: created | NSS: Local DH MODP2048 secret (pointer): 0x7f2a54000d60 | NSS: Public DH wire value: | 13 0d 91 a4 d8 1d 15 72 a7 57 0a 7e 30 85 6b ac | 7f 55 6c f9 47 b1 2b d7 9a 10 dd ee ad ea 6e 35 | 80 4f df cf 28 91 73 cb 2a 71 b6 99 d6 8e 03 9f | f1 19 dc ba 0e bf 74 15 f2 90 d0 e0 56 30 b1 97 | d8 1d cd f2 4e 0e 5d 8b 58 7a 80 fa 8a 4c 61 68 | 1d c5 9c 05 19 2f 0a c1 19 95 0b 3e 37 af 2f 4d | 11 9e 28 98 6e 9d 0d f4 bb 82 cb 72 10 e2 c5 41 | 83 54 b9 e0 86 63 b2 0f 38 7d 55 69 bd 34 5b 51 | fb 85 87 81 5a 0d 24 7e 7a 04 77 39 6f f5 89 98 | 41 fc df 00 d4 2d 66 ff 7b 6f 20 aa 3f 96 ba cc | 0c 8e bc 0f 6f 9a fb f6 32 a0 97 82 8d 46 a1 4a | 71 4c 76 ec 82 b0 21 ae 52 57 11 d6 02 31 b6 61 | 26 6e f8 3e e5 0f 77 ad c8 6b bc e1 55 e0 cb cd | 1a 6c 10 65 52 3a 19 38 bb 62 f7 91 ca 17 13 d8 | 54 cc b9 ca 7e 90 07 8c bb a9 30 16 1e 52 32 03 | d9 a6 6f 12 ff cf f9 e1 d8 49 61 c3 2c 2b d3 cb | Generated nonce: ad 15 30 60 3b ed 71 70 14 ea 2b 2b 1f 2f 95 0b | Generated nonce: 01 f4 d4 7b 76 bb 02 31 93 cb 20 db cb ca 4f b6 | crypto helper 4 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 3 time elapsed 0.001037 seconds | (#5) spent 1.03 milliseconds in crypto helper computing work-order 3: ikev2_inI1outR1 KE (pcr) | crypto helper 4 sending results from work-order 3 for state #5 to event queue | scheduling resume sending helper answer for #5 | libevent_malloc: new ptr-libevent@0x7f2a54006900 size 128 | crypto helper 4 waiting (nothing to do) | processing resume sending helper answer for #5 | start processing: state #5 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 4 replies to request ID 3 | calling continuation function 0x564e2b454630 | ikev2_parent_inI1outR1_continue for #5: calculated ke+nonce, sending R1 | **emit ISAKMP Message: | initiator cookie: | 82 4c a5 cc c5 8a 82 5d | responder cookie: | f8 1a 3c da 95 9b 7d 53 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Emitting ikev2_proposal ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f2a54000d60: transferring ownership from helper KE to state #5 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 13 0d 91 a4 d8 1d 15 72 a7 57 0a 7e 30 85 6b ac | ikev2 g^x 7f 55 6c f9 47 b1 2b d7 9a 10 dd ee ad ea 6e 35 | ikev2 g^x 80 4f df cf 28 91 73 cb 2a 71 b6 99 d6 8e 03 9f | ikev2 g^x f1 19 dc ba 0e bf 74 15 f2 90 d0 e0 56 30 b1 97 | ikev2 g^x d8 1d cd f2 4e 0e 5d 8b 58 7a 80 fa 8a 4c 61 68 | ikev2 g^x 1d c5 9c 05 19 2f 0a c1 19 95 0b 3e 37 af 2f 4d | ikev2 g^x 11 9e 28 98 6e 9d 0d f4 bb 82 cb 72 10 e2 c5 41 | ikev2 g^x 83 54 b9 e0 86 63 b2 0f 38 7d 55 69 bd 34 5b 51 | ikev2 g^x fb 85 87 81 5a 0d 24 7e 7a 04 77 39 6f f5 89 98 | ikev2 g^x 41 fc df 00 d4 2d 66 ff 7b 6f 20 aa 3f 96 ba cc | ikev2 g^x 0c 8e bc 0f 6f 9a fb f6 32 a0 97 82 8d 46 a1 4a | ikev2 g^x 71 4c 76 ec 82 b0 21 ae 52 57 11 d6 02 31 b6 61 | ikev2 g^x 26 6e f8 3e e5 0f 77 ad c8 6b bc e1 55 e0 cb cd | ikev2 g^x 1a 6c 10 65 52 3a 19 38 bb 62 f7 91 ca 17 13 d8 | ikev2 g^x 54 cc b9 ca 7e 90 07 8c bb a9 30 16 1e 52 32 03 | ikev2 g^x d9 a6 6f 12 ff cf f9 e1 d8 49 61 c3 2c 2b d3 cb | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce ad 15 30 60 3b ed 71 70 14 ea 2b 2b 1f 2f 95 0b | IKEv2 nonce 01 f4 d4 7b 76 bb 02 31 93 cb 20 db cb ca 4f b6 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff8d766830 (length 8) | 82 4c a5 cc c5 8a 82 5d | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff8d766838 (length 8) | f8 1a 3c da 95 9b 7d 53 | NATD hash sha digest IP addr-bytes@0x7fff8d766764 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff8d766756 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff8d7667e0 (length 20) | 8d 9f 87 91 ef 65 0a 86 39 7d 9b 91 13 64 3b 37 | 67 b3 89 13 | natd_hash: hasher=0x564e2b52a7a0(20) | natd_hash: icookie= 82 4c a5 cc c5 8a 82 5d | natd_hash: rcookie= f8 1a 3c da 95 9b 7d 53 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 8d 9f 87 91 ef 65 0a 86 39 7d 9b 91 13 64 3b 37 | natd_hash: hash= 67 b3 89 13 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 8d 9f 87 91 ef 65 0a 86 39 7d 9b 91 13 64 3b 37 | Notify data 67 b3 89 13 | emitting length of IKEv2 Notify Payload: 28 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff8d766830 (length 8) | 82 4c a5 cc c5 8a 82 5d | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff8d766838 (length 8) | f8 1a 3c da 95 9b 7d 53 | NATD hash sha digest IP addr-bytes@0x7fff8d766764 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff8d766756 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff8d7667e0 (length 20) | 83 b0 f8 b7 74 aa 1b 4f 49 46 1e 4e 2a 2c 6d 49 | bd 23 ac 60 | natd_hash: hasher=0x564e2b52a7a0(20) | natd_hash: icookie= 82 4c a5 cc c5 8a 82 5d | natd_hash: rcookie= f8 1a 3c da 95 9b 7d 53 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 83 b0 f8 b7 74 aa 1b 4f 49 46 1e 4e 2a 2c 6d 49 | natd_hash: hash= bd 23 ac 60 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 83 b0 f8 b7 74 aa 1b 4f 49 46 1e 4e 2a 2c 6d 49 | Notify data bd 23 ac 60 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | [RE]START processing: state #5 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #5 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 | parent state #5: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) | Message ID: updating counters for #5 to 0 after switching state | Message ID: recv #5 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 | Message ID: sent #5 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 "east" #5: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 440 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #5) | 82 4c a5 cc c5 8a 82 5d f8 1a 3c da 95 9b 7d 53 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 13 0d 91 a4 d8 1d 15 72 a7 57 0a 7e | 30 85 6b ac 7f 55 6c f9 47 b1 2b d7 9a 10 dd ee | ad ea 6e 35 80 4f df cf 28 91 73 cb 2a 71 b6 99 | d6 8e 03 9f f1 19 dc ba 0e bf 74 15 f2 90 d0 e0 | 56 30 b1 97 d8 1d cd f2 4e 0e 5d 8b 58 7a 80 fa | 8a 4c 61 68 1d c5 9c 05 19 2f 0a c1 19 95 0b 3e | 37 af 2f 4d 11 9e 28 98 6e 9d 0d f4 bb 82 cb 72 | 10 e2 c5 41 83 54 b9 e0 86 63 b2 0f 38 7d 55 69 | bd 34 5b 51 fb 85 87 81 5a 0d 24 7e 7a 04 77 39 | 6f f5 89 98 41 fc df 00 d4 2d 66 ff 7b 6f 20 aa | 3f 96 ba cc 0c 8e bc 0f 6f 9a fb f6 32 a0 97 82 | 8d 46 a1 4a 71 4c 76 ec 82 b0 21 ae 52 57 11 d6 | 02 31 b6 61 26 6e f8 3e e5 0f 77 ad c8 6b bc e1 | 55 e0 cb cd 1a 6c 10 65 52 3a 19 38 bb 62 f7 91 | ca 17 13 d8 54 cc b9 ca 7e 90 07 8c bb a9 30 16 | 1e 52 32 03 d9 a6 6f 12 ff cf f9 e1 d8 49 61 c3 | 2c 2b d3 cb 29 00 00 24 ad 15 30 60 3b ed 71 70 | 14 ea 2b 2b 1f 2f 95 0b 01 f4 d4 7b 76 bb 02 31 | 93 cb 20 db cb ca 4f b6 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 8d 9f 87 91 ef 65 0a 86 | 39 7d 9b 91 13 64 3b 37 67 b3 89 13 00 00 00 1c | 00 00 40 05 83 b0 f8 b7 74 aa 1b 4f 49 46 1e 4e | 2a 2c 6d 49 bd 23 ac 60 | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x564e2d1bd2c0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564e2d1bb7d0 | event_schedule: new EVENT_SO_DISCARD-pe@0x564e2d1bb7d0 | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #5 | libevent_malloc: new ptr-libevent@0x564e2d1bd2c0 size 128 | resume sending helper answer for #5 suppresed complete_v2_state_transition() | #5 spent 0.483 milliseconds in resume sending helper answer | stop processing: state #5 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f2a54006900 | spent 0.00284 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 220 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 82 4c a5 cc c5 8a 82 5d f8 1a 3c da 95 9b 7d 53 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 83 1f 33 56 1a da 0b 7c a3 4d b0 9e bf ed 93 c6 | b6 ce 11 fa 06 f2 db ac 87 67 2b 90 a0 23 1b e3 | ed fb 87 ac b0 6d 5e 27 9d 54 a4 dc 37 4c e8 43 | c1 4c a5 28 39 b1 cc 36 58 10 3f ec 8f e3 6e 89 | 2c 96 76 d7 21 24 0b d7 18 5b 17 61 3f 4b 3e 71 | 01 1a be 6e 85 9f 3d a8 1d de 48 a7 6a 9c a3 29 | 3b b1 91 59 56 be 00 8d 9d fd e6 c5 68 58 d8 b7 | 63 5c 7e 93 d9 9b 67 a6 98 e7 34 32 f5 75 c9 e0 | d9 b9 c7 5b 84 b3 61 68 e9 cd 7e cb 5d 82 21 65 | e6 c6 d1 e4 fd 87 13 60 3b 9a af 17 c8 38 dc 05 | d9 00 88 5a a2 9b 20 8d 1c 8f b2 73 95 7a 31 18 | 28 8c 95 da fb e9 e2 68 b5 dc a7 a0 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 82 4c a5 cc c5 8a 82 5d | responder cookie: | f8 1a 3c da 95 9b 7d 53 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 220 (0xdc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request | State DB: found IKEv2 state #5 in PARENT_R1 (find_v2_ike_sa) | start processing: state #5 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #5 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #5 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 | Message ID: #5 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 192 (0xc0) | processing payload: ISAKMP_NEXT_v2SK (len=188) | Message ID: start-responder #5 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 | #5 in state PARENT_R1: received v2I1, sent v2R1 | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request (no SKEYSEED) | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f2a54000d60: transferring ownership from state #5 to helper IKEv2 DH | adding ikev2_inI2outR2 KE work-order 4 for state #5 | state #5 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x564e2d1bd2c0 | free_event_entry: release EVENT_SO_DISCARD-pe@0x564e2d1bb7d0 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f2a54002b20 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 | libevent_malloc: new ptr-libevent@0x564e2d1bd2c0 size 128 | #5 spent 0.0339 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() | [RE]START processing: state #5 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #5 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND | suspending state #5 and saving MD | #5 is busy; has a suspended MD | [RE]START processing: state #5 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266) | "east" #5 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #5 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #5 spent 0.172 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.183 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 5 resuming | crypto helper 5 starting work-order 4 for state #5 | crypto helper 5 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 4 | peer's g: 09 c7 d8 8a b4 62 98 cc 8f 08 ef cb 87 1d 10 d1 | peer's g: 77 a2 b0 b8 be 29 34 3a 9c 37 e5 fc f0 2f 62 1a | peer's g: fd 64 25 cd 36 59 ae dc d7 58 6c b1 96 af 41 2a | peer's g: 81 40 27 99 d9 75 c6 2b a9 d4 bf fe 57 e5 51 b6 | peer's g: 4c d6 06 2b 53 b9 05 d9 9f 91 47 e9 85 6c 06 7f | peer's g: df e3 9c df 4b 6d b9 8e 07 97 23 84 2b a9 98 39 | peer's g: 32 66 6c bd c4 52 b5 39 a4 f1 67 2c 3e d5 db 11 | peer's g: 51 7c ce 75 13 77 26 d3 49 eb 9d 61 9c 64 45 d0 | peer's g: a0 1a 26 8d 16 86 40 f9 5e c7 9b e6 bc a9 fd 5e | peer's g: 1e c1 cc 96 fe b9 f6 9e 4a bc 02 be 7b bc 8a 80 | peer's g: bd 96 25 5f 6d 74 a4 95 c3 a8 df b6 91 8f c4 91 | peer's g: 68 82 9e d9 c2 87 56 7d 74 27 86 10 a5 0a ae 5a | peer's g: 2d 3c 58 97 43 a5 ef 4b 0e 11 7d 54 44 eb eb 62 | peer's g: 97 3f 68 a7 fb 02 e3 68 96 76 34 3e aa c8 a8 9f | peer's g: 83 22 10 c3 c3 14 d8 76 25 d2 65 1c 4f 23 66 c7 | peer's g: d1 d3 8e 15 4b ae 80 06 6a f0 1b fb a5 88 2b a6 | Started DH shared-secret computation in NSS: | new : g_ir-key@0x7f2a5000d640 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f2a54000d60: computed shared DH secret key@0x7f2a5000d640 | dh-shared : g^ir-key@0x7f2a5000d640 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f2a48001ef0 (length 64) | 24 0f 74 e7 9a b3 06 d9 8a 59 a3 4a 6f ed 7b 85 | 3c ea 05 58 47 51 27 24 65 01 f2 4c 1c 52 3e 99 | ad 15 30 60 3b ed 71 70 14 ea 2b 2b 1f 2f 95 0b | 01 f4 d4 7b 76 bb 02 31 93 cb 20 db cb ca 4f b6 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a5f029670 | result: Ni | Nr-key@0x564e2d19f7a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x564e2d19f7a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f029658 | result: Ni | Nr-key@0x7f2a5000a510 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x564e2d19f7a0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f2a48002e80 from Ni | Nr-key@0x7f2a5000a510 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f2a48002e80 from Ni | Nr-key@0x7f2a5000a510 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x7f2a5000a510 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f2a480016b0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x7f2a5000d640 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x7f2a5000d640 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x7f2a5000d640 | nss hmac digest hack: symkey-key@0x7f2a5000d640 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)1594004176: 6e ffffff98 ffffffb3 16 ffffffda ffffffd2 ffffffc5 ffffffd0 ffffff82 66 ffffffb1 fffffff6 68 ffffffb8 2e ffffffc1 ffffffc9 ffffffe0 ffffffba 35 ffffffdb ffffffc4 17 ffffff8a ffffff96 ffffffcc ffffffe5 35 0d ffffffad 79 ffffffb3 ffffffd1 5c 65 7e ffffffd2 ffffff85 ffffffe8 05 ffffffd5 0a ffffffc3 ffffffe5 ffffff89 ffffffba ffffffc3 43 ffffff86 ffffffac fffffff0 fffffff5 6c ffffffbf ffffffb4 ffffffc6 ffffffc2 ffffffd8 4d 7f 0b ffffff80 63 ffffffc2 1b ffffffb7 56 21 ffffff97 fffffff2 fffffff3 ffffffef 7f 40 66 ffffffa8 13 ffffff83 ffffffda 00 ffffffb9 11 7e ffffffde fffffff9 ffffffcf 70 14 ffffffc6 52 1f ffffffa2 ffffffa6 7b 6c ffffffae ffffffd8 ffffffc4 ffffffd4 32 ffffffa6 ffffffed fffffff8 7e ffffffcd ffffffa5 ffffff80 05 ffffffc3 ffffff95 fffffff8 ffffffc7 ffffffe1 61 63 4f 13 ffffff97 25 ffffffce ffffffd6 ffffffed 75 5f ffffffac ffffff8d ffffffb7 35 5c 00 66 ffffffcc 5e 77 ffffffcb ffffffdf 74 08 66 ffffffbd 52 1f ffffffaf 1d 3d 39 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 256 bytes at 0x7f2a48003dd0 | unwrapped: d4 6b 9c 17 dd be c7 4c 86 b1 68 7a de a8 5e 43 | unwrapped: 5f fb c0 b4 f9 ce 9c 2d a0 52 91 92 a6 99 9f ad | unwrapped: d6 5d 08 71 ad 6a 7a 46 8b 3f 5e 3a 61 f5 8d 0a | unwrapped: 32 f7 a8 55 81 bd 4f 4c ec 07 b8 be 2f a6 cc d6 | unwrapped: 62 5d f0 f8 68 10 38 18 ba dc 4e c9 19 cd 2c 30 | unwrapped: f6 e1 98 2c 88 24 7d dd 60 17 95 2c a2 06 a0 7d | unwrapped: a6 c3 6a 3d e3 98 80 3e 19 ec fd f6 56 48 e7 55 | unwrapped: 24 9f da 49 f0 7f 33 85 82 44 6f 11 1e 3e c8 75 | unwrapped: 75 bc e9 41 e3 24 77 39 ff 9c 95 a5 e4 c7 dc a2 | unwrapped: ca ad 48 d9 4d 75 f5 68 4e 9f 61 51 51 67 6d 7f | unwrapped: c0 c3 77 e9 9c d0 28 0c fd 6e 33 77 09 11 41 35 | unwrapped: 7b 7a d2 30 9b 9c 9b d6 ae 0e af b0 58 ce 31 c1 | unwrapped: 20 01 85 f3 3d 44 7c f2 07 85 8f 3b 7a dd 88 6b | unwrapped: bb c1 19 cc 15 4e 32 16 e3 ca 63 10 75 89 2f d8 | unwrapped: ff d3 10 ed c7 ed 4e ce e0 68 91 4f b2 83 2b b7 | unwrapped: e4 12 cb 02 00 1d 83 d5 a8 90 00 4c 29 df d4 ad | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a5f029690 | result: final-key@0x564e2d19f7a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d19f7a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f029678 | result: final-key@0x7f2a5000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564e2d19f7a0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x7f2a5000a510 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x7f2a5000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a5f029600 | result: data=Ni-key@0x564e2d1aba50 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x564e2d1aba50 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f0295e8 | result: data=Ni-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x564e2d1aba50 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d19f7a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f2a5f0295f0 | result: data+=Nr-key@0x564e2d1aba50 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564e2d19f7a0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d1aba50 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f2a5f0295f0 | result: data+=SPIi-key@0x564e2d19f7a0 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564e2d1aba50 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d19f7a0 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f2a5f0295f0 | result: data+=SPIr-key@0x564e2d1aba50 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564e2d19f7a0 | prf+0 PRF sha init key-key@0x7f2a5000a510 (size 20) | prf+0: key-key@0x7f2a5000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a5000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f029518 | result: clone-key@0x564e2d19f7a0 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f2a48002e80 from key-key@0x564e2d19f7a0 | prf+0 prf: begin sha with context 0x7f2a48002e80 from key-key@0x564e2d19f7a0 | prf+0: release clone-key@0x564e2d19f7a0 | prf+0 PRF sha crypt-prf@0x7f2a480018a0 | prf+0 PRF sha update seed-key@0x564e2d1aba50 (size 80) | prf+0: seed-key@0x564e2d1aba50 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564e2d1aba50 | nss hmac digest hack: symkey-key@0x564e2d1aba50 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1594003808: 2e fffffffb 0a fffffff7 74 ffffff9d 22 ffffffa9 fffffffe 4b ffffff8d 3e ffffff83 42 ffffffb6 ffffffb6 52 ffffffc1 ffffffa5 ffffff95 ffffffb8 03 05 4d 25 23 ffffffd4 ffffffab ffffff87 2b 74 fffffffc 7b 0e ffffff9b 1a ffffff85 ffffffd2 68 52 ffffff94 2e 5d ffffff97 2a ffffffc5 45 7c ffffffc7 ffffffca ffffffe8 fffffff0 2d 49 ffffffe7 ffffffd4 59 ffffffce ffffffb3 5f 34 ffffffb6 7a 55 fffffff8 7c ffffffea ffffffce ffffffae ffffff94 ffffffbd ffffffa5 45 46 64 fffffff8 ffffffa6 62 51 5b | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a48005150 | unwrapped: 24 0f 74 e7 9a b3 06 d9 8a 59 a3 4a 6f ed 7b 85 | unwrapped: 3c ea 05 58 47 51 27 24 65 01 f2 4c 1c 52 3e 99 | unwrapped: ad 15 30 60 3b ed 71 70 14 ea 2b 2b 1f 2f 95 0b | unwrapped: 01 f4 d4 7b 76 bb 02 31 93 cb 20 db cb ca 4f b6 | unwrapped: 82 4c a5 cc c5 8a 82 5d f8 1a 3c da 95 9b 7d 53 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a5f029520 | result: final-key@0x564e2d1a5000 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d1a5000 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f029508 | result: final-key@0x564e2d19f7a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564e2d1a5000 | prf+0 PRF sha final-key@0x564e2d19f7a0 (size 20) | prf+0: key-key@0x564e2d19f7a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x564e2d19f7a0 | prf+N PRF sha init key-key@0x7f2a5000a510 (size 20) | prf+N: key-key@0x7f2a5000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a5000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f029518 | result: clone-key@0x564e2d1a5000 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a48002e80 from key-key@0x564e2d1a5000 | prf+N prf: begin sha with context 0x7f2a48002e80 from key-key@0x564e2d1a5000 | prf+N: release clone-key@0x564e2d1a5000 | prf+N PRF sha crypt-prf@0x7f2a48001f40 | prf+N PRF sha update old_t-key@0x564e2d19f7a0 (size 20) | prf+N: old_t-key@0x564e2d19f7a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564e2d19f7a0 | nss hmac digest hack: symkey-key@0x564e2d19f7a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1594003808: 21 ffffffe8 4c ffffffe3 6f ffffff9c fffffff0 ffffff84 ffffffb0 51 ffffffd3 ffffffab 38 ffffffd9 ffffffad ffffffc1 ffffffa7 26 ffffffb6 4a ffffffcd ffffffa0 3d ffffffb6 ffffff9e 42 21 7d 6c ffffffc4 76 ffffffd7 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a480051b0 | unwrapped: cd a1 6e 9b 57 ff d5 f2 74 b9 1b 0e 99 56 b8 90 | unwrapped: b1 a5 61 73 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564e2d1aba50 (size 80) | prf+N: seed-key@0x564e2d1aba50 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564e2d1aba50 | nss hmac digest hack: symkey-key@0x564e2d1aba50 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1594003808: 2e fffffffb 0a fffffff7 74 ffffff9d 22 ffffffa9 fffffffe 4b ffffff8d 3e ffffff83 42 ffffffb6 ffffffb6 52 ffffffc1 ffffffa5 ffffff95 ffffffb8 03 05 4d 25 23 ffffffd4 ffffffab ffffff87 2b 74 fffffffc 7b 0e ffffff9b 1a ffffff85 ffffffd2 68 52 ffffff94 2e 5d ffffff97 2a ffffffc5 45 7c ffffffc7 ffffffca ffffffe8 fffffff0 2d 49 ffffffe7 ffffffd4 59 ffffffce ffffffb3 5f 34 ffffffb6 7a 55 fffffff8 7c ffffffea ffffffce ffffffae ffffff94 ffffffbd ffffffa5 45 46 64 fffffff8 ffffffa6 62 51 5b | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a480050f0 | unwrapped: 24 0f 74 e7 9a b3 06 d9 8a 59 a3 4a 6f ed 7b 85 | unwrapped: 3c ea 05 58 47 51 27 24 65 01 f2 4c 1c 52 3e 99 | unwrapped: ad 15 30 60 3b ed 71 70 14 ea 2b 2b 1f 2f 95 0b | unwrapped: 01 f4 d4 7b 76 bb 02 31 93 cb 20 db cb ca 4f b6 | unwrapped: 82 4c a5 cc c5 8a 82 5d f8 1a 3c da 95 9b 7d 53 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a5f029520 | result: final-key@0x564e2d19df20 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d19df20 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f029508 | result: final-key@0x564e2d1a5000 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564e2d19df20 | prf+N PRF sha final-key@0x564e2d1a5000 (size 20) | prf+N: key-key@0x564e2d1a5000 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d19f7a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a5f029598 | result: result-key@0x564e2d19df20 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564e2d19f7a0 | prfplus: release old_t[N]-key@0x564e2d19f7a0 | prf+N PRF sha init key-key@0x7f2a5000a510 (size 20) | prf+N: key-key@0x7f2a5000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a5000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f029518 | result: clone-key@0x564e2d19f7a0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a48002e80 from key-key@0x564e2d19f7a0 | prf+N prf: begin sha with context 0x7f2a48002e80 from key-key@0x564e2d19f7a0 | prf+N: release clone-key@0x564e2d19f7a0 | prf+N PRF sha crypt-prf@0x7f2a48001270 | prf+N PRF sha update old_t-key@0x564e2d1a5000 (size 20) | prf+N: old_t-key@0x564e2d1a5000 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564e2d1a5000 | nss hmac digest hack: symkey-key@0x564e2d1a5000 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1594003808: 07 ffffffcb ffffffbe 14 ffffffd8 fffffffe ffffff83 ffffffcb ffffffc8 ffffffc9 49 2b 57 ffffff99 5e 73 ffffffa5 ffffffba ffffffe9 ffffff94 67 ffffffc1 76 ffffff91 76 43 2f ffffffac 52 fffffffb ffffffd1 51 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a48005cd0 | unwrapped: 84 3b 61 e4 ff d3 c6 e5 93 af 6f 7a 47 ec fa 95 | unwrapped: bd 2e 54 1d 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564e2d1aba50 (size 80) | prf+N: seed-key@0x564e2d1aba50 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564e2d1aba50 | nss hmac digest hack: symkey-key@0x564e2d1aba50 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1594003808: 2e fffffffb 0a fffffff7 74 ffffff9d 22 ffffffa9 fffffffe 4b ffffff8d 3e ffffff83 42 ffffffb6 ffffffb6 52 ffffffc1 ffffffa5 ffffff95 ffffffb8 03 05 4d 25 23 ffffffd4 ffffffab ffffff87 2b 74 fffffffc 7b 0e ffffff9b 1a ffffff85 ffffffd2 68 52 ffffff94 2e 5d ffffff97 2a ffffffc5 45 7c ffffffc7 ffffffca ffffffe8 fffffff0 2d 49 ffffffe7 ffffffd4 59 ffffffce ffffffb3 5f 34 ffffffb6 7a 55 fffffff8 7c ffffffea ffffffce ffffffae ffffff94 ffffffbd ffffffa5 45 46 64 fffffff8 ffffffa6 62 51 5b | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a48005090 | unwrapped: 24 0f 74 e7 9a b3 06 d9 8a 59 a3 4a 6f ed 7b 85 | unwrapped: 3c ea 05 58 47 51 27 24 65 01 f2 4c 1c 52 3e 99 | unwrapped: ad 15 30 60 3b ed 71 70 14 ea 2b 2b 1f 2f 95 0b | unwrapped: 01 f4 d4 7b 76 bb 02 31 93 cb 20 db cb ca 4f b6 | unwrapped: 82 4c a5 cc c5 8a 82 5d f8 1a 3c da 95 9b 7d 53 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a5f029520 | result: final-key@0x564e2d1a8430 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d1a8430 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f029508 | result: final-key@0x564e2d19f7a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564e2d1a8430 | prf+N PRF sha final-key@0x564e2d19f7a0 (size 20) | prf+N: key-key@0x564e2d19f7a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d19df20 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a5f029598 | result: result-key@0x564e2d1a8430 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564e2d19df20 | prfplus: release old_t[N]-key@0x564e2d1a5000 | prf+N PRF sha init key-key@0x7f2a5000a510 (size 20) | prf+N: key-key@0x7f2a5000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a5000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f029518 | result: clone-key@0x564e2d1a5000 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a48002e80 from key-key@0x564e2d1a5000 | prf+N prf: begin sha with context 0x7f2a48002e80 from key-key@0x564e2d1a5000 | prf+N: release clone-key@0x564e2d1a5000 | prf+N PRF sha crypt-prf@0x7f2a48002010 | prf+N PRF sha update old_t-key@0x564e2d19f7a0 (size 20) | prf+N: old_t-key@0x564e2d19f7a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564e2d19f7a0 | nss hmac digest hack: symkey-key@0x564e2d19f7a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1594003808: 2a 26 ffffffbf 2d 16 ffffffec ffffffe1 fffffff8 ffffffd6 03 ffffff8c ffffffb9 ffffffd5 ffffffdb ffffff80 5f 08 3d 1d 31 16 ffffffa4 09 1e ffffffbf ffffffda ffffffc7 77 ffffff87 ffffffaa 33 01 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a48005cd0 | unwrapped: 34 ba ba bb c1 a0 4c 3f de 35 68 25 da ed 1f 5b | unwrapped: 45 b3 ed 9d 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564e2d1aba50 (size 80) | prf+N: seed-key@0x564e2d1aba50 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564e2d1aba50 | nss hmac digest hack: symkey-key@0x564e2d1aba50 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1594003808: 2e fffffffb 0a fffffff7 74 ffffff9d 22 ffffffa9 fffffffe 4b ffffff8d 3e ffffff83 42 ffffffb6 ffffffb6 52 ffffffc1 ffffffa5 ffffff95 ffffffb8 03 05 4d 25 23 ffffffd4 ffffffab ffffff87 2b 74 fffffffc 7b 0e ffffff9b 1a ffffff85 ffffffd2 68 52 ffffff94 2e 5d ffffff97 2a ffffffc5 45 7c ffffffc7 ffffffca ffffffe8 fffffff0 2d 49 ffffffe7 ffffffd4 59 ffffffce ffffffb3 5f 34 ffffffb6 7a 55 fffffff8 7c ffffffea ffffffce ffffffae ffffff94 ffffffbd ffffffa5 45 46 64 fffffff8 ffffffa6 62 51 5b | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a48005030 | unwrapped: 24 0f 74 e7 9a b3 06 d9 8a 59 a3 4a 6f ed 7b 85 | unwrapped: 3c ea 05 58 47 51 27 24 65 01 f2 4c 1c 52 3e 99 | unwrapped: ad 15 30 60 3b ed 71 70 14 ea 2b 2b 1f 2f 95 0b | unwrapped: 01 f4 d4 7b 76 bb 02 31 93 cb 20 db cb ca 4f b6 | unwrapped: 82 4c a5 cc c5 8a 82 5d f8 1a 3c da 95 9b 7d 53 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a5f029520 | result: final-key@0x564e2d19df20 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d19df20 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f029508 | result: final-key@0x564e2d1a5000 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564e2d19df20 | prf+N PRF sha final-key@0x564e2d1a5000 (size 20) | prf+N: key-key@0x564e2d1a5000 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d1a8430 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a5f029598 | result: result-key@0x564e2d19df20 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564e2d1a8430 | prfplus: release old_t[N]-key@0x564e2d19f7a0 | prf+N PRF sha init key-key@0x7f2a5000a510 (size 20) | prf+N: key-key@0x7f2a5000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a5000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f029518 | result: clone-key@0x564e2d19f7a0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a48002e80 from key-key@0x564e2d19f7a0 | prf+N prf: begin sha with context 0x7f2a48002e80 from key-key@0x564e2d19f7a0 | prf+N: release clone-key@0x564e2d19f7a0 | prf+N PRF sha crypt-prf@0x7f2a48001270 | prf+N PRF sha update old_t-key@0x564e2d1a5000 (size 20) | prf+N: old_t-key@0x564e2d1a5000 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564e2d1a5000 | nss hmac digest hack: symkey-key@0x564e2d1a5000 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1594003808: 70 ffffff84 3a 07 0e 73 ffffffc8 5e 24 ffffff8a ffffffea ffffffcb ffffffba ffffff8a ffffffa0 5a 57 ffffffb4 ffffffc6 ffffffc4 ffffffcf ffffff93 fffffff5 11 32 ffffffb7 ffffffe1 3e ffffffd2 fffffff9 0a ffffff97 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a48005c30 | unwrapped: 1f e2 b3 58 0e 4f 84 47 40 9b c7 28 41 cf 32 76 | unwrapped: 3c 0e 6e ee 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564e2d1aba50 (size 80) | prf+N: seed-key@0x564e2d1aba50 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564e2d1aba50 | nss hmac digest hack: symkey-key@0x564e2d1aba50 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1594003808: 2e fffffffb 0a fffffff7 74 ffffff9d 22 ffffffa9 fffffffe 4b ffffff8d 3e ffffff83 42 ffffffb6 ffffffb6 52 ffffffc1 ffffffa5 ffffff95 ffffffb8 03 05 4d 25 23 ffffffd4 ffffffab ffffff87 2b 74 fffffffc 7b 0e ffffff9b 1a ffffff85 ffffffd2 68 52 ffffff94 2e 5d ffffff97 2a ffffffc5 45 7c ffffffc7 ffffffca ffffffe8 fffffff0 2d 49 ffffffe7 ffffffd4 59 ffffffce ffffffb3 5f 34 ffffffb6 7a 55 fffffff8 7c ffffffea ffffffce ffffffae ffffff94 ffffffbd ffffffa5 45 46 64 fffffff8 ffffffa6 62 51 5b | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a48005e20 | unwrapped: 24 0f 74 e7 9a b3 06 d9 8a 59 a3 4a 6f ed 7b 85 | unwrapped: 3c ea 05 58 47 51 27 24 65 01 f2 4c 1c 52 3e 99 | unwrapped: ad 15 30 60 3b ed 71 70 14 ea 2b 2b 1f 2f 95 0b | unwrapped: 01 f4 d4 7b 76 bb 02 31 93 cb 20 db cb ca 4f b6 | unwrapped: 82 4c a5 cc c5 8a 82 5d f8 1a 3c da 95 9b 7d 53 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a5f029520 | result: final-key@0x564e2d1a8430 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d1a8430 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f029508 | result: final-key@0x564e2d19f7a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564e2d1a8430 | prf+N PRF sha final-key@0x564e2d19f7a0 (size 20) | prf+N: key-key@0x564e2d19f7a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d19df20 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a5f029598 | result: result-key@0x564e2d1a8430 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564e2d19df20 | prfplus: release old_t[N]-key@0x564e2d1a5000 | prf+N PRF sha init key-key@0x7f2a5000a510 (size 20) | prf+N: key-key@0x7f2a5000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a5000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f029518 | result: clone-key@0x564e2d1a5000 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a48005b80 from key-key@0x564e2d1a5000 | prf+N prf: begin sha with context 0x7f2a48005b80 from key-key@0x564e2d1a5000 | prf+N: release clone-key@0x564e2d1a5000 | prf+N PRF sha crypt-prf@0x7f2a48002010 | prf+N PRF sha update old_t-key@0x564e2d19f7a0 (size 20) | prf+N: old_t-key@0x564e2d19f7a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564e2d19f7a0 | nss hmac digest hack: symkey-key@0x564e2d19f7a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1594003808: 1f 64 fffffffe ffffffb7 ffffffe0 ffffff8e ffffffa0 ffffff8e 1f 2f ffffffd9 03 ffffffab 25 ffffffd3 ffffffa4 ffffffdf 4d 78 2e ffffffc0 ffffffd8 18 32 63 ffffffe2 ffffffcf ffffffe3 ffffffa1 2c 04 ffffffc1 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a48005cd0 | unwrapped: 7c f3 11 6e 29 5d 15 fa 06 8e b6 df 54 21 ce 76 | unwrapped: 69 4c 37 56 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564e2d1aba50 (size 80) | prf+N: seed-key@0x564e2d1aba50 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564e2d1aba50 | nss hmac digest hack: symkey-key@0x564e2d1aba50 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1594003808: 2e fffffffb 0a fffffff7 74 ffffff9d 22 ffffffa9 fffffffe 4b ffffff8d 3e ffffff83 42 ffffffb6 ffffffb6 52 ffffffc1 ffffffa5 ffffff95 ffffffb8 03 05 4d 25 23 ffffffd4 ffffffab ffffff87 2b 74 fffffffc 7b 0e ffffff9b 1a ffffff85 ffffffd2 68 52 ffffff94 2e 5d ffffff97 2a ffffffc5 45 7c ffffffc7 ffffffca ffffffe8 fffffff0 2d 49 ffffffe7 ffffffd4 59 ffffffce ffffffb3 5f 34 ffffffb6 7a 55 fffffff8 7c ffffffea ffffffce ffffffae ffffff94 ffffffbd ffffffa5 45 46 64 fffffff8 ffffffa6 62 51 5b | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a480050f0 | unwrapped: 24 0f 74 e7 9a b3 06 d9 8a 59 a3 4a 6f ed 7b 85 | unwrapped: 3c ea 05 58 47 51 27 24 65 01 f2 4c 1c 52 3e 99 | unwrapped: ad 15 30 60 3b ed 71 70 14 ea 2b 2b 1f 2f 95 0b | unwrapped: 01 f4 d4 7b 76 bb 02 31 93 cb 20 db cb ca 4f b6 | unwrapped: 82 4c a5 cc c5 8a 82 5d f8 1a 3c da 95 9b 7d 53 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a5f029520 | result: final-key@0x564e2d19df20 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d19df20 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f029508 | result: final-key@0x564e2d1a5000 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564e2d19df20 | prf+N PRF sha final-key@0x564e2d1a5000 (size 20) | prf+N: key-key@0x564e2d1a5000 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d1a8430 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a5f029598 | result: result-key@0x564e2d19df20 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564e2d1a8430 | prfplus: release old_t[N]-key@0x564e2d19f7a0 | prf+N PRF sha init key-key@0x7f2a5000a510 (size 20) | prf+N: key-key@0x7f2a5000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a5000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f029518 | result: clone-key@0x564e2d19f7a0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a48002e80 from key-key@0x564e2d19f7a0 | prf+N prf: begin sha with context 0x7f2a48002e80 from key-key@0x564e2d19f7a0 | prf+N: release clone-key@0x564e2d19f7a0 | prf+N PRF sha crypt-prf@0x7f2a48001270 | prf+N PRF sha update old_t-key@0x564e2d1a5000 (size 20) | prf+N: old_t-key@0x564e2d1a5000 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564e2d1a5000 | nss hmac digest hack: symkey-key@0x564e2d1a5000 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1594003808: 49 2a ffffff8d ffffff86 ffffffb0 ffffffa5 ffffffbe 42 ffffffdb 46 06 29 34 ffffff8c ffffff89 4b ffffffc5 2b ffffff94 ffffffb2 ffffff95 05 ffffffac 39 ffffffd5 ffffffc7 fffffffe 67 ffffffc3 21 69 fffffff5 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a48005f00 | unwrapped: 6f 57 b4 37 5c db 57 c6 94 d5 e5 09 bd 92 07 3a | unwrapped: 12 07 e7 f9 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564e2d1aba50 (size 80) | prf+N: seed-key@0x564e2d1aba50 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564e2d1aba50 | nss hmac digest hack: symkey-key@0x564e2d1aba50 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1594003808: 2e fffffffb 0a fffffff7 74 ffffff9d 22 ffffffa9 fffffffe 4b ffffff8d 3e ffffff83 42 ffffffb6 ffffffb6 52 ffffffc1 ffffffa5 ffffff95 ffffffb8 03 05 4d 25 23 ffffffd4 ffffffab ffffff87 2b 74 fffffffc 7b 0e ffffff9b 1a ffffff85 ffffffd2 68 52 ffffff94 2e 5d ffffff97 2a ffffffc5 45 7c ffffffc7 ffffffca ffffffe8 fffffff0 2d 49 ffffffe7 ffffffd4 59 ffffffce ffffffb3 5f 34 ffffffb6 7a 55 fffffff8 7c ffffffea ffffffce ffffffae ffffff94 ffffffbd ffffffa5 45 46 64 fffffff8 ffffffa6 62 51 5b | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a48005e20 | unwrapped: 24 0f 74 e7 9a b3 06 d9 8a 59 a3 4a 6f ed 7b 85 | unwrapped: 3c ea 05 58 47 51 27 24 65 01 f2 4c 1c 52 3e 99 | unwrapped: ad 15 30 60 3b ed 71 70 14 ea 2b 2b 1f 2f 95 0b | unwrapped: 01 f4 d4 7b 76 bb 02 31 93 cb 20 db cb ca 4f b6 | unwrapped: 82 4c a5 cc c5 8a 82 5d f8 1a 3c da 95 9b 7d 53 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a5f029520 | result: final-key@0x564e2d1a8430 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d1a8430 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f029508 | result: final-key@0x564e2d19f7a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564e2d1a8430 | prf+N PRF sha final-key@0x564e2d19f7a0 (size 20) | prf+N: key-key@0x564e2d19f7a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d19df20 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a5f029598 | result: result-key@0x564e2d1a8430 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564e2d19df20 | prfplus: release old_t[N]-key@0x564e2d1a5000 | prfplus: release old_t[final]-key@0x564e2d19f7a0 | ike_sa_keymat: release data-key@0x564e2d1aba50 | calc_skeyseed_v2: release skeyseed_k-key@0x7f2a5000a510 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d1a8430 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f029738 | result: result-key@0x7f2a5000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d1a8430 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f029738 | result: result-key@0x564e2d1aba50 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d1a8430 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f029738 | result: result-key@0x564e2d19f7a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x564e2d1a8430 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f029748 | result: SK_ei_k-key@0x564e2d1a5000 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x564e2d1a8430 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f029748 | result: SK_er_k-key@0x564e2d19df20 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d1a8430 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f029748 | result: result-key@0x564e2d1aa0f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x564e2d1aa0f0 | chunk_SK_pi: symkey-key@0x564e2d1aa0f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)540291872: ffffff88 ffffffe7 45 15 11 48 71 5c 6a 57 0e ffffff83 47 62 ffffffea 38 76 ffffffc3 35 ffffffbf 33 fffffff9 ffffffef 43 ffffffa1 ffffffe2 10 58 ffffffd0 70 ffffff92 ffffff84 | chunk_SK_pi: release slot-key-key@0x564e2d1a1c00 | chunk_SK_pi extracted len 32 bytes at 0x7f2a480062f0 | unwrapped: 54 21 ce 76 69 4c 37 56 6f 57 b4 37 5c db 57 c6 | unwrapped: 94 d5 e5 09 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d1a8430 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f029748 | result: result-key@0x564e2d1c1940 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x564e2d1c1940 | chunk_SK_pr: symkey-key@0x564e2d1c1940 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)540291872: 4a 52 31 0d 0f ffffff8d ffffff97 0e 69 ffffffe9 4d 79 22 ffffffd4 ffffff9a ffffffc3 ffffffe7 27 55 ffffffc1 ffffff9a ffffffc4 07 4e 7a ffffff97 ffffffb7 18 ffffffe9 60 ffffff82 fffffff6 | chunk_SK_pr: release slot-key-key@0x564e2d1a1c00 | chunk_SK_pr extracted len 32 bytes at 0x7f2a48006320 | unwrapped: bd 92 07 3a 12 07 e7 f9 1b 93 91 44 e8 1c 5a c6 | unwrapped: 75 ab 8f 0f 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x564e2d1a8430 | calc_skeyseed_v2 pointers: shared-key@0x7f2a5000d640, SK_d-key@0x7f2a5000a510, SK_ai-key@0x564e2d1aba50, SK_ar-key@0x564e2d19f7a0, SK_ei-key@0x564e2d1a5000, SK_er-key@0x564e2d19df20, SK_pi-key@0x564e2d1aa0f0, SK_pr-key@0x564e2d1c1940 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | 54 21 ce 76 69 4c 37 56 6f 57 b4 37 5c db 57 c6 | 94 d5 e5 09 | calc_skeyseed_v2 SK_pr | bd 92 07 3a 12 07 e7 f9 1b 93 91 44 e8 1c 5a c6 | 75 ab 8f 0f | crypto helper 5 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 4 time elapsed 0.003036 seconds | (#5) spent 3.03 milliseconds in crypto helper computing work-order 4: ikev2_inI2outR2 KE (pcr) | crypto helper 5 sending results from work-order 4 for state #5 to event queue | scheduling resume sending helper answer for #5 | libevent_malloc: new ptr-libevent@0x7f2a480060f0 size 128 | crypto helper 5 waiting (nothing to do) | processing resume sending helper answer for #5 | start processing: state #5 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 5 replies to request ID 4 | calling continuation function 0x564e2b454630 | ikev2_parent_inI2outR2_continue for #5: calculating g^{xy}, sending R2 | DH secret MODP2048@0x7f2a54000d60: transferring ownership from helper IKEv2 DH to state #5 | finish_dh_v2: release st_shared_nss-key@NULL | #5 in state PARENT_R1: received v2I1, sent v2R1 | hmac PRF sha init symkey-key@0x564e2d1aba50 (size 20) | hmac: symkey-key@0x564e2d1aba50 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1aba50 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d766178 | result: clone-key@0x564e2d1a8430 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x564e2d1a8430 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x564e2d1a8430 | hmac: release clone-key@0x564e2d1a8430 | hmac PRF sha crypt-prf@0x564e2d1bb860 | hmac PRF sha update data-bytes@0x564e2d1b9eb0 (length 208) | 82 4c a5 cc c5 8a 82 5d f8 1a 3c da 95 9b 7d 53 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 83 1f 33 56 1a da 0b 7c a3 4d b0 9e bf ed 93 c6 | b6 ce 11 fa 06 f2 db ac 87 67 2b 90 a0 23 1b e3 | ed fb 87 ac b0 6d 5e 27 9d 54 a4 dc 37 4c e8 43 | c1 4c a5 28 39 b1 cc 36 58 10 3f ec 8f e3 6e 89 | 2c 96 76 d7 21 24 0b d7 18 5b 17 61 3f 4b 3e 71 | 01 1a be 6e 85 9f 3d a8 1d de 48 a7 6a 9c a3 29 | 3b b1 91 59 56 be 00 8d 9d fd e6 c5 68 58 d8 b7 | 63 5c 7e 93 d9 9b 67 a6 98 e7 34 32 f5 75 c9 e0 | d9 b9 c7 5b 84 b3 61 68 e9 cd 7e cb 5d 82 21 65 | e6 c6 d1 e4 fd 87 13 60 3b 9a af 17 c8 38 dc 05 | d9 00 88 5a a2 9b 20 8d 1c 8f b2 73 95 7a 31 18 | hmac PRF sha final-bytes@0x7fff8d766340 (length 20) | 28 8c 95 da fb e9 e2 68 b5 dc a7 a0 0b 15 ed 9d | 6a c9 d8 56 | data for hmac: 82 4c a5 cc c5 8a 82 5d f8 1a 3c da 95 9b 7d 53 | data for hmac: 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | data for hmac: 83 1f 33 56 1a da 0b 7c a3 4d b0 9e bf ed 93 c6 | data for hmac: b6 ce 11 fa 06 f2 db ac 87 67 2b 90 a0 23 1b e3 | data for hmac: ed fb 87 ac b0 6d 5e 27 9d 54 a4 dc 37 4c e8 43 | data for hmac: c1 4c a5 28 39 b1 cc 36 58 10 3f ec 8f e3 6e 89 | data for hmac: 2c 96 76 d7 21 24 0b d7 18 5b 17 61 3f 4b 3e 71 | data for hmac: 01 1a be 6e 85 9f 3d a8 1d de 48 a7 6a 9c a3 29 | data for hmac: 3b b1 91 59 56 be 00 8d 9d fd e6 c5 68 58 d8 b7 | data for hmac: 63 5c 7e 93 d9 9b 67 a6 98 e7 34 32 f5 75 c9 e0 | data for hmac: d9 b9 c7 5b 84 b3 61 68 e9 cd 7e cb 5d 82 21 65 | data for hmac: e6 c6 d1 e4 fd 87 13 60 3b 9a af 17 c8 38 dc 05 | data for hmac: d9 00 88 5a a2 9b 20 8d 1c 8f b2 73 95 7a 31 18 | calculated auth: 28 8c 95 da fb e9 e2 68 b5 dc a7 a0 | provided auth: 28 8c 95 da fb e9 e2 68 b5 dc a7 a0 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 83 1f 33 56 1a da 0b 7c a3 4d b0 9e bf ed 93 c6 | payload before decryption: | b6 ce 11 fa 06 f2 db ac 87 67 2b 90 a0 23 1b e3 | ed fb 87 ac b0 6d 5e 27 9d 54 a4 dc 37 4c e8 43 | c1 4c a5 28 39 b1 cc 36 58 10 3f ec 8f e3 6e 89 | 2c 96 76 d7 21 24 0b d7 18 5b 17 61 3f 4b 3e 71 | 01 1a be 6e 85 9f 3d a8 1d de 48 a7 6a 9c a3 29 | 3b b1 91 59 56 be 00 8d 9d fd e6 c5 68 58 d8 b7 | 63 5c 7e 93 d9 9b 67 a6 98 e7 34 32 f5 75 c9 e0 | d9 b9 c7 5b 84 b3 61 68 e9 cd 7e cb 5d 82 21 65 | e6 c6 d1 e4 fd 87 13 60 3b 9a af 17 c8 38 dc 05 | d9 00 88 5a a2 9b 20 8d 1c 8f b2 73 95 7a 31 18 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | d3 7b 25 5c be 79 e1 90 9d 77 41 8e ba 54 2a 24 | cd 76 b7 9c 2c 00 00 2c 00 00 00 28 01 03 04 03 | f8 b7 f2 8a 03 00 00 0c 01 00 00 0c 80 0e 00 00 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | stripping 16 octets as pad | #5 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) | **parse IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDi (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Responder: process IKE_AUTH request | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request "east" #5: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} | #5 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | received IDr payload - extracting our alleged ID | refine_host_connection for IKEv2: starting with "east" | match_id a=@west | b=@west | results matched | refine_host_connection: checking "east" against "east", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) | Warning: not switching back to template of current instance | Peer expects us to be @east (ID_FQDN) according to its IDr payload | This connection's local id is @east (ID_FQDN) | refine_host_connection: checked east against east, now for see if best | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x564e2d1ae180 (line=1) | concluding with best_match=014 best=0x564e2d1ae180 (lineno=1) | returning because exact peer id match | offered CA: '%none' "east" #5: IKEv2 mode peer ID is ID_FQDN: '@west' | hmac PRF sha init symkey-key@0x564e2d1aa0f0 (size 20) | hmac: symkey-key@0x564e2d1aa0f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1aa0f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765be8 | result: clone-key@0x564e2d1a8430 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x564e2d1a8430 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x564e2d1a8430 | hmac: release clone-key@0x564e2d1a8430 | hmac PRF sha crypt-prf@0x564e2d1be630 | idhash verify I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x564e2d1b9ee4 (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7fff8d765da0 (length 20) | 73 67 57 9c 6e 28 6f c6 01 04 e1 d2 e2 a4 15 66 | 1f 72 b7 33 | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x564e2d1ae180 (line=1) | concluding with best_match=014 best=0x564e2d1ae180 (lineno=1) | inputs to hash1 (first packet) | 82 4c a5 cc c5 8a 82 5d 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 09 c7 d8 8a b4 62 98 cc 8f 08 ef cb | 87 1d 10 d1 77 a2 b0 b8 be 29 34 3a 9c 37 e5 fc | f0 2f 62 1a fd 64 25 cd 36 59 ae dc d7 58 6c b1 | 96 af 41 2a 81 40 27 99 d9 75 c6 2b a9 d4 bf fe | 57 e5 51 b6 4c d6 06 2b 53 b9 05 d9 9f 91 47 e9 | 85 6c 06 7f df e3 9c df 4b 6d b9 8e 07 97 23 84 | 2b a9 98 39 32 66 6c bd c4 52 b5 39 a4 f1 67 2c | 3e d5 db 11 51 7c ce 75 13 77 26 d3 49 eb 9d 61 | 9c 64 45 d0 a0 1a 26 8d 16 86 40 f9 5e c7 9b e6 | bc a9 fd 5e 1e c1 cc 96 fe b9 f6 9e 4a bc 02 be | 7b bc 8a 80 bd 96 25 5f 6d 74 a4 95 c3 a8 df b6 | 91 8f c4 91 68 82 9e d9 c2 87 56 7d 74 27 86 10 | a5 0a ae 5a 2d 3c 58 97 43 a5 ef 4b 0e 11 7d 54 | 44 eb eb 62 97 3f 68 a7 fb 02 e3 68 96 76 34 3e | aa c8 a8 9f 83 22 10 c3 c3 14 d8 76 25 d2 65 1c | 4f 23 66 c7 d1 d3 8e 15 4b ae 80 06 6a f0 1b fb | a5 88 2b a6 29 00 00 24 24 0f 74 e7 9a b3 06 d9 | 8a 59 a3 4a 6f ed 7b 85 3c ea 05 58 47 51 27 24 | 65 01 f2 4c 1c 52 3e 99 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 9b 5c de 7c 09 c2 d8 70 | be b5 ff 2d 00 69 a0 6f 32 11 5c ef 00 00 00 1c | 00 00 40 05 fc a4 14 e1 6d 31 46 f2 b5 bc 73 9c | 40 04 7b 68 08 f0 79 72 | verify: initiator inputs to hash2 (responder nonce) | ad 15 30 60 3b ed 71 70 14 ea 2b 2b 1f 2f 95 0b | 01 f4 d4 7b 76 bb 02 31 93 cb 20 db cb ca 4f b6 | idhash 73 67 57 9c 6e 28 6f c6 01 04 e1 d2 e2 a4 15 66 | idhash 1f 72 b7 33 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x564e2d1b8960 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d7659f0 | result: shared secret-key@0x7f2a58006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7f2a58006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7659d8 | result: shared secret-key@0x564e2d1a8430 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7f2a58006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x564e2d1a1160 from shared secret-key@0x564e2d1a8430 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x564e2d1a1160 from shared secret-key@0x564e2d1a8430 | = prf(,"Key Pad for IKEv2"): release clone-key@0x564e2d1a8430 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x564e2d1bb860 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x564e2b4e7bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765a10 | result: final-key@0x7f2a58006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a58006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7659f8 | result: final-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a58006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x564e2d1a8430 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x564e2d1a8430 (size 20) | = prf(, ): -key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765a08 | result: clone-key@0x7f2a58006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x564e2d1a1160 from -key@0x7f2a58006900 | = prf(, ) prf: begin sha with context 0x564e2d1a1160 from -key@0x7f2a58006900 | = prf(, ): release clone-key@0x7f2a58006900 | = prf(, ) PRF sha crypt-prf@0x564e2d1bb840 | = prf(, ) PRF sha update first-packet-bytes@0x564e2d1be2c0 (length 440) | 82 4c a5 cc c5 8a 82 5d 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 09 c7 d8 8a b4 62 98 cc 8f 08 ef cb | 87 1d 10 d1 77 a2 b0 b8 be 29 34 3a 9c 37 e5 fc | f0 2f 62 1a fd 64 25 cd 36 59 ae dc d7 58 6c b1 | 96 af 41 2a 81 40 27 99 d9 75 c6 2b a9 d4 bf fe | 57 e5 51 b6 4c d6 06 2b 53 b9 05 d9 9f 91 47 e9 | 85 6c 06 7f df e3 9c df 4b 6d b9 8e 07 97 23 84 | 2b a9 98 39 32 66 6c bd c4 52 b5 39 a4 f1 67 2c | 3e d5 db 11 51 7c ce 75 13 77 26 d3 49 eb 9d 61 | 9c 64 45 d0 a0 1a 26 8d 16 86 40 f9 5e c7 9b e6 | bc a9 fd 5e 1e c1 cc 96 fe b9 f6 9e 4a bc 02 be | 7b bc 8a 80 bd 96 25 5f 6d 74 a4 95 c3 a8 df b6 | 91 8f c4 91 68 82 9e d9 c2 87 56 7d 74 27 86 10 | a5 0a ae 5a 2d 3c 58 97 43 a5 ef 4b 0e 11 7d 54 | 44 eb eb 62 97 3f 68 a7 fb 02 e3 68 96 76 34 3e | aa c8 a8 9f 83 22 10 c3 c3 14 d8 76 25 d2 65 1c | 4f 23 66 c7 d1 d3 8e 15 4b ae 80 06 6a f0 1b fb | a5 88 2b a6 29 00 00 24 24 0f 74 e7 9a b3 06 d9 | 8a 59 a3 4a 6f ed 7b 85 3c ea 05 58 47 51 27 24 | 65 01 f2 4c 1c 52 3e 99 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 9b 5c de 7c 09 c2 d8 70 | be b5 ff 2d 00 69 a0 6f 32 11 5c ef 00 00 00 1c | 00 00 40 05 fc a4 14 e1 6d 31 46 f2 b5 bc 73 9c | 40 04 7b 68 08 f0 79 72 | = prf(, ) PRF sha update nonce-bytes@0x7f2a54002af0 (length 32) | ad 15 30 60 3b ed 71 70 14 ea 2b 2b 1f 2f 95 0b | 01 f4 d4 7b 76 bb 02 31 93 cb 20 db cb ca 4f b6 | = prf(, ) PRF sha update hash-bytes@0x7fff8d765da0 (length 20) | 73 67 57 9c 6e 28 6f c6 01 04 e1 d2 e2 a4 15 66 | 1f 72 b7 33 | = prf(, ) PRF sha final-chunk@0x564e2d1be630 (length 20) | d3 7b 25 5c be 79 e1 90 9d 77 41 8e ba 54 2a 24 | cd 76 b7 9c | psk_auth: release prf-psk-key@0x564e2d1a8430 | Received PSK auth octets | d3 7b 25 5c be 79 e1 90 9d 77 41 8e ba 54 2a 24 | cd 76 b7 9c | Calculated PSK auth octets | d3 7b 25 5c be 79 e1 90 9d 77 41 8e ba 54 2a 24 | cd 76 b7 9c "east" #5: Authenticated using authby=secret | parent state #5: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) | #5 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x564e2d1bd2c0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f2a54002b20 | event_schedule: new EVENT_SA_REKEY-pe@0x7f2a54002b20 | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #5 | libevent_malloc: new ptr-libevent@0x564e2d1bd2c0 size 128 | pstats #5 ikev2.ike established | **emit ISAKMP Message: | initiator cookie: | 82 4c a5 cc c5 8a 82 5d | responder cookie: | f8 1a 3c da 95 9b 7d 53 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | hmac PRF sha init symkey-key@0x564e2d1c1940 (size 20) | hmac: symkey-key@0x564e2d1c1940 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1c1940 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765558 | result: clone-key@0x564e2d1a8430 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x564e2d1a8430 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x564e2d1a8430 | hmac: release clone-key@0x564e2d1a8430 | hmac PRF sha crypt-prf@0x564e2d1bd370 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload | my identity 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | idhash calc R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x564e2b553974 (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7fff8d765860 (length 20) | c0 c2 b0 26 be c9 91 20 9f e5 76 1e 1e 89 bc a4 | 9a 71 9f 08 | assembled IDr payload | CHILD SA proposals received | going to assemble AUTH payload | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x564e2d1ae180 (line=1) | concluding with best_match=014 best=0x564e2d1ae180 (lineno=1) | inputs to hash1 (first packet) | 82 4c a5 cc c5 8a 82 5d f8 1a 3c da 95 9b 7d 53 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 13 0d 91 a4 d8 1d 15 72 a7 57 0a 7e | 30 85 6b ac 7f 55 6c f9 47 b1 2b d7 9a 10 dd ee | ad ea 6e 35 80 4f df cf 28 91 73 cb 2a 71 b6 99 | d6 8e 03 9f f1 19 dc ba 0e bf 74 15 f2 90 d0 e0 | 56 30 b1 97 d8 1d cd f2 4e 0e 5d 8b 58 7a 80 fa | 8a 4c 61 68 1d c5 9c 05 19 2f 0a c1 19 95 0b 3e | 37 af 2f 4d 11 9e 28 98 6e 9d 0d f4 bb 82 cb 72 | 10 e2 c5 41 83 54 b9 e0 86 63 b2 0f 38 7d 55 69 | bd 34 5b 51 fb 85 87 81 5a 0d 24 7e 7a 04 77 39 | 6f f5 89 98 41 fc df 00 d4 2d 66 ff 7b 6f 20 aa | 3f 96 ba cc 0c 8e bc 0f 6f 9a fb f6 32 a0 97 82 | 8d 46 a1 4a 71 4c 76 ec 82 b0 21 ae 52 57 11 d6 | 02 31 b6 61 26 6e f8 3e e5 0f 77 ad c8 6b bc e1 | 55 e0 cb cd 1a 6c 10 65 52 3a 19 38 bb 62 f7 91 | ca 17 13 d8 54 cc b9 ca 7e 90 07 8c bb a9 30 16 | 1e 52 32 03 d9 a6 6f 12 ff cf f9 e1 d8 49 61 c3 | 2c 2b d3 cb 29 00 00 24 ad 15 30 60 3b ed 71 70 | 14 ea 2b 2b 1f 2f 95 0b 01 f4 d4 7b 76 bb 02 31 | 93 cb 20 db cb ca 4f b6 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 8d 9f 87 91 ef 65 0a 86 | 39 7d 9b 91 13 64 3b 37 67 b3 89 13 00 00 00 1c | 00 00 40 05 83 b0 f8 b7 74 aa 1b 4f 49 46 1e 4e | 2a 2c 6d 49 bd 23 ac 60 | create: responder inputs to hash2 (initiator nonce) | 24 0f 74 e7 9a b3 06 d9 8a 59 a3 4a 6f ed 7b 85 | 3c ea 05 58 47 51 27 24 65 01 f2 4c 1c 52 3e 99 | idhash c0 c2 b0 26 be c9 91 20 9f e5 76 1e 1e 89 bc a4 | idhash 9a 71 9f 08 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x564e2d1b8960 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765350 | result: shared secret-key@0x7f2a58006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7f2a58006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765338 | result: shared secret-key@0x564e2d1a8430 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7f2a58006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x564e2d1a1160 from shared secret-key@0x564e2d1a8430 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x564e2d1a1160 from shared secret-key@0x564e2d1a8430 | = prf(,"Key Pad for IKEv2"): release clone-key@0x564e2d1a8430 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x564e2d1be630 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x564e2b4e7bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765370 | result: final-key@0x7f2a58006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a58006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765358 | result: final-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a58006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x564e2d1a8430 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x564e2d1a8430 (size 20) | = prf(, ): -key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765368 | result: clone-key@0x7f2a58006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x564e2d1a1160 from -key@0x7f2a58006900 | = prf(, ) prf: begin sha with context 0x564e2d1a1160 from -key@0x7f2a58006900 | = prf(, ): release clone-key@0x7f2a58006900 | = prf(, ) PRF sha crypt-prf@0x564e2d1bb860 | = prf(, ) PRF sha update first-packet-bytes@0x564e2d14d210 (length 440) | 82 4c a5 cc c5 8a 82 5d f8 1a 3c da 95 9b 7d 53 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 13 0d 91 a4 d8 1d 15 72 a7 57 0a 7e | 30 85 6b ac 7f 55 6c f9 47 b1 2b d7 9a 10 dd ee | ad ea 6e 35 80 4f df cf 28 91 73 cb 2a 71 b6 99 | d6 8e 03 9f f1 19 dc ba 0e bf 74 15 f2 90 d0 e0 | 56 30 b1 97 d8 1d cd f2 4e 0e 5d 8b 58 7a 80 fa | 8a 4c 61 68 1d c5 9c 05 19 2f 0a c1 19 95 0b 3e | 37 af 2f 4d 11 9e 28 98 6e 9d 0d f4 bb 82 cb 72 | 10 e2 c5 41 83 54 b9 e0 86 63 b2 0f 38 7d 55 69 | bd 34 5b 51 fb 85 87 81 5a 0d 24 7e 7a 04 77 39 | 6f f5 89 98 41 fc df 00 d4 2d 66 ff 7b 6f 20 aa | 3f 96 ba cc 0c 8e bc 0f 6f 9a fb f6 32 a0 97 82 | 8d 46 a1 4a 71 4c 76 ec 82 b0 21 ae 52 57 11 d6 | 02 31 b6 61 26 6e f8 3e e5 0f 77 ad c8 6b bc e1 | 55 e0 cb cd 1a 6c 10 65 52 3a 19 38 bb 62 f7 91 | ca 17 13 d8 54 cc b9 ca 7e 90 07 8c bb a9 30 16 | 1e 52 32 03 d9 a6 6f 12 ff cf f9 e1 d8 49 61 c3 | 2c 2b d3 cb 29 00 00 24 ad 15 30 60 3b ed 71 70 | 14 ea 2b 2b 1f 2f 95 0b 01 f4 d4 7b 76 bb 02 31 | 93 cb 20 db cb ca 4f b6 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 8d 9f 87 91 ef 65 0a 86 | 39 7d 9b 91 13 64 3b 37 67 b3 89 13 00 00 00 1c | 00 00 40 05 83 b0 f8 b7 74 aa 1b 4f 49 46 1e 4e | 2a 2c 6d 49 bd 23 ac 60 | = prf(, ) PRF sha update nonce-bytes@0x564e2d1bb810 (length 32) | 24 0f 74 e7 9a b3 06 d9 8a 59 a3 4a 6f ed 7b 85 | 3c ea 05 58 47 51 27 24 65 01 f2 4c 1c 52 3e 99 | = prf(, ) PRF sha update hash-bytes@0x7fff8d765860 (length 20) | c0 c2 b0 26 be c9 91 20 9f e5 76 1e 1e 89 bc a4 | 9a 71 9f 08 | = prf(, ) PRF sha final-chunk@0x564e2d1bd370 (length 20) | b7 bb 5b 1b 5e 21 82 db cc 51 92 72 c9 54 1d cf | f4 ef 73 98 | psk_auth: release prf-psk-key@0x564e2d1a8430 | PSK auth octets b7 bb 5b 1b 5e 21 82 db cc 51 92 72 c9 54 1d cf | PSK auth octets f4 ef 73 98 | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth b7 bb 5b 1b 5e 21 82 db cc 51 92 72 c9 54 1d cf | PSK auth f4 ef 73 98 | emitting length of IKEv2 Authentication Payload: 28 | creating state object #6 at 0x564e2d1c5060 | State DB: adding IKEv2 state #6 in UNDEFINED | pstats #6 ikev2.child started | duplicating state object #5 "east" as #6 for IPSEC SA | #6 setting local endpoint to 192.1.2.23:500 from #5.st_localport (in duplicate_state() at state.c:1481) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x7f2a5000a510 | duplicate_state: reference st_skey_ai_nss-key@0x564e2d1aba50 | duplicate_state: reference st_skey_ar_nss-key@0x564e2d19f7a0 | duplicate_state: reference st_skey_ei_nss-key@0x564e2d1a5000 | duplicate_state: reference st_skey_er_nss-key@0x564e2d19df20 | duplicate_state: reference st_skey_pi_nss-key@0x564e2d1aa0f0 | duplicate_state: reference st_skey_pr_nss-key@0x564e2d1c1940 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #5.#6; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #5 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 | Message ID: switch-to #5.#6 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 | Child SA TS Request has ike->sa == md->st; so using parent connection | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | looking for best SPD in current connection | evaluating our conn="east" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found better spd route for TSi[0],TSr[0] | looking for better host pair | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | checking hostpair 192.0.2.0/24:0 -> 192.0.1.0/24:0 is found | investigating connection "east" as a better match | match_id a=@west | b=@west | results matched | evaluating our conn="east" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | did not find a better connection using host pair | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | using existing local ESP/AH proposals for east (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED 2:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 0 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 1 transforms | local proposal 2 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI f8 b7 f2 8a | Comparing remote proposal 1 containing 3 transforms against local proposal [1..2] of 2 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | *****parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 0 (0x0) | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: INTEG+ESN; unmatched: ENCR | remote proposal 1 does not match; unmatched remote transforms: ENCR "east" #5: no local proposal matches remote proposals 1:ESP:ENCR=AES_CBC;INTEG=HMAC_SHA1_96;ESN=DISABLED "east" #5: IKE_AUTH responder matching remote ESP/AH proposals failed, responder SA processing returned STF_FAIL+v2N_NO_PROPOSAL_CHOSEN | ikev2_child_sa_respond returned STF_FAIL+v2N_NO_PROPOSAL_CHOSEN | ikev2_parent_inI2outR2_continue_tail returned STF_FAIL+v2N_NO_PROPOSAL_CHOSEN | #5 spent 1.35 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() | suspend processing: state #5 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #6 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #6 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_FAIL+v2N_NO_PROPOSAL_CHOSEN | sending a notification reply "east" #6: responding to IKE_AUTH message (ID 1) from 192.1.2.45:500 with encrypted notification NO_PROPOSAL_CHOSEN | Opening output PBS encrypted notification | **emit ISAKMP Message: | initiator cookie: | 82 4c a5 cc c5 8a 82 5d | responder cookie: | f8 1a 3c da 95 9b 7d 53 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'encrypted notification' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | Adding a v2N Payload | ****emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'encrypted notification' | emitting length of IKEv2 Notify Payload: 8 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 26 13 3a 2c b7 50 aa 0e 54 e5 cd 8d 36 2b 43 69 | data before encryption: | 00 00 00 08 00 00 00 0e 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 3a 2a 5c 95 0c 8f ec d8 f6 6a 5e e6 28 cc ac 9d | hmac PRF sha init symkey-key@0x564e2d19f7a0 (size 20) | hmac: symkey-key@0x564e2d19f7a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d19f7a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765628 | result: clone-key@0x564e2d1a8430 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x564e2d1a8430 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x564e2d1a8430 | hmac: release clone-key@0x564e2d1a8430 | hmac PRF sha crypt-prf@0x564e2d1bff10 | hmac PRF sha update data-bytes@0x7fff8d765a60 (length 64) | 82 4c a5 cc c5 8a 82 5d f8 1a 3c da 95 9b 7d 53 | 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | 26 13 3a 2c b7 50 aa 0e 54 e5 cd 8d 36 2b 43 69 | 3a 2a 5c 95 0c 8f ec d8 f6 6a 5e e6 28 cc ac 9d | hmac PRF sha final-bytes@0x7fff8d765aa0 (length 20) | 93 1f 16 5e dd aa 9d 60 9b 69 d1 32 91 31 5f 0b | a1 28 7c 18 | data being hmac: 82 4c a5 cc c5 8a 82 5d f8 1a 3c da 95 9b 7d 53 | data being hmac: 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | data being hmac: 26 13 3a 2c b7 50 aa 0e 54 e5 cd 8d 36 2b 43 69 | data being hmac: 3a 2a 5c 95 0c 8f ec d8 f6 6a 5e e6 28 cc ac 9d | out calculated auth: | 93 1f 16 5e dd aa 9d 60 9b 69 d1 32 | sending 76 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #5) | 82 4c a5 cc c5 8a 82 5d f8 1a 3c da 95 9b 7d 53 | 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | 26 13 3a 2c b7 50 aa 0e 54 e5 cd 8d 36 2b 43 69 | 3a 2a 5c 95 0c 8f ec d8 f6 6a 5e e6 28 cc ac 9d | 93 1f 16 5e dd aa 9d 60 9b 69 d1 32 | forcing #6 to a discard event | event_schedule: new EVENT_SO_DISCARD-pe@0x564e2d1c4cb0 | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #6 | libevent_malloc: new ptr-libevent@0x7f2a54006900 size 128 | state transition function for STATE_UNDEFINED failed: v2N_NO_PROPOSAL_CHOSEN | resume sending helper answer for #5 suppresed complete_v2_state_transition() | #5 spent 1.92 milliseconds in resume sending helper answer | stop processing: state #6 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f2a480060f0 | spent 0.00284 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 444 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | c4 6c 37 92 fa 84 6c d3 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 bc 22 00 00 34 | 00 00 00 30 01 01 00 04 03 00 00 10 01 00 00 0c | 80 0e 00 80 80 0e 00 80 03 00 00 08 02 00 00 02 | 03 00 00 08 03 00 00 02 00 00 00 08 04 00 00 0e | 28 00 01 08 00 0e 00 00 a6 8a 15 c2 38 40 e8 c7 | 83 ed 53 1b 4e 0a d1 7c 7b 6b 8d fe 81 2d 18 bc | d6 09 ad 8f 84 51 42 40 45 96 2c 26 58 ed ae 32 | fc 9c 11 9e 33 6a 28 51 62 2e 45 e7 18 f1 3e 4a | 5d 50 05 c5 3a 49 c2 e4 94 62 19 e3 63 02 3b 97 | c4 05 6f 9e 18 07 86 21 00 ae 3b 97 ae 18 c3 71 | 75 bf 9a b2 b6 58 62 90 53 34 40 c1 b5 6a b3 3b | 10 f0 f7 23 3f f9 5f eb e7 b7 64 46 5d 0f 0e ca | fc c2 79 cf be a5 ad ef b4 08 81 79 99 c9 df 6d | f8 c0 e0 5e ea 12 74 8a 18 e1 d5 e1 8e 7a bc ee | 7b 29 08 8d 00 c7 bf bb 74 64 ba a2 41 23 46 4c | c2 27 89 48 87 31 84 f8 b2 ff 20 46 c9 89 59 e0 | 91 1b 1e a5 f9 de 77 b5 70 cf a4 10 bd af b8 2f | 6c d8 91 ab 1a fc 27 d4 89 94 38 33 40 50 a2 97 | 51 3e 05 fc bf a9 e6 a4 ff b3 65 8d 2d 73 6a 32 | c2 7b 0f 30 11 1d df 02 27 e6 05 55 78 01 74 e2 | 65 b1 da b1 7e 8c 89 a8 29 00 00 24 d3 6a e3 b0 | e8 f6 eb f5 1e fd 29 be 22 19 43 db e2 8e ca 2e | 80 9a af 02 20 9f 4b 5a 32 cf 64 d2 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 5b ef d7 2f | 04 2c 87 06 bf e5 e4 a8 c7 03 d8 b1 51 ba 83 33 | 00 00 00 1c 00 00 40 05 11 f6 88 df 67 58 af 8c | d8 2e b6 07 25 f1 16 6c 4a 01 f9 c3 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | c4 6c 37 92 fa 84 6c d3 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 444 (0x1bc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 52 (0x34) | processing payload: ISAKMP_NEXT_v2SA (len=48) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x564e2d1ba2a0 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x564e2b547700 (length 32) | 62 69 c2 24 61 0b eb 03 31 69 8e 34 fa 62 6b 0f | 9f 9c e7 e3 dc ef ed d7 ff d6 12 6f b4 c1 0b 04 | IKE SPIr hash sha2_256 digest counter-bytes@0x564e2b5476e0 (length 4) | 05 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff8d7668e0 (length 32) | 0e 4d 17 a5 79 8d d7 c5 11 52 9a fc e2 cb 66 27 | ce 49 ad 30 6a fd cc 0a d2 05 3f 1f d8 ec 8a b4 | creating state object #7 at 0x564e2d1bd390 | State DB: adding IKEv2 state #7 in UNDEFINED | pstats #7 ikev2.ike started | Message ID: init #7: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #7: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #7; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #7 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #7 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #7 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #7 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #7 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #7 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 48 (0x30) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 16 (0x10) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 "east" #7: proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | DH public value received: | a6 8a 15 c2 38 40 e8 c7 83 ed 53 1b 4e 0a d1 7c | 7b 6b 8d fe 81 2d 18 bc d6 09 ad 8f 84 51 42 40 | 45 96 2c 26 58 ed ae 32 fc 9c 11 9e 33 6a 28 51 | 62 2e 45 e7 18 f1 3e 4a 5d 50 05 c5 3a 49 c2 e4 | 94 62 19 e3 63 02 3b 97 c4 05 6f 9e 18 07 86 21 | 00 ae 3b 97 ae 18 c3 71 75 bf 9a b2 b6 58 62 90 | 53 34 40 c1 b5 6a b3 3b 10 f0 f7 23 3f f9 5f eb | e7 b7 64 46 5d 0f 0e ca fc c2 79 cf be a5 ad ef | b4 08 81 79 99 c9 df 6d f8 c0 e0 5e ea 12 74 8a | 18 e1 d5 e1 8e 7a bc ee 7b 29 08 8d 00 c7 bf bb | 74 64 ba a2 41 23 46 4c c2 27 89 48 87 31 84 f8 | b2 ff 20 46 c9 89 59 e0 91 1b 1e a5 f9 de 77 b5 | 70 cf a4 10 bd af b8 2f 6c d8 91 ab 1a fc 27 d4 | 89 94 38 33 40 50 a2 97 51 3e 05 fc bf a9 e6 a4 | ff b3 65 8d 2d 73 6a 32 c2 7b 0f 30 11 1d df 02 | 27 e6 05 55 78 01 74 e2 65 b1 da b1 7e 8c 89 a8 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff8d7662e0 (length 8) | c4 6c 37 92 fa 84 6c d3 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff8d7662e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff8d766274 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff8d766266 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff8d7662f0 (length 20) | 11 f6 88 df 67 58 af 8c d8 2e b6 07 25 f1 16 6c | 4a 01 f9 c3 | natd_hash: hasher=0x564e2b52a7a0(20) | natd_hash: icookie= c4 6c 37 92 fa 84 6c d3 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 11 f6 88 df 67 58 af 8c d8 2e b6 07 25 f1 16 6c | natd_hash: hash= 4a 01 f9 c3 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff8d7662e0 (length 8) | c4 6c 37 92 fa 84 6c d3 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff8d7662e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff8d766274 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff8d766266 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff8d766310 (length 20) | 5b ef d7 2f 04 2c 87 06 bf e5 e4 a8 c7 03 d8 b1 | 51 ba 83 33 | natd_hash: hasher=0x564e2b52a7a0(20) | natd_hash: icookie= c4 6c 37 92 fa 84 6c d3 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 5b ef d7 2f 04 2c 87 06 bf e5 e4 a8 c7 03 d8 b1 | natd_hash: hash= 51 ba 83 33 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 | adding ikev2_inI1outR1 KE work-order 5 for state #7 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564e2d1c33e0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #7 | libevent_malloc: new ptr-libevent@0x7f2a480060f0 size 128 | #7 spent 0.297 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #7 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND | suspending state #7 and saving MD | #7 is busy; has a suspended MD | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266) | "east" #7 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #7 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #7 spent 0.672 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.683 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 3 resuming | crypto helper 3 starting work-order 5 for state #7 | crypto helper 3 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 5 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f2a4c000d60: created | NSS: Local DH MODP2048 secret (pointer): 0x7f2a4c000d60 | NSS: Public DH wire value: | ec 25 38 75 f8 d2 7f da 3f 5b 17 e4 04 91 89 ac | 42 9f 2c 19 6f e5 bd 0a 68 ee 5b 17 95 6a a2 70 | 69 87 af cd e0 44 e0 77 20 14 8f f2 c7 6d e7 2b | 9f b9 3f 82 40 c0 32 2d bd 7e 19 55 a0 77 c7 ab | 4f 8a 2b 4c b1 c7 5f e4 0a 15 f3 75 b4 8e 64 50 | 00 f8 12 e2 9b 03 58 12 9d f2 93 53 be d5 01 97 | e3 0e 48 9d 04 78 3b 83 2b b5 b2 9c 4d d4 93 19 | 71 79 78 f5 cf 17 1e ed ea 2f d2 fb 87 7c 32 4f | b4 2a 3d bd 7b 64 c5 ab 92 da 26 d5 f0 59 f2 59 | ad 93 b1 1e e6 ee 65 59 25 c3 c5 b1 09 36 2b f6 | 87 ea 3c dd aa 99 d9 3e 73 69 57 6f e7 b1 be 5e | 0e 8c 2e 40 b6 8b 90 fd ab 0b 37 33 42 5f 8c 6a | fb a7 7e ee 24 ec 5b a8 23 73 f2 46 75 30 86 3f | f1 01 78 dd d4 85 5d c5 0e 2f 5c fd 86 9f 4a 6a | db 69 0b 8c e3 1a 55 e1 69 8c 04 b6 ed ed 55 c8 | 12 5d 01 80 01 df ac dd 0c c9 c9 27 8a 33 f5 e8 | Generated nonce: e5 0d 92 73 03 1e d2 74 65 0b a1 30 1e fd e5 f0 | Generated nonce: c9 00 37 76 61 91 30 c0 cd fe 7d 5d 8f 99 ed d4 | crypto helper 3 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 5 time elapsed 0.000989 seconds | (#7) spent 0.99 milliseconds in crypto helper computing work-order 5: ikev2_inI1outR1 KE (pcr) | crypto helper 3 sending results from work-order 5 for state #7 to event queue | scheduling resume sending helper answer for #7 | libevent_malloc: new ptr-libevent@0x7f2a4c006900 size 128 | libevent_realloc: release ptr-libevent@0x564e2d19c6a0 | libevent_realloc: new ptr-libevent@0x564e2d1be480 size 128 | crypto helper 3 waiting (nothing to do) | processing resume sending helper answer for #7 | start processing: state #7 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 5 | calling continuation function 0x564e2b454630 | ikev2_parent_inI1outR1_continue for #7: calculated ke+nonce, sending R1 | **emit ISAKMP Message: | initiator cookie: | c4 6c 37 92 fa 84 6c d3 | responder cookie: | 0e 4d 17 a5 79 8d d7 c5 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Emitting ikev2_proposal ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f2a4c000d60: transferring ownership from helper KE to state #7 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x ec 25 38 75 f8 d2 7f da 3f 5b 17 e4 04 91 89 ac | ikev2 g^x 42 9f 2c 19 6f e5 bd 0a 68 ee 5b 17 95 6a a2 70 | ikev2 g^x 69 87 af cd e0 44 e0 77 20 14 8f f2 c7 6d e7 2b | ikev2 g^x 9f b9 3f 82 40 c0 32 2d bd 7e 19 55 a0 77 c7 ab | ikev2 g^x 4f 8a 2b 4c b1 c7 5f e4 0a 15 f3 75 b4 8e 64 50 | ikev2 g^x 00 f8 12 e2 9b 03 58 12 9d f2 93 53 be d5 01 97 | ikev2 g^x e3 0e 48 9d 04 78 3b 83 2b b5 b2 9c 4d d4 93 19 | ikev2 g^x 71 79 78 f5 cf 17 1e ed ea 2f d2 fb 87 7c 32 4f | ikev2 g^x b4 2a 3d bd 7b 64 c5 ab 92 da 26 d5 f0 59 f2 59 | ikev2 g^x ad 93 b1 1e e6 ee 65 59 25 c3 c5 b1 09 36 2b f6 | ikev2 g^x 87 ea 3c dd aa 99 d9 3e 73 69 57 6f e7 b1 be 5e | ikev2 g^x 0e 8c 2e 40 b6 8b 90 fd ab 0b 37 33 42 5f 8c 6a | ikev2 g^x fb a7 7e ee 24 ec 5b a8 23 73 f2 46 75 30 86 3f | ikev2 g^x f1 01 78 dd d4 85 5d c5 0e 2f 5c fd 86 9f 4a 6a | ikev2 g^x db 69 0b 8c e3 1a 55 e1 69 8c 04 b6 ed ed 55 c8 | ikev2 g^x 12 5d 01 80 01 df ac dd 0c c9 c9 27 8a 33 f5 e8 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce e5 0d 92 73 03 1e d2 74 65 0b a1 30 1e fd e5 f0 | IKEv2 nonce c9 00 37 76 61 91 30 c0 cd fe 7d 5d 8f 99 ed d4 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff8d766830 (length 8) | c4 6c 37 92 fa 84 6c d3 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff8d766838 (length 8) | 0e 4d 17 a5 79 8d d7 c5 | NATD hash sha digest IP addr-bytes@0x7fff8d766764 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff8d766756 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff8d7667e0 (length 20) | 7d 64 93 f6 90 71 5b 5f cc ca f4 aa b5 b2 60 45 | f3 92 f5 10 | natd_hash: hasher=0x564e2b52a7a0(20) | natd_hash: icookie= c4 6c 37 92 fa 84 6c d3 | natd_hash: rcookie= 0e 4d 17 a5 79 8d d7 c5 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 7d 64 93 f6 90 71 5b 5f cc ca f4 aa b5 b2 60 45 | natd_hash: hash= f3 92 f5 10 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 7d 64 93 f6 90 71 5b 5f cc ca f4 aa b5 b2 60 45 | Notify data f3 92 f5 10 | emitting length of IKEv2 Notify Payload: 28 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff8d766830 (length 8) | c4 6c 37 92 fa 84 6c d3 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff8d766838 (length 8) | 0e 4d 17 a5 79 8d d7 c5 | NATD hash sha digest IP addr-bytes@0x7fff8d766764 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff8d766756 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff8d7667e0 (length 20) | 70 c7 36 b0 3d b1 89 aa e3 da 3b b2 dd 2b 17 ef | e3 9a f4 ca | natd_hash: hasher=0x564e2b52a7a0(20) | natd_hash: icookie= c4 6c 37 92 fa 84 6c d3 | natd_hash: rcookie= 0e 4d 17 a5 79 8d d7 c5 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 70 c7 36 b0 3d b1 89 aa e3 da 3b b2 dd 2b 17 ef | natd_hash: hash= e3 9a f4 ca | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 70 c7 36 b0 3d b1 89 aa e3 da 3b b2 dd 2b 17 ef | Notify data e3 9a f4 ca | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #7 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 | parent state #7: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) | Message ID: updating counters for #7 to 0 after switching state | Message ID: recv #7 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 | Message ID: sent #7 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 "east" #7: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 440 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #7) | c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 ec 25 38 75 f8 d2 7f da 3f 5b 17 e4 | 04 91 89 ac 42 9f 2c 19 6f e5 bd 0a 68 ee 5b 17 | 95 6a a2 70 69 87 af cd e0 44 e0 77 20 14 8f f2 | c7 6d e7 2b 9f b9 3f 82 40 c0 32 2d bd 7e 19 55 | a0 77 c7 ab 4f 8a 2b 4c b1 c7 5f e4 0a 15 f3 75 | b4 8e 64 50 00 f8 12 e2 9b 03 58 12 9d f2 93 53 | be d5 01 97 e3 0e 48 9d 04 78 3b 83 2b b5 b2 9c | 4d d4 93 19 71 79 78 f5 cf 17 1e ed ea 2f d2 fb | 87 7c 32 4f b4 2a 3d bd 7b 64 c5 ab 92 da 26 d5 | f0 59 f2 59 ad 93 b1 1e e6 ee 65 59 25 c3 c5 b1 | 09 36 2b f6 87 ea 3c dd aa 99 d9 3e 73 69 57 6f | e7 b1 be 5e 0e 8c 2e 40 b6 8b 90 fd ab 0b 37 33 | 42 5f 8c 6a fb a7 7e ee 24 ec 5b a8 23 73 f2 46 | 75 30 86 3f f1 01 78 dd d4 85 5d c5 0e 2f 5c fd | 86 9f 4a 6a db 69 0b 8c e3 1a 55 e1 69 8c 04 b6 | ed ed 55 c8 12 5d 01 80 01 df ac dd 0c c9 c9 27 | 8a 33 f5 e8 29 00 00 24 e5 0d 92 73 03 1e d2 74 | 65 0b a1 30 1e fd e5 f0 c9 00 37 76 61 91 30 c0 | cd fe 7d 5d 8f 99 ed d4 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 7d 64 93 f6 90 71 5b 5f | cc ca f4 aa b5 b2 60 45 f3 92 f5 10 00 00 00 1c | 00 00 40 05 70 c7 36 b0 3d b1 89 aa e3 da 3b b2 | dd 2b 17 ef e3 9a f4 ca | state #7 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f2a480060f0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564e2d1c33e0 | event_schedule: new EVENT_SO_DISCARD-pe@0x564e2d1c33e0 | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #7 | libevent_malloc: new ptr-libevent@0x7f2a480060f0 size 128 | resume sending helper answer for #7 suppresed complete_v2_state_transition() | #7 spent 0.474 milliseconds in resume sending helper answer | stop processing: state #7 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f2a4c006900 | spent 0.0023 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 220 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | ec 25 e8 3f 4a e2 4f b4 a3 69 18 d3 fe 7b e8 99 | 67 53 80 2e 57 be b7 24 3e 1b 05 5f a8 3f e8 c3 | ae 8d 71 e2 3b 50 f1 db d4 d0 fa dd 57 87 e8 a0 | cd e2 53 66 d8 e6 4b db eb 15 0f af 23 bb 48 e4 | c7 1d 38 20 22 41 bf ca bc c0 d0 68 c5 dd ae 38 | 58 bc 5b 75 82 58 18 53 ca 54 58 b1 a7 22 3a ef | 1a f0 2d c0 29 80 4e f7 31 09 b3 4c 8f 96 af ae | ae 8c 0c 1f 70 78 8f 64 65 40 a6 87 f6 e6 ab fa | 12 0f eb b0 d9 02 54 17 99 d2 70 46 3b dc a1 cd | 43 fd 27 34 a9 fc 7b bd ab af 22 d2 89 d4 b6 dc | 71 a3 51 6d 51 ee 21 76 87 26 45 10 5b 20 72 8c | 15 9e 6d 13 82 c8 fa 2a 45 b1 0e fc | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | c4 6c 37 92 fa 84 6c d3 | responder cookie: | 0e 4d 17 a5 79 8d d7 c5 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 220 (0xdc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request | State DB: found IKEv2 state #7 in PARENT_R1 (find_v2_ike_sa) | start processing: state #7 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #7 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 | Message ID: #7 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 192 (0xc0) | processing payload: ISAKMP_NEXT_v2SK (len=188) | Message ID: start-responder #7 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 | #7 in state PARENT_R1: received v2I1, sent v2R1 | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request (no SKEYSEED) | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f2a4c000d60: transferring ownership from state #7 to helper IKEv2 DH | adding ikev2_inI2outR2 KE work-order 6 for state #7 | state #7 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x7f2a480060f0 | free_event_entry: release EVENT_SO_DISCARD-pe@0x564e2d1c33e0 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564e2d1c33e0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #7 | libevent_malloc: new ptr-libevent@0x7f2a480060f0 size 128 | #7 spent 0.0359 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #7 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND | suspending state #7 and saving MD | #7 is busy; has a suspended MD | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266) | "east" #7 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #7 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #7 spent 0.186 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.198 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 0 resuming | crypto helper 0 starting work-order 6 for state #7 | crypto helper 0 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 6 | peer's g: a6 8a 15 c2 38 40 e8 c7 83 ed 53 1b 4e 0a d1 7c | peer's g: 7b 6b 8d fe 81 2d 18 bc d6 09 ad 8f 84 51 42 40 | peer's g: 45 96 2c 26 58 ed ae 32 fc 9c 11 9e 33 6a 28 51 | peer's g: 62 2e 45 e7 18 f1 3e 4a 5d 50 05 c5 3a 49 c2 e4 | peer's g: 94 62 19 e3 63 02 3b 97 c4 05 6f 9e 18 07 86 21 | peer's g: 00 ae 3b 97 ae 18 c3 71 75 bf 9a b2 b6 58 62 90 | peer's g: 53 34 40 c1 b5 6a b3 3b 10 f0 f7 23 3f f9 5f eb | peer's g: e7 b7 64 46 5d 0f 0e ca fc c2 79 cf be a5 ad ef | peer's g: b4 08 81 79 99 c9 df 6d f8 c0 e0 5e ea 12 74 8a | peer's g: 18 e1 d5 e1 8e 7a bc ee 7b 29 08 8d 00 c7 bf bb | peer's g: 74 64 ba a2 41 23 46 4c c2 27 89 48 87 31 84 f8 | peer's g: b2 ff 20 46 c9 89 59 e0 91 1b 1e a5 f9 de 77 b5 | peer's g: 70 cf a4 10 bd af b8 2f 6c d8 91 ab 1a fc 27 d4 | peer's g: 89 94 38 33 40 50 a2 97 51 3e 05 fc bf a9 e6 a4 | peer's g: ff b3 65 8d 2d 73 6a 32 c2 7b 0f 30 11 1d df 02 | peer's g: 27 e6 05 55 78 01 74 e2 65 b1 da b1 7e 8c 89 a8 | Started DH shared-secret computation in NSS: | new : g_ir-key@0x564e2d1a8430 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f2a4c000d60: computed shared DH secret key@0x564e2d1a8430 | dh-shared : g^ir-key@0x564e2d1a8430 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f2a40001ef0 (length 64) | d3 6a e3 b0 e8 f6 eb f5 1e fd 29 be 22 19 43 db | e2 8e ca 2e 80 9a af 02 20 9f 4b 5a 32 cf 64 d2 | e5 0d 92 73 03 1e d2 74 65 0b a1 30 1e fd e5 f0 | c9 00 37 76 61 91 30 c0 cd fe 7d 5d 8f 99 ed d4 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6182e670 | result: Ni | Nr-key@0x564e2d1bff30 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x564e2d1bff30 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6182e658 | result: Ni | Nr-key@0x7f2a58006900 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x564e2d1bff30 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f2a40002e80 from Ni | Nr-key@0x7f2a58006900 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f2a40002e80 from Ni | Nr-key@0x7f2a58006900 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x7f2a58006900 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f2a400016b0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x564e2d1a8430 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x564e2d1a8430 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x564e2d1a8430 | nss hmac digest hack: symkey-key@0x564e2d1a8430 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)1635967696: ffffffb2 10 ffffffd4 ffffffff fffffff7 ffffffb3 ffffffdf ffffffaa ffffffab 21 ffffff88 ffffffa1 78 6b 5c ffffffdb ffffffb0 ffffffd0 ffffff83 ffffffb5 57 ffffffd7 5c fffffff8 20 ffffffbf 11 00 fffffffe ffffffff 65 ffffffba ffffffb1 ffffffcb ffffff97 53 fffffffd ffffffe6 00 ffffff8b 6e 5e ffffffe2 ffffffe1 ffffffb1 ffffff9f 42 5c 24 77 ffffff96 ffffffb1 7a 7b 4b ffffff92 3f ffffffbc 49 77 30 5e 7b fffffffe ffffff98 15 ffffff8d 2d fffffff7 46 ffffffd4 50 60 ffffff95 fffffff3 19 ffffffd8 59 0d 13 ffffffb8 ffffffcf 27 68 0a ffffffea ffffffd7 39 ffffffbd ffffffe7 5a 0c fffffff3 ffffffd2 22 ffffff94 1f ffffffa3 ffffffca 6e 3b ffffffc6 ffffffbc fffffff1 ffffffe7 7f ffffffc0 4a 45 ffffffe4 ffffffa2 ffffffeb 0b ffffff85 43 77 ffffffa0 30 50 23 ffffff91 44 0c 3c 35 61 ffffffc2 32 23 ffffff98 10 ffffff9a ffffffa3 fffffff9 1e 51 29 02 ffffff8b 4d fffffff3 4c ffffff91 25 5a ffffff9a 01 52 ffffffc7 ffffffc3 ffffffa7 ffffffd5 1d 36 ffffffd4 5f 05 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 256 bytes at 0x7f2a40003dd0 | unwrapped: 1a 9b c6 2c 05 d9 16 82 6d 20 4a 57 a1 52 7c 55 | unwrapped: 2d c7 91 32 ee a5 25 5c 20 65 83 6f ad 41 57 59 | unwrapped: 7f 3b 6b 82 f8 78 2f b2 7c 7f 7d 1f 66 c3 5a b6 | unwrapped: 15 6b 82 88 ab 4a 89 8a 1a fa c5 59 9d c3 11 da | unwrapped: b2 95 2e f2 2d 0e 03 c3 2a bb af f7 1b 20 9f 14 | unwrapped: d4 92 73 47 47 74 6f fc 90 17 aa 0f f2 e2 83 af | unwrapped: 54 64 d0 aa f2 2e 6f 73 24 c3 33 b5 fe d0 82 3e | unwrapped: 00 b1 b8 10 43 7a e0 3e a9 63 6b 8e 47 d4 7d 98 | unwrapped: 4d a6 03 96 7e 34 5a 34 ae e8 f5 22 50 d0 a3 b4 | unwrapped: 6f d1 62 20 56 b3 d7 bf ae a2 75 18 15 36 df b0 | unwrapped: ec 21 c3 25 09 bb 4d e5 76 9c d2 cb b7 c6 9f 17 | unwrapped: 10 e6 45 ae 7b 3c 72 3b 52 c6 7e 4a a2 39 f7 b9 | unwrapped: cc 06 f5 4e c6 1b 1c d9 e2 9d b4 41 87 68 39 64 | unwrapped: 2d 76 98 e1 59 49 b3 6d 1a bb 4d b0 39 55 4a b1 | unwrapped: a5 ae 91 e7 a3 6f 15 e0 1f 93 72 36 d1 89 6f e1 | unwrapped: ca 79 29 ed 31 19 70 be 41 66 c4 33 3b 5a 77 08 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6182e690 | result: final-key@0x564e2d1bff30 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d1bff30 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6182e678 | result: final-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564e2d1bff30 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x7f2a58006900 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6182e600 | result: data=Ni-key@0x7f2a500069f0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x7f2a500069f0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6182e5e8 | result: data=Ni-key@0x564e2d1bff30 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x7f2a500069f0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d1bff30 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f2a6182e5f0 | result: data+=Nr-key@0x7f2a500069f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564e2d1bff30 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a500069f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f2a6182e5f0 | result: data+=SPIi-key@0x564e2d1bff30 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f2a500069f0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d1bff30 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f2a6182e5f0 | result: data+=SPIr-key@0x7f2a500069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564e2d1bff30 | prf+0 PRF sha init key-key@0x7f2a58006900 (size 20) | prf+0: key-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6182e518 | result: clone-key@0x564e2d1bff30 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f2a40002e80 from key-key@0x564e2d1bff30 | prf+0 prf: begin sha with context 0x7f2a40002e80 from key-key@0x564e2d1bff30 | prf+0: release clone-key@0x564e2d1bff30 | prf+0 PRF sha crypt-prf@0x7f2a400018a0 | prf+0 PRF sha update seed-key@0x7f2a500069f0 (size 80) | prf+0: seed-key@0x7f2a500069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7f2a500069f0 | nss hmac digest hack: symkey-key@0x7f2a500069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1635967328: ffffffb7 fffffffc fffffffd ffffffaf ffffffda ffffff87 68 04 ffffffef 73 7f ffffffbd 3f ffffffac 0f ffffffa7 20 1e ffffffbf ffffffcc 40 fffffff5 6a ffffff83 ffffffec ffffff94 ffffffab fffffff4 17 fffffff5 37 ffffffdf ffffff9f ffffff99 ffffffda 12 07 2f 1b 26 ffffffab 31 0f ffffffab ffffffd3 38 ffffffd2 ffffffe6 55 ffffffdd 70 ffffffa4 05 78 ffffffe3 2e 6f ffffff9c ffffff88 14 ffffff90 0e 12 16 ffffffa9 62 0f 65 34 6f 66 5b 01 ffffff99 30 ffffff99 ffffffa1 1c 06 ffffffa7 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a40007e90 | unwrapped: d3 6a e3 b0 e8 f6 eb f5 1e fd 29 be 22 19 43 db | unwrapped: e2 8e ca 2e 80 9a af 02 20 9f 4b 5a 32 cf 64 d2 | unwrapped: e5 0d 92 73 03 1e d2 74 65 0b a1 30 1e fd e5 f0 | unwrapped: c9 00 37 76 61 91 30 c0 cd fe 7d 5d 8f 99 ed d4 | unwrapped: c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6182e520 | result: final-key@0x564e2d1c1a10 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d1c1a10 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6182e508 | result: final-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564e2d1c1a10 | prf+0 PRF sha final-key@0x564e2d1bff30 (size 20) | prf+0: key-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x564e2d1bff30 | prf+N PRF sha init key-key@0x7f2a58006900 (size 20) | prf+N: key-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6182e518 | result: clone-key@0x564e2d1c1a10 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a40002e80 from key-key@0x564e2d1c1a10 | prf+N prf: begin sha with context 0x7f2a40002e80 from key-key@0x564e2d1c1a10 | prf+N: release clone-key@0x564e2d1c1a10 | prf+N PRF sha crypt-prf@0x7f2a40001f40 | prf+N PRF sha update old_t-key@0x564e2d1bff30 (size 20) | prf+N: old_t-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564e2d1bff30 | nss hmac digest hack: symkey-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1635967328: 03 51 fffffff7 fffffff8 2d ffffffb1 fffffff9 ffffffc3 ffffffcb ffffffbc ffffffcf 28 ffffffbf 0e 64 59 ffffffac 77 ffffffc0 5b 4d ffffffe0 ffffffce ffffffa5 60 75 ffffffcf 01 5a ffffffcf ffffffc2 ffffffef | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a40007ef0 | unwrapped: 4b ef ee 11 fc f8 b5 0d 88 4b 91 51 fe 3a f0 c8 | unwrapped: 54 de cb f1 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f2a500069f0 (size 80) | prf+N: seed-key@0x7f2a500069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7f2a500069f0 | nss hmac digest hack: symkey-key@0x7f2a500069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1635967328: ffffffb7 fffffffc fffffffd ffffffaf ffffffda ffffff87 68 04 ffffffef 73 7f ffffffbd 3f ffffffac 0f ffffffa7 20 1e ffffffbf ffffffcc 40 fffffff5 6a ffffff83 ffffffec ffffff94 ffffffab fffffff4 17 fffffff5 37 ffffffdf ffffff9f ffffff99 ffffffda 12 07 2f 1b 26 ffffffab 31 0f ffffffab ffffffd3 38 ffffffd2 ffffffe6 55 ffffffdd 70 ffffffa4 05 78 ffffffe3 2e 6f ffffff9c ffffff88 14 ffffff90 0e 12 16 ffffffa9 62 0f 65 34 6f 66 5b 01 ffffff99 30 ffffff99 ffffffa1 1c 06 ffffffa7 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a40007e30 | unwrapped: d3 6a e3 b0 e8 f6 eb f5 1e fd 29 be 22 19 43 db | unwrapped: e2 8e ca 2e 80 9a af 02 20 9f 4b 5a 32 cf 64 d2 | unwrapped: e5 0d 92 73 03 1e d2 74 65 0b a1 30 1e fd e5 f0 | unwrapped: c9 00 37 76 61 91 30 c0 cd fe 7d 5d 8f 99 ed d4 | unwrapped: c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6182e520 | result: final-key@0x7f2a40006450 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a40006450 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6182e508 | result: final-key@0x564e2d1c1a10 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a40006450 | prf+N PRF sha final-key@0x564e2d1c1a10 (size 20) | prf+N: key-key@0x564e2d1c1a10 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a6182e598 | result: result-key@0x7f2a40006450 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564e2d1bff30 | prfplus: release old_t[N]-key@0x564e2d1bff30 | prf+N PRF sha init key-key@0x7f2a58006900 (size 20) | prf+N: key-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6182e518 | result: clone-key@0x564e2d1bff30 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a40002e80 from key-key@0x564e2d1bff30 | prf+N prf: begin sha with context 0x7f2a40002e80 from key-key@0x564e2d1bff30 | prf+N: release clone-key@0x564e2d1bff30 | prf+N PRF sha crypt-prf@0x7f2a40001270 | prf+N PRF sha update old_t-key@0x564e2d1c1a10 (size 20) | prf+N: old_t-key@0x564e2d1c1a10 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564e2d1c1a10 | nss hmac digest hack: symkey-key@0x564e2d1c1a10 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1635967328: ffffff95 68 09 59 ffffffbc ffffffb9 46 79 ffffffa1 ffffffaa ffffffa9 50 ffffffa5 3c ffffffa2 52 ffffffe0 52 2d 5d 2b 16 ffffffe9 04 68 fffffffc 53 13 ffffff9b ffffffc2 fffffff2 44 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a4000b950 | unwrapped: 3c 0a 54 3f 87 51 84 1b 69 80 d0 02 43 11 a9 3d | unwrapped: 2f 8a 84 d3 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f2a500069f0 (size 80) | prf+N: seed-key@0x7f2a500069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7f2a500069f0 | nss hmac digest hack: symkey-key@0x7f2a500069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1635967328: ffffffb7 fffffffc fffffffd ffffffaf ffffffda ffffff87 68 04 ffffffef 73 7f ffffffbd 3f ffffffac 0f ffffffa7 20 1e ffffffbf ffffffcc 40 fffffff5 6a ffffff83 ffffffec ffffff94 ffffffab fffffff4 17 fffffff5 37 ffffffdf ffffff9f ffffff99 ffffffda 12 07 2f 1b 26 ffffffab 31 0f ffffffab ffffffd3 38 ffffffd2 ffffffe6 55 ffffffdd 70 ffffffa4 05 78 ffffffe3 2e 6f ffffff9c ffffff88 14 ffffff90 0e 12 16 ffffffa9 62 0f 65 34 6f 66 5b 01 ffffff99 30 ffffff99 ffffffa1 1c 06 ffffffa7 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a40007dd0 | unwrapped: d3 6a e3 b0 e8 f6 eb f5 1e fd 29 be 22 19 43 db | unwrapped: e2 8e ca 2e 80 9a af 02 20 9f 4b 5a 32 cf 64 d2 | unwrapped: e5 0d 92 73 03 1e d2 74 65 0b a1 30 1e fd e5 f0 | unwrapped: c9 00 37 76 61 91 30 c0 cd fe 7d 5d 8f 99 ed d4 | unwrapped: c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6182e520 | result: final-key@0x7f2a40009e40 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a40009e40 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6182e508 | result: final-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a40009e40 | prf+N PRF sha final-key@0x564e2d1bff30 (size 20) | prf+N: key-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a40006450 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a6182e598 | result: result-key@0x7f2a40009e40 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a40006450 | prfplus: release old_t[N]-key@0x564e2d1c1a10 | prf+N PRF sha init key-key@0x7f2a58006900 (size 20) | prf+N: key-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6182e518 | result: clone-key@0x564e2d1c1a10 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a40002e80 from key-key@0x564e2d1c1a10 | prf+N prf: begin sha with context 0x7f2a40002e80 from key-key@0x564e2d1c1a10 | prf+N: release clone-key@0x564e2d1c1a10 | prf+N PRF sha crypt-prf@0x7f2a40002010 | prf+N PRF sha update old_t-key@0x564e2d1bff30 (size 20) | prf+N: old_t-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564e2d1bff30 | nss hmac digest hack: symkey-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1635967328: ffffff8e ffffffb8 ffffffb1 fffffffa 64 ffffffe8 ffffffb7 4e 37 52 58 1c ffffff93 1d 4b 63 ffffffb7 75 ffffffeb 70 ffffff92 ffffff9e ffffff93 ffffffd0 13 18 ffffffa3 ffffffeb 35 ffffffb7 ffffff9d fffffff5 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a4000bca0 | unwrapped: 96 8d bb cd e8 fa d5 4f e1 a7 7b 04 84 f4 3e 3a | unwrapped: 5d ee 70 90 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f2a500069f0 (size 80) | prf+N: seed-key@0x7f2a500069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7f2a500069f0 | nss hmac digest hack: symkey-key@0x7f2a500069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1635967328: ffffffb7 fffffffc fffffffd ffffffaf ffffffda ffffff87 68 04 ffffffef 73 7f ffffffbd 3f ffffffac 0f ffffffa7 20 1e ffffffbf ffffffcc 40 fffffff5 6a ffffff83 ffffffec ffffff94 ffffffab fffffff4 17 fffffff5 37 ffffffdf ffffff9f ffffff99 ffffffda 12 07 2f 1b 26 ffffffab 31 0f ffffffab ffffffd3 38 ffffffd2 ffffffe6 55 ffffffdd 70 ffffffa4 05 78 ffffffe3 2e 6f ffffff9c ffffff88 14 ffffff90 0e 12 16 ffffffa9 62 0f 65 34 6f 66 5b 01 ffffff99 30 ffffff99 ffffffa1 1c 06 ffffffa7 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a400066d0 | unwrapped: d3 6a e3 b0 e8 f6 eb f5 1e fd 29 be 22 19 43 db | unwrapped: e2 8e ca 2e 80 9a af 02 20 9f 4b 5a 32 cf 64 d2 | unwrapped: e5 0d 92 73 03 1e d2 74 65 0b a1 30 1e fd e5 f0 | unwrapped: c9 00 37 76 61 91 30 c0 cd fe 7d 5d 8f 99 ed d4 | unwrapped: c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6182e520 | result: final-key@0x7f2a40006450 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a40006450 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6182e508 | result: final-key@0x564e2d1c1a10 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a40006450 | prf+N PRF sha final-key@0x564e2d1c1a10 (size 20) | prf+N: key-key@0x564e2d1c1a10 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a40009e40 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a6182e598 | result: result-key@0x7f2a40006450 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a40009e40 | prfplus: release old_t[N]-key@0x564e2d1bff30 | prf+N PRF sha init key-key@0x7f2a58006900 (size 20) | prf+N: key-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6182e518 | result: clone-key@0x564e2d1bff30 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a40002e80 from key-key@0x564e2d1bff30 | prf+N prf: begin sha with context 0x7f2a40002e80 from key-key@0x564e2d1bff30 | prf+N: release clone-key@0x564e2d1bff30 | prf+N PRF sha crypt-prf@0x7f2a40001270 | prf+N PRF sha update old_t-key@0x564e2d1c1a10 (size 20) | prf+N: old_t-key@0x564e2d1c1a10 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564e2d1c1a10 | nss hmac digest hack: symkey-key@0x564e2d1c1a10 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1635967328: fffffff9 4d ffffffb1 7a ffffffe3 ffffff98 21 ffffffe6 ffffffcd ffffff96 ffffffc0 fffffffb 38 1a ffffffa2 ffffffe2 ffffffed ffffffc0 7a 5e 6f 6d ffffffe3 ffffffaa 62 ffffffed ffffff82 ffffffc6 2b 28 27 ffffffdd | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a4000bc70 | unwrapped: c0 00 04 3f 2a 93 30 d2 3e 60 eb 35 ac be ba ce | unwrapped: 42 15 56 0f 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f2a500069f0 (size 80) | prf+N: seed-key@0x7f2a500069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7f2a500069f0 | nss hmac digest hack: symkey-key@0x7f2a500069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1635967328: ffffffb7 fffffffc fffffffd ffffffaf ffffffda ffffff87 68 04 ffffffef 73 7f ffffffbd 3f ffffffac 0f ffffffa7 20 1e ffffffbf ffffffcc 40 fffffff5 6a ffffff83 ffffffec ffffff94 ffffffab fffffff4 17 fffffff5 37 ffffffdf ffffff9f ffffff99 ffffffda 12 07 2f 1b 26 ffffffab 31 0f ffffffab ffffffd3 38 ffffffd2 ffffffe6 55 ffffffdd 70 ffffffa4 05 78 ffffffe3 2e 6f ffffff9c ffffff88 14 ffffff90 0e 12 16 ffffffa9 62 0f 65 34 6f 66 5b 01 ffffff99 30 ffffff99 ffffffa1 1c 06 ffffffa7 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a4000bcd0 | unwrapped: d3 6a e3 b0 e8 f6 eb f5 1e fd 29 be 22 19 43 db | unwrapped: e2 8e ca 2e 80 9a af 02 20 9f 4b 5a 32 cf 64 d2 | unwrapped: e5 0d 92 73 03 1e d2 74 65 0b a1 30 1e fd e5 f0 | unwrapped: c9 00 37 76 61 91 30 c0 cd fe 7d 5d 8f 99 ed d4 | unwrapped: c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6182e520 | result: final-key@0x7f2a40009e40 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a40009e40 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6182e508 | result: final-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a40009e40 | prf+N PRF sha final-key@0x564e2d1bff30 (size 20) | prf+N: key-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a40006450 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a6182e598 | result: result-key@0x7f2a40009e40 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a40006450 | prfplus: release old_t[N]-key@0x564e2d1c1a10 | prf+N PRF sha init key-key@0x7f2a58006900 (size 20) | prf+N: key-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6182e518 | result: clone-key@0x564e2d1c1a10 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a4000b7c0 from key-key@0x564e2d1c1a10 | prf+N prf: begin sha with context 0x7f2a4000b7c0 from key-key@0x564e2d1c1a10 | prf+N: release clone-key@0x564e2d1c1a10 | prf+N PRF sha crypt-prf@0x7f2a40002010 | prf+N PRF sha update old_t-key@0x564e2d1bff30 (size 20) | prf+N: old_t-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564e2d1bff30 | nss hmac digest hack: symkey-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1635967328: fffffff6 72 ffffffdd 29 ffffffdd 7f 52 ffffffc1 4b 3e 11 ffffffad fffffffc 5e 39 ffffffb3 ffffffd4 7b ffffffee 27 1c fffffffc 1c 65 ffffff85 ffffffc1 57 fffffffd 6e ffffffbe 2a 61 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a4000bc20 | unwrapped: 92 22 10 2a 52 ba 3d 21 05 45 80 f0 67 05 99 9c | unwrapped: a5 1b 6f 44 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f2a500069f0 (size 80) | prf+N: seed-key@0x7f2a500069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7f2a500069f0 | nss hmac digest hack: symkey-key@0x7f2a500069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1635967328: ffffffb7 fffffffc fffffffd ffffffaf ffffffda ffffff87 68 04 ffffffef 73 7f ffffffbd 3f ffffffac 0f ffffffa7 20 1e ffffffbf ffffffcc 40 fffffff5 6a ffffff83 ffffffec ffffff94 ffffffab fffffff4 17 fffffff5 37 ffffffdf ffffff9f ffffff99 ffffffda 12 07 2f 1b 26 ffffffab 31 0f ffffffab ffffffd3 38 ffffffd2 ffffffe6 55 ffffffdd 70 ffffffa4 05 78 ffffffe3 2e 6f ffffff9c ffffff88 14 ffffff90 0e 12 16 ffffffa9 62 0f 65 34 6f 66 5b 01 ffffff99 30 ffffff99 ffffffa1 1c 06 ffffffa7 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a40007e30 | unwrapped: d3 6a e3 b0 e8 f6 eb f5 1e fd 29 be 22 19 43 db | unwrapped: e2 8e ca 2e 80 9a af 02 20 9f 4b 5a 32 cf 64 d2 | unwrapped: e5 0d 92 73 03 1e d2 74 65 0b a1 30 1e fd e5 f0 | unwrapped: c9 00 37 76 61 91 30 c0 cd fe 7d 5d 8f 99 ed d4 | unwrapped: c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6182e520 | result: final-key@0x7f2a40006450 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a40006450 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6182e508 | result: final-key@0x564e2d1c1a10 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a40006450 | prf+N PRF sha final-key@0x564e2d1c1a10 (size 20) | prf+N: key-key@0x564e2d1c1a10 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a40009e40 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a6182e598 | result: result-key@0x7f2a40006450 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a40009e40 | prfplus: release old_t[N]-key@0x564e2d1bff30 | prf+N PRF sha init key-key@0x7f2a58006900 (size 20) | prf+N: key-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6182e518 | result: clone-key@0x564e2d1bff30 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a40002e80 from key-key@0x564e2d1bff30 | prf+N prf: begin sha with context 0x7f2a40002e80 from key-key@0x564e2d1bff30 | prf+N: release clone-key@0x564e2d1bff30 | prf+N PRF sha crypt-prf@0x7f2a40001270 | prf+N PRF sha update old_t-key@0x564e2d1c1a10 (size 20) | prf+N: old_t-key@0x564e2d1c1a10 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564e2d1c1a10 | nss hmac digest hack: symkey-key@0x564e2d1c1a10 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1635967328: ffffffba 17 1d ffffff8c 67 ffffff82 ffffffee ffffffa2 1f 1c 6b ffffffb4 08 fffffff3 ffffffdd ffffff9a ffffffd0 fffffff5 ffffff84 19 46 0e 25 4b 44 08 ffffffc4 65 ffffff8f ffffffc2 47 ffffff8a | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a4000be60 | unwrapped: 38 11 8a ee 05 3b 46 5a 25 6e 01 25 0f c2 00 51 | unwrapped: 18 0a 32 d3 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f2a500069f0 (size 80) | prf+N: seed-key@0x7f2a500069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7f2a500069f0 | nss hmac digest hack: symkey-key@0x7f2a500069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1635967328: ffffffb7 fffffffc fffffffd ffffffaf ffffffda ffffff87 68 04 ffffffef 73 7f ffffffbd 3f ffffffac 0f ffffffa7 20 1e ffffffbf ffffffcc 40 fffffff5 6a ffffff83 ffffffec ffffff94 ffffffab fffffff4 17 fffffff5 37 ffffffdf ffffff9f ffffff99 ffffffda 12 07 2f 1b 26 ffffffab 31 0f ffffffab ffffffd3 38 ffffffd2 ffffffe6 55 ffffffdd 70 ffffffa4 05 78 ffffffe3 2e 6f ffffff9c ffffff88 14 ffffff90 0e 12 16 ffffffa9 62 0f 65 34 6f 66 5b 01 ffffff99 30 ffffff99 ffffffa1 1c 06 ffffffa7 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a4000bcd0 | unwrapped: d3 6a e3 b0 e8 f6 eb f5 1e fd 29 be 22 19 43 db | unwrapped: e2 8e ca 2e 80 9a af 02 20 9f 4b 5a 32 cf 64 d2 | unwrapped: e5 0d 92 73 03 1e d2 74 65 0b a1 30 1e fd e5 f0 | unwrapped: c9 00 37 76 61 91 30 c0 cd fe 7d 5d 8f 99 ed d4 | unwrapped: c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6182e520 | result: final-key@0x7f2a40009e40 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a40009e40 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6182e508 | result: final-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a40009e40 | prf+N PRF sha final-key@0x564e2d1bff30 (size 20) | prf+N: key-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a40006450 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a6182e598 | result: result-key@0x7f2a40009e40 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a40006450 | prfplus: release old_t[N]-key@0x564e2d1c1a10 | prfplus: release old_t[final]-key@0x564e2d1bff30 | ike_sa_keymat: release data-key@0x7f2a500069f0 | calc_skeyseed_v2: release skeyseed_k-key@0x7f2a58006900 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a40009e40 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6182e738 | result: result-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a40009e40 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6182e738 | result: result-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a40009e40 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6182e738 | result: result-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f2a40009e40 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6182e748 | result: SK_ei_k-key@0x564e2d1c1a10 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f2a40009e40 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6182e748 | result: SK_er_k-key@0x7f2a40006450 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a40009e40 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6182e748 | result: result-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x7f2a4000bdb0 | chunk_SK_pi: symkey-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1717986918: ffffffc5 57 30 23 35 4b ffffffa2 1d ffffffec 11 15 ffffffe6 7a 24 ffffffd2 ffffff8c ffffff98 21 32 03 ffffffb8 ffffff89 fffffff5 fffffffc ffffffb2 ffffff94 07 ffffffdd ffffffd5 ffffffd3 79 ffffffd6 | chunk_SK_pi: release slot-key-key@0x564e2d1a1c00 | chunk_SK_pi extracted len 32 bytes at 0x7f2a40002d20 | unwrapped: 67 05 99 9c a5 1b 6f 44 38 11 8a ee 05 3b 46 5a | unwrapped: 25 6e 01 25 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a40009e40 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6182e748 | result: result-key@0x7f2a4000eee0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x7f2a4000eee0 | chunk_SK_pr: symkey-key@0x7f2a4000eee0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1717986918: 76 74 62 ffffffbc 56 59 ffffffbf ffffffd1 33 ffffff99 ffffffb3 ffffffb0 56 ffffff84 70 ffffffe4 48 ffffff9a ffffffcf ffffffa1 65 ffffff93 ffffff90 1a 11 44 ffffffce 45 33 6b ffffffa6 65 | chunk_SK_pr: release slot-key-key@0x564e2d1a1c00 | chunk_SK_pr extracted len 32 bytes at 0x7f2a40002d50 | unwrapped: 0f c2 00 51 18 0a 32 d3 64 18 7c 7c ec 8f de e4 | unwrapped: 8a 56 ff 66 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x7f2a40009e40 | calc_skeyseed_v2 pointers: shared-key@0x564e2d1a8430, SK_d-key@0x7f2a58006900, SK_ai-key@0x7f2a500069f0, SK_ar-key@0x564e2d1bff30, SK_ei-key@0x564e2d1c1a10, SK_er-key@0x7f2a40006450, SK_pi-key@0x7f2a4000bdb0, SK_pr-key@0x7f2a4000eee0 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | 67 05 99 9c a5 1b 6f 44 38 11 8a ee 05 3b 46 5a | 25 6e 01 25 | calc_skeyseed_v2 SK_pr | 0f c2 00 51 18 0a 32 d3 64 18 7c 7c ec 8f de e4 | 8a 56 ff 66 | crypto helper 0 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 6 time elapsed 0.012024 seconds | (#7) spent 3.14 milliseconds in crypto helper computing work-order 6: ikev2_inI2outR2 KE (pcr) | crypto helper 0 sending results from work-order 6 for state #7 to event queue | scheduling resume sending helper answer for #7 | libevent_malloc: new ptr-libevent@0x7f2a40010760 size 128 | crypto helper 0 waiting (nothing to do) | processing resume sending helper answer for #7 | start processing: state #7 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 6 | calling continuation function 0x564e2b454630 | ikev2_parent_inI2outR2_continue for #7: calculating g^{xy}, sending R2 | DH secret MODP2048@0x7f2a4c000d60: transferring ownership from helper IKEv2 DH to state #7 | finish_dh_v2: release st_shared_nss-key@NULL | #7 in state PARENT_R1: received v2I1, sent v2R1 | hmac PRF sha init symkey-key@0x7f2a500069f0 (size 20) | hmac: symkey-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d766178 | result: clone-key@0x7f2a40009e40 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x7f2a40009e40 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x7f2a40009e40 | hmac: release clone-key@0x7f2a40009e40 | hmac PRF sha crypt-prf@0x564e2d1bd370 | hmac PRF sha update data-bytes@0x564e2d1b9eb0 (length 208) | c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | ec 25 e8 3f 4a e2 4f b4 a3 69 18 d3 fe 7b e8 99 | 67 53 80 2e 57 be b7 24 3e 1b 05 5f a8 3f e8 c3 | ae 8d 71 e2 3b 50 f1 db d4 d0 fa dd 57 87 e8 a0 | cd e2 53 66 d8 e6 4b db eb 15 0f af 23 bb 48 e4 | c7 1d 38 20 22 41 bf ca bc c0 d0 68 c5 dd ae 38 | 58 bc 5b 75 82 58 18 53 ca 54 58 b1 a7 22 3a ef | 1a f0 2d c0 29 80 4e f7 31 09 b3 4c 8f 96 af ae | ae 8c 0c 1f 70 78 8f 64 65 40 a6 87 f6 e6 ab fa | 12 0f eb b0 d9 02 54 17 99 d2 70 46 3b dc a1 cd | 43 fd 27 34 a9 fc 7b bd ab af 22 d2 89 d4 b6 dc | 71 a3 51 6d 51 ee 21 76 87 26 45 10 5b 20 72 8c | hmac PRF sha final-bytes@0x7fff8d766340 (length 20) | 15 9e 6d 13 82 c8 fa 2a 45 b1 0e fc 33 5c 40 ee | 59 7f 96 51 | data for hmac: c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | data for hmac: 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | data for hmac: ec 25 e8 3f 4a e2 4f b4 a3 69 18 d3 fe 7b e8 99 | data for hmac: 67 53 80 2e 57 be b7 24 3e 1b 05 5f a8 3f e8 c3 | data for hmac: ae 8d 71 e2 3b 50 f1 db d4 d0 fa dd 57 87 e8 a0 | data for hmac: cd e2 53 66 d8 e6 4b db eb 15 0f af 23 bb 48 e4 | data for hmac: c7 1d 38 20 22 41 bf ca bc c0 d0 68 c5 dd ae 38 | data for hmac: 58 bc 5b 75 82 58 18 53 ca 54 58 b1 a7 22 3a ef | data for hmac: 1a f0 2d c0 29 80 4e f7 31 09 b3 4c 8f 96 af ae | data for hmac: ae 8c 0c 1f 70 78 8f 64 65 40 a6 87 f6 e6 ab fa | data for hmac: 12 0f eb b0 d9 02 54 17 99 d2 70 46 3b dc a1 cd | data for hmac: 43 fd 27 34 a9 fc 7b bd ab af 22 d2 89 d4 b6 dc | data for hmac: 71 a3 51 6d 51 ee 21 76 87 26 45 10 5b 20 72 8c | calculated auth: 15 9e 6d 13 82 c8 fa 2a 45 b1 0e fc | provided auth: 15 9e 6d 13 82 c8 fa 2a 45 b1 0e fc | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | ec 25 e8 3f 4a e2 4f b4 a3 69 18 d3 fe 7b e8 99 | payload before decryption: | 67 53 80 2e 57 be b7 24 3e 1b 05 5f a8 3f e8 c3 | ae 8d 71 e2 3b 50 f1 db d4 d0 fa dd 57 87 e8 a0 | cd e2 53 66 d8 e6 4b db eb 15 0f af 23 bb 48 e4 | c7 1d 38 20 22 41 bf ca bc c0 d0 68 c5 dd ae 38 | 58 bc 5b 75 82 58 18 53 ca 54 58 b1 a7 22 3a ef | 1a f0 2d c0 29 80 4e f7 31 09 b3 4c 8f 96 af ae | ae 8c 0c 1f 70 78 8f 64 65 40 a6 87 f6 e6 ab fa | 12 0f eb b0 d9 02 54 17 99 d2 70 46 3b dc a1 cd | 43 fd 27 34 a9 fc 7b bd ab af 22 d2 89 d4 b6 dc | 71 a3 51 6d 51 ee 21 76 87 26 45 10 5b 20 72 8c | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | 79 c1 06 68 f5 5e d5 a5 8f 57 81 e8 74 76 19 ca | 2f 53 d3 e8 2c 00 00 2c 00 00 00 28 01 03 04 03 | 83 92 16 7c 03 00 00 0c 01 00 00 0c 80 0e 00 80 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | stripping 16 octets as pad | #7 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) | **parse IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDi (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Responder: process IKE_AUTH request | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request "east" #7: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} | #7 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | received IDr payload - extracting our alleged ID | refine_host_connection for IKEv2: starting with "east" | match_id a=@west | b=@west | results matched | refine_host_connection: checking "east" against "east", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) | Warning: not switching back to template of current instance | Peer expects us to be @east (ID_FQDN) according to its IDr payload | This connection's local id is @east (ID_FQDN) | refine_host_connection: checked east against east, now for see if best | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x564e2d1ae180 (line=1) | concluding with best_match=014 best=0x564e2d1ae180 (lineno=1) | returning because exact peer id match | offered CA: '%none' "east" #7: IKEv2 mode peer ID is ID_FQDN: '@west' | hmac PRF sha init symkey-key@0x7f2a4000bdb0 (size 20) | hmac: symkey-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765be8 | result: clone-key@0x7f2a40009e40 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x7f2a40009e40 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x7f2a40009e40 | hmac: release clone-key@0x7f2a40009e40 | hmac PRF sha crypt-prf@0x564e2d1be610 | idhash verify I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x564e2d1b9ee4 (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7fff8d765da0 (length 20) | 2e 5c 34 4b 50 52 f7 fc 37 9d 01 9b e0 07 fd d7 | 28 c1 9d 56 | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x564e2d1ae180 (line=1) | concluding with best_match=014 best=0x564e2d1ae180 (lineno=1) | inputs to hash1 (first packet) | c4 6c 37 92 fa 84 6c d3 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 bc 22 00 00 34 | 00 00 00 30 01 01 00 04 03 00 00 10 01 00 00 0c | 80 0e 00 80 80 0e 00 80 03 00 00 08 02 00 00 02 | 03 00 00 08 03 00 00 02 00 00 00 08 04 00 00 0e | 28 00 01 08 00 0e 00 00 a6 8a 15 c2 38 40 e8 c7 | 83 ed 53 1b 4e 0a d1 7c 7b 6b 8d fe 81 2d 18 bc | d6 09 ad 8f 84 51 42 40 45 96 2c 26 58 ed ae 32 | fc 9c 11 9e 33 6a 28 51 62 2e 45 e7 18 f1 3e 4a | 5d 50 05 c5 3a 49 c2 e4 94 62 19 e3 63 02 3b 97 | c4 05 6f 9e 18 07 86 21 00 ae 3b 97 ae 18 c3 71 | 75 bf 9a b2 b6 58 62 90 53 34 40 c1 b5 6a b3 3b | 10 f0 f7 23 3f f9 5f eb e7 b7 64 46 5d 0f 0e ca | fc c2 79 cf be a5 ad ef b4 08 81 79 99 c9 df 6d | f8 c0 e0 5e ea 12 74 8a 18 e1 d5 e1 8e 7a bc ee | 7b 29 08 8d 00 c7 bf bb 74 64 ba a2 41 23 46 4c | c2 27 89 48 87 31 84 f8 b2 ff 20 46 c9 89 59 e0 | 91 1b 1e a5 f9 de 77 b5 70 cf a4 10 bd af b8 2f | 6c d8 91 ab 1a fc 27 d4 89 94 38 33 40 50 a2 97 | 51 3e 05 fc bf a9 e6 a4 ff b3 65 8d 2d 73 6a 32 | c2 7b 0f 30 11 1d df 02 27 e6 05 55 78 01 74 e2 | 65 b1 da b1 7e 8c 89 a8 29 00 00 24 d3 6a e3 b0 | e8 f6 eb f5 1e fd 29 be 22 19 43 db e2 8e ca 2e | 80 9a af 02 20 9f 4b 5a 32 cf 64 d2 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 5b ef d7 2f | 04 2c 87 06 bf e5 e4 a8 c7 03 d8 b1 51 ba 83 33 | 00 00 00 1c 00 00 40 05 11 f6 88 df 67 58 af 8c | d8 2e b6 07 25 f1 16 6c 4a 01 f9 c3 | verify: initiator inputs to hash2 (responder nonce) | e5 0d 92 73 03 1e d2 74 65 0b a1 30 1e fd e5 f0 | c9 00 37 76 61 91 30 c0 cd fe 7d 5d 8f 99 ed d4 | idhash 2e 5c 34 4b 50 52 f7 fc 37 9d 01 9b e0 07 fd d7 | idhash 28 c1 9d 56 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x564e2d1b8960 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d7659f0 | result: shared secret-key@0x7f2a4c006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7f2a4c006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7659d8 | result: shared secret-key@0x7f2a40009e40 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7f2a4c006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x564e2d1a1160 from shared secret-key@0x7f2a40009e40 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x564e2d1a1160 from shared secret-key@0x7f2a40009e40 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f2a40009e40 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x564e2d1bd370 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x564e2b4e7bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765a10 | result: final-key@0x7f2a4c006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a4c006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7659f8 | result: final-key@0x7f2a40009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a4c006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f2a40009e40 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f2a40009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f2a40009e40 (size 20) | = prf(, ): -key@0x7f2a40009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a40009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765a08 | result: clone-key@0x7f2a4c006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x564e2d1a1160 from -key@0x7f2a4c006900 | = prf(, ) prf: begin sha with context 0x564e2d1a1160 from -key@0x7f2a4c006900 | = prf(, ): release clone-key@0x7f2a4c006900 | = prf(, ) PRF sha crypt-prf@0x564e2d1bb840 | = prf(, ) PRF sha update first-packet-bytes@0x564e2d1be940 (length 444) | c4 6c 37 92 fa 84 6c d3 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 bc 22 00 00 34 | 00 00 00 30 01 01 00 04 03 00 00 10 01 00 00 0c | 80 0e 00 80 80 0e 00 80 03 00 00 08 02 00 00 02 | 03 00 00 08 03 00 00 02 00 00 00 08 04 00 00 0e | 28 00 01 08 00 0e 00 00 a6 8a 15 c2 38 40 e8 c7 | 83 ed 53 1b 4e 0a d1 7c 7b 6b 8d fe 81 2d 18 bc | d6 09 ad 8f 84 51 42 40 45 96 2c 26 58 ed ae 32 | fc 9c 11 9e 33 6a 28 51 62 2e 45 e7 18 f1 3e 4a | 5d 50 05 c5 3a 49 c2 e4 94 62 19 e3 63 02 3b 97 | c4 05 6f 9e 18 07 86 21 00 ae 3b 97 ae 18 c3 71 | 75 bf 9a b2 b6 58 62 90 53 34 40 c1 b5 6a b3 3b | 10 f0 f7 23 3f f9 5f eb e7 b7 64 46 5d 0f 0e ca | fc c2 79 cf be a5 ad ef b4 08 81 79 99 c9 df 6d | f8 c0 e0 5e ea 12 74 8a 18 e1 d5 e1 8e 7a bc ee | 7b 29 08 8d 00 c7 bf bb 74 64 ba a2 41 23 46 4c | c2 27 89 48 87 31 84 f8 b2 ff 20 46 c9 89 59 e0 | 91 1b 1e a5 f9 de 77 b5 70 cf a4 10 bd af b8 2f | 6c d8 91 ab 1a fc 27 d4 89 94 38 33 40 50 a2 97 | 51 3e 05 fc bf a9 e6 a4 ff b3 65 8d 2d 73 6a 32 | c2 7b 0f 30 11 1d df 02 27 e6 05 55 78 01 74 e2 | 65 b1 da b1 7e 8c 89 a8 29 00 00 24 d3 6a e3 b0 | e8 f6 eb f5 1e fd 29 be 22 19 43 db e2 8e ca 2e | 80 9a af 02 20 9f 4b 5a 32 cf 64 d2 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 5b ef d7 2f | 04 2c 87 06 bf e5 e4 a8 c7 03 d8 b1 51 ba 83 33 | 00 00 00 1c 00 00 40 05 11 f6 88 df 67 58 af 8c | d8 2e b6 07 25 f1 16 6c 4a 01 f9 c3 | = prf(, ) PRF sha update nonce-bytes@0x7f2a4c002af0 (length 32) | e5 0d 92 73 03 1e d2 74 65 0b a1 30 1e fd e5 f0 | c9 00 37 76 61 91 30 c0 cd fe 7d 5d 8f 99 ed d4 | = prf(, ) PRF sha update hash-bytes@0x7fff8d765da0 (length 20) | 2e 5c 34 4b 50 52 f7 fc 37 9d 01 9b e0 07 fd d7 | 28 c1 9d 56 | = prf(, ) PRF sha final-chunk@0x564e2d1be610 (length 20) | 79 c1 06 68 f5 5e d5 a5 8f 57 81 e8 74 76 19 ca | 2f 53 d3 e8 | psk_auth: release prf-psk-key@0x7f2a40009e40 | Received PSK auth octets | 79 c1 06 68 f5 5e d5 a5 8f 57 81 e8 74 76 19 ca | 2f 53 d3 e8 | Calculated PSK auth octets | 79 c1 06 68 f5 5e d5 a5 8f 57 81 e8 74 76 19 ca | 2f 53 d3 e8 "east" #7: Authenticated using authby=secret | parent state #7: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) | #7 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) | state #7 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f2a480060f0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564e2d1c33e0 | event_schedule: new EVENT_SA_REKEY-pe@0x564e2d1c33e0 | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #7 | libevent_malloc: new ptr-libevent@0x7f2a480060f0 size 128 | pstats #7 ikev2.ike established | **emit ISAKMP Message: | initiator cookie: | c4 6c 37 92 fa 84 6c d3 | responder cookie: | 0e 4d 17 a5 79 8d d7 c5 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | hmac PRF sha init symkey-key@0x7f2a4000eee0 (size 20) | hmac: symkey-key@0x7f2a4000eee0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4000eee0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765558 | result: clone-key@0x7f2a40009e40 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x7f2a40009e40 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x7f2a40009e40 | hmac: release clone-key@0x7f2a40009e40 | hmac PRF sha crypt-prf@0x564e2d1bb860 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload | my identity 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | idhash calc R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x564e2b553974 (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7fff8d765860 (length 20) | e6 01 f5 b9 d0 45 13 34 c7 00 72 a8 a9 20 f0 31 | fa 74 06 36 | assembled IDr payload | CHILD SA proposals received | going to assemble AUTH payload | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x564e2d1ae180 (line=1) | concluding with best_match=014 best=0x564e2d1ae180 (lineno=1) | inputs to hash1 (first packet) | c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 ec 25 38 75 f8 d2 7f da 3f 5b 17 e4 | 04 91 89 ac 42 9f 2c 19 6f e5 bd 0a 68 ee 5b 17 | 95 6a a2 70 69 87 af cd e0 44 e0 77 20 14 8f f2 | c7 6d e7 2b 9f b9 3f 82 40 c0 32 2d bd 7e 19 55 | a0 77 c7 ab 4f 8a 2b 4c b1 c7 5f e4 0a 15 f3 75 | b4 8e 64 50 00 f8 12 e2 9b 03 58 12 9d f2 93 53 | be d5 01 97 e3 0e 48 9d 04 78 3b 83 2b b5 b2 9c | 4d d4 93 19 71 79 78 f5 cf 17 1e ed ea 2f d2 fb | 87 7c 32 4f b4 2a 3d bd 7b 64 c5 ab 92 da 26 d5 | f0 59 f2 59 ad 93 b1 1e e6 ee 65 59 25 c3 c5 b1 | 09 36 2b f6 87 ea 3c dd aa 99 d9 3e 73 69 57 6f | e7 b1 be 5e 0e 8c 2e 40 b6 8b 90 fd ab 0b 37 33 | 42 5f 8c 6a fb a7 7e ee 24 ec 5b a8 23 73 f2 46 | 75 30 86 3f f1 01 78 dd d4 85 5d c5 0e 2f 5c fd | 86 9f 4a 6a db 69 0b 8c e3 1a 55 e1 69 8c 04 b6 | ed ed 55 c8 12 5d 01 80 01 df ac dd 0c c9 c9 27 | 8a 33 f5 e8 29 00 00 24 e5 0d 92 73 03 1e d2 74 | 65 0b a1 30 1e fd e5 f0 c9 00 37 76 61 91 30 c0 | cd fe 7d 5d 8f 99 ed d4 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 7d 64 93 f6 90 71 5b 5f | cc ca f4 aa b5 b2 60 45 f3 92 f5 10 00 00 00 1c | 00 00 40 05 70 c7 36 b0 3d b1 89 aa e3 da 3b b2 | dd 2b 17 ef e3 9a f4 ca | create: responder inputs to hash2 (initiator nonce) | d3 6a e3 b0 e8 f6 eb f5 1e fd 29 be 22 19 43 db | e2 8e ca 2e 80 9a af 02 20 9f 4b 5a 32 cf 64 d2 | idhash e6 01 f5 b9 d0 45 13 34 c7 00 72 a8 a9 20 f0 31 | idhash fa 74 06 36 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x564e2d1b8960 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765350 | result: shared secret-key@0x7f2a4c006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7f2a4c006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765338 | result: shared secret-key@0x7f2a40009e40 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7f2a4c006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x564e2d1a1160 from shared secret-key@0x7f2a40009e40 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x564e2d1a1160 from shared secret-key@0x7f2a40009e40 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f2a40009e40 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x564e2d1be610 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x564e2b4e7bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765370 | result: final-key@0x7f2a4c006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a4c006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765358 | result: final-key@0x7f2a40009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a4c006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f2a40009e40 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f2a40009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f2a40009e40 (size 20) | = prf(, ): -key@0x7f2a40009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a40009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765368 | result: clone-key@0x7f2a4c006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x564e2d1a1160 from -key@0x7f2a4c006900 | = prf(, ) prf: begin sha with context 0x564e2d1a1160 from -key@0x7f2a4c006900 | = prf(, ): release clone-key@0x7f2a4c006900 | = prf(, ) PRF sha crypt-prf@0x564e2d1bd370 | = prf(, ) PRF sha update first-packet-bytes@0x564e2d1beb10 (length 440) | c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 ec 25 38 75 f8 d2 7f da 3f 5b 17 e4 | 04 91 89 ac 42 9f 2c 19 6f e5 bd 0a 68 ee 5b 17 | 95 6a a2 70 69 87 af cd e0 44 e0 77 20 14 8f f2 | c7 6d e7 2b 9f b9 3f 82 40 c0 32 2d bd 7e 19 55 | a0 77 c7 ab 4f 8a 2b 4c b1 c7 5f e4 0a 15 f3 75 | b4 8e 64 50 00 f8 12 e2 9b 03 58 12 9d f2 93 53 | be d5 01 97 e3 0e 48 9d 04 78 3b 83 2b b5 b2 9c | 4d d4 93 19 71 79 78 f5 cf 17 1e ed ea 2f d2 fb | 87 7c 32 4f b4 2a 3d bd 7b 64 c5 ab 92 da 26 d5 | f0 59 f2 59 ad 93 b1 1e e6 ee 65 59 25 c3 c5 b1 | 09 36 2b f6 87 ea 3c dd aa 99 d9 3e 73 69 57 6f | e7 b1 be 5e 0e 8c 2e 40 b6 8b 90 fd ab 0b 37 33 | 42 5f 8c 6a fb a7 7e ee 24 ec 5b a8 23 73 f2 46 | 75 30 86 3f f1 01 78 dd d4 85 5d c5 0e 2f 5c fd | 86 9f 4a 6a db 69 0b 8c e3 1a 55 e1 69 8c 04 b6 | ed ed 55 c8 12 5d 01 80 01 df ac dd 0c c9 c9 27 | 8a 33 f5 e8 29 00 00 24 e5 0d 92 73 03 1e d2 74 | 65 0b a1 30 1e fd e5 f0 c9 00 37 76 61 91 30 c0 | cd fe 7d 5d 8f 99 ed d4 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 7d 64 93 f6 90 71 5b 5f | cc ca f4 aa b5 b2 60 45 f3 92 f5 10 00 00 00 1c | 00 00 40 05 70 c7 36 b0 3d b1 89 aa e3 da 3b b2 | dd 2b 17 ef e3 9a f4 ca | = prf(, ) PRF sha update nonce-bytes@0x7f2a48005f00 (length 32) | d3 6a e3 b0 e8 f6 eb f5 1e fd 29 be 22 19 43 db | e2 8e ca 2e 80 9a af 02 20 9f 4b 5a 32 cf 64 d2 | = prf(, ) PRF sha update hash-bytes@0x7fff8d765860 (length 20) | e6 01 f5 b9 d0 45 13 34 c7 00 72 a8 a9 20 f0 31 | fa 74 06 36 | = prf(, ) PRF sha final-chunk@0x564e2d1bb860 (length 20) | 23 74 e6 88 45 90 2b 16 28 62 f8 12 6f 92 54 e3 | dc 39 a3 2b | psk_auth: release prf-psk-key@0x7f2a40009e40 | PSK auth octets 23 74 e6 88 45 90 2b 16 28 62 f8 12 6f 92 54 e3 | PSK auth octets dc 39 a3 2b | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth 23 74 e6 88 45 90 2b 16 28 62 f8 12 6f 92 54 e3 | PSK auth dc 39 a3 2b | emitting length of IKEv2 Authentication Payload: 28 | creating state object #8 at 0x564e2d1c66d0 | State DB: adding IKEv2 state #8 in UNDEFINED | pstats #8 ikev2.child started | duplicating state object #7 "east" as #8 for IPSEC SA | #8 setting local endpoint to 192.1.2.23:500 from #7.st_localport (in duplicate_state() at state.c:1481) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x7f2a58006900 | duplicate_state: reference st_skey_ai_nss-key@0x7f2a500069f0 | duplicate_state: reference st_skey_ar_nss-key@0x564e2d1bff30 | duplicate_state: reference st_skey_ei_nss-key@0x564e2d1c1a10 | duplicate_state: reference st_skey_er_nss-key@0x7f2a40006450 | duplicate_state: reference st_skey_pi_nss-key@0x7f2a4000bdb0 | duplicate_state: reference st_skey_pr_nss-key@0x7f2a4000eee0 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #7.#8; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #7 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 | Message ID: switch-to #7.#8 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 | Child SA TS Request has ike->sa == md->st; so using parent connection | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | looking for best SPD in current connection | evaluating our conn="east" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found better spd route for TSi[0],TSr[0] | looking for better host pair | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | checking hostpair 192.0.2.0/24:0 -> 192.0.1.0/24:0 is found | investigating connection "east" as a better match | match_id a=@west | b=@west | results matched | evaluating our conn="east" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | did not find a better connection using host pair | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | using existing local ESP/AH proposals for east (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED 2:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 0 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 1 transforms | local proposal 2 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI 83 92 16 7c | Comparing remote proposal 1 containing 3 transforms against local proposal [1..2] of 2 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | *****parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 1 "east" #7: proposal 1:ESP:SPI=8392167c;ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=8392167c;ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | netlink_get_spi: allocated 0x433f6f0b for esp.0@192.1.2.23 | Emitting ikev2_proposal ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 43 3f 6f 0b | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 01 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 02 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | integ=sha: .key_size=20 encrypt=aes: .key_size=16 .salt_size=0 keymat_len=36 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d7653e0 | result: data=Ni-key@0x7f2a4c006900 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x7f2a4c006900 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7653c8 | result: data=Ni-key@0x7f2a40009e40 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x7f2a4c006900 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a40009e40 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff8d7653d0 | result: data+=Nr-key@0x7f2a4c006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f2a40009e40 | prf+0 PRF sha init key-key@0x7f2a58006900 (size 20) | prf+0: key-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652f8 | result: clone-key@0x7f2a40009e40 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x564e2d1a1160 from key-key@0x7f2a40009e40 | prf+0 prf: begin sha with context 0x564e2d1a1160 from key-key@0x7f2a40009e40 | prf+0: release clone-key@0x7f2a40009e40 | prf+0 PRF sha crypt-prf@0x564e2d1bb840 | prf+0 PRF sha update seed-key@0x7f2a4c006900 (size 64) | prf+0: seed-key@0x7f2a4c006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f2a4c006900 | nss hmac digest hack: symkey-key@0x7f2a4c006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1921626304: ffffffb7 fffffffc fffffffd ffffffaf ffffffda ffffff87 68 04 ffffffef 73 7f ffffffbd 3f ffffffac 0f ffffffa7 20 1e ffffffbf ffffffcc 40 fffffff5 6a ffffff83 ffffffec ffffff94 ffffffab fffffff4 17 fffffff5 37 ffffffdf ffffff9f ffffff99 ffffffda 12 07 2f 1b 26 ffffffab 31 0f ffffffab ffffffd3 38 ffffffd2 ffffffe6 55 ffffffdd 70 ffffffa4 05 78 ffffffe3 2e 6f ffffff9c ffffff88 14 ffffff90 0e 12 16 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 64 bytes at 0x564e2d1b93d0 | unwrapped: d3 6a e3 b0 e8 f6 eb f5 1e fd 29 be 22 19 43 db | unwrapped: e2 8e ca 2e 80 9a af 02 20 9f 4b 5a 32 cf 64 d2 | unwrapped: e5 0d 92 73 03 1e d2 74 65 0b a1 30 1e fd e5 f0 | unwrapped: c9 00 37 76 61 91 30 c0 cd fe 7d 5d 8f 99 ed d4 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765300 | result: final-key@0x564e2d1c3300 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d1c3300 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652e8 | result: final-key@0x7f2a40009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564e2d1c3300 | prf+0 PRF sha final-key@0x7f2a40009e40 (size 20) | prf+0: key-key@0x7f2a40009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x7f2a40009e40 | prf+N PRF sha init key-key@0x7f2a58006900 (size 20) | prf+N: key-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652f8 | result: clone-key@0x564e2d1c3300 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x564e2d1a1160 from key-key@0x564e2d1c3300 | prf+N prf: begin sha with context 0x564e2d1a1160 from key-key@0x564e2d1c3300 | prf+N: release clone-key@0x564e2d1c3300 | prf+N PRF sha crypt-prf@0x564e2d1be610 | prf+N PRF sha update old_t-key@0x7f2a40009e40 (size 20) | prf+N: old_t-key@0x7f2a40009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f2a40009e40 | nss hmac digest hack: symkey-key@0x7f2a40009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1921626304: ffffff99 ffffffca 46 0b 46 5c 5e ffffffc0 ffffffa1 fffffff6 38 3a ffffffd0 ffffff98 ffffffb4 42 ffffffea ffffff85 ffffffb7 ffffffb4 ffffff89 ffffffdf 58 5f ffffffa9 ffffff80 ffffff83 7d ffffffbc 39 7b 4e | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x564e2d1c0070 | unwrapped: f1 cb 77 b1 12 cc 55 f8 9e 25 41 3e b7 ab f9 d1 | unwrapped: 39 49 3e 5d 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f2a4c006900 (size 64) | prf+N: seed-key@0x7f2a4c006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f2a4c006900 | nss hmac digest hack: symkey-key@0x7f2a4c006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1921626304: ffffffb7 fffffffc fffffffd ffffffaf ffffffda ffffff87 68 04 ffffffef 73 7f ffffffbd 3f ffffffac 0f ffffffa7 20 1e ffffffbf ffffffcc 40 fffffff5 6a ffffff83 ffffffec ffffff94 ffffffab fffffff4 17 fffffff5 37 ffffffdf ffffff9f ffffff99 ffffffda 12 07 2f 1b 26 ffffffab 31 0f ffffffab ffffffd3 38 ffffffd2 ffffffe6 55 ffffffdd 70 ffffffa4 05 78 ffffffe3 2e 6f ffffff9c ffffff88 14 ffffff90 0e 12 16 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 64 bytes at 0x564e2d1c18f0 | unwrapped: d3 6a e3 b0 e8 f6 eb f5 1e fd 29 be 22 19 43 db | unwrapped: e2 8e ca 2e 80 9a af 02 20 9f 4b 5a 32 cf 64 d2 | unwrapped: e5 0d 92 73 03 1e d2 74 65 0b a1 30 1e fd e5 f0 | unwrapped: c9 00 37 76 61 91 30 c0 cd fe 7d 5d 8f 99 ed d4 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765300 | result: final-key@0x7f2a5000eec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a5000eec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652e8 | result: final-key@0x564e2d1c3300 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a5000eec0 | prf+N PRF sha final-key@0x564e2d1c3300 (size 20) | prf+N: key-key@0x564e2d1c3300 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a40009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff8d765378 | result: result-key@0x7f2a5000eec0 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a40009e40 | prfplus: release old_t[N]-key@0x7f2a40009e40 | prf+N PRF sha init key-key@0x7f2a58006900 (size 20) | prf+N: key-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652f8 | result: clone-key@0x7f2a40009e40 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x564e2d1a1160 from key-key@0x7f2a40009e40 | prf+N prf: begin sha with context 0x564e2d1a1160 from key-key@0x7f2a40009e40 | prf+N: release clone-key@0x7f2a40009e40 | prf+N PRF sha crypt-prf@0x564e2d1be510 | prf+N PRF sha update old_t-key@0x564e2d1c3300 (size 20) | prf+N: old_t-key@0x564e2d1c3300 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564e2d1c3300 | nss hmac digest hack: symkey-key@0x564e2d1c3300 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1921626304: 79 ffffffbf 00 14 ffffffe5 ffffff98 51 ffffffd5 ffffff9a ffffff97 ffffff9a fffffffb ffffff8b ffffffba fffffff4 59 ffffffd0 ffffffcc fffffff3 4e fffffffa 0c 36 24 65 6b ffffff97 68 6d ffffffb1 ffffffc8 75 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x564e2d1bb7d0 | unwrapped: 42 9f 3b a6 f8 fd 12 a9 fc 35 97 0e b7 e8 6e 02 | unwrapped: 41 be 10 8a 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f2a4c006900 (size 64) | prf+N: seed-key@0x7f2a4c006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f2a4c006900 | nss hmac digest hack: symkey-key@0x7f2a4c006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1921626304: ffffffb7 fffffffc fffffffd ffffffaf ffffffda ffffff87 68 04 ffffffef 73 7f ffffffbd 3f ffffffac 0f ffffffa7 20 1e ffffffbf ffffffcc 40 fffffff5 6a ffffff83 ffffffec ffffff94 ffffffab fffffff4 17 fffffff5 37 ffffffdf ffffff9f ffffff99 ffffffda 12 07 2f 1b 26 ffffffab 31 0f ffffffab ffffffd3 38 ffffffd2 ffffffe6 55 ffffffdd 70 ffffffa4 05 78 ffffffe3 2e 6f ffffff9c ffffff88 14 ffffff90 0e 12 16 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 64 bytes at 0x564e2d1c4e20 | unwrapped: d3 6a e3 b0 e8 f6 eb f5 1e fd 29 be 22 19 43 db | unwrapped: e2 8e ca 2e 80 9a af 02 20 9f 4b 5a 32 cf 64 d2 | unwrapped: e5 0d 92 73 03 1e d2 74 65 0b a1 30 1e fd e5 f0 | unwrapped: c9 00 37 76 61 91 30 c0 cd fe 7d 5d 8f 99 ed d4 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765300 | result: final-key@0x564e2d1ca300 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d1ca300 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652e8 | result: final-key@0x7f2a40009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564e2d1ca300 | prf+N PRF sha final-key@0x7f2a40009e40 (size 20) | prf+N: key-key@0x7f2a40009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a5000eec0 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff8d765378 | result: result-key@0x564e2d1ca300 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a5000eec0 | prfplus: release old_t[N]-key@0x564e2d1c3300 | prf+N PRF sha init key-key@0x7f2a58006900 (size 20) | prf+N: key-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652f8 | result: clone-key@0x564e2d1c3300 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x564e2d1a1160 from key-key@0x564e2d1c3300 | prf+N prf: begin sha with context 0x564e2d1a1160 from key-key@0x564e2d1c3300 | prf+N: release clone-key@0x564e2d1c3300 | prf+N PRF sha crypt-prf@0x564e2d1c19d0 | prf+N PRF sha update old_t-key@0x7f2a40009e40 (size 20) | prf+N: old_t-key@0x7f2a40009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f2a40009e40 | nss hmac digest hack: symkey-key@0x7f2a40009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1921626304: ffffff8c ffffff99 ffffff8c 4c 2f ffffffd3 1f ffffffeb 40 ffffff81 ffffffc2 ffffffe0 ffffff80 32 ffffffef 6d ffffffbd 0e ffffffa1 ffffff8c 7b ffffffad ffffffa1 ffffffd9 44 7d 7c ffffffaf 7a 1f 7e 44 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x564e2d1c1ac0 | unwrapped: 60 cc 1a 14 85 6a ca a0 0e 54 41 48 79 22 56 ef | unwrapped: de d0 5e 9e 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f2a4c006900 (size 64) | prf+N: seed-key@0x7f2a4c006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f2a4c006900 | nss hmac digest hack: symkey-key@0x7f2a4c006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1921626304: ffffffb7 fffffffc fffffffd ffffffaf ffffffda ffffff87 68 04 ffffffef 73 7f ffffffbd 3f ffffffac 0f ffffffa7 20 1e ffffffbf ffffffcc 40 fffffff5 6a ffffff83 ffffffec ffffff94 ffffffab fffffff4 17 fffffff5 37 ffffffdf ffffff9f ffffff99 ffffffda 12 07 2f 1b 26 ffffffab 31 0f ffffffab ffffffd3 38 ffffffd2 ffffffe6 55 ffffffdd 70 ffffffa4 05 78 ffffffe3 2e 6f ffffff9c ffffff88 14 ffffff90 0e 12 16 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 64 bytes at 0x564e2d1b9330 | unwrapped: d3 6a e3 b0 e8 f6 eb f5 1e fd 29 be 22 19 43 db | unwrapped: e2 8e ca 2e 80 9a af 02 20 9f 4b 5a 32 cf 64 d2 | unwrapped: e5 0d 92 73 03 1e d2 74 65 0b a1 30 1e fd e5 f0 | unwrapped: c9 00 37 76 61 91 30 c0 cd fe 7d 5d 8f 99 ed d4 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765300 | result: final-key@0x7f2a5000eec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a5000eec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652e8 | result: final-key@0x564e2d1c3300 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a5000eec0 | prf+N PRF sha final-key@0x564e2d1c3300 (size 20) | prf+N: key-key@0x564e2d1c3300 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d1ca300 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff8d765378 | result: result-key@0x7f2a5000eec0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564e2d1ca300 | prfplus: release old_t[N]-key@0x7f2a40009e40 | prfplus: release old_t[final]-key@0x564e2d1c3300 | child_sa_keymat: release data-key@0x7f2a4c006900 | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x7f2a5000eec0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765458 | result: result-key@0x7f2a4c006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 36 bytes of key@0x7f2a4c006900 | initiator to responder keys: symkey-key@0x7f2a4c006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x564e2d1a1c00 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1717986918: ffffff99 ffffffca 46 0b 46 5c 5e ffffffc0 ffffffa1 fffffff6 38 3a ffffffd0 ffffff98 ffffffb4 42 ffffffd2 ffffffd7 ffffffe8 fffffff1 6b ffffffd7 62 1b ffffff95 0c 7c 70 ffffffe9 61 3d ffffffdd 22 ffffffd8 ffffffc5 64 ffffffe4 ffffff93 ffffffc9 43 44 ffffffc9 fffffffc 28 44 4d ffffffd4 ffffff98 | initiator to responder keys: release slot-key-key@0x564e2d1a1c00 | initiator to responder keys extracted len 48 bytes at 0x564e2d1bb7d0 | unwrapped: f1 cb 77 b1 12 cc 55 f8 9e 25 41 3e b7 ab f9 d1 | unwrapped: 39 49 3e 5d 42 9f 3b a6 f8 fd 12 a9 fc 35 97 0e | unwrapped: b7 e8 6e 02 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x7f2a4c006900 | key-offset: 36, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x7f2a5000eec0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765458 | result: result-key@0x7f2a4c006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 36 bytes of key@0x7f2a4c006900 | responder to initiator keys:: symkey-key@0x7f2a4c006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x564e2d1a1c00 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1717986918: 65 ffffff8e 69 ffffffc0 3a 29 0a ffffffc6 55 43 ffffffe6 ffffff84 ffffffc0 ffffffcd 71 2e 0e 4f 72 50 4a 5e ffffffd7 48 04 66 ffffffcd 07 ffffff98 16 ffffff9f fffffff9 18 ffffffd9 13 5a 2b 0f 1a 6f ffffffc1 ffffffc0 1e 4e 66 0c 35 05 | responder to initiator keys:: release slot-key-key@0x564e2d1a1c00 | responder to initiator keys: extracted len 48 bytes at 0x564e2d1bdf00 | unwrapped: 41 be 10 8a 60 cc 1a 14 85 6a ca a0 0e 54 41 48 | unwrapped: 79 22 56 ef de d0 5e 9e 86 02 03 9c 34 64 46 1f | unwrapped: 6f d9 a1 df 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x7f2a4c006900 | ikev2_derive_child_keys: release keymat-key@0x7f2a5000eec0 | FOR_EACH_CONNECTION_... in ISAKMP_SA_established | #7 spent 2.62 milliseconds | install_ipsec_sa() for #8: inbound and outbound | could_route called for east (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" prospective erouted: self; eroute owner: self | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.8392167c@192.1.2.45 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.433f6f0b@192.1.2.23 included non-error error | priority calculation of connection "east" is 0xfe7e7 | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #8: prospective erouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" prospective erouted: self; eroute owner: self | route_and_eroute with c: east (next: none) ero:east esr:{(nil)} ro:east rosr:{(nil)} and state: #8 | priority calculation of connection "east" is 0xfe7e7 | eroute_connection replace eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45>tun.0@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x8392167c SPI_OUT=0x433 | popen cmd is 1020 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFA: | cmd( 80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' : | cmd( 160):PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_M: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1638: | cmd( 320):8' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_: | cmd( 400):CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK=': | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKE: | cmd( 640):V2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO: | cmd( 720):_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_IN: | cmd( 800):FO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_: | cmd( 880):CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=: | cmd( 960):'no' SPI_IN=0x8392167c SPI_OUT=0x433f6f0b ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | route_and_eroute: instance "east", setting eroute_owner {spd=0x564e2d1b9a50,sr=0x564e2d1b9a50} to #8 (was #0) (newest_ipsec_sa=#0) | #7 spent 0.568 milliseconds in install_ipsec_sa() | ISAKMP_v2_IKE_AUTH: instance east[0], setting IKEv2 newest_ipsec_sa to #8 (was #0) (spd.eroute=#8) cloned from #7 | adding 12 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 176 | emitting length of ISAKMP Message: 204 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 48 bf 34 6c e4 75 c3 ef 78 f2 16 c2 f4 8f 5b 5a | data before encryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 23 74 e6 88 45 90 2b 16 28 62 f8 12 | 6f 92 54 e3 dc 39 a3 2b 2c 00 00 2c 00 00 00 28 | 01 03 04 03 43 3f 6f 0b 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 03 00 00 02 00 00 00 08 | 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 01 00 c0 00 01 ff 00 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 | c0 00 02 ff 00 01 02 03 04 05 06 07 08 09 0a 0b | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 02 07 f5 df a9 7a 28 d4 62 f7 bf 25 46 3b 3e 64 | 3c 1f 0c 12 39 d5 86 26 9e cd 77 27 b2 81 7f 1b | fc 4e fe 31 13 ae 84 d7 ec 6b 11 dc c8 de 92 13 | f5 39 e7 b6 87 32 00 4d b8 3f eb 7b 92 20 76 16 | 13 27 9e eb 1a 5a 2e 65 6c 50 db 31 9d 14 97 c3 | 61 5e 5f fa 60 57 77 17 0b f9 0d fe ba f7 7c f8 | cf 8e f6 55 13 ff ed 33 d5 69 bf a4 ef 15 d9 d5 | c0 74 d6 f5 93 40 d9 c9 77 e8 aa fc 06 dc 72 01 | c0 4c 99 6d 27 7c 94 2f d1 b9 b8 4d 11 47 06 89 | hmac PRF sha init symkey-key@0x564e2d1bff30 (size 20) | hmac: symkey-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765468 | result: clone-key@0x7f2a5000eec0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x7f2a5000eec0 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x7f2a5000eec0 | hmac: release clone-key@0x7f2a5000eec0 | hmac PRF sha crypt-prf@0x564e2d1be510 | hmac PRF sha update data-bytes@0x564e2b553940 (length 192) | c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | 48 bf 34 6c e4 75 c3 ef 78 f2 16 c2 f4 8f 5b 5a | 02 07 f5 df a9 7a 28 d4 62 f7 bf 25 46 3b 3e 64 | 3c 1f 0c 12 39 d5 86 26 9e cd 77 27 b2 81 7f 1b | fc 4e fe 31 13 ae 84 d7 ec 6b 11 dc c8 de 92 13 | f5 39 e7 b6 87 32 00 4d b8 3f eb 7b 92 20 76 16 | 13 27 9e eb 1a 5a 2e 65 6c 50 db 31 9d 14 97 c3 | 61 5e 5f fa 60 57 77 17 0b f9 0d fe ba f7 7c f8 | cf 8e f6 55 13 ff ed 33 d5 69 bf a4 ef 15 d9 d5 | c0 74 d6 f5 93 40 d9 c9 77 e8 aa fc 06 dc 72 01 | c0 4c 99 6d 27 7c 94 2f d1 b9 b8 4d 11 47 06 89 | hmac PRF sha final-bytes@0x564e2b553a00 (length 20) | e1 86 16 12 66 9c 26 b1 3d 33 10 d9 ff 43 73 a5 | 93 0b b2 df | data being hmac: c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | data being hmac: 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | data being hmac: 48 bf 34 6c e4 75 c3 ef 78 f2 16 c2 f4 8f 5b 5a | data being hmac: 02 07 f5 df a9 7a 28 d4 62 f7 bf 25 46 3b 3e 64 | data being hmac: 3c 1f 0c 12 39 d5 86 26 9e cd 77 27 b2 81 7f 1b | data being hmac: fc 4e fe 31 13 ae 84 d7 ec 6b 11 dc c8 de 92 13 | data being hmac: f5 39 e7 b6 87 32 00 4d b8 3f eb 7b 92 20 76 16 | data being hmac: 13 27 9e eb 1a 5a 2e 65 6c 50 db 31 9d 14 97 c3 | data being hmac: 61 5e 5f fa 60 57 77 17 0b f9 0d fe ba f7 7c f8 | data being hmac: cf 8e f6 55 13 ff ed 33 d5 69 bf a4 ef 15 d9 d5 | data being hmac: c0 74 d6 f5 93 40 d9 c9 77 e8 aa fc 06 dc 72 01 | data being hmac: c0 4c 99 6d 27 7c 94 2f d1 b9 b8 4d 11 47 06 89 | out calculated auth: | e1 86 16 12 66 9c 26 b1 3d 33 10 d9 | ikev2_parent_inI2outR2_continue_tail returned STF_OK | #7 spent 3.42 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() | suspend processing: state #7 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #8 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #8 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R | child state #8: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) | Message ID: updating counters for #8 to 1 after switching state | Message ID: recv #7.#8 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 | Message ID: sent #7.#8 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 | pstats #8 ikev2.child established "east" #8: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0] | NAT-T: encaps is 'auto' "east" #8: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0x8392167c <0x433f6f0b xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 204 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #7) | c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | 48 bf 34 6c e4 75 c3 ef 78 f2 16 c2 f4 8f 5b 5a | 02 07 f5 df a9 7a 28 d4 62 f7 bf 25 46 3b 3e 64 | 3c 1f 0c 12 39 d5 86 26 9e cd 77 27 b2 81 7f 1b | fc 4e fe 31 13 ae 84 d7 ec 6b 11 dc c8 de 92 13 | f5 39 e7 b6 87 32 00 4d b8 3f eb 7b 92 20 76 16 | 13 27 9e eb 1a 5a 2e 65 6c 50 db 31 9d 14 97 c3 | 61 5e 5f fa 60 57 77 17 0b f9 0d fe ba f7 7c f8 | cf 8e f6 55 13 ff ed 33 d5 69 bf a4 ef 15 d9 d5 | c0 74 d6 f5 93 40 d9 c9 77 e8 aa fc 06 dc 72 01 | c0 4c 99 6d 27 7c 94 2f d1 b9 b8 4d 11 47 06 89 | e1 86 16 12 66 9c 26 b1 3d 33 10 d9 | releasing whack for #8 (sock=fd@-1) | releasing whack and unpending for parent #7 | unpending state #7 connection "east" | #8 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x564e2d1c4c70 | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #8 | libevent_malloc: new ptr-libevent@0x564e2d1ca390 size 128 | resume sending helper answer for #7 suppresed complete_v2_state_transition() | #7 spent 3.84 milliseconds in resume sending helper answer | stop processing: state #8 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f2a40010760 | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.0044 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00251 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | bd 8f 6b c6 dd 6e 67 7b 4d 05 f8 81 64 c4 74 41 | a9 66 36 ec e0 1f 08 9e 2a 97 7f ba ea c1 26 bb | 4d 74 62 fc 8d 6d 66 bd 23 3a 0d f5 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | c4 6c 37 92 fa 84 6c d3 | responder cookie: | 0e 4d 17 a5 79 8d d7 c5 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #7 in PARENT_R2 (find_v2_ike_sa) | start processing: state #7 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #7 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 | Message ID: #7 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SK (len=44) | Message ID: start-responder #7 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 | #7 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x7f2a500069f0 (size 20) | hmac: symkey-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7660b8 | result: clone-key@0x7f2a5000eec0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x7f2a5000eec0 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x7f2a5000eec0 | hmac: release clone-key@0x7f2a5000eec0 | hmac PRF sha crypt-prf@0x564e2d1c3390 | hmac PRF sha update data-bytes@0x564e2d11cf50 (length 64) | c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | bd 8f 6b c6 dd 6e 67 7b 4d 05 f8 81 64 c4 74 41 | a9 66 36 ec e0 1f 08 9e 2a 97 7f ba ea c1 26 bb | hmac PRF sha final-bytes@0x7fff8d766280 (length 20) | 4d 74 62 fc 8d 6d 66 bd 23 3a 0d f5 16 c6 c2 a0 | d8 ef 64 75 | data for hmac: c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | data for hmac: 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | data for hmac: bd 8f 6b c6 dd 6e 67 7b 4d 05 f8 81 64 c4 74 41 | data for hmac: a9 66 36 ec e0 1f 08 9e 2a 97 7f ba ea c1 26 bb | calculated auth: 4d 74 62 fc 8d 6d 66 bd 23 3a 0d f5 | provided auth: 4d 74 62 fc 8d 6d 66 bd 23 3a 0d f5 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | bd 8f 6b c6 dd 6e 67 7b 4d 05 f8 81 64 c4 74 41 | payload before decryption: | a9 66 36 ec e0 1f 08 9e 2a 97 7f ba ea c1 26 bb | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 00 00 00 0c 03 04 00 01 83 92 16 7c 00 01 02 03 | stripping 4 octets as pad | #7 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 12 (0xc) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | processing payload: ISAKMP_NEXT_v2D (len=4) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | c4 6c 37 92 fa 84 6c d3 | responder cookie: | 0e 4d 17 a5 79 8d d7 c5 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | parsing 4 raw bytes of IKEv2 Delete Payload into SPI | SPI 83 92 16 7c | delete PROTO_v2_ESP SA(0x8392167c) | v2 CHILD SA #8 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_R | State DB: found IKEv2 state #8 in V2_IPSEC_R (find_v2_child_sa_by_outbound_spi) | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x8392167c) "east" #7: received Delete SA payload: delete IPsec State #8 now | pstats #8 ikev2.child deleted completed | suspend processing: state #7 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) | start processing: state #8 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #8: deleting other state #8 (STATE_V2_IPSEC_R) aged 0.225s and NOT sending notification | child state #8: V2_IPSEC_R(established CHILD SA) => delete | get_sa_info esp.8392167c@192.1.2.45 | get_sa_info esp.433f6f0b@192.1.2.23 "east" #8: ESP traffic information: in=84B out=84B | child state #8: V2_IPSEC_R(established CHILD SA) => CHILDSA_DEL(informational) | state #8 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x564e2d1ca390 | free_event_entry: release EVENT_SA_REKEY-pe@0x564e2d1c4c70 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050308' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x8392167c | popen cmd is 1031 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east: | cmd( 160):' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='1569050308' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUN: | cmd( 640):NEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMA: | cmd( 720):NENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_: | cmd( 800):PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER: | cmd( 880):='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' : | cmd( 960):VTI_SHARED='no' SPI_IN=0x8392167c SPI_OUT=0x433f6f0b ipsec _updown 2>&1: | shunt_eroute() called for connection 'east' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.2.0/24:0 --0->- 192.0.1.0/24:0 | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.1.0/24:0 | priority calculation of connection "east" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.8392167c@192.1.2.45 | netlink response for Del SA esp.8392167c@192.1.2.45 included non-error error | priority calculation of connection "east" is 0xfe7e7 | delete inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) | raw_eroute result=success | delete esp.433f6f0b@192.1.2.23 | netlink response for Del SA esp.433f6f0b@192.1.2.23 included non-error error | in connection_discard for connection east | State DB: deleting IKEv2 state #8 in CHILDSA_DEL | child state #8: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #8 from 192.1.2.45:500 (in delete_state() at state.c:1143) | resume processing: state #7 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f2a58006900 | delete_state: release st->st_skey_ai_nss-key@0x7f2a500069f0 | delete_state: release st->st_skey_ar_nss-key@0x564e2d1bff30 | delete_state: release st->st_skey_ei_nss-key@0x564e2d1c1a10 | delete_state: release st->st_skey_er_nss-key@0x7f2a40006450 | delete_state: release st->st_skey_pi_nss-key@0x7f2a4000bdb0 | delete_state: release st->st_skey_pr_nss-key@0x7f2a4000eee0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload | local SPIs 43 3f 6f 0b | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 4f 84 ec e7 25 43 f0 6a a0 97 0c c9 5a 7a c4 31 | data before encryption: | 00 00 00 0c 03 04 00 01 43 3f 6f 0b 00 01 02 03 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 94 5b 2e 24 d5 12 58 4a c4 b5 6c 4e 26 08 f6 0a | hmac PRF sha init symkey-key@0x564e2d1bff30 (size 20) | hmac: symkey-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765c78 | result: clone-key@0x7f2a5000eec0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x7f2a5000eec0 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x7f2a5000eec0 | hmac: release clone-key@0x7f2a5000eec0 | hmac PRF sha crypt-prf@0x564e2d1c19f0 | hmac PRF sha update data-bytes@0x564e2b553940 (length 64) | c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | 4f 84 ec e7 25 43 f0 6a a0 97 0c c9 5a 7a c4 31 | 94 5b 2e 24 d5 12 58 4a c4 b5 6c 4e 26 08 f6 0a | hmac PRF sha final-bytes@0x564e2b553980 (length 20) | 5a 04 c8 3d 34 77 f3 f4 19 96 79 03 01 a3 69 52 | 3c 16 2e 4f | data being hmac: c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | data being hmac: 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | data being hmac: 4f 84 ec e7 25 43 f0 6a a0 97 0c c9 5a 7a c4 31 | data being hmac: 94 5b 2e 24 d5 12 58 4a c4 b5 6c 4e 26 08 f6 0a | out calculated auth: | 5a 04 c8 3d 34 77 f3 f4 19 96 79 03 | sending 76 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #7) | c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | 4f 84 ec e7 25 43 f0 6a a0 97 0c c9 5a 7a c4 31 | 94 5b 2e 24 d5 12 58 4a c4 b5 6c 4e 26 08 f6 0a | 5a 04 c8 3d 34 77 f3 f4 19 96 79 03 | Message ID: #7 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2 | Message ID: sent #7 response 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1->2 responder.recv=1 wip.initiator=-1 wip.responder=2 | #7 spent 0.805 milliseconds in processing: R2: process INFORMATIONAL Request in ikev2_process_state_packet() | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #7 complete_v2_state_transition() PARENT_R2->PARENT_R2 with status STF_OK | Message ID: updating counters for #7 to 2 after switching state | Message ID: recv #7 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=1->2 wip.initiator=-1 wip.responder=2->-1 | Message ID: #7 skipping update_send as nothing to send; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1 "east" #7: STATE_PARENT_R2: received v2I2, PARENT SA established | stop processing: state #7 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #7 spent 1.1 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.12 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00162 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | 75 a3 89 7f c6 c0 4e 92 a1 34 18 f3 f0 9d 84 1a | 74 30 3d ed 8a 36 00 92 8c 5e c1 03 2e 76 e5 47 | 94 74 8e e4 5c 90 dd 3c 7a 07 72 f5 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | c4 6c 37 92 fa 84 6c d3 | responder cookie: | 0e 4d 17 a5 79 8d d7 c5 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #7 in PARENT_R2 (find_v2_ike_sa) | start processing: state #7 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #7 st.st_msgid_lastrecv 2 md.hdr.isa_msgid 00000003 | Message ID: #7 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SK (len=44) | Message ID: start-responder #7 request 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1->3 | #7 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x7f2a500069f0 (size 20) | hmac: symkey-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7660b8 | result: clone-key@0x7f2a5000eec0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x7f2a5000eec0 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x7f2a5000eec0 | hmac: release clone-key@0x7f2a5000eec0 | hmac PRF sha crypt-prf@0x564e2d1c3390 | hmac PRF sha update data-bytes@0x564e2d11cf50 (length 64) | c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | 75 a3 89 7f c6 c0 4e 92 a1 34 18 f3 f0 9d 84 1a | 74 30 3d ed 8a 36 00 92 8c 5e c1 03 2e 76 e5 47 | hmac PRF sha final-bytes@0x7fff8d766280 (length 20) | 94 74 8e e4 5c 90 dd 3c 7a 07 72 f5 6f d7 a7 d1 | 7a 7e 08 e6 | data for hmac: c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | data for hmac: 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | data for hmac: 75 a3 89 7f c6 c0 4e 92 a1 34 18 f3 f0 9d 84 1a | data for hmac: 74 30 3d ed 8a 36 00 92 8c 5e c1 03 2e 76 e5 47 | calculated auth: 94 74 8e e4 5c 90 dd 3c 7a 07 72 f5 | provided auth: 94 74 8e e4 5c 90 dd 3c 7a 07 72 f5 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 75 a3 89 7f c6 c0 4e 92 a1 34 18 f3 f0 9d 84 1a | payload before decryption: | 74 30 3d ed 8a 36 00 92 8c 5e c1 03 2e 76 e5 47 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | stripping 8 octets as pad | #7 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | processing payload: ISAKMP_NEXT_v2D (len=0) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | c4 6c 37 92 fa 84 6c d3 | responder cookie: | 0e 4d 17 a5 79 8d d7 c5 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | adding 16 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0e repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0f repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 6e 1e 0b 59 e1 75 d6 2b 91 87 c3 9a d6 0c 0e 3b | data before encryption: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 81 2a da e7 67 1b 66 bf d9 d6 20 98 86 28 3f c2 | hmac PRF sha init symkey-key@0x564e2d1bff30 (size 20) | hmac: symkey-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765c78 | result: clone-key@0x7f2a5000eec0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x7f2a5000eec0 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x7f2a5000eec0 | hmac: release clone-key@0x7f2a5000eec0 | hmac PRF sha crypt-prf@0x564e2d1bb660 | hmac PRF sha update data-bytes@0x564e2b553940 (length 64) | c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | 6e 1e 0b 59 e1 75 d6 2b 91 87 c3 9a d6 0c 0e 3b | 81 2a da e7 67 1b 66 bf d9 d6 20 98 86 28 3f c2 | hmac PRF sha final-bytes@0x564e2b553980 (length 20) | 2b d2 40 1e 9f e2 13 a9 fa 14 9d b7 b4 4e bd cb | 94 9d 87 f6 | data being hmac: c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | data being hmac: 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | data being hmac: 6e 1e 0b 59 e1 75 d6 2b 91 87 c3 9a d6 0c 0e 3b | data being hmac: 81 2a da e7 67 1b 66 bf d9 d6 20 98 86 28 3f c2 | out calculated auth: | 2b d2 40 1e 9f e2 13 a9 fa 14 9d b7 | sending 76 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #7) | c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | 6e 1e 0b 59 e1 75 d6 2b 91 87 c3 9a d6 0c 0e 3b | 81 2a da e7 67 1b 66 bf d9 d6 20 98 86 28 3f c2 | 2b d2 40 1e 9f e2 13 a9 fa 14 9d b7 | Message ID: #7 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=3 | Message ID: sent #7 response 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2->3 responder.recv=2 wip.initiator=-1 wip.responder=3 | State DB: IKEv2 state not found (delete_my_family) | parent state #7: PARENT_R2(established IKE SA) => IKESA_DEL(established IKE SA) | pstats #7 ikev2.ike deleted completed | #7 spent 10.4 milliseconds in total | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #7: deleting state (STATE_IKESA_DEL) aged 0.299s and NOT sending notification | parent state #7: IKESA_DEL(established IKE SA) => delete | state #7 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7f2a480060f0 | free_event_entry: release EVENT_SA_REKEY-pe@0x564e2d1c33e0 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #7 in IKESA_DEL | parent state #7: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f2a4c000d60: destroyed | stop processing: state #7 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x564e2d1a8430 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f2a58006900 | delete_state: release st->st_skey_ai_nss-key@0x7f2a500069f0 | delete_state: release st->st_skey_ar_nss-key@0x564e2d1bff30 | delete_state: release st->st_skey_ei_nss-key@0x564e2d1c1a10 | delete_state: release st->st_skey_er_nss-key@0x7f2a40006450 | delete_state: release st->st_skey_pi_nss-key@0x7f2a4000bdb0 | delete_state: release st->st_skey_pr_nss-key@0x7f2a4000eee0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | in statetime_stop() and could not find #7 | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3376) | #0 complete_v2_state_transition() md.from_state=PARENT_R2 md.svm.state[from]=PARENT_R2 UNDEFINED->PARENT_R2 with status STF_OK | STF_OK but no state object remains | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #7 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.781 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00564 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00274 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 65 12 22 b9 cd 6a 2c 4d 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 e2 16 37 a1 9c 50 93 9a f8 35 38 f0 | 8a 8e b5 e6 e2 f5 2f 76 0a 60 7d 7c 7d db 09 c0 | 62 dd fe a0 c0 75 84 ba 05 1d eb 95 5b 65 9c e8 | 4e 0d b3 e0 32 60 ba 14 23 9a 7a 54 26 fc 1b 9d | f7 7a b5 0c d9 47 6a 65 64 18 9d 9f 37 3f 0a 52 | 51 33 3d 69 b2 32 46 f8 cf bd 89 b9 e8 cd 9b 5c | 49 7e d3 8a d7 b8 24 63 30 1b 59 ef 54 d5 75 2e | 75 cd b9 c5 2a 80 75 15 06 9f 61 5c 7b 93 e7 47 | 34 19 f2 4d b8 23 a8 f0 44 ad b5 21 af 27 22 f1 | 27 49 f2 a4 e6 0b 26 b7 1b e6 41 95 31 e0 f9 3e | 23 f4 6c 0d 4b 00 dc 89 8e 39 b2 f0 af 4a d2 a9 | 8e 22 69 1d 22 6b 4d 1a 40 dc 4a 28 b6 2a f1 fb | e9 83 fe 1d 72 4d 66 48 40 dc b0 af 08 b5 1c df | d3 c5 6a ec d0 be 94 c3 4a 9e f9 88 e2 66 a4 30 | 76 e6 13 91 1f 44 7f fc d9 e2 07 9a 9e 28 4d 33 | 1a 55 e5 98 61 8e 5e ef 46 5c 3e 65 63 19 4a a4 | 2c 08 1a 63 29 00 00 24 70 d6 aa 5c 81 5d a9 b0 | 1c 5f 80 0c a0 b9 20 86 f8 1a bc 3c 1a ba 84 24 | 9b ab 67 e2 a2 34 4a 53 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 d7 cb cb 44 18 a8 1f c2 | ac fd c9 a4 8e e2 8f 12 f8 98 c5 12 00 00 00 1c | 00 00 40 05 c9 6c 1b 03 7e 87 74 e7 f7 96 19 2c | ee 9d 7b 99 79 54 58 be | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 65 12 22 b9 cd 6a 2c 4d | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x564e2d1ba2a0 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x564e2b547700 (length 32) | 62 69 c2 24 61 0b eb 03 31 69 8e 34 fa 62 6b 0f | 9f 9c e7 e3 dc ef ed d7 ff d6 12 6f b4 c1 0b 04 | IKE SPIr hash sha2_256 digest counter-bytes@0x564e2b5476e0 (length 4) | 06 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff8d7668e0 (length 32) | f2 c8 2c 02 54 24 8b 03 c8 4b 75 bc 1f 80 db db | 39 a1 35 5f 66 e9 a1 f6 d3 9a 63 41 96 39 57 24 | creating state object #9 at 0x564e2d1bd370 | State DB: adding IKEv2 state #9 in UNDEFINED | pstats #9 ikev2.ike started | Message ID: init #9: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #9: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #9; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #9 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #9 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #9 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #9 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #9 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #9 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 "east" #9: proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | DH public value received: | e2 16 37 a1 9c 50 93 9a f8 35 38 f0 8a 8e b5 e6 | e2 f5 2f 76 0a 60 7d 7c 7d db 09 c0 62 dd fe a0 | c0 75 84 ba 05 1d eb 95 5b 65 9c e8 4e 0d b3 e0 | 32 60 ba 14 23 9a 7a 54 26 fc 1b 9d f7 7a b5 0c | d9 47 6a 65 64 18 9d 9f 37 3f 0a 52 51 33 3d 69 | b2 32 46 f8 cf bd 89 b9 e8 cd 9b 5c 49 7e d3 8a | d7 b8 24 63 30 1b 59 ef 54 d5 75 2e 75 cd b9 c5 | 2a 80 75 15 06 9f 61 5c 7b 93 e7 47 34 19 f2 4d | b8 23 a8 f0 44 ad b5 21 af 27 22 f1 27 49 f2 a4 | e6 0b 26 b7 1b e6 41 95 31 e0 f9 3e 23 f4 6c 0d | 4b 00 dc 89 8e 39 b2 f0 af 4a d2 a9 8e 22 69 1d | 22 6b 4d 1a 40 dc 4a 28 b6 2a f1 fb e9 83 fe 1d | 72 4d 66 48 40 dc b0 af 08 b5 1c df d3 c5 6a ec | d0 be 94 c3 4a 9e f9 88 e2 66 a4 30 76 e6 13 91 | 1f 44 7f fc d9 e2 07 9a 9e 28 4d 33 1a 55 e5 98 | 61 8e 5e ef 46 5c 3e 65 63 19 4a a4 2c 08 1a 63 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff8d7662e0 (length 8) | 65 12 22 b9 cd 6a 2c 4d | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff8d7662e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff8d766274 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff8d766266 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff8d7662f0 (length 20) | c9 6c 1b 03 7e 87 74 e7 f7 96 19 2c ee 9d 7b 99 | 79 54 58 be | natd_hash: hasher=0x564e2b52a7a0(20) | natd_hash: icookie= 65 12 22 b9 cd 6a 2c 4d | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= c9 6c 1b 03 7e 87 74 e7 f7 96 19 2c ee 9d 7b 99 | natd_hash: hash= 79 54 58 be | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff8d7662e0 (length 8) | 65 12 22 b9 cd 6a 2c 4d | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff8d7662e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff8d766274 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff8d766266 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff8d766310 (length 20) | d7 cb cb 44 18 a8 1f c2 ac fd c9 a4 8e e2 8f 12 | f8 98 c5 12 | natd_hash: hasher=0x564e2b52a7a0(20) | natd_hash: icookie= 65 12 22 b9 cd 6a 2c 4d | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= d7 cb cb 44 18 a8 1f c2 ac fd c9 a4 8e e2 8f 12 | natd_hash: hash= f8 98 c5 12 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 | adding ikev2_inI1outR1 KE work-order 7 for state #9 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564e2d1c4c70 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #9 | libevent_malloc: new ptr-libevent@0x7f2a480060f0 size 128 | #9 spent 0.28 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #9 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND | suspending state #9 and saving MD | #9 is busy; has a suspended MD | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266) | "east" #9 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #9 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #9 spent 0.644 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | crypto helper 6 resuming | crypto helper 6 starting work-order 7 for state #9 | crypto helper 6 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 7 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f2a44000d60: created | NSS: Local DH MODP2048 secret (pointer): 0x7f2a44000d60 | NSS: Public DH wire value: | f5 5b 6c 89 fc 3a 2b 29 4f b3 64 aa 61 48 91 ef | 69 2d 57 cc f2 19 d1 2d 8a cd c7 16 e0 26 a9 03 | 22 b3 f5 c6 5e 9d 56 d6 d0 a4 27 55 50 d8 96 45 | f1 42 d5 fe 10 a1 cd 5d 81 ee ad 80 01 90 47 68 | 1d 8a aa af 80 f8 c3 31 0b 8b 0a 0a cf 47 78 45 | b3 20 f5 d1 42 1e ff d1 a1 08 7b 49 fa 0d bf 35 | a4 fb 30 be 41 bf d0 d5 0f 7d 9c d4 6d c3 59 ff | 6d f6 b7 bb 7e 47 7e 0c ff 60 67 60 2a 09 01 21 | df 41 76 e9 13 83 31 82 ae 8c ad 20 13 3d aa 18 | 1b fd 9a ce f0 f9 3c 36 8e 3a 25 38 aa da 30 9f | ce 49 b9 1c 11 52 6c f8 b8 15 35 f0 9f 71 4b 0c | 7b 06 68 cf 83 a8 81 47 90 82 2f 38 20 fe 49 66 | 7c 40 f3 55 66 aa 9d a2 4d 9f 80 dc 9e 06 5b a0 | 01 66 64 d5 b3 1b 5d 43 60 49 73 1d 0a 5b 36 89 | 70 4b 68 49 72 9d 13 78 d9 d7 8f 12 49 f5 e1 fd | 8a 9e 17 fc 4b 5f e7 37 36 db f6 7a 1f e6 b0 83 | Generated nonce: 7f 9a 44 bf d6 07 9e 5a 97 6a 89 84 84 1d 0b 69 | Generated nonce: 54 64 68 25 54 5f 5b f1 d9 2a 7d 82 a8 df dd 15 | crypto helper 6 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 7 time elapsed 0.00107 seconds | (#9) spent 1.07 milliseconds in crypto helper computing work-order 7: ikev2_inI1outR1 KE (pcr) | crypto helper 6 sending results from work-order 7 for state #9 to event queue | scheduling resume sending helper answer for #9 | libevent_malloc: new ptr-libevent@0x7f2a44006900 size 128 | crypto helper 6 waiting (nothing to do) | spent 0.655 milliseconds in comm_handle_cb() reading and processing packet | processing resume sending helper answer for #9 | start processing: state #9 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 6 replies to request ID 7 | calling continuation function 0x564e2b454630 | ikev2_parent_inI1outR1_continue for #9: calculated ke+nonce, sending R1 | **emit ISAKMP Message: | initiator cookie: | 65 12 22 b9 cd 6a 2c 4d | responder cookie: | f2 c8 2c 02 54 24 8b 03 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Emitting ikev2_proposal ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f2a44000d60: transferring ownership from helper KE to state #9 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x f5 5b 6c 89 fc 3a 2b 29 4f b3 64 aa 61 48 91 ef | ikev2 g^x 69 2d 57 cc f2 19 d1 2d 8a cd c7 16 e0 26 a9 03 | ikev2 g^x 22 b3 f5 c6 5e 9d 56 d6 d0 a4 27 55 50 d8 96 45 | ikev2 g^x f1 42 d5 fe 10 a1 cd 5d 81 ee ad 80 01 90 47 68 | ikev2 g^x 1d 8a aa af 80 f8 c3 31 0b 8b 0a 0a cf 47 78 45 | ikev2 g^x b3 20 f5 d1 42 1e ff d1 a1 08 7b 49 fa 0d bf 35 | ikev2 g^x a4 fb 30 be 41 bf d0 d5 0f 7d 9c d4 6d c3 59 ff | ikev2 g^x 6d f6 b7 bb 7e 47 7e 0c ff 60 67 60 2a 09 01 21 | ikev2 g^x df 41 76 e9 13 83 31 82 ae 8c ad 20 13 3d aa 18 | ikev2 g^x 1b fd 9a ce f0 f9 3c 36 8e 3a 25 38 aa da 30 9f | ikev2 g^x ce 49 b9 1c 11 52 6c f8 b8 15 35 f0 9f 71 4b 0c | ikev2 g^x 7b 06 68 cf 83 a8 81 47 90 82 2f 38 20 fe 49 66 | ikev2 g^x 7c 40 f3 55 66 aa 9d a2 4d 9f 80 dc 9e 06 5b a0 | ikev2 g^x 01 66 64 d5 b3 1b 5d 43 60 49 73 1d 0a 5b 36 89 | ikev2 g^x 70 4b 68 49 72 9d 13 78 d9 d7 8f 12 49 f5 e1 fd | ikev2 g^x 8a 9e 17 fc 4b 5f e7 37 36 db f6 7a 1f e6 b0 83 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 7f 9a 44 bf d6 07 9e 5a 97 6a 89 84 84 1d 0b 69 | IKEv2 nonce 54 64 68 25 54 5f 5b f1 d9 2a 7d 82 a8 df dd 15 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff8d766830 (length 8) | 65 12 22 b9 cd 6a 2c 4d | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff8d766838 (length 8) | f2 c8 2c 02 54 24 8b 03 | NATD hash sha digest IP addr-bytes@0x7fff8d766764 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff8d766756 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff8d7667e0 (length 20) | f3 a7 da b5 2f 0e 0e 77 89 b4 bc 13 75 b4 7e 6d | bc 95 bc 1e | natd_hash: hasher=0x564e2b52a7a0(20) | natd_hash: icookie= 65 12 22 b9 cd 6a 2c 4d | natd_hash: rcookie= f2 c8 2c 02 54 24 8b 03 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= f3 a7 da b5 2f 0e 0e 77 89 b4 bc 13 75 b4 7e 6d | natd_hash: hash= bc 95 bc 1e | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data f3 a7 da b5 2f 0e 0e 77 89 b4 bc 13 75 b4 7e 6d | Notify data bc 95 bc 1e | emitting length of IKEv2 Notify Payload: 28 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff8d766830 (length 8) | 65 12 22 b9 cd 6a 2c 4d | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff8d766838 (length 8) | f2 c8 2c 02 54 24 8b 03 | NATD hash sha digest IP addr-bytes@0x7fff8d766764 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff8d766756 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff8d7667e0 (length 20) | 28 f3 3a e4 a7 27 99 d1 02 6a 6e a0 f3 4c 7a a0 | 1d c5 98 7f | natd_hash: hasher=0x564e2b52a7a0(20) | natd_hash: icookie= 65 12 22 b9 cd 6a 2c 4d | natd_hash: rcookie= f2 c8 2c 02 54 24 8b 03 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 28 f3 3a e4 a7 27 99 d1 02 6a 6e a0 f3 4c 7a a0 | natd_hash: hash= 1d c5 98 7f | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 28 f3 3a e4 a7 27 99 d1 02 6a 6e a0 f3 4c 7a a0 | Notify data 1d c5 98 7f | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #9 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 | parent state #9: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) | Message ID: updating counters for #9 to 0 after switching state | Message ID: recv #9 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 | Message ID: sent #9 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 "east" #9: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 440 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #9) | 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 f5 5b 6c 89 fc 3a 2b 29 4f b3 64 aa | 61 48 91 ef 69 2d 57 cc f2 19 d1 2d 8a cd c7 16 | e0 26 a9 03 22 b3 f5 c6 5e 9d 56 d6 d0 a4 27 55 | 50 d8 96 45 f1 42 d5 fe 10 a1 cd 5d 81 ee ad 80 | 01 90 47 68 1d 8a aa af 80 f8 c3 31 0b 8b 0a 0a | cf 47 78 45 b3 20 f5 d1 42 1e ff d1 a1 08 7b 49 | fa 0d bf 35 a4 fb 30 be 41 bf d0 d5 0f 7d 9c d4 | 6d c3 59 ff 6d f6 b7 bb 7e 47 7e 0c ff 60 67 60 | 2a 09 01 21 df 41 76 e9 13 83 31 82 ae 8c ad 20 | 13 3d aa 18 1b fd 9a ce f0 f9 3c 36 8e 3a 25 38 | aa da 30 9f ce 49 b9 1c 11 52 6c f8 b8 15 35 f0 | 9f 71 4b 0c 7b 06 68 cf 83 a8 81 47 90 82 2f 38 | 20 fe 49 66 7c 40 f3 55 66 aa 9d a2 4d 9f 80 dc | 9e 06 5b a0 01 66 64 d5 b3 1b 5d 43 60 49 73 1d | 0a 5b 36 89 70 4b 68 49 72 9d 13 78 d9 d7 8f 12 | 49 f5 e1 fd 8a 9e 17 fc 4b 5f e7 37 36 db f6 7a | 1f e6 b0 83 29 00 00 24 7f 9a 44 bf d6 07 9e 5a | 97 6a 89 84 84 1d 0b 69 54 64 68 25 54 5f 5b f1 | d9 2a 7d 82 a8 df dd 15 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 f3 a7 da b5 2f 0e 0e 77 | 89 b4 bc 13 75 b4 7e 6d bc 95 bc 1e 00 00 00 1c | 00 00 40 05 28 f3 3a e4 a7 27 99 d1 02 6a 6e a0 | f3 4c 7a a0 1d c5 98 7f | state #9 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f2a480060f0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564e2d1c4c70 | event_schedule: new EVENT_SO_DISCARD-pe@0x564e2d1c4c70 | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #9 | libevent_malloc: new ptr-libevent@0x7f2a480060f0 size 128 | resume sending helper answer for #9 suppresed complete_v2_state_transition() | #9 spent 0.578 milliseconds in resume sending helper answer | stop processing: state #9 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f2a44006900 | spent 0.00235 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 220 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 95 e3 1d 4b 67 99 21 60 7f a5 f4 7d 04 60 e3 50 | fa c1 40 85 e4 25 f2 15 91 31 0b 26 e4 e5 5d 45 | 32 13 01 68 b2 b2 ce 9d 27 33 a3 6f cb ee 9d 60 | 73 c9 7c 71 03 f7 d1 4a 6f 67 5b a7 ee 9e 22 6a | be f1 58 8b d4 29 81 86 fa 14 63 c2 a0 48 90 91 | bf dc 75 6d 3b 4c 83 80 63 c4 51 29 02 b1 55 1a | 5f aa 34 dd bf d9 d5 37 2f ef fd e8 80 4f a7 00 | 4c 8d c2 6f 36 40 80 0b e5 50 56 c1 ee 05 49 25 | 2e b5 05 2b 33 81 38 eb 05 2a 80 bf eb c3 1f b9 | be 3c 22 50 43 a6 ed 07 37 f0 57 48 1f 0d 22 68 | 09 92 b7 58 6a 75 34 4a 8f 9d 65 a9 8b 25 03 4c | d0 7c cf 80 4f 86 8d c9 19 ae 6d ff | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 65 12 22 b9 cd 6a 2c 4d | responder cookie: | f2 c8 2c 02 54 24 8b 03 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 220 (0xdc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request | State DB: found IKEv2 state #9 in PARENT_R1 (find_v2_ike_sa) | start processing: state #9 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #9 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 | Message ID: #9 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 192 (0xc0) | processing payload: ISAKMP_NEXT_v2SK (len=188) | Message ID: start-responder #9 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 | #9 in state PARENT_R1: received v2I1, sent v2R1 | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request (no SKEYSEED) | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f2a44000d60: transferring ownership from state #9 to helper IKEv2 DH | adding ikev2_inI2outR2 KE work-order 8 for state #9 | state #9 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x7f2a480060f0 | free_event_entry: release EVENT_SO_DISCARD-pe@0x564e2d1c4c70 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f2a44002b20 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #9 | libevent_malloc: new ptr-libevent@0x7f2a480060f0 size 128 | #9 spent 0.0327 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #9 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND | suspending state #9 and saving MD | #9 is busy; has a suspended MD | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266) | "east" #9 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #9 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #9 spent 0.172 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.183 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 1 resuming | crypto helper 1 starting work-order 8 for state #9 | crypto helper 1 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 8 | peer's g: e2 16 37 a1 9c 50 93 9a f8 35 38 f0 8a 8e b5 e6 | peer's g: e2 f5 2f 76 0a 60 7d 7c 7d db 09 c0 62 dd fe a0 | peer's g: c0 75 84 ba 05 1d eb 95 5b 65 9c e8 4e 0d b3 e0 | peer's g: 32 60 ba 14 23 9a 7a 54 26 fc 1b 9d f7 7a b5 0c | peer's g: d9 47 6a 65 64 18 9d 9f 37 3f 0a 52 51 33 3d 69 | peer's g: b2 32 46 f8 cf bd 89 b9 e8 cd 9b 5c 49 7e d3 8a | peer's g: d7 b8 24 63 30 1b 59 ef 54 d5 75 2e 75 cd b9 c5 | peer's g: 2a 80 75 15 06 9f 61 5c 7b 93 e7 47 34 19 f2 4d | peer's g: b8 23 a8 f0 44 ad b5 21 af 27 22 f1 27 49 f2 a4 | peer's g: e6 0b 26 b7 1b e6 41 95 31 e0 f9 3e 23 f4 6c 0d | peer's g: 4b 00 dc 89 8e 39 b2 f0 af 4a d2 a9 8e 22 69 1d | peer's g: 22 6b 4d 1a 40 dc 4a 28 b6 2a f1 fb e9 83 fe 1d | peer's g: 72 4d 66 48 40 dc b0 af 08 b5 1c df d3 c5 6a ec | peer's g: d0 be 94 c3 4a 9e f9 88 e2 66 a4 30 76 e6 13 91 | peer's g: 1f 44 7f fc d9 e2 07 9a 9e 28 4d 33 1a 55 e5 98 | peer's g: 61 8e 5e ef 46 5c 3e 65 63 19 4a a4 2c 08 1a 63 | Started DH shared-secret computation in NSS: | new : g_ir-key@0x7f2a4000eee0 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f2a44000d60: computed shared DH secret key@0x7f2a4000eee0 | dh-shared : g^ir-key@0x7f2a4000eee0 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f2a580039a0 (length 64) | 70 d6 aa 5c 81 5d a9 b0 1c 5f 80 0c a0 b9 20 86 | f8 1a bc 3c 1a ba 84 24 9b ab 67 e2 a2 34 4a 53 | 7f 9a 44 bf d6 07 9e 5a 97 6a 89 84 84 1d 0b 69 | 54 64 68 25 54 5f 5b f1 d9 2a 7d 82 a8 df dd 15 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6102d670 | result: Ni | Nr-key@0x7f2a40006450 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x7f2a40006450 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6102d658 | result: Ni | Nr-key@0x7f2a4000bdb0 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x7f2a40006450 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f2a58003aa0 from Ni | Nr-key@0x7f2a4000bdb0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f2a58003aa0 from Ni | Nr-key@0x7f2a4000bdb0 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x7f2a4000bdb0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f2a58000d60 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x7f2a4000eee0 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x7f2a4000eee0 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x7f2a4000eee0 | nss hmac digest hack: symkey-key@0x7f2a4000eee0 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)1627574992: 06 ffffffb4 00 ffffffd8 ffffffbb ffffffb0 ffffff93 5b ffffffc2 ffffffd4 ffffffb0 ffffff86 ffffffb8 57 ffffffe8 ffffff91 ffffff8a 51 ffffffec ffffff96 2a 75 26 58 ffffffc9 60 ffffff8b 3f ffffffd1 0b 79 10 ffffffc3 ffffffc1 73 3d 45 2c 3c ffffffe3 ffffffeb 24 ffffffcf ffffffec 04 05 ffffff99 43 ffffffd3 3a ffffff88 ffffff86 78 59 0d 17 fffffffa ffffffe6 30 ffffffd9 ffffffe6 ffffffe4 ffffffed 01 03 ffffff98 15 ffffff9e 3c ffffffb0 ffffffb1 ffffffc9 fffffffe 68 6f 2c ffffff87 ffffff84 ffffffca ffffffe0 ffffffb3 4f ffffffac 5e ffffffbc ffffffb7 ffffff96 ffffffc2 7d 6f fffffff5 46 32 fffffff7 ffffffad 62 ffffff90 fffffffb ffffffe2 2c 12 41 ffffffa4 78 48 58 ffffffae 6e 77 7b 62 66 03 ffffffa1 65 75 1b ffffffb0 ffffffa3 0b ffffff86 2b ffffffc9 ffffffda 6e ffffffb8 5c 1b 79 68 fffffff0 ffffffff ffffffac 3b 6d ffffffdf 38 4e 70 26 ffffff88 47 3a 65 ffffffc1 5c ffffff8a ffffffc4 ffffffa5 55 22 70 74 1c 09 ffffff80 3b ffffffd5 ffffffbb 1b 2 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 256 bytes at 0x7f2a580045f0 | unwrapped: ac 2c fb 33 42 84 2d d4 a8 99 d9 af c9 a3 27 dc | unwrapped: d2 c5 9b 12 ca 38 9b db d8 2b 8f 39 2e 2f ab b1 | unwrapped: 90 46 32 3a 49 45 42 8f 4c e2 0d 2e d8 75 dc 9a | unwrapped: eb b1 94 2a a0 ae da db d3 9b f1 72 74 ae f4 6f | unwrapped: c8 2d d9 e0 7e 8b 24 5c 86 87 68 38 0e 0a e0 48 | unwrapped: a6 40 9d 82 60 94 33 6c 3b 90 5d 3a 6d 4e 74 b8 | unwrapped: db 57 1c d1 95 89 e4 8e ef 16 e2 b6 04 7b ba b9 | unwrapped: 2c 31 ef 88 cd fb 97 2d 51 a7 ea 13 43 12 10 85 | unwrapped: 87 58 8c 40 0e 61 d7 06 f3 08 46 8e d3 72 89 06 | unwrapped: 9c 5f 47 4d 88 55 bc 36 0d ea 51 b6 cd 84 a8 b9 | unwrapped: c6 1a 53 2b ec a1 64 d9 99 05 7c 5c 8e 51 53 bd | unwrapped: d0 54 9c e7 22 c7 de e1 12 37 f5 8a c6 94 07 b0 | unwrapped: 1d e8 df 5e 99 48 b8 c0 70 b5 4e 66 78 58 c2 32 | unwrapped: 88 9d 09 d6 ce 92 d9 cc 24 0b 89 25 95 ec 7e 90 | unwrapped: f3 e1 db 76 d1 01 a5 8d 34 c1 57 34 d2 6c 68 5b | unwrapped: ae c5 81 8d 5f 11 e4 03 9b 4c d1 87 29 c1 bf 65 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6102d690 | result: final-key@0x7f2a40006450 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a40006450 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6102d678 | result: final-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a40006450 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x7f2a4000bdb0 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6102d600 | result: data=Ni-key@0x564e2d1c1a10 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x564e2d1c1a10 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6102d5e8 | result: data=Ni-key@0x7f2a40006450 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x564e2d1c1a10 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a40006450 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f2a6102d5f0 | result: data+=Nr-key@0x564e2d1c1a10 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f2a40006450 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d1c1a10 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f2a6102d5f0 | result: data+=SPIi-key@0x7f2a40006450 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564e2d1c1a10 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a40006450 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f2a6102d5f0 | result: data+=SPIr-key@0x564e2d1c1a10 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f2a40006450 | prf+0 PRF sha init key-key@0x7f2a4000bdb0 (size 20) | prf+0: key-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6102d518 | result: clone-key@0x7f2a40006450 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f2a58003aa0 from key-key@0x7f2a40006450 | prf+0 prf: begin sha with context 0x7f2a58003aa0 from key-key@0x7f2a40006450 | prf+0: release clone-key@0x7f2a40006450 | prf+0 PRF sha crypt-prf@0x7f2a58001ae0 | prf+0 PRF sha update seed-key@0x564e2d1c1a10 (size 80) | prf+0: seed-key@0x564e2d1c1a10 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564e2d1c1a10 | nss hmac digest hack: symkey-key@0x564e2d1c1a10 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1627574624: 7f ffffff8f ffffffe3 36 ffffffe2 fffffff7 1b ffffffc3 ffffff85 ffffffff 38 ffffffa3 0c ffffffe0 26 ffffffb2 78 11 ffffffce ffffffcd ffffff8b fffffffa ffffffc5 ffffffa8 58 ffffffea 4c fffffff8 05 ffffffff ffffff80 ffffffb8 1b ffffffbf ffffffe9 24 fffffff7 fffffffa 71 fffffff0 42 ffffffbe 4a ffffffdd 26 ffffffd1 ffffffec 11 26 ffffffc3 51 ffffffc7 fffffffd ffffff8a 25 fffffff7 ffffffe6 55 7c ffffff80 ffffffb3 ffffff90 7b ffffff86 ffffffe0 64 ffffffe9 3e 53 75 38 ffffffa2 41 4d 1b 15 ffffffbd ffffffba 77 25 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a58004a20 | unwrapped: 70 d6 aa 5c 81 5d a9 b0 1c 5f 80 0c a0 b9 20 86 | unwrapped: f8 1a bc 3c 1a ba 84 24 9b ab 67 e2 a2 34 4a 53 | unwrapped: 7f 9a 44 bf d6 07 9e 5a 97 6a 89 84 84 1d 0b 69 | unwrapped: 54 64 68 25 54 5f 5b f1 d9 2a 7d 82 a8 df dd 15 | unwrapped: 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6102d520 | result: final-key@0x564e2d1bff30 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d1bff30 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6102d508 | result: final-key@0x7f2a40006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564e2d1bff30 | prf+0 PRF sha final-key@0x7f2a40006450 (size 20) | prf+0: key-key@0x7f2a40006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x7f2a40006450 | prf+N PRF sha init key-key@0x7f2a4000bdb0 (size 20) | prf+N: key-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6102d518 | result: clone-key@0x564e2d1bff30 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a58003aa0 from key-key@0x564e2d1bff30 | prf+N prf: begin sha with context 0x7f2a58003aa0 from key-key@0x564e2d1bff30 | prf+N: release clone-key@0x564e2d1bff30 | prf+N PRF sha crypt-prf@0x7f2a580010c0 | prf+N PRF sha update old_t-key@0x7f2a40006450 (size 20) | prf+N: old_t-key@0x7f2a40006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f2a40006450 | nss hmac digest hack: symkey-key@0x7f2a40006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1627574624: 1f ffffffc4 7f 4e ffffff85 11 64 ffffff83 51 ffffffb0 fffffff7 ffffff85 fffffffc 45 ffffff92 ffffff91 47 ffffffa4 ffffff9a ffffff8e 4e 08 09 0c 01 ffffffd3 ffffffbe 27 41 ffffffb6 ffffffdd ffffffde | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a58003970 | unwrapped: 10 7f 53 14 33 a5 2a 0e 0c fd 46 b9 3a 70 20 ec | unwrapped: 0d f7 3b 6c 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564e2d1c1a10 (size 80) | prf+N: seed-key@0x564e2d1c1a10 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564e2d1c1a10 | nss hmac digest hack: symkey-key@0x564e2d1c1a10 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1627574624: 7f ffffff8f ffffffe3 36 ffffffe2 fffffff7 1b ffffffc3 ffffff85 ffffffff 38 ffffffa3 0c ffffffe0 26 ffffffb2 78 11 ffffffce ffffffcd ffffff8b fffffffa ffffffc5 ffffffa8 58 ffffffea 4c fffffff8 05 ffffffff ffffff80 ffffffb8 1b ffffffbf ffffffe9 24 fffffff7 fffffffa 71 fffffff0 42 ffffffbe 4a ffffffdd 26 ffffffd1 ffffffec 11 26 ffffffc3 51 ffffffc7 fffffffd ffffff8a 25 fffffff7 ffffffe6 55 7c ffffff80 ffffffb3 ffffff90 7b ffffff86 ffffffe0 64 ffffffe9 3e 53 75 38 ffffffa2 41 4d 1b 15 ffffffbd ffffffba 77 25 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a580049c0 | unwrapped: 70 d6 aa 5c 81 5d a9 b0 1c 5f 80 0c a0 b9 20 86 | unwrapped: f8 1a bc 3c 1a ba 84 24 9b ab 67 e2 a2 34 4a 53 | unwrapped: 7f 9a 44 bf d6 07 9e 5a 97 6a 89 84 84 1d 0b 69 | unwrapped: 54 64 68 25 54 5f 5b f1 d9 2a 7d 82 a8 df dd 15 | unwrapped: 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6102d520 | result: final-key@0x7f2a500069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a500069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6102d508 | result: final-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a500069f0 | prf+N PRF sha final-key@0x564e2d1bff30 (size 20) | prf+N: key-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a40006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a6102d598 | result: result-key@0x7f2a500069f0 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a40006450 | prfplus: release old_t[N]-key@0x7f2a40006450 | prf+N PRF sha init key-key@0x7f2a4000bdb0 (size 20) | prf+N: key-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6102d518 | result: clone-key@0x7f2a40006450 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a58003aa0 from key-key@0x7f2a40006450 | prf+N prf: begin sha with context 0x7f2a58003aa0 from key-key@0x7f2a40006450 | prf+N: release clone-key@0x7f2a40006450 | prf+N PRF sha crypt-prf@0x7f2a58002a80 | prf+N PRF sha update old_t-key@0x564e2d1bff30 (size 20) | prf+N: old_t-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564e2d1bff30 | nss hmac digest hack: symkey-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1627574624: 78 ffffff8a ffffffc4 56 0f ffffffd4 4a fffffff2 ffffffaa ffffffbd ffffffc1 78 1f 58 1c ffffffe0 08 ffffffc7 54 1d 4c ffffffe3 ffffff98 ffffffa4 4f 4f 4c 7d 18 6c 06 ffffffc8 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a580061e0 | unwrapped: b5 43 c2 02 af 7a 10 11 dd 4d 22 8e b0 84 a6 c4 | unwrapped: 67 4d 75 b8 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564e2d1c1a10 (size 80) | prf+N: seed-key@0x564e2d1c1a10 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564e2d1c1a10 | nss hmac digest hack: symkey-key@0x564e2d1c1a10 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1627574624: 7f ffffff8f ffffffe3 36 ffffffe2 fffffff7 1b ffffffc3 ffffff85 ffffffff 38 ffffffa3 0c ffffffe0 26 ffffffb2 78 11 ffffffce ffffffcd ffffff8b fffffffa ffffffc5 ffffffa8 58 ffffffea 4c fffffff8 05 ffffffff ffffff80 ffffffb8 1b ffffffbf ffffffe9 24 fffffff7 fffffffa 71 fffffff0 42 ffffffbe 4a ffffffdd 26 ffffffd1 ffffffec 11 26 ffffffc3 51 ffffffc7 fffffffd ffffff8a 25 fffffff7 ffffffe6 55 7c ffffff80 ffffffb3 ffffff90 7b ffffff86 ffffffe0 64 ffffffe9 3e 53 75 38 ffffffa2 41 4d 1b 15 ffffffbd ffffffba 77 25 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a58004960 | unwrapped: 70 d6 aa 5c 81 5d a9 b0 1c 5f 80 0c a0 b9 20 86 | unwrapped: f8 1a bc 3c 1a ba 84 24 9b ab 67 e2 a2 34 4a 53 | unwrapped: 7f 9a 44 bf d6 07 9e 5a 97 6a 89 84 84 1d 0b 69 | unwrapped: 54 64 68 25 54 5f 5b f1 d9 2a 7d 82 a8 df dd 15 | unwrapped: 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6102d520 | result: final-key@0x7f2a58006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a58006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6102d508 | result: final-key@0x7f2a40006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a58006900 | prf+N PRF sha final-key@0x7f2a40006450 (size 20) | prf+N: key-key@0x7f2a40006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a500069f0 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a6102d598 | result: result-key@0x7f2a58006900 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a500069f0 | prfplus: release old_t[N]-key@0x564e2d1bff30 | prf+N PRF sha init key-key@0x7f2a4000bdb0 (size 20) | prf+N: key-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6102d518 | result: clone-key@0x564e2d1bff30 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a58003aa0 from key-key@0x564e2d1bff30 | prf+N prf: begin sha with context 0x7f2a58003aa0 from key-key@0x564e2d1bff30 | prf+N: release clone-key@0x564e2d1bff30 | prf+N PRF sha crypt-prf@0x7f2a580010c0 | prf+N PRF sha update old_t-key@0x7f2a40006450 (size 20) | prf+N: old_t-key@0x7f2a40006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f2a40006450 | nss hmac digest hack: symkey-key@0x7f2a40006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1627574624: 7f 48 25 ffffffe1 66 ffffffa4 38 ffffffac ffffffb3 1e ffffffd2 7c ffffffe6 ffffffe4 7f 2c 73 18 2b ffffffb2 ffffffe4 ffffffb4 2b 03 ffffff91 01 38 ffffffe9 ffffffcd 31 05 fffffffd | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a580061b0 | unwrapped: da 34 55 47 51 2d 29 b8 44 e2 cd 9b 2c 93 9e 73 | unwrapped: 7b 81 c2 7a 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564e2d1c1a10 (size 80) | prf+N: seed-key@0x564e2d1c1a10 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564e2d1c1a10 | nss hmac digest hack: symkey-key@0x564e2d1c1a10 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1627574624: 7f ffffff8f ffffffe3 36 ffffffe2 fffffff7 1b ffffffc3 ffffff85 ffffffff 38 ffffffa3 0c ffffffe0 26 ffffffb2 78 11 ffffffce ffffffcd ffffff8b fffffffa ffffffc5 ffffffa8 58 ffffffea 4c fffffff8 05 ffffffff ffffff80 ffffffb8 1b ffffffbf ffffffe9 24 fffffff7 fffffffa 71 fffffff0 42 ffffffbe 4a ffffffdd 26 ffffffd1 ffffffec 11 26 ffffffc3 51 ffffffc7 fffffffd ffffff8a 25 fffffff7 ffffffe6 55 7c ffffff80 ffffffb3 ffffff90 7b ffffff86 ffffffe0 64 ffffffe9 3e 53 75 38 ffffffa2 41 4d 1b 15 ffffffbd ffffffba 77 25 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a58004900 | unwrapped: 70 d6 aa 5c 81 5d a9 b0 1c 5f 80 0c a0 b9 20 86 | unwrapped: f8 1a bc 3c 1a ba 84 24 9b ab 67 e2 a2 34 4a 53 | unwrapped: 7f 9a 44 bf d6 07 9e 5a 97 6a 89 84 84 1d 0b 69 | unwrapped: 54 64 68 25 54 5f 5b f1 d9 2a 7d 82 a8 df dd 15 | unwrapped: 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6102d520 | result: final-key@0x7f2a500069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a500069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6102d508 | result: final-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a500069f0 | prf+N PRF sha final-key@0x564e2d1bff30 (size 20) | prf+N: key-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a58006900 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a6102d598 | result: result-key@0x7f2a500069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a58006900 | prfplus: release old_t[N]-key@0x7f2a40006450 | prf+N PRF sha init key-key@0x7f2a4000bdb0 (size 20) | prf+N: key-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6102d518 | result: clone-key@0x7f2a40006450 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a58003aa0 from key-key@0x7f2a40006450 | prf+N prf: begin sha with context 0x7f2a58003aa0 from key-key@0x7f2a40006450 | prf+N: release clone-key@0x7f2a40006450 | prf+N PRF sha crypt-prf@0x7f2a58002a80 | prf+N PRF sha update old_t-key@0x564e2d1bff30 (size 20) | prf+N: old_t-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564e2d1bff30 | nss hmac digest hack: symkey-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1627574624: ffffffae ffffffd0 63 ffffffe7 ffffffae fffffff6 06 ffffffc5 ffffff81 ffffff9a ffffff92 ffffffd5 36 ffffffb6 51 ffffffb1 ffffff9e 59 ffffffcf 6c 30 19 7a 73 47 ffffffac ffffffa9 12 7f 4d 52 14 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a58006480 | unwrapped: fb 2d 9c 60 42 91 19 14 24 c7 31 1d af c9 8b 18 | unwrapped: f5 40 f0 74 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564e2d1c1a10 (size 80) | prf+N: seed-key@0x564e2d1c1a10 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564e2d1c1a10 | nss hmac digest hack: symkey-key@0x564e2d1c1a10 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1627574624: 7f ffffff8f ffffffe3 36 ffffffe2 fffffff7 1b ffffffc3 ffffff85 ffffffff 38 ffffffa3 0c ffffffe0 26 ffffffb2 78 11 ffffffce ffffffcd ffffff8b fffffffa ffffffc5 ffffffa8 58 ffffffea 4c fffffff8 05 ffffffff ffffff80 ffffffb8 1b ffffffbf ffffffe9 24 fffffff7 fffffffa 71 fffffff0 42 ffffffbe 4a ffffffdd 26 ffffffd1 ffffffec 11 26 ffffffc3 51 ffffffc7 fffffffd ffffff8a 25 fffffff7 ffffffe6 55 7c ffffff80 ffffffb3 ffffff90 7b ffffff86 ffffffe0 64 ffffffe9 3e 53 75 38 ffffffa2 41 4d 1b 15 ffffffbd ffffffba 77 25 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a58006330 | unwrapped: 70 d6 aa 5c 81 5d a9 b0 1c 5f 80 0c a0 b9 20 86 | unwrapped: f8 1a bc 3c 1a ba 84 24 9b ab 67 e2 a2 34 4a 53 | unwrapped: 7f 9a 44 bf d6 07 9e 5a 97 6a 89 84 84 1d 0b 69 | unwrapped: 54 64 68 25 54 5f 5b f1 d9 2a 7d 82 a8 df dd 15 | unwrapped: 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6102d520 | result: final-key@0x7f2a58006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a58006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6102d508 | result: final-key@0x7f2a40006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a58006900 | prf+N PRF sha final-key@0x7f2a40006450 (size 20) | prf+N: key-key@0x7f2a40006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a500069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a6102d598 | result: result-key@0x7f2a58006900 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a500069f0 | prfplus: release old_t[N]-key@0x564e2d1bff30 | prf+N PRF sha init key-key@0x7f2a4000bdb0 (size 20) | prf+N: key-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6102d518 | result: clone-key@0x564e2d1bff30 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a58004700 from key-key@0x564e2d1bff30 | prf+N prf: begin sha with context 0x7f2a58004700 from key-key@0x564e2d1bff30 | prf+N: release clone-key@0x564e2d1bff30 | prf+N PRF sha crypt-prf@0x7f2a580010c0 | prf+N PRF sha update old_t-key@0x7f2a40006450 (size 20) | prf+N: old_t-key@0x7f2a40006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f2a40006450 | nss hmac digest hack: symkey-key@0x7f2a40006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1627574624: 38 4f fffffffe ffffffc9 ffffffa6 ffffffeb ffffff9c 60 27 ffffff9b 40 ffffffdf ffffff88 ffffffc1 ffffffab 25 76 ffffffb4 ffffff83 ffffffab ffffffb5 ffffffbb 24 42 4c 43 5d 4a ffffffce ffffffba 2b ffffffc0 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a58006880 | unwrapped: 6d 42 e2 bb 51 9d ef 20 2e 0b 1c 33 47 b7 44 9a | unwrapped: 4b c1 28 0c 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564e2d1c1a10 (size 80) | prf+N: seed-key@0x564e2d1c1a10 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564e2d1c1a10 | nss hmac digest hack: symkey-key@0x564e2d1c1a10 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1627574624: 7f ffffff8f ffffffe3 36 ffffffe2 fffffff7 1b ffffffc3 ffffff85 ffffffff 38 ffffffa3 0c ffffffe0 26 ffffffb2 78 11 ffffffce ffffffcd ffffff8b fffffffa ffffffc5 ffffffa8 58 ffffffea 4c fffffff8 05 ffffffff ffffff80 ffffffb8 1b ffffffbf ffffffe9 24 fffffff7 fffffffa 71 fffffff0 42 ffffffbe 4a ffffffdd 26 ffffffd1 ffffffec 11 26 ffffffc3 51 ffffffc7 fffffffd ffffff8a 25 fffffff7 ffffffe6 55 7c ffffff80 ffffffb3 ffffff90 7b ffffff86 ffffffe0 64 ffffffe9 3e 53 75 38 ffffffa2 41 4d 1b 15 ffffffbd ffffffba 77 25 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a580049c0 | unwrapped: 70 d6 aa 5c 81 5d a9 b0 1c 5f 80 0c a0 b9 20 86 | unwrapped: f8 1a bc 3c 1a ba 84 24 9b ab 67 e2 a2 34 4a 53 | unwrapped: 7f 9a 44 bf d6 07 9e 5a 97 6a 89 84 84 1d 0b 69 | unwrapped: 54 64 68 25 54 5f 5b f1 d9 2a 7d 82 a8 df dd 15 | unwrapped: 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6102d520 | result: final-key@0x7f2a500069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a500069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6102d508 | result: final-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a500069f0 | prf+N PRF sha final-key@0x564e2d1bff30 (size 20) | prf+N: key-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a58006900 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a6102d598 | result: result-key@0x7f2a500069f0 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a58006900 | prfplus: release old_t[N]-key@0x7f2a40006450 | prf+N PRF sha init key-key@0x7f2a4000bdb0 (size 20) | prf+N: key-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6102d518 | result: clone-key@0x7f2a40006450 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a58003aa0 from key-key@0x7f2a40006450 | prf+N prf: begin sha with context 0x7f2a58003aa0 from key-key@0x7f2a40006450 | prf+N: release clone-key@0x7f2a40006450 | prf+N PRF sha crypt-prf@0x7f2a58002a80 | prf+N PRF sha update old_t-key@0x564e2d1bff30 (size 20) | prf+N: old_t-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564e2d1bff30 | nss hmac digest hack: symkey-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1627574624: 24 ffffff97 51 ffffff90 50 fffffffa ffffffc9 ffffffdc 10 ffffff94 6a 38 1b 08 43 7d ffffffd2 71 61 14 51 fffffff0 2b fffffff8 ffffffa0 70 ffffffb4 58 ffffff9c 53 ffffffea 30 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a58006530 | unwrapped: 95 5d 1f f8 32 33 25 fb e0 19 20 71 c0 c7 44 1a | unwrapped: 76 9f 79 f3 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564e2d1c1a10 (size 80) | prf+N: seed-key@0x564e2d1c1a10 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564e2d1c1a10 | nss hmac digest hack: symkey-key@0x564e2d1c1a10 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1627574624: 7f ffffff8f ffffffe3 36 ffffffe2 fffffff7 1b ffffffc3 ffffff85 ffffffff 38 ffffffa3 0c ffffffe0 26 ffffffb2 78 11 ffffffce ffffffcd ffffff8b fffffffa ffffffc5 ffffffa8 58 ffffffea 4c fffffff8 05 ffffffff ffffff80 ffffffb8 1b ffffffbf ffffffe9 24 fffffff7 fffffffa 71 fffffff0 42 ffffffbe 4a ffffffdd 26 ffffffd1 ffffffec 11 26 ffffffc3 51 ffffffc7 fffffffd ffffff8a 25 fffffff7 ffffffe6 55 7c ffffff80 ffffffb3 ffffff90 7b ffffff86 ffffffe0 64 ffffffe9 3e 53 75 38 ffffffa2 41 4d 1b 15 ffffffbd ffffffba 77 25 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a58006330 | unwrapped: 70 d6 aa 5c 81 5d a9 b0 1c 5f 80 0c a0 b9 20 86 | unwrapped: f8 1a bc 3c 1a ba 84 24 9b ab 67 e2 a2 34 4a 53 | unwrapped: 7f 9a 44 bf d6 07 9e 5a 97 6a 89 84 84 1d 0b 69 | unwrapped: 54 64 68 25 54 5f 5b f1 d9 2a 7d 82 a8 df dd 15 | unwrapped: 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6102d520 | result: final-key@0x7f2a58006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a58006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6102d508 | result: final-key@0x7f2a40006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a58006900 | prf+N PRF sha final-key@0x7f2a40006450 (size 20) | prf+N: key-key@0x7f2a40006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a500069f0 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a6102d598 | result: result-key@0x7f2a58006900 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a500069f0 | prfplus: release old_t[N]-key@0x564e2d1bff30 | prfplus: release old_t[final]-key@0x7f2a40006450 | ike_sa_keymat: release data-key@0x564e2d1c1a10 | calc_skeyseed_v2: release skeyseed_k-key@0x7f2a4000bdb0 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a58006900 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6102d738 | result: result-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a58006900 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6102d738 | result: result-key@0x564e2d1c1a10 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a58006900 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6102d738 | result: result-key@0x7f2a40006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f2a58006900 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6102d748 | result: SK_ei_k-key@0x564e2d1bff30 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f2a58006900 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6102d748 | result: SK_er_k-key@0x7f2a500069f0 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a58006900 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6102d748 | result: result-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x564e2d1a8430 | chunk_SK_pi: symkey-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1717968949: 05 33 ffffff91 49 36 76 ffffffa6 10 79 ffffffd4 ffffffeb 65 1c 0b 07 29 69 55 ffffffbc ffffff87 5e ffffffc4 ffffffbe 04 62 0e 43 33 3c 4f 1d 43 | chunk_SK_pi: release slot-key-key@0x564e2d1a1c00 | chunk_SK_pi extracted len 32 bytes at 0x7f2a58006880 | unwrapped: 47 b7 44 9a 4b c1 28 0c 95 5d 1f f8 32 33 25 fb | unwrapped: e0 19 20 71 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a58006900 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6102d748 | result: result-key@0x7f2a5000eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x7f2a5000eec0 | chunk_SK_pr: symkey-key@0x7f2a5000eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1717968949: ffffff93 0d 03 ffffffd7 01 5d 3f ffffffe6 00 62 ffffffd1 ffffffd8 ffffffca 38 3e ffffffb7 ffffffb5 32 fffffff0 6b fffffffd fffffff6 0a ffffffdc ffffff9a 40 ffffffcb ffffffe1 20 ffffffb4 ffffffa6 ffffffb4 | chunk_SK_pr: release slot-key-key@0x564e2d1a1c00 | chunk_SK_pr extracted len 32 bytes at 0x7f2a58006480 | unwrapped: c0 c7 44 1a 76 9f 79 f3 96 09 b9 a8 26 9a 83 f2 | unwrapped: de 0a 89 4c 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x7f2a58006900 | calc_skeyseed_v2 pointers: shared-key@0x7f2a4000eee0, SK_d-key@0x7f2a4000bdb0, SK_ai-key@0x564e2d1c1a10, SK_ar-key@0x7f2a40006450, SK_ei-key@0x564e2d1bff30, SK_er-key@0x7f2a500069f0, SK_pi-key@0x564e2d1a8430, SK_pr-key@0x7f2a5000eec0 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | 47 b7 44 9a 4b c1 28 0c 95 5d 1f f8 32 33 25 fb | e0 19 20 71 | calc_skeyseed_v2 SK_pr | c0 c7 44 1a 76 9f 79 f3 96 09 b9 a8 26 9a 83 f2 | de 0a 89 4c | crypto helper 1 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 8 time elapsed 0.003059 seconds | (#9) spent 3.04 milliseconds in crypto helper computing work-order 8: ikev2_inI2outR2 KE (pcr) | crypto helper 1 sending results from work-order 8 for state #9 to event queue | scheduling resume sending helper answer for #9 | libevent_malloc: new ptr-libevent@0x7f2a58006720 size 128 | crypto helper 1 waiting (nothing to do) | processing resume sending helper answer for #9 | start processing: state #9 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 8 | calling continuation function 0x564e2b454630 | ikev2_parent_inI2outR2_continue for #9: calculating g^{xy}, sending R2 | DH secret MODP2048@0x7f2a44000d60: transferring ownership from helper IKEv2 DH to state #9 | finish_dh_v2: release st_shared_nss-key@NULL | #9 in state PARENT_R1: received v2I1, sent v2R1 | hmac PRF sha init symkey-key@0x564e2d1c1a10 (size 20) | hmac: symkey-key@0x564e2d1c1a10 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1c1a10 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d766178 | result: clone-key@0x7f2a58006900 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x7f2a58006900 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x7f2a58006900 | hmac: release clone-key@0x7f2a58006900 | hmac PRF sha crypt-prf@0x564e2d1be510 | hmac PRF sha update data-bytes@0x564e2d1b9eb0 (length 208) | 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 95 e3 1d 4b 67 99 21 60 7f a5 f4 7d 04 60 e3 50 | fa c1 40 85 e4 25 f2 15 91 31 0b 26 e4 e5 5d 45 | 32 13 01 68 b2 b2 ce 9d 27 33 a3 6f cb ee 9d 60 | 73 c9 7c 71 03 f7 d1 4a 6f 67 5b a7 ee 9e 22 6a | be f1 58 8b d4 29 81 86 fa 14 63 c2 a0 48 90 91 | bf dc 75 6d 3b 4c 83 80 63 c4 51 29 02 b1 55 1a | 5f aa 34 dd bf d9 d5 37 2f ef fd e8 80 4f a7 00 | 4c 8d c2 6f 36 40 80 0b e5 50 56 c1 ee 05 49 25 | 2e b5 05 2b 33 81 38 eb 05 2a 80 bf eb c3 1f b9 | be 3c 22 50 43 a6 ed 07 37 f0 57 48 1f 0d 22 68 | 09 92 b7 58 6a 75 34 4a 8f 9d 65 a9 8b 25 03 4c | hmac PRF sha final-bytes@0x7fff8d766340 (length 20) | d0 7c cf 80 4f 86 8d c9 19 ae 6d ff ad 9d 8a 64 | 08 a7 14 1f | data for hmac: 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | data for hmac: 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | data for hmac: 95 e3 1d 4b 67 99 21 60 7f a5 f4 7d 04 60 e3 50 | data for hmac: fa c1 40 85 e4 25 f2 15 91 31 0b 26 e4 e5 5d 45 | data for hmac: 32 13 01 68 b2 b2 ce 9d 27 33 a3 6f cb ee 9d 60 | data for hmac: 73 c9 7c 71 03 f7 d1 4a 6f 67 5b a7 ee 9e 22 6a | data for hmac: be f1 58 8b d4 29 81 86 fa 14 63 c2 a0 48 90 91 | data for hmac: bf dc 75 6d 3b 4c 83 80 63 c4 51 29 02 b1 55 1a | data for hmac: 5f aa 34 dd bf d9 d5 37 2f ef fd e8 80 4f a7 00 | data for hmac: 4c 8d c2 6f 36 40 80 0b e5 50 56 c1 ee 05 49 25 | data for hmac: 2e b5 05 2b 33 81 38 eb 05 2a 80 bf eb c3 1f b9 | data for hmac: be 3c 22 50 43 a6 ed 07 37 f0 57 48 1f 0d 22 68 | data for hmac: 09 92 b7 58 6a 75 34 4a 8f 9d 65 a9 8b 25 03 4c | calculated auth: d0 7c cf 80 4f 86 8d c9 19 ae 6d ff | provided auth: d0 7c cf 80 4f 86 8d c9 19 ae 6d ff | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 95 e3 1d 4b 67 99 21 60 7f a5 f4 7d 04 60 e3 50 | payload before decryption: | fa c1 40 85 e4 25 f2 15 91 31 0b 26 e4 e5 5d 45 | 32 13 01 68 b2 b2 ce 9d 27 33 a3 6f cb ee 9d 60 | 73 c9 7c 71 03 f7 d1 4a 6f 67 5b a7 ee 9e 22 6a | be f1 58 8b d4 29 81 86 fa 14 63 c2 a0 48 90 91 | bf dc 75 6d 3b 4c 83 80 63 c4 51 29 02 b1 55 1a | 5f aa 34 dd bf d9 d5 37 2f ef fd e8 80 4f a7 00 | 4c 8d c2 6f 36 40 80 0b e5 50 56 c1 ee 05 49 25 | 2e b5 05 2b 33 81 38 eb 05 2a 80 bf eb c3 1f b9 | be 3c 22 50 43 a6 ed 07 37 f0 57 48 1f 0d 22 68 | 09 92 b7 58 6a 75 34 4a 8f 9d 65 a9 8b 25 03 4c | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | ee a4 6f 8b 71 ea 67 cb eb ac 40 bd d7 ed b8 aa | 07 7e 2e 97 2c 00 00 30 00 00 00 2c 01 03 04 03 | 3a a7 0a 7e 03 00 00 10 01 00 00 0c 80 0e 00 80 | 80 0e 00 80 03 00 00 08 03 00 00 02 00 00 00 08 | 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 01 00 c0 00 01 ff 00 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 | c0 00 02 ff 00 01 02 03 04 05 06 07 08 09 0a 0b | stripping 12 octets as pad | #9 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) | **parse IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDi (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Responder: process IKE_AUTH request | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request "east" #9: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} | #9 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | received IDr payload - extracting our alleged ID | refine_host_connection for IKEv2: starting with "east" | match_id a=@west | b=@west | results matched | refine_host_connection: checking "east" against "east", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) | Warning: not switching back to template of current instance | Peer expects us to be @east (ID_FQDN) according to its IDr payload | This connection's local id is @east (ID_FQDN) | refine_host_connection: checked east against east, now for see if best | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x564e2d1ae180 (line=1) | concluding with best_match=014 best=0x564e2d1ae180 (lineno=1) | returning because exact peer id match | offered CA: '%none' "east" #9: IKEv2 mode peer ID is ID_FQDN: '@west' | hmac PRF sha init symkey-key@0x564e2d1a8430 (size 20) | hmac: symkey-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765be8 | result: clone-key@0x7f2a58006900 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x7f2a58006900 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x7f2a58006900 | hmac: release clone-key@0x7f2a58006900 | hmac PRF sha crypt-prf@0x564e2d1bb660 | idhash verify I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x564e2d1b9ee4 (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7fff8d765da0 (length 20) | 34 b4 42 d6 e4 4b 40 1c 06 d7 6e 4f 2c b2 b0 57 | 77 e6 30 59 | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x564e2d1ae180 (line=1) | concluding with best_match=014 best=0x564e2d1ae180 (lineno=1) | inputs to hash1 (first packet) | 65 12 22 b9 cd 6a 2c 4d 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 e2 16 37 a1 9c 50 93 9a f8 35 38 f0 | 8a 8e b5 e6 e2 f5 2f 76 0a 60 7d 7c 7d db 09 c0 | 62 dd fe a0 c0 75 84 ba 05 1d eb 95 5b 65 9c e8 | 4e 0d b3 e0 32 60 ba 14 23 9a 7a 54 26 fc 1b 9d | f7 7a b5 0c d9 47 6a 65 64 18 9d 9f 37 3f 0a 52 | 51 33 3d 69 b2 32 46 f8 cf bd 89 b9 e8 cd 9b 5c | 49 7e d3 8a d7 b8 24 63 30 1b 59 ef 54 d5 75 2e | 75 cd b9 c5 2a 80 75 15 06 9f 61 5c 7b 93 e7 47 | 34 19 f2 4d b8 23 a8 f0 44 ad b5 21 af 27 22 f1 | 27 49 f2 a4 e6 0b 26 b7 1b e6 41 95 31 e0 f9 3e | 23 f4 6c 0d 4b 00 dc 89 8e 39 b2 f0 af 4a d2 a9 | 8e 22 69 1d 22 6b 4d 1a 40 dc 4a 28 b6 2a f1 fb | e9 83 fe 1d 72 4d 66 48 40 dc b0 af 08 b5 1c df | d3 c5 6a ec d0 be 94 c3 4a 9e f9 88 e2 66 a4 30 | 76 e6 13 91 1f 44 7f fc d9 e2 07 9a 9e 28 4d 33 | 1a 55 e5 98 61 8e 5e ef 46 5c 3e 65 63 19 4a a4 | 2c 08 1a 63 29 00 00 24 70 d6 aa 5c 81 5d a9 b0 | 1c 5f 80 0c a0 b9 20 86 f8 1a bc 3c 1a ba 84 24 | 9b ab 67 e2 a2 34 4a 53 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 d7 cb cb 44 18 a8 1f c2 | ac fd c9 a4 8e e2 8f 12 f8 98 c5 12 00 00 00 1c | 00 00 40 05 c9 6c 1b 03 7e 87 74 e7 f7 96 19 2c | ee 9d 7b 99 79 54 58 be | verify: initiator inputs to hash2 (responder nonce) | 7f 9a 44 bf d6 07 9e 5a 97 6a 89 84 84 1d 0b 69 | 54 64 68 25 54 5f 5b f1 d9 2a 7d 82 a8 df dd 15 | idhash 34 b4 42 d6 e4 4b 40 1c 06 d7 6e 4f 2c b2 b0 57 | idhash 77 e6 30 59 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x564e2d1b8960 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d7659f0 | result: shared secret-key@0x7f2a4c006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7f2a4c006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7659d8 | result: shared secret-key@0x7f2a58006900 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7f2a4c006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x564e2d1a1160 from shared secret-key@0x7f2a58006900 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x564e2d1a1160 from shared secret-key@0x7f2a58006900 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f2a58006900 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x564e2d1be510 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x564e2b4e7bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765a10 | result: final-key@0x7f2a4c006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a4c006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7659f8 | result: final-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a4c006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f2a58006900 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f2a58006900 (size 20) | = prf(, ): -key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765a08 | result: clone-key@0x7f2a4c006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x564e2d1a1160 from -key@0x7f2a4c006900 | = prf(, ) prf: begin sha with context 0x564e2d1a1160 from -key@0x7f2a4c006900 | = prf(, ): release clone-key@0x7f2a4c006900 | = prf(, ) PRF sha crypt-prf@0x564e2d1c19f0 | = prf(, ) PRF sha update first-packet-bytes@0x564e2d1bdf40 (length 440) | 65 12 22 b9 cd 6a 2c 4d 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 e2 16 37 a1 9c 50 93 9a f8 35 38 f0 | 8a 8e b5 e6 e2 f5 2f 76 0a 60 7d 7c 7d db 09 c0 | 62 dd fe a0 c0 75 84 ba 05 1d eb 95 5b 65 9c e8 | 4e 0d b3 e0 32 60 ba 14 23 9a 7a 54 26 fc 1b 9d | f7 7a b5 0c d9 47 6a 65 64 18 9d 9f 37 3f 0a 52 | 51 33 3d 69 b2 32 46 f8 cf bd 89 b9 e8 cd 9b 5c | 49 7e d3 8a d7 b8 24 63 30 1b 59 ef 54 d5 75 2e | 75 cd b9 c5 2a 80 75 15 06 9f 61 5c 7b 93 e7 47 | 34 19 f2 4d b8 23 a8 f0 44 ad b5 21 af 27 22 f1 | 27 49 f2 a4 e6 0b 26 b7 1b e6 41 95 31 e0 f9 3e | 23 f4 6c 0d 4b 00 dc 89 8e 39 b2 f0 af 4a d2 a9 | 8e 22 69 1d 22 6b 4d 1a 40 dc 4a 28 b6 2a f1 fb | e9 83 fe 1d 72 4d 66 48 40 dc b0 af 08 b5 1c df | d3 c5 6a ec d0 be 94 c3 4a 9e f9 88 e2 66 a4 30 | 76 e6 13 91 1f 44 7f fc d9 e2 07 9a 9e 28 4d 33 | 1a 55 e5 98 61 8e 5e ef 46 5c 3e 65 63 19 4a a4 | 2c 08 1a 63 29 00 00 24 70 d6 aa 5c 81 5d a9 b0 | 1c 5f 80 0c a0 b9 20 86 f8 1a bc 3c 1a ba 84 24 | 9b ab 67 e2 a2 34 4a 53 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 d7 cb cb 44 18 a8 1f c2 | ac fd c9 a4 8e e2 8f 12 f8 98 c5 12 00 00 00 1c | 00 00 40 05 c9 6c 1b 03 7e 87 74 e7 f7 96 19 2c | ee 9d 7b 99 79 54 58 be | = prf(, ) PRF sha update nonce-bytes@0x7f2a44002af0 (length 32) | 7f 9a 44 bf d6 07 9e 5a 97 6a 89 84 84 1d 0b 69 | 54 64 68 25 54 5f 5b f1 d9 2a 7d 82 a8 df dd 15 | = prf(, ) PRF sha update hash-bytes@0x7fff8d765da0 (length 20) | 34 b4 42 d6 e4 4b 40 1c 06 d7 6e 4f 2c b2 b0 57 | 77 e6 30 59 | = prf(, ) PRF sha final-chunk@0x564e2d1bb660 (length 20) | ee a4 6f 8b 71 ea 67 cb eb ac 40 bd d7 ed b8 aa | 07 7e 2e 97 | psk_auth: release prf-psk-key@0x7f2a58006900 | Received PSK auth octets | ee a4 6f 8b 71 ea 67 cb eb ac 40 bd d7 ed b8 aa | 07 7e 2e 97 | Calculated PSK auth octets | ee a4 6f 8b 71 ea 67 cb eb ac 40 bd d7 ed b8 aa | 07 7e 2e 97 "east" #9: Authenticated using authby=secret | parent state #9: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) | #9 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) | state #9 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f2a480060f0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f2a44002b20 | event_schedule: new EVENT_SA_REKEY-pe@0x7f2a44002b20 | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #9 | libevent_malloc: new ptr-libevent@0x7f2a480060f0 size 128 | pstats #9 ikev2.ike established | **emit ISAKMP Message: | initiator cookie: | 65 12 22 b9 cd 6a 2c 4d | responder cookie: | f2 c8 2c 02 54 24 8b 03 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | hmac PRF sha init symkey-key@0x7f2a5000eec0 (size 20) | hmac: symkey-key@0x7f2a5000eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a5000eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765558 | result: clone-key@0x7f2a58006900 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x7f2a58006900 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x7f2a58006900 | hmac: release clone-key@0x7f2a58006900 | hmac PRF sha crypt-prf@0x564e2d1c3390 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload | my identity 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | idhash calc R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x564e2b553974 (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7fff8d765860 (length 20) | c8 bc 37 bf ab a0 9a b8 53 0c 59 79 29 77 82 a9 | 62 4b 97 ed | assembled IDr payload | CHILD SA proposals received | going to assemble AUTH payload | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x564e2d1ae180 (line=1) | concluding with best_match=014 best=0x564e2d1ae180 (lineno=1) | inputs to hash1 (first packet) | 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 f5 5b 6c 89 fc 3a 2b 29 4f b3 64 aa | 61 48 91 ef 69 2d 57 cc f2 19 d1 2d 8a cd c7 16 | e0 26 a9 03 22 b3 f5 c6 5e 9d 56 d6 d0 a4 27 55 | 50 d8 96 45 f1 42 d5 fe 10 a1 cd 5d 81 ee ad 80 | 01 90 47 68 1d 8a aa af 80 f8 c3 31 0b 8b 0a 0a | cf 47 78 45 b3 20 f5 d1 42 1e ff d1 a1 08 7b 49 | fa 0d bf 35 a4 fb 30 be 41 bf d0 d5 0f 7d 9c d4 | 6d c3 59 ff 6d f6 b7 bb 7e 47 7e 0c ff 60 67 60 | 2a 09 01 21 df 41 76 e9 13 83 31 82 ae 8c ad 20 | 13 3d aa 18 1b fd 9a ce f0 f9 3c 36 8e 3a 25 38 | aa da 30 9f ce 49 b9 1c 11 52 6c f8 b8 15 35 f0 | 9f 71 4b 0c 7b 06 68 cf 83 a8 81 47 90 82 2f 38 | 20 fe 49 66 7c 40 f3 55 66 aa 9d a2 4d 9f 80 dc | 9e 06 5b a0 01 66 64 d5 b3 1b 5d 43 60 49 73 1d | 0a 5b 36 89 70 4b 68 49 72 9d 13 78 d9 d7 8f 12 | 49 f5 e1 fd 8a 9e 17 fc 4b 5f e7 37 36 db f6 7a | 1f e6 b0 83 29 00 00 24 7f 9a 44 bf d6 07 9e 5a | 97 6a 89 84 84 1d 0b 69 54 64 68 25 54 5f 5b f1 | d9 2a 7d 82 a8 df dd 15 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 f3 a7 da b5 2f 0e 0e 77 | 89 b4 bc 13 75 b4 7e 6d bc 95 bc 1e 00 00 00 1c | 00 00 40 05 28 f3 3a e4 a7 27 99 d1 02 6a 6e a0 | f3 4c 7a a0 1d c5 98 7f | create: responder inputs to hash2 (initiator nonce) | 70 d6 aa 5c 81 5d a9 b0 1c 5f 80 0c a0 b9 20 86 | f8 1a bc 3c 1a ba 84 24 9b ab 67 e2 a2 34 4a 53 | idhash c8 bc 37 bf ab a0 9a b8 53 0c 59 79 29 77 82 a9 | idhash 62 4b 97 ed | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x564e2d1b8960 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765350 | result: shared secret-key@0x7f2a4c006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7f2a4c006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765338 | result: shared secret-key@0x7f2a58006900 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7f2a4c006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x564e2d1a1160 from shared secret-key@0x7f2a58006900 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x564e2d1a1160 from shared secret-key@0x7f2a58006900 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f2a58006900 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x564e2d1bb660 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x564e2b4e7bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765370 | result: final-key@0x7f2a4c006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a4c006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765358 | result: final-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a4c006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f2a58006900 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f2a58006900 (size 20) | = prf(, ): -key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765368 | result: clone-key@0x7f2a4c006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x564e2d1a1160 from -key@0x7f2a4c006900 | = prf(, ) prf: begin sha with context 0x564e2d1a1160 from -key@0x7f2a4c006900 | = prf(, ): release clone-key@0x7f2a4c006900 | = prf(, ) PRF sha crypt-prf@0x564e2d1be510 | = prf(, ) PRF sha update first-packet-bytes@0x564e2d1c66d0 (length 440) | 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 f5 5b 6c 89 fc 3a 2b 29 4f b3 64 aa | 61 48 91 ef 69 2d 57 cc f2 19 d1 2d 8a cd c7 16 | e0 26 a9 03 22 b3 f5 c6 5e 9d 56 d6 d0 a4 27 55 | 50 d8 96 45 f1 42 d5 fe 10 a1 cd 5d 81 ee ad 80 | 01 90 47 68 1d 8a aa af 80 f8 c3 31 0b 8b 0a 0a | cf 47 78 45 b3 20 f5 d1 42 1e ff d1 a1 08 7b 49 | fa 0d bf 35 a4 fb 30 be 41 bf d0 d5 0f 7d 9c d4 | 6d c3 59 ff 6d f6 b7 bb 7e 47 7e 0c ff 60 67 60 | 2a 09 01 21 df 41 76 e9 13 83 31 82 ae 8c ad 20 | 13 3d aa 18 1b fd 9a ce f0 f9 3c 36 8e 3a 25 38 | aa da 30 9f ce 49 b9 1c 11 52 6c f8 b8 15 35 f0 | 9f 71 4b 0c 7b 06 68 cf 83 a8 81 47 90 82 2f 38 | 20 fe 49 66 7c 40 f3 55 66 aa 9d a2 4d 9f 80 dc | 9e 06 5b a0 01 66 64 d5 b3 1b 5d 43 60 49 73 1d | 0a 5b 36 89 70 4b 68 49 72 9d 13 78 d9 d7 8f 12 | 49 f5 e1 fd 8a 9e 17 fc 4b 5f e7 37 36 db f6 7a | 1f e6 b0 83 29 00 00 24 7f 9a 44 bf d6 07 9e 5a | 97 6a 89 84 84 1d 0b 69 54 64 68 25 54 5f 5b f1 | d9 2a 7d 82 a8 df dd 15 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 f3 a7 da b5 2f 0e 0e 77 | 89 b4 bc 13 75 b4 7e 6d bc 95 bc 1e 00 00 00 1c | 00 00 40 05 28 f3 3a e4 a7 27 99 d1 02 6a 6e a0 | f3 4c 7a a0 1d c5 98 7f | = prf(, ) PRF sha update nonce-bytes@0x7f2a4c002af0 (length 32) | 70 d6 aa 5c 81 5d a9 b0 1c 5f 80 0c a0 b9 20 86 | f8 1a bc 3c 1a ba 84 24 9b ab 67 e2 a2 34 4a 53 | = prf(, ) PRF sha update hash-bytes@0x7fff8d765860 (length 20) | c8 bc 37 bf ab a0 9a b8 53 0c 59 79 29 77 82 a9 | 62 4b 97 ed | = prf(, ) PRF sha final-chunk@0x564e2d1c3390 (length 20) | a8 2c fb 5e ca e0 f4 f2 7c 72 fc 4d 84 7d a2 d1 | 53 3c d1 a9 | psk_auth: release prf-psk-key@0x7f2a58006900 | PSK auth octets a8 2c fb 5e ca e0 f4 f2 7c 72 fc 4d 84 7d a2 d1 | PSK auth octets 53 3c d1 a9 | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth a8 2c fb 5e ca e0 f4 f2 7c 72 fc 4d 84 7d a2 d1 | PSK auth 53 3c d1 a9 | emitting length of IKEv2 Authentication Payload: 28 | creating state object #10 at 0x564e2d1cbdd0 | State DB: adding IKEv2 state #10 in UNDEFINED | pstats #10 ikev2.child started | duplicating state object #9 "east" as #10 for IPSEC SA | #10 setting local endpoint to 192.1.2.23:500 from #9.st_localport (in duplicate_state() at state.c:1481) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x7f2a4000bdb0 | duplicate_state: reference st_skey_ai_nss-key@0x564e2d1c1a10 | duplicate_state: reference st_skey_ar_nss-key@0x7f2a40006450 | duplicate_state: reference st_skey_ei_nss-key@0x564e2d1bff30 | duplicate_state: reference st_skey_er_nss-key@0x7f2a500069f0 | duplicate_state: reference st_skey_pi_nss-key@0x564e2d1a8430 | duplicate_state: reference st_skey_pr_nss-key@0x7f2a5000eec0 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #9.#10; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #9 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 | Message ID: switch-to #9.#10 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 | Child SA TS Request has ike->sa == md->st; so using parent connection | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | looking for best SPD in current connection | evaluating our conn="east" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found better spd route for TSi[0],TSr[0] | looking for better host pair | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | checking hostpair 192.0.2.0/24:0 -> 192.0.1.0/24:0 is found | investigating connection "east" as a better match | match_id a=@west | b=@west | results matched | evaluating our conn="east" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | did not find a better connection using host pair | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | using existing local ESP/AH proposals for east (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED 2:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 0 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 1 transforms | local proposal 2 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI 3a a7 0a 7e | Comparing remote proposal 1 containing 3 transforms against local proposal [1..2] of 2 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 16 (0x10) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | *****parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | *****parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 1 "east" #9: proposal 1:ESP:SPI=3aa70a7e;ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=3aa70a7e;ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | netlink_get_spi: allocated 0x9c5d9841 for esp.0@192.1.2.23 | Emitting ikev2_proposal ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 9c 5d 98 41 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 01 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 02 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | integ=sha: .key_size=20 encrypt=aes: .key_size=16 .salt_size=0 keymat_len=36 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d7653e0 | result: data=Ni-key@0x7f2a4c006900 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x7f2a4c006900 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7653c8 | result: data=Ni-key@0x7f2a58006900 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x7f2a4c006900 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a58006900 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff8d7653d0 | result: data+=Nr-key@0x7f2a4c006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f2a58006900 | prf+0 PRF sha init key-key@0x7f2a4000bdb0 (size 20) | prf+0: key-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652f8 | result: clone-key@0x7f2a58006900 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x564e2d1a1160 from key-key@0x7f2a58006900 | prf+0 prf: begin sha with context 0x564e2d1a1160 from key-key@0x7f2a58006900 | prf+0: release clone-key@0x7f2a58006900 | prf+0 PRF sha crypt-prf@0x564e2d1c19f0 | prf+0 PRF sha update seed-key@0x7f2a4c006900 (size 64) | prf+0: seed-key@0x7f2a4c006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f2a4c006900 | nss hmac digest hack: symkey-key@0x7f2a4c006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1921626304: 7f ffffff8f ffffffe3 36 ffffffe2 fffffff7 1b ffffffc3 ffffff85 ffffffff 38 ffffffa3 0c ffffffe0 26 ffffffb2 78 11 ffffffce ffffffcd ffffff8b fffffffa ffffffc5 ffffffa8 58 ffffffea 4c fffffff8 05 ffffffff ffffff80 ffffffb8 1b ffffffbf ffffffe9 24 fffffff7 fffffffa 71 fffffff0 42 ffffffbe 4a ffffffdd 26 ffffffd1 ffffffec 11 26 ffffffc3 51 ffffffc7 fffffffd ffffff8a 25 fffffff7 ffffffe6 55 7c ffffff80 ffffffb3 ffffff90 7b ffffff86 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 64 bytes at 0x564e2d1c1800 | unwrapped: 70 d6 aa 5c 81 5d a9 b0 1c 5f 80 0c a0 b9 20 86 | unwrapped: f8 1a bc 3c 1a ba 84 24 9b ab 67 e2 a2 34 4a 53 | unwrapped: 7f 9a 44 bf d6 07 9e 5a 97 6a 89 84 84 1d 0b 69 | unwrapped: 54 64 68 25 54 5f 5b f1 d9 2a 7d 82 a8 df dd 15 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765300 | result: final-key@0x564e2d1c3300 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d1c3300 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652e8 | result: final-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564e2d1c3300 | prf+0 PRF sha final-key@0x7f2a58006900 (size 20) | prf+0: key-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x7f2a58006900 | prf+N PRF sha init key-key@0x7f2a4000bdb0 (size 20) | prf+N: key-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652f8 | result: clone-key@0x564e2d1c3300 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x564e2d1a1160 from key-key@0x564e2d1c3300 | prf+N prf: begin sha with context 0x564e2d1a1160 from key-key@0x564e2d1c3300 | prf+N: release clone-key@0x564e2d1c3300 | prf+N PRF sha crypt-prf@0x564e2d1bb660 | prf+N PRF sha update old_t-key@0x7f2a58006900 (size 20) | prf+N: old_t-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f2a58006900 | nss hmac digest hack: symkey-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1921626304: 16 09 2a ffffffbe ffffff88 23 ffffffa3 65 ffffff8c ffffffde 06 72 34 0f ffffff9e ffffff98 ffffffd9 75 79 44 ffffffcf ffffffa8 39 35 ffffff85 37 21 70 ffffff93 ffffffb0 ffffffc0 ffffff87 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x564e2d1c6c60 | unwrapped: ee 0d a4 7a 65 75 bb 82 8a c5 e7 72 18 12 0f ce | unwrapped: b8 7f 84 b8 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f2a4c006900 (size 64) | prf+N: seed-key@0x7f2a4c006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f2a4c006900 | nss hmac digest hack: symkey-key@0x7f2a4c006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1921626304: 7f ffffff8f ffffffe3 36 ffffffe2 fffffff7 1b ffffffc3 ffffff85 ffffffff 38 ffffffa3 0c ffffffe0 26 ffffffb2 78 11 ffffffce ffffffcd ffffff8b fffffffa ffffffc5 ffffffa8 58 ffffffea 4c fffffff8 05 ffffffff ffffff80 ffffffb8 1b ffffffbf ffffffe9 24 fffffff7 fffffffa 71 fffffff0 42 ffffffbe 4a ffffffdd 26 ffffffd1 ffffffec 11 26 ffffffc3 51 ffffffc7 fffffffd ffffff8a 25 fffffff7 ffffffe6 55 7c ffffff80 ffffffb3 ffffff90 7b ffffff86 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 64 bytes at 0x564e2d1b93d0 | unwrapped: 70 d6 aa 5c 81 5d a9 b0 1c 5f 80 0c a0 b9 20 86 | unwrapped: f8 1a bc 3c 1a ba 84 24 9b ab 67 e2 a2 34 4a 53 | unwrapped: 7f 9a 44 bf d6 07 9e 5a 97 6a 89 84 84 1d 0b 69 | unwrapped: 54 64 68 25 54 5f 5b f1 d9 2a 7d 82 a8 df dd 15 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765300 | result: final-key@0x7f2a40009e40 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a40009e40 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652e8 | result: final-key@0x564e2d1c3300 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a40009e40 | prf+N PRF sha final-key@0x564e2d1c3300 (size 20) | prf+N: key-key@0x564e2d1c3300 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff8d765378 | result: result-key@0x7f2a40009e40 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a58006900 | prfplus: release old_t[N]-key@0x7f2a58006900 | prf+N PRF sha init key-key@0x7f2a4000bdb0 (size 20) | prf+N: key-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652f8 | result: clone-key@0x7f2a58006900 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x564e2d1a1160 from key-key@0x7f2a58006900 | prf+N prf: begin sha with context 0x564e2d1a1160 from key-key@0x7f2a58006900 | prf+N: release clone-key@0x7f2a58006900 | prf+N PRF sha crypt-prf@0x564e2d1be510 | prf+N PRF sha update old_t-key@0x564e2d1c3300 (size 20) | prf+N: old_t-key@0x564e2d1c3300 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564e2d1c3300 | nss hmac digest hack: symkey-key@0x564e2d1c3300 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1921626304: 7c 24 ffffff8f ffffffcb ffffffa4 ffffffcb 50 21 ffffffb6 46 ffffff97 19 0e 33 57 ffffff9e 01 69 ffffff94 66 3a 26 56 58 79 17 6b ffffff8a 56 52 53 0b | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a4000be60 | unwrapped: 9b 32 94 c3 5b 54 a4 8e c4 14 fb 07 c1 c1 cc 34 | unwrapped: bf aa ea 0c 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f2a4c006900 (size 64) | prf+N: seed-key@0x7f2a4c006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f2a4c006900 | nss hmac digest hack: symkey-key@0x7f2a4c006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1921626304: 7f ffffff8f ffffffe3 36 ffffffe2 fffffff7 1b ffffffc3 ffffff85 ffffffff 38 ffffffa3 0c ffffffe0 26 ffffffb2 78 11 ffffffce ffffffcd ffffff8b fffffffa ffffffc5 ffffffa8 58 ffffffea 4c fffffff8 05 ffffffff ffffff80 ffffffb8 1b ffffffbf ffffffe9 24 fffffff7 fffffffa 71 fffffff0 42 ffffffbe 4a ffffffdd 26 ffffffd1 ffffffec 11 26 ffffffc3 51 ffffffc7 fffffffd ffffff8a 25 fffffff7 ffffffe6 55 7c ffffff80 ffffffb3 ffffff90 7b ffffff86 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 64 bytes at 0x564e2d1b9330 | unwrapped: 70 d6 aa 5c 81 5d a9 b0 1c 5f 80 0c a0 b9 20 86 | unwrapped: f8 1a bc 3c 1a ba 84 24 9b ab 67 e2 a2 34 4a 53 | unwrapped: 7f 9a 44 bf d6 07 9e 5a 97 6a 89 84 84 1d 0b 69 | unwrapped: 54 64 68 25 54 5f 5b f1 d9 2a 7d 82 a8 df dd 15 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765300 | result: final-key@0x564e2d1ca300 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d1ca300 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652e8 | result: final-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564e2d1ca300 | prf+N PRF sha final-key@0x7f2a58006900 (size 20) | prf+N: key-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a40009e40 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff8d765378 | result: result-key@0x564e2d1ca300 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a40009e40 | prfplus: release old_t[N]-key@0x564e2d1c3300 | prf+N PRF sha init key-key@0x7f2a4000bdb0 (size 20) | prf+N: key-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652f8 | result: clone-key@0x564e2d1c3300 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x564e2d1a1160 from key-key@0x564e2d1c3300 | prf+N prf: begin sha with context 0x564e2d1a1160 from key-key@0x564e2d1c3300 | prf+N: release clone-key@0x564e2d1c3300 | prf+N PRF sha crypt-prf@0x564e2d1bb660 | prf+N PRF sha update old_t-key@0x7f2a58006900 (size 20) | prf+N: old_t-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f2a58006900 | nss hmac digest hack: symkey-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1921626304: ffffffd0 ffffff8a 21 7b ffffffb0 ffffff80 ffffffde ffffff84 65 fffffff7 fffffffc 41 17 ffffffb6 06 35 18 ffffff87 ffffffda ffffffc2 ffffffd8 ffffffe5 ffffffc0 5a fffffff4 fffffffb 2b 65 1f 2d fffffffe ffffffbf | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a4000be60 | unwrapped: 0c 27 58 90 1a 75 6c ce b4 bf ad 05 1c 20 de 77 | unwrapped: 30 51 8e f5 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f2a4c006900 (size 64) | prf+N: seed-key@0x7f2a4c006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f2a4c006900 | nss hmac digest hack: symkey-key@0x7f2a4c006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1921626304: 7f ffffff8f ffffffe3 36 ffffffe2 fffffff7 1b ffffffc3 ffffff85 ffffffff 38 ffffffa3 0c ffffffe0 26 ffffffb2 78 11 ffffffce ffffffcd ffffff8b fffffffa ffffffc5 ffffffa8 58 ffffffea 4c fffffff8 05 ffffffff ffffff80 ffffffb8 1b ffffffbf ffffffe9 24 fffffff7 fffffffa 71 fffffff0 42 ffffffbe 4a ffffffdd 26 ffffffd1 ffffffec 11 26 ffffffc3 51 ffffffc7 fffffffd ffffff8a 25 fffffff7 ffffffe6 55 7c ffffff80 ffffffb3 ffffff90 7b ffffff86 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 64 bytes at 0x564e2d1b9380 | unwrapped: 70 d6 aa 5c 81 5d a9 b0 1c 5f 80 0c a0 b9 20 86 | unwrapped: f8 1a bc 3c 1a ba 84 24 9b ab 67 e2 a2 34 4a 53 | unwrapped: 7f 9a 44 bf d6 07 9e 5a 97 6a 89 84 84 1d 0b 69 | unwrapped: 54 64 68 25 54 5f 5b f1 d9 2a 7d 82 a8 df dd 15 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765300 | result: final-key@0x7f2a40009e40 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a40009e40 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652e8 | result: final-key@0x564e2d1c3300 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a40009e40 | prf+N PRF sha final-key@0x564e2d1c3300 (size 20) | prf+N: key-key@0x564e2d1c3300 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d1ca300 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff8d765378 | result: result-key@0x7f2a40009e40 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564e2d1ca300 | prfplus: release old_t[N]-key@0x7f2a58006900 | prfplus: release old_t[final]-key@0x564e2d1c3300 | child_sa_keymat: release data-key@0x7f2a4c006900 | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x7f2a40009e40 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765458 | result: result-key@0x7f2a4c006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 36 bytes of key@0x7f2a4c006900 | initiator to responder keys: symkey-key@0x7f2a4c006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x564e2d1a1c00 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)891297848: 16 09 2a ffffffbe ffffff88 23 ffffffa3 65 ffffff8c ffffffde 06 72 34 0f ffffff9e ffffff98 6c ffffffe6 60 ffffffa9 ffffffd2 ffffffe6 69 46 1d 22 6c ffffffe6 ffffffa8 56 5d ffffffce ffffffa9 ffffffc6 5d ffffffa5 fffffff3 ffffff90 ffffff94 ffffffa2 4a ffffff8c ffffffa2 07 ffffffc7 fffffff1 3a 17 | initiator to responder keys: release slot-key-key@0x564e2d1a1c00 | initiator to responder keys extracted len 48 bytes at 0x564e2d1bb840 | unwrapped: ee 0d a4 7a 65 75 bb 82 8a c5 e7 72 18 12 0f ce | unwrapped: b8 7f 84 b8 9b 32 94 c3 5b 54 a4 8e c4 14 fb 07 | unwrapped: c1 c1 cc 34 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x7f2a4c006900 | key-offset: 36, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x7f2a40009e40 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765458 | result: result-key@0x7f2a4c006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 36 bytes of key@0x7f2a4c006900 | responder to initiator keys:: symkey-key@0x7f2a4c006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x564e2d1a1c00 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)891297848: 30 ffffffd9 59 30 6d ffffffd0 ffffffc7 ffffffe2 fffffff2 ffffffd5 45 57 ffffff81 ffffffc8 40 ffffff9b ffffff94 ffffff93 45 3c ffffff88 ffffffc7 10 ffffff84 15 ffffff96 3f 52 18 ffffffa9 ffffffd6 ffffffad fffffff3 53 ffffffb6 7e 22 ffffffc6 1a 52 34 ffffffbb ffffffdd ffffffeb 30 ffffffe9 57 02 | responder to initiator keys:: release slot-key-key@0x564e2d1a1c00 | responder to initiator keys: extracted len 48 bytes at 0x564e2d1bb7d0 | unwrapped: bf aa ea 0c 0c 27 58 90 1a 75 6c ce b4 bf ad 05 | unwrapped: 1c 20 de 77 30 51 8e f5 ab aa f3 e6 bf 86 05 96 | unwrapped: b0 88 cc b4 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x7f2a4c006900 | ikev2_derive_child_keys: release keymat-key@0x7f2a40009e40 | FOR_EACH_CONNECTION_... in ISAKMP_SA_established | #9 spent 2.52 milliseconds | install_ipsec_sa() for #10: inbound and outbound | could_route called for east (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" prospective erouted: self; eroute owner: self | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.3aa70a7e@192.1.2.45 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.9c5d9841@192.1.2.23 included non-error error | priority calculation of connection "east" is 0xfe7e7 | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #10: prospective erouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" prospective erouted: self; eroute owner: self | route_and_eroute with c: east (next: none) ero:east esr:{(nil)} ro:east rosr:{(nil)} and state: #10 | priority calculation of connection "east" is 0xfe7e7 | eroute_connection replace eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45>tun.0@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x3aa70a7e SPI_OUT=0x9c5 | popen cmd is 1020 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFA: | cmd( 80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' : | cmd( 160):PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_M: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1638: | cmd( 320):8' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_: | cmd( 400):CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK=': | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKE: | cmd( 640):V2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO: | cmd( 720):_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_IN: | cmd( 800):FO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_: | cmd( 880):CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=: | cmd( 960):'no' SPI_IN=0x3aa70a7e SPI_OUT=0x9c5d9841 ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | route_and_eroute: instance "east", setting eroute_owner {spd=0x564e2d1b9a50,sr=0x564e2d1b9a50} to #10 (was #0) (newest_ipsec_sa=#0) | #9 spent 0.483 milliseconds in install_ipsec_sa() | ISAKMP_v2_IKE_AUTH: instance east[0], setting IKEv2 newest_ipsec_sa to #10 (was #0) (spd.eroute=#10) cloned from #9 | adding 12 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 176 | emitting length of ISAKMP Message: 204 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 6d 8b 26 28 96 2f 7f 8b a3 d6 c8 8d 29 4d 39 f7 | data before encryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 a8 2c fb 5e ca e0 f4 f2 7c 72 fc 4d | 84 7d a2 d1 53 3c d1 a9 2c 00 00 2c 00 00 00 28 | 01 03 04 03 9c 5d 98 41 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 03 00 00 02 00 00 00 08 | 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 01 00 c0 00 01 ff 00 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 | c0 00 02 ff 00 01 02 03 04 05 06 07 08 09 0a 0b | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 65 15 45 d4 e1 3a 1b 41 de 8d a7 20 43 cc b4 3e | cf bb 12 18 01 db 96 5f e0 42 e2 4a 8c 59 a1 32 | 19 72 35 b1 81 80 2f c7 2e cc c0 e2 ae 6d 94 c3 | d3 0c 23 5f 19 a3 d9 c0 ed f1 54 ff b2 3d af 79 | 2f 67 df 2a 94 9d be 38 89 7a 41 96 93 92 8c 0f | be d1 ee ee 05 1e 41 83 57 4c bd b8 42 15 28 a3 | 1a 17 c0 06 71 3f 67 c8 5b 99 dd a1 da b8 27 4a | 55 c5 7e 55 0e c7 24 60 2b 31 84 4d b8 6a ba 13 | e7 ce 00 f8 99 e2 c1 5b 18 13 2d d1 35 7c 23 8c | hmac PRF sha init symkey-key@0x7f2a40006450 (size 20) | hmac: symkey-key@0x7f2a40006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a40006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765468 | result: clone-key@0x7f2a40009e40 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x7f2a40009e40 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x7f2a40009e40 | hmac: release clone-key@0x7f2a40009e40 | hmac PRF sha crypt-prf@0x564e2d1be510 | hmac PRF sha update data-bytes@0x564e2b553940 (length 192) | 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | 6d 8b 26 28 96 2f 7f 8b a3 d6 c8 8d 29 4d 39 f7 | 65 15 45 d4 e1 3a 1b 41 de 8d a7 20 43 cc b4 3e | cf bb 12 18 01 db 96 5f e0 42 e2 4a 8c 59 a1 32 | 19 72 35 b1 81 80 2f c7 2e cc c0 e2 ae 6d 94 c3 | d3 0c 23 5f 19 a3 d9 c0 ed f1 54 ff b2 3d af 79 | 2f 67 df 2a 94 9d be 38 89 7a 41 96 93 92 8c 0f | be d1 ee ee 05 1e 41 83 57 4c bd b8 42 15 28 a3 | 1a 17 c0 06 71 3f 67 c8 5b 99 dd a1 da b8 27 4a | 55 c5 7e 55 0e c7 24 60 2b 31 84 4d b8 6a ba 13 | e7 ce 00 f8 99 e2 c1 5b 18 13 2d d1 35 7c 23 8c | hmac PRF sha final-bytes@0x564e2b553a00 (length 20) | 65 92 bc 56 51 94 54 88 df 0b d3 cf f3 52 2f 6d | 00 b7 1c 5e | data being hmac: 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | data being hmac: 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | data being hmac: 6d 8b 26 28 96 2f 7f 8b a3 d6 c8 8d 29 4d 39 f7 | data being hmac: 65 15 45 d4 e1 3a 1b 41 de 8d a7 20 43 cc b4 3e | data being hmac: cf bb 12 18 01 db 96 5f e0 42 e2 4a 8c 59 a1 32 | data being hmac: 19 72 35 b1 81 80 2f c7 2e cc c0 e2 ae 6d 94 c3 | data being hmac: d3 0c 23 5f 19 a3 d9 c0 ed f1 54 ff b2 3d af 79 | data being hmac: 2f 67 df 2a 94 9d be 38 89 7a 41 96 93 92 8c 0f | data being hmac: be d1 ee ee 05 1e 41 83 57 4c bd b8 42 15 28 a3 | data being hmac: 1a 17 c0 06 71 3f 67 c8 5b 99 dd a1 da b8 27 4a | data being hmac: 55 c5 7e 55 0e c7 24 60 2b 31 84 4d b8 6a ba 13 | data being hmac: e7 ce 00 f8 99 e2 c1 5b 18 13 2d d1 35 7c 23 8c | out calculated auth: | 65 92 bc 56 51 94 54 88 df 0b d3 cf | ikev2_parent_inI2outR2_continue_tail returned STF_OK | #9 spent 3.28 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() | suspend processing: state #9 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #10 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #10 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R | child state #10: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) | Message ID: updating counters for #10 to 1 after switching state | Message ID: recv #9.#10 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 | Message ID: sent #9.#10 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 | pstats #10 ikev2.child established "east" #10: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0] | NAT-T: encaps is 'auto' "east" #10: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0x3aa70a7e <0x9c5d9841 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 204 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #9) | 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | 6d 8b 26 28 96 2f 7f 8b a3 d6 c8 8d 29 4d 39 f7 | 65 15 45 d4 e1 3a 1b 41 de 8d a7 20 43 cc b4 3e | cf bb 12 18 01 db 96 5f e0 42 e2 4a 8c 59 a1 32 | 19 72 35 b1 81 80 2f c7 2e cc c0 e2 ae 6d 94 c3 | d3 0c 23 5f 19 a3 d9 c0 ed f1 54 ff b2 3d af 79 | 2f 67 df 2a 94 9d be 38 89 7a 41 96 93 92 8c 0f | be d1 ee ee 05 1e 41 83 57 4c bd b8 42 15 28 a3 | 1a 17 c0 06 71 3f 67 c8 5b 99 dd a1 da b8 27 4a | 55 c5 7e 55 0e c7 24 60 2b 31 84 4d b8 6a ba 13 | e7 ce 00 f8 99 e2 c1 5b 18 13 2d d1 35 7c 23 8c | 65 92 bc 56 51 94 54 88 df 0b d3 cf | releasing whack for #10 (sock=fd@-1) | releasing whack and unpending for parent #9 | unpending state #9 connection "east" | #10 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x564e2d1be610 | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #10 | libevent_malloc: new ptr-libevent@0x7f2a44006900 size 128 | resume sending helper answer for #9 suppresed complete_v2_state_transition() | #9 spent 3.7 milliseconds in resume sending helper answer | stop processing: state #10 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f2a58006720 | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00474 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00317 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | 27 d7 01 f2 f8 cd cd 9a d5 0e 9c e4 f8 43 77 7f | 14 dc 25 bb e8 c8 00 3f 36 38 8a 9d e1 73 68 db | ee 7e 3e 41 97 57 14 a1 f0 49 4a ab | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 65 12 22 b9 cd 6a 2c 4d | responder cookie: | f2 c8 2c 02 54 24 8b 03 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #9 in PARENT_R2 (find_v2_ike_sa) | start processing: state #9 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #9 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 | Message ID: #9 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SK (len=44) | Message ID: start-responder #9 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 | #9 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x564e2d1c1a10 (size 20) | hmac: symkey-key@0x564e2d1c1a10 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1c1a10 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7660b8 | result: clone-key@0x7f2a40009e40 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x7f2a40009e40 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x7f2a40009e40 | hmac: release clone-key@0x7f2a40009e40 | hmac PRF sha crypt-prf@0x564e2d1c19f0 | hmac PRF sha update data-bytes@0x564e2d11cf50 (length 64) | 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | 27 d7 01 f2 f8 cd cd 9a d5 0e 9c e4 f8 43 77 7f | 14 dc 25 bb e8 c8 00 3f 36 38 8a 9d e1 73 68 db | hmac PRF sha final-bytes@0x7fff8d766280 (length 20) | ee 7e 3e 41 97 57 14 a1 f0 49 4a ab 44 97 57 2a | 4c 75 36 ec | data for hmac: 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | data for hmac: 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | data for hmac: 27 d7 01 f2 f8 cd cd 9a d5 0e 9c e4 f8 43 77 7f | data for hmac: 14 dc 25 bb e8 c8 00 3f 36 38 8a 9d e1 73 68 db | calculated auth: ee 7e 3e 41 97 57 14 a1 f0 49 4a ab | provided auth: ee 7e 3e 41 97 57 14 a1 f0 49 4a ab | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 27 d7 01 f2 f8 cd cd 9a d5 0e 9c e4 f8 43 77 7f | payload before decryption: | 14 dc 25 bb e8 c8 00 3f 36 38 8a 9d e1 73 68 db | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 00 00 00 0c 03 04 00 01 3a a7 0a 7e 00 01 02 03 | stripping 4 octets as pad | #9 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 12 (0xc) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | processing payload: ISAKMP_NEXT_v2D (len=4) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | 65 12 22 b9 cd 6a 2c 4d | responder cookie: | f2 c8 2c 02 54 24 8b 03 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | parsing 4 raw bytes of IKEv2 Delete Payload into SPI | SPI 3a a7 0a 7e | delete PROTO_v2_ESP SA(0x3aa70a7e) | v2 CHILD SA #10 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_R | State DB: found IKEv2 state #10 in V2_IPSEC_R (find_v2_child_sa_by_outbound_spi) | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x3aa70a7e) "east" #9: received Delete SA payload: delete IPsec State #10 now | pstats #10 ikev2.child deleted completed | suspend processing: state #9 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) | start processing: state #10 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #10: deleting other state #10 (STATE_V2_IPSEC_R) aged 0.138s and NOT sending notification | child state #10: V2_IPSEC_R(established CHILD SA) => delete | get_sa_info esp.3aa70a7e@192.1.2.45 | get_sa_info esp.9c5d9841@192.1.2.23 "east" #10: ESP traffic information: in=84B out=84B | child state #10: V2_IPSEC_R(established CHILD SA) => CHILDSA_DEL(informational) | state #10 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7f2a44006900 | free_event_entry: release EVENT_SA_REKEY-pe@0x564e2d1be610 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050309' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x3aa70a7e | popen cmd is 1031 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east: | cmd( 160):' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='1569050309' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUN: | cmd( 640):NEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMA: | cmd( 720):NENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_: | cmd( 800):PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER: | cmd( 880):='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' : | cmd( 960):VTI_SHARED='no' SPI_IN=0x3aa70a7e SPI_OUT=0x9c5d9841 ipsec _updown 2>&1: | shunt_eroute() called for connection 'east' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.2.0/24:0 --0->- 192.0.1.0/24:0 | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.1.0/24:0 | priority calculation of connection "east" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.3aa70a7e@192.1.2.45 | netlink response for Del SA esp.3aa70a7e@192.1.2.45 included non-error error | priority calculation of connection "east" is 0xfe7e7 | delete inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) | raw_eroute result=success | delete esp.9c5d9841@192.1.2.23 | netlink response for Del SA esp.9c5d9841@192.1.2.23 included non-error error | in connection_discard for connection east | State DB: deleting IKEv2 state #10 in CHILDSA_DEL | child state #10: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #10 from 192.1.2.45:500 (in delete_state() at state.c:1143) | resume processing: state #9 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f2a4000bdb0 | delete_state: release st->st_skey_ai_nss-key@0x564e2d1c1a10 | delete_state: release st->st_skey_ar_nss-key@0x7f2a40006450 | delete_state: release st->st_skey_ei_nss-key@0x564e2d1bff30 | delete_state: release st->st_skey_er_nss-key@0x7f2a500069f0 | delete_state: release st->st_skey_pi_nss-key@0x564e2d1a8430 | delete_state: release st->st_skey_pr_nss-key@0x7f2a5000eec0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload | local SPIs 9c 5d 98 41 | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 60 62 cf e8 60 8c 33 73 ef 17 5f 83 ac 8b 14 80 | data before encryption: | 00 00 00 0c 03 04 00 01 9c 5d 98 41 00 01 02 03 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 58 fa 22 36 bd d8 3b 42 23 fa 9a ee 66 8a 52 bb | hmac PRF sha init symkey-key@0x7f2a40006450 (size 20) | hmac: symkey-key@0x7f2a40006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a40006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765c78 | result: clone-key@0x7f2a40009e40 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x7f2a40009e40 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x7f2a40009e40 | hmac: release clone-key@0x7f2a40009e40 | hmac PRF sha crypt-prf@0x564e2d1c3390 | hmac PRF sha update data-bytes@0x564e2b553940 (length 64) | 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | 60 62 cf e8 60 8c 33 73 ef 17 5f 83 ac 8b 14 80 | 58 fa 22 36 bd d8 3b 42 23 fa 9a ee 66 8a 52 bb | hmac PRF sha final-bytes@0x564e2b553980 (length 20) | d4 ca b8 07 fd 33 89 80 56 7d 40 c8 16 f8 07 ba | cb 2c af 67 | data being hmac: 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | data being hmac: 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | data being hmac: 60 62 cf e8 60 8c 33 73 ef 17 5f 83 ac 8b 14 80 | data being hmac: 58 fa 22 36 bd d8 3b 42 23 fa 9a ee 66 8a 52 bb | out calculated auth: | d4 ca b8 07 fd 33 89 80 56 7d 40 c8 | sending 76 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #9) | 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | 60 62 cf e8 60 8c 33 73 ef 17 5f 83 ac 8b 14 80 | 58 fa 22 36 bd d8 3b 42 23 fa 9a ee 66 8a 52 bb | d4 ca b8 07 fd 33 89 80 56 7d 40 c8 | Message ID: #9 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2 | Message ID: sent #9 response 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1->2 responder.recv=1 wip.initiator=-1 wip.responder=2 | #9 spent 0.793 milliseconds in processing: R2: process INFORMATIONAL Request in ikev2_process_state_packet() | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #9 complete_v2_state_transition() PARENT_R2->PARENT_R2 with status STF_OK | Message ID: updating counters for #9 to 2 after switching state | Message ID: recv #9 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=1->2 wip.initiator=-1 wip.responder=2->-1 | Message ID: #9 skipping update_send as nothing to send; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1 "east" #9: STATE_PARENT_R2: received v2I2, PARENT SA established | stop processing: state #9 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #9 spent 1.1 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.11 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00139 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | 35 65 16 48 18 5e 28 b5 07 f4 b4 d4 82 63 fa ed | 7d 60 07 10 fd 60 44 47 e0 07 e8 01 91 5b cd 24 | 39 65 6e 09 60 e4 c0 ca 69 b7 e3 d9 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 65 12 22 b9 cd 6a 2c 4d | responder cookie: | f2 c8 2c 02 54 24 8b 03 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #9 in PARENT_R2 (find_v2_ike_sa) | start processing: state #9 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #9 st.st_msgid_lastrecv 2 md.hdr.isa_msgid 00000003 | Message ID: #9 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SK (len=44) | Message ID: start-responder #9 request 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1->3 | #9 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x564e2d1c1a10 (size 20) | hmac: symkey-key@0x564e2d1c1a10 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1c1a10 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7660b8 | result: clone-key@0x7f2a40009e40 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x7f2a40009e40 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x7f2a40009e40 | hmac: release clone-key@0x7f2a40009e40 | hmac PRF sha crypt-prf@0x564e2d1c19f0 | hmac PRF sha update data-bytes@0x564e2d11cf50 (length 64) | 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | 35 65 16 48 18 5e 28 b5 07 f4 b4 d4 82 63 fa ed | 7d 60 07 10 fd 60 44 47 e0 07 e8 01 91 5b cd 24 | hmac PRF sha final-bytes@0x7fff8d766280 (length 20) | 39 65 6e 09 60 e4 c0 ca 69 b7 e3 d9 9c 14 25 b2 | 29 c4 4c 27 | data for hmac: 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | data for hmac: 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | data for hmac: 35 65 16 48 18 5e 28 b5 07 f4 b4 d4 82 63 fa ed | data for hmac: 7d 60 07 10 fd 60 44 47 e0 07 e8 01 91 5b cd 24 | calculated auth: 39 65 6e 09 60 e4 c0 ca 69 b7 e3 d9 | provided auth: 39 65 6e 09 60 e4 c0 ca 69 b7 e3 d9 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 35 65 16 48 18 5e 28 b5 07 f4 b4 d4 82 63 fa ed | payload before decryption: | 7d 60 07 10 fd 60 44 47 e0 07 e8 01 91 5b cd 24 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | stripping 8 octets as pad | #9 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | processing payload: ISAKMP_NEXT_v2D (len=0) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | 65 12 22 b9 cd 6a 2c 4d | responder cookie: | f2 c8 2c 02 54 24 8b 03 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | adding 16 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0e repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0f repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | b1 7e 80 1d 06 37 18 07 13 01 af ee 92 43 d4 31 | data before encryption: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 2e b8 b2 af db 2c 89 3e 5b af 8b 2d a1 4b 8b 92 | hmac PRF sha init symkey-key@0x7f2a40006450 (size 20) | hmac: symkey-key@0x7f2a40006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a40006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765c78 | result: clone-key@0x7f2a40009e40 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x7f2a40009e40 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x7f2a40009e40 | hmac: release clone-key@0x7f2a40009e40 | hmac PRF sha crypt-prf@0x564e2d1c1aa0 | hmac PRF sha update data-bytes@0x564e2b553940 (length 64) | 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | b1 7e 80 1d 06 37 18 07 13 01 af ee 92 43 d4 31 | 2e b8 b2 af db 2c 89 3e 5b af 8b 2d a1 4b 8b 92 | hmac PRF sha final-bytes@0x564e2b553980 (length 20) | eb b5 ca 41 79 d8 ee fc 7e bd d2 72 86 b0 76 75 | 2b 3a 2b 85 | data being hmac: 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | data being hmac: 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | data being hmac: b1 7e 80 1d 06 37 18 07 13 01 af ee 92 43 d4 31 | data being hmac: 2e b8 b2 af db 2c 89 3e 5b af 8b 2d a1 4b 8b 92 | out calculated auth: | eb b5 ca 41 79 d8 ee fc 7e bd d2 72 | sending 76 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #9) | 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | b1 7e 80 1d 06 37 18 07 13 01 af ee 92 43 d4 31 | 2e b8 b2 af db 2c 89 3e 5b af 8b 2d a1 4b 8b 92 | eb b5 ca 41 79 d8 ee fc 7e bd d2 72 | Message ID: #9 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=3 | Message ID: sent #9 response 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2->3 responder.recv=2 wip.initiator=-1 wip.responder=3 | State DB: IKEv2 state not found (delete_my_family) | parent state #9: PARENT_R2(established IKE SA) => IKESA_DEL(established IKE SA) | pstats #9 ikev2.ike deleted completed | #9 spent 10.3 milliseconds in total | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #9: deleting state (STATE_IKESA_DEL) aged 0.166s and NOT sending notification | parent state #9: IKESA_DEL(established IKE SA) => delete | state #9 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7f2a480060f0 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f2a44002b20 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #9 in IKESA_DEL | parent state #9: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f2a44000d60: destroyed | stop processing: state #9 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x7f2a4000eee0 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f2a4000bdb0 | delete_state: release st->st_skey_ai_nss-key@0x564e2d1c1a10 | delete_state: release st->st_skey_ar_nss-key@0x7f2a40006450 | delete_state: release st->st_skey_ei_nss-key@0x564e2d1bff30 | delete_state: release st->st_skey_er_nss-key@0x7f2a500069f0 | delete_state: release st->st_skey_pi_nss-key@0x564e2d1a8430 | delete_state: release st->st_skey_pr_nss-key@0x7f2a5000eec0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | in statetime_stop() and could not find #9 | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3376) | #0 complete_v2_state_transition() md.from_state=PARENT_R2 md.svm.state[from]=PARENT_R2 UNDEFINED->PARENT_R2 with status STF_OK | STF_OK but no state object remains | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #9 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.594 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00486 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00279 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 436 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | fc f4 86 af 8d 65 a7 f0 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 0c | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | 1e 7b fb 99 4d 9c 37 a7 d7 11 19 9e ad 07 e2 34 | 20 31 c7 3f fc ed 76 66 9c ba f0 82 58 a4 df dc | 3d 6f 64 20 35 98 e2 8d b3 62 ea 22 fb 84 8d 19 | 60 ce 90 58 d0 93 a7 16 04 eb 93 b0 e9 5a bd 5d | 90 fd 9a f5 80 77 e5 67 0c 5c 30 02 14 9b fc dd | 7a 64 39 39 62 71 52 e2 23 a2 27 65 f5 f1 d0 7b | a7 57 20 e8 99 95 30 b4 b6 f6 52 15 b5 95 c5 4f | 5f 9d 6b 8e f4 01 54 61 31 76 b7 ca 86 e8 4e a3 | ea 7a f2 e9 ff 44 13 54 0a 88 bc c7 fb 35 4e 4a | a0 c3 ff ac 97 19 24 2f e8 94 61 81 ee 59 67 67 | 64 32 d4 02 c4 76 5c 41 06 52 41 74 ce 5e fb fb | 19 2a 76 07 48 42 fb 03 21 d9 5c 2c 2d b7 be 7a | bc f0 bc 0a 71 90 b9 7c cf 20 d9 0b 04 b4 a4 51 | e0 8a 6e ff 48 93 22 61 88 94 94 2c 4f 8c 2e 78 | ee c6 6d ef d5 a8 97 dc 1a f9 fe b0 b6 e8 1c 3d | ce 79 fd e5 2b 34 4e 61 41 c4 2e 99 44 e6 5b 3d | 29 00 00 24 df 16 b1 52 fe bd f0 3a 05 05 41 01 | ed d9 40 af b2 91 7d 96 82 9b 14 bf f5 49 b7 37 | 4f f7 64 35 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 9c 49 e8 31 6b 1d 5e 04 d8 12 59 9d | 1f 8a f2 5a e2 97 72 ac 00 00 00 1c 00 00 40 05 | 71 e4 16 e4 53 08 3e 4e 59 68 00 0e cb 77 13 17 | 25 67 27 c6 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | fc f4 86 af 8d 65 a7 f0 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 436 (0x1b4) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x564e2d1ba2a0 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x564e2b547700 (length 32) | 62 69 c2 24 61 0b eb 03 31 69 8e 34 fa 62 6b 0f | 9f 9c e7 e3 dc ef ed d7 ff d6 12 6f b4 c1 0b 04 | IKE SPIr hash sha2_256 digest counter-bytes@0x564e2b5476e0 (length 4) | 07 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff8d7668e0 (length 32) | b8 3c 3f bf b5 b2 38 99 65 32 a3 16 10 6b a7 e9 | dc 44 33 fe e3 43 24 ba ad 36 60 88 01 e3 99 75 | creating state object #11 at 0x564e2d1c5b20 | State DB: adding IKEv2 state #11 in UNDEFINED | pstats #11 ikev2.ike started | Message ID: init #11: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #11: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #11; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #11 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #11 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #11 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #11 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #11 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #11 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #11 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: PRF+INTEG+DH; unmatched: ENCR | remote proposal 1 does not match; unmatched remote transforms: ENCR "east" #11: no local proposal matches remote proposals 1:IKE:ENCR=AES_CBC;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "east" #11: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification NO_PROPOSAL_CHOSEN | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | fc f4 86 af 8d 65 a7 f0 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | fc f4 86 af 8d 65 a7 f0 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | #11 spent 0.214 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #11 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #11 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #11 has no whack fd | pstats #11 ikev2.ike deleted other | [RE]START processing: state #11 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #11: deleting state (STATE_PARENT_R0) aged 0.000s and NOT sending notification | parent state #11: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #11 in PARENT_R0 | parent state #11: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #11 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #11 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.691 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00304 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 436 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | a9 ed 90 bc 76 85 c0 ad 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 0c | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | d2 95 a7 1b de 4a 87 95 3f fa c3 93 db 35 9a cc | af 73 0f 7b b7 b9 cf d6 8e be c9 4f cc 4b 25 f0 | 74 78 3d 13 d2 b3 96 9a d7 af a0 35 05 d8 d6 38 | fe 92 e4 93 bd 89 1e a1 f3 3e 4c 67 92 93 92 cf | a6 18 c3 75 a0 dd ce 11 ff f6 d8 b9 d8 55 02 3a | bb 9e e2 21 8f 3c f5 77 3d e8 3b 81 e9 cb 88 04 | ca 75 f5 41 7a 2e c8 4d d9 56 53 63 6c 9f 3b e2 | de 3b 84 0e 25 f0 c9 8a 8d 78 51 57 2c 37 46 c4 | d5 ff bb 4d 77 6d cb 4c 4a d0 32 bb 05 93 65 65 | d4 58 fb e2 69 e2 b4 82 da 7d c2 7c b1 51 ca ea | b0 7f e7 47 84 63 94 7f 09 05 76 56 b3 a8 34 97 | a0 a9 6a fe a1 64 b2 4e 60 5d f8 32 07 54 3b 96 | fd 5e a6 b2 33 bb 3f a5 68 35 ae d6 01 d6 33 b4 | a6 02 7a ec d3 62 49 27 2d 0c 8b 8a 46 73 d8 75 | bb 4f 8c 4a fd fa 91 d7 b9 9d 9e 2e c7 02 b7 d2 | 45 39 4b 4a ec ea 40 8f cd b5 6b c6 69 87 b5 77 | 29 00 00 24 f6 5a 9e 32 01 cc 89 d9 a3 8a a5 ee | a2 41 4c 2c 24 d9 fb 12 32 2d ef a0 79 29 ee 77 | 05 32 ca af 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 6d 29 54 c6 4b 4d 6c 20 bd 33 f2 76 | 94 94 67 68 15 ff 41 fc 00 00 00 1c 00 00 40 05 | e6 5b f8 fc e3 03 e4 1f a4 dc 38 38 32 b0 cf 6e | 60 9a 74 e1 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | a9 ed 90 bc 76 85 c0 ad | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 436 (0x1b4) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x564e2d1ba2a0 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x564e2b547700 (length 32) | 62 69 c2 24 61 0b eb 03 31 69 8e 34 fa 62 6b 0f | 9f 9c e7 e3 dc ef ed d7 ff d6 12 6f b4 c1 0b 04 | IKE SPIr hash sha2_256 digest counter-bytes@0x564e2b5476e0 (length 4) | 08 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff8d7668e0 (length 32) | 19 48 db 1b 61 61 2d e1 98 6d b3 b7 b3 06 de a1 | 9d 23 ff 1e 6b bf 5e ad c0 4c e8 ea 3d 9c d2 6a | creating state object #12 at 0x564e2d1c5b20 | State DB: adding IKEv2 state #12 in UNDEFINED | pstats #12 ikev2.ike started | Message ID: init #12: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #12: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #12; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #12 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #12 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #12 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #12 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #12 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #12 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #12 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: PRF+INTEG+DH; unmatched: ENCR | remote proposal 1 does not match; unmatched remote transforms: ENCR "east" #12: no local proposal matches remote proposals 1:IKE:ENCR=AES_CBC;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "east" #12: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification NO_PROPOSAL_CHOSEN | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | a9 ed 90 bc 76 85 c0 ad | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | a9 ed 90 bc 76 85 c0 ad 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | #12 spent 0.2 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #12 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #12 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #12 has no whack fd | pstats #12 ikev2.ike deleted other | [RE]START processing: state #12 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #12: deleting state (STATE_PARENT_R0) aged 0.000s and NOT sending notification | parent state #12: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #12 in PARENT_R0 | parent state #12: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #12 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #12 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.716 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00273 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 32 8c 0a 7b f8 de 47 71 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 0b 37 c5 ca 75 d3 ab bc b8 05 cf 7c | 4d 45 1e 9e fd 12 32 ff 39 45 9b d4 55 bb d5 05 | 2f 0e 81 8f e5 6c 56 37 04 9a 49 95 6a ae 5d 3c | 2f b9 56 fd e2 1e 4c bd c9 47 53 d0 eb d2 55 e9 | 4e 7f 43 3b be c0 77 15 a5 ca 2d ff 02 5e 27 d7 | 10 2c cc d7 59 6f c2 40 63 e2 f9 98 9d 4a 81 12 | 5b b1 7e 06 e4 7d 4d eb f7 1f fe 75 4e fc b3 f4 | f2 0a 53 e7 13 4c 38 22 97 12 90 17 67 20 f5 ed | fd c8 c8 81 9b b8 4e 72 fc f3 82 17 5d d4 c4 33 | cb 7b 67 4b 62 1b 3b d3 07 e1 c4 90 fd 39 f1 3e | 65 78 d5 bb a3 f8 3a 71 45 f9 c0 f0 08 8c 2b 06 | 95 f1 7e 2e ab 5e 2c a0 27 65 8e d6 62 00 96 88 | a0 c5 46 68 20 b5 6b e5 60 48 4e e8 75 7a a4 47 | 75 c7 e6 61 5c c5 47 48 7b ad 74 16 b0 12 bc 70 | 8b 29 f8 b2 04 be 70 1b c8 18 a2 e2 d5 18 3d 80 | c6 db cd f7 4c 50 07 76 cb 4f 0b 5a 97 ca d0 dd | 55 5f 2c d4 29 00 00 24 24 d2 c2 9e 1c 53 18 91 | db 47 8c 36 d3 df bd b2 1a 0e fc 2d f5 92 a6 be | a4 46 ff 67 80 35 22 da 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 f3 3c ac f4 c4 fb 3c 36 | c4 92 5c 1f 1b 51 5b 0e 28 f3 95 df 00 00 00 1c | 00 00 40 05 dd 08 2b 8a 69 ae 03 41 a2 d9 9a d7 | 44 c0 08 d7 b0 2e 2b c5 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 32 8c 0a 7b f8 de 47 71 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x564e2d1ba2a0 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x564e2b547700 (length 32) | 62 69 c2 24 61 0b eb 03 31 69 8e 34 fa 62 6b 0f | 9f 9c e7 e3 dc ef ed d7 ff d6 12 6f b4 c1 0b 04 | IKE SPIr hash sha2_256 digest counter-bytes@0x564e2b5476e0 (length 4) | 09 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff8d7668e0 (length 32) | 2c 2f 54 a7 a1 72 6f 05 63 3b 9d 75 94 26 78 fe | ab e2 9b ea fe 07 94 b2 60 f1 7a 76 9e 73 41 fa | creating state object #13 at 0x564e2d1c5b20 | State DB: adding IKEv2 state #13 in UNDEFINED | pstats #13 ikev2.ike started | Message ID: init #13: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #13: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #13; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #13 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #13 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #13 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #13 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #13 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #13 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #13 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 "east" #13: proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | DH public value received: | 0b 37 c5 ca 75 d3 ab bc b8 05 cf 7c 4d 45 1e 9e | fd 12 32 ff 39 45 9b d4 55 bb d5 05 2f 0e 81 8f | e5 6c 56 37 04 9a 49 95 6a ae 5d 3c 2f b9 56 fd | e2 1e 4c bd c9 47 53 d0 eb d2 55 e9 4e 7f 43 3b | be c0 77 15 a5 ca 2d ff 02 5e 27 d7 10 2c cc d7 | 59 6f c2 40 63 e2 f9 98 9d 4a 81 12 5b b1 7e 06 | e4 7d 4d eb f7 1f fe 75 4e fc b3 f4 f2 0a 53 e7 | 13 4c 38 22 97 12 90 17 67 20 f5 ed fd c8 c8 81 | 9b b8 4e 72 fc f3 82 17 5d d4 c4 33 cb 7b 67 4b | 62 1b 3b d3 07 e1 c4 90 fd 39 f1 3e 65 78 d5 bb | a3 f8 3a 71 45 f9 c0 f0 08 8c 2b 06 95 f1 7e 2e | ab 5e 2c a0 27 65 8e d6 62 00 96 88 a0 c5 46 68 | 20 b5 6b e5 60 48 4e e8 75 7a a4 47 75 c7 e6 61 | 5c c5 47 48 7b ad 74 16 b0 12 bc 70 8b 29 f8 b2 | 04 be 70 1b c8 18 a2 e2 d5 18 3d 80 c6 db cd f7 | 4c 50 07 76 cb 4f 0b 5a 97 ca d0 dd 55 5f 2c d4 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff8d7662e0 (length 8) | 32 8c 0a 7b f8 de 47 71 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff8d7662e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff8d766274 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff8d766266 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff8d7662f0 (length 20) | dd 08 2b 8a 69 ae 03 41 a2 d9 9a d7 44 c0 08 d7 | b0 2e 2b c5 | natd_hash: hasher=0x564e2b52a7a0(20) | natd_hash: icookie= 32 8c 0a 7b f8 de 47 71 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= dd 08 2b 8a 69 ae 03 41 a2 d9 9a d7 44 c0 08 d7 | natd_hash: hash= b0 2e 2b c5 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff8d7662e0 (length 8) | 32 8c 0a 7b f8 de 47 71 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff8d7662e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff8d766274 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff8d766266 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff8d766310 (length 20) | f3 3c ac f4 c4 fb 3c 36 c4 92 5c 1f 1b 51 5b 0e | 28 f3 95 df | natd_hash: hasher=0x564e2b52a7a0(20) | natd_hash: icookie= 32 8c 0a 7b f8 de 47 71 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= f3 3c ac f4 c4 fb 3c 36 c4 92 5c 1f 1b 51 5b 0e | natd_hash: hash= 28 f3 95 df | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 | adding ikev2_inI1outR1 KE work-order 9 for state #13 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564e2d1be610 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #13 | libevent_malloc: new ptr-libevent@0x7f2a480060f0 size 128 | #13 spent 0.349 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #13 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | crypto helper 2 resuming | crypto helper 2 starting work-order 9 for state #13 | crypto helper 2 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 9 | #13 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND | suspending state #13 and saving MD | #13 is busy; has a suspended MD | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | [RE]START processing: state #13 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266) | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | "east" #13 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | stop processing: state #13 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | #13 spent 0.846 milliseconds in ikev2_process_packet() | NSS: Value of base: 02 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.866 milliseconds in comm_handle_cb() reading and processing packet | DH secret MODP2048@0x7f2a50002010: created | NSS: Local DH MODP2048 secret (pointer): 0x7f2a50002010 | NSS: Public DH wire value: | 47 54 1c ab 3f 61 a3 6d a7 96 4a a0 0f 4f 14 2a | b4 41 00 3f 6a df ca 90 e6 a1 b0 57 72 dc 1a 8f | 45 4b b8 27 61 69 87 24 6d 0d 87 a5 69 3f e7 01 | 03 4f 5a 6c d9 bf eb 21 66 9d 86 8c 5c f4 2f d2 | b7 ab f8 8f 95 d2 58 00 bc 98 31 04 e6 5c 5c 43 | f7 78 23 e8 bd e6 9f 6f 81 74 58 cc 7d fb 29 f4 | b0 29 ef f7 11 ae 4a 14 8e e4 f1 0d ca 8d c0 6e | e6 5f 24 26 5e 01 ef b4 2b 67 50 78 58 9f ed b8 | 10 b7 e0 92 3a c0 ad d0 f5 c1 c2 e4 45 96 96 1b | 4b 38 6a c0 e3 79 d8 4c 05 ea f4 19 cd c9 b6 ac | 25 b8 e0 2b 85 b4 38 ae 64 4c 39 01 81 ed d1 d5 | 57 e9 a9 9e 78 c1 25 83 6c e7 44 85 d8 3d 41 d9 | 74 3f ba 5d 03 66 0b 8f a9 cc fe 16 52 59 92 ae | 22 52 3a b0 ac 4a 82 7e 3e d9 b5 cd 2d 61 e0 14 | 78 1f 80 8c fd 67 5f 74 3d 4b 6d 10 c2 93 3c ce | 48 84 af 6f 1a c6 f8 e3 4d 50 17 e6 94 26 aa ae | Generated nonce: 99 a4 f1 4d 04 48 65 ea b9 39 82 0b e7 86 03 b5 | Generated nonce: 10 fc e7 0c ac 18 e6 13 53 7e 0c 1b 65 3b c0 97 | crypto helper 2 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 9 time elapsed 0.000843 seconds | (#13) spent 0.838 milliseconds in crypto helper computing work-order 9: ikev2_inI1outR1 KE (pcr) | crypto helper 2 sending results from work-order 9 for state #13 to event queue | scheduling resume sending helper answer for #13 | libevent_malloc: new ptr-libevent@0x7f2a50011520 size 128 | crypto helper 2 waiting (nothing to do) | processing resume sending helper answer for #13 | start processing: state #13 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 2 replies to request ID 9 | calling continuation function 0x564e2b454630 | ikev2_parent_inI1outR1_continue for #13: calculated ke+nonce, sending R1 | **emit ISAKMP Message: | initiator cookie: | 32 8c 0a 7b f8 de 47 71 | responder cookie: | 2c 2f 54 a7 a1 72 6f 05 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Emitting ikev2_proposal ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f2a50002010: transferring ownership from helper KE to state #13 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 47 54 1c ab 3f 61 a3 6d a7 96 4a a0 0f 4f 14 2a | ikev2 g^x b4 41 00 3f 6a df ca 90 e6 a1 b0 57 72 dc 1a 8f | ikev2 g^x 45 4b b8 27 61 69 87 24 6d 0d 87 a5 69 3f e7 01 | ikev2 g^x 03 4f 5a 6c d9 bf eb 21 66 9d 86 8c 5c f4 2f d2 | ikev2 g^x b7 ab f8 8f 95 d2 58 00 bc 98 31 04 e6 5c 5c 43 | ikev2 g^x f7 78 23 e8 bd e6 9f 6f 81 74 58 cc 7d fb 29 f4 | ikev2 g^x b0 29 ef f7 11 ae 4a 14 8e e4 f1 0d ca 8d c0 6e | ikev2 g^x e6 5f 24 26 5e 01 ef b4 2b 67 50 78 58 9f ed b8 | ikev2 g^x 10 b7 e0 92 3a c0 ad d0 f5 c1 c2 e4 45 96 96 1b | ikev2 g^x 4b 38 6a c0 e3 79 d8 4c 05 ea f4 19 cd c9 b6 ac | ikev2 g^x 25 b8 e0 2b 85 b4 38 ae 64 4c 39 01 81 ed d1 d5 | ikev2 g^x 57 e9 a9 9e 78 c1 25 83 6c e7 44 85 d8 3d 41 d9 | ikev2 g^x 74 3f ba 5d 03 66 0b 8f a9 cc fe 16 52 59 92 ae | ikev2 g^x 22 52 3a b0 ac 4a 82 7e 3e d9 b5 cd 2d 61 e0 14 | ikev2 g^x 78 1f 80 8c fd 67 5f 74 3d 4b 6d 10 c2 93 3c ce | ikev2 g^x 48 84 af 6f 1a c6 f8 e3 4d 50 17 e6 94 26 aa ae | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 99 a4 f1 4d 04 48 65 ea b9 39 82 0b e7 86 03 b5 | IKEv2 nonce 10 fc e7 0c ac 18 e6 13 53 7e 0c 1b 65 3b c0 97 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff8d766830 (length 8) | 32 8c 0a 7b f8 de 47 71 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff8d766838 (length 8) | 2c 2f 54 a7 a1 72 6f 05 | NATD hash sha digest IP addr-bytes@0x7fff8d766764 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff8d766756 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff8d7667e0 (length 20) | 59 42 f9 60 4c 17 34 e8 61 c5 61 e9 6f 51 7e fa | be 38 fd 41 | natd_hash: hasher=0x564e2b52a7a0(20) | natd_hash: icookie= 32 8c 0a 7b f8 de 47 71 | natd_hash: rcookie= 2c 2f 54 a7 a1 72 6f 05 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 59 42 f9 60 4c 17 34 e8 61 c5 61 e9 6f 51 7e fa | natd_hash: hash= be 38 fd 41 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 59 42 f9 60 4c 17 34 e8 61 c5 61 e9 6f 51 7e fa | Notify data be 38 fd 41 | emitting length of IKEv2 Notify Payload: 28 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff8d766830 (length 8) | 32 8c 0a 7b f8 de 47 71 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff8d766838 (length 8) | 2c 2f 54 a7 a1 72 6f 05 | NATD hash sha digest IP addr-bytes@0x7fff8d766764 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff8d766756 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff8d7667e0 (length 20) | 97 c4 a4 96 af c0 33 a2 9f f2 c4 2a 10 86 16 e1 | 48 97 8c 03 | natd_hash: hasher=0x564e2b52a7a0(20) | natd_hash: icookie= 32 8c 0a 7b f8 de 47 71 | natd_hash: rcookie= 2c 2f 54 a7 a1 72 6f 05 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 97 c4 a4 96 af c0 33 a2 9f f2 c4 2a 10 86 16 e1 | natd_hash: hash= 48 97 8c 03 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 97 c4 a4 96 af c0 33 a2 9f f2 c4 2a 10 86 16 e1 | Notify data 48 97 8c 03 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | [RE]START processing: state #13 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #13 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 | parent state #13: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) | Message ID: updating counters for #13 to 0 after switching state | Message ID: recv #13 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 | Message ID: sent #13 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 "east" #13: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 440 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #13) | 32 8c 0a 7b f8 de 47 71 2c 2f 54 a7 a1 72 6f 05 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 47 54 1c ab 3f 61 a3 6d a7 96 4a a0 | 0f 4f 14 2a b4 41 00 3f 6a df ca 90 e6 a1 b0 57 | 72 dc 1a 8f 45 4b b8 27 61 69 87 24 6d 0d 87 a5 | 69 3f e7 01 03 4f 5a 6c d9 bf eb 21 66 9d 86 8c | 5c f4 2f d2 b7 ab f8 8f 95 d2 58 00 bc 98 31 04 | e6 5c 5c 43 f7 78 23 e8 bd e6 9f 6f 81 74 58 cc | 7d fb 29 f4 b0 29 ef f7 11 ae 4a 14 8e e4 f1 0d | ca 8d c0 6e e6 5f 24 26 5e 01 ef b4 2b 67 50 78 | 58 9f ed b8 10 b7 e0 92 3a c0 ad d0 f5 c1 c2 e4 | 45 96 96 1b 4b 38 6a c0 e3 79 d8 4c 05 ea f4 19 | cd c9 b6 ac 25 b8 e0 2b 85 b4 38 ae 64 4c 39 01 | 81 ed d1 d5 57 e9 a9 9e 78 c1 25 83 6c e7 44 85 | d8 3d 41 d9 74 3f ba 5d 03 66 0b 8f a9 cc fe 16 | 52 59 92 ae 22 52 3a b0 ac 4a 82 7e 3e d9 b5 cd | 2d 61 e0 14 78 1f 80 8c fd 67 5f 74 3d 4b 6d 10 | c2 93 3c ce 48 84 af 6f 1a c6 f8 e3 4d 50 17 e6 | 94 26 aa ae 29 00 00 24 99 a4 f1 4d 04 48 65 ea | b9 39 82 0b e7 86 03 b5 10 fc e7 0c ac 18 e6 13 | 53 7e 0c 1b 65 3b c0 97 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 59 42 f9 60 4c 17 34 e8 | 61 c5 61 e9 6f 51 7e fa be 38 fd 41 00 00 00 1c | 00 00 40 05 97 c4 a4 96 af c0 33 a2 9f f2 c4 2a | 10 86 16 e1 48 97 8c 03 | state #13 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f2a480060f0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564e2d1be610 | event_schedule: new EVENT_SO_DISCARD-pe@0x564e2d1be610 | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #13 | libevent_malloc: new ptr-libevent@0x7f2a480060f0 size 128 | resume sending helper answer for #13 suppresed complete_v2_state_transition() | #13 spent 0.337 milliseconds in resume sending helper answer | stop processing: state #13 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f2a50011520 | spent 0.00239 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 204 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 32 8c 0a 7b f8 de 47 71 2c 2f 54 a7 a1 72 6f 05 | 2e 20 23 08 00 00 00 01 00 00 00 cc 23 00 00 b0 | 07 99 cc ad fa 41 ec b2 4f e9 bc e3 09 6c d8 e1 | 97 85 59 7a b2 3d 97 5c f2 5f 6c 3a 1d 87 c6 1f | 64 c7 01 50 17 fd 21 25 5c f3 29 f0 31 2e 95 07 | d9 f4 0f db d2 39 33 7a 2d 88 c1 1c 2b 13 e7 24 | e2 58 42 b3 ef a9 50 20 a2 af bf f6 51 99 a5 ef | 85 e2 ea c9 1b bc fc f2 4d fa 77 0c 36 bb 6b 49 | 32 3d ee 14 69 7a 68 72 ed fb 43 18 48 90 36 7f | fb 93 2f b3 96 cc 22 59 a7 0a a0 be e4 60 92 40 | 26 4b 66 82 5d e3 4c 96 c4 e8 42 20 68 5e 63 fa | 8a 2f 3d 31 26 5b 9b df 2a a3 c3 9d 05 48 7b a7 | 95 5f 42 d1 21 3b e4 6b 2e 05 97 2c | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 32 8c 0a 7b f8 de 47 71 | responder cookie: | 2c 2f 54 a7 a1 72 6f 05 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 204 (0xcc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request | State DB: found IKEv2 state #13 in PARENT_R1 (find_v2_ike_sa) | start processing: state #13 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #13 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #13 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 | Message ID: #13 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 176 (0xb0) | processing payload: ISAKMP_NEXT_v2SK (len=172) | Message ID: start-responder #13 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 | #13 in state PARENT_R1: received v2I1, sent v2R1 | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request (no SKEYSEED) | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f2a50002010: transferring ownership from state #13 to helper IKEv2 DH | adding ikev2_inI2outR2 KE work-order 10 for state #13 | state #13 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x7f2a480060f0 | free_event_entry: release EVENT_SO_DISCARD-pe@0x564e2d1be610 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564e2d1be610 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #13 | libevent_malloc: new ptr-libevent@0x7f2a480060f0 size 128 | #13 spent 0.024 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() | [RE]START processing: state #13 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | crypto helper 4 resuming | #13 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND | crypto helper 4 starting work-order 10 for state #13 | suspending state #13 and saving MD | #13 is busy; has a suspended MD | crypto helper 4 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 10 | [RE]START processing: state #13 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266) | peer's g: 0b 37 c5 ca 75 d3 ab bc b8 05 cf 7c 4d 45 1e 9e | peer's g: fd 12 32 ff 39 45 9b d4 55 bb d5 05 2f 0e 81 8f | peer's g: e5 6c 56 37 04 9a 49 95 6a ae 5d 3c 2f b9 56 fd | peer's g: e2 1e 4c bd c9 47 53 d0 eb d2 55 e9 4e 7f 43 3b | peer's g: be c0 77 15 a5 ca 2d ff 02 5e 27 d7 10 2c cc d7 | peer's g: 59 6f c2 40 63 e2 f9 98 9d 4a 81 12 5b b1 7e 06 | peer's g: e4 7d 4d eb f7 1f fe 75 4e fc b3 f4 f2 0a 53 e7 | peer's g: 13 4c 38 22 97 12 90 17 67 20 f5 ed fd c8 c8 81 | peer's g: 9b b8 4e 72 fc f3 82 17 5d d4 c4 33 cb 7b 67 4b | peer's g: 62 1b 3b d3 07 e1 c4 90 fd 39 f1 3e 65 78 d5 bb | peer's g: a3 f8 3a 71 45 f9 c0 f0 08 8c 2b 06 95 f1 7e 2e | peer's g: ab 5e 2c a0 27 65 8e d6 62 00 96 88 a0 c5 46 68 | peer's g: 20 b5 6b e5 60 48 4e e8 75 7a a4 47 75 c7 e6 61 | peer's g: 5c c5 47 48 7b ad 74 16 b0 12 bc 70 8b 29 f8 b2 | peer's g: 04 be 70 1b c8 18 a2 e2 d5 18 3d 80 c6 db cd f7 | peer's g: 4c 50 07 76 cb 4f 0b 5a 97 ca d0 dd 55 5f 2c d4 | Started DH shared-secret computation in NSS: | "east" #13 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #13 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #13 spent 0.142 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.15 milliseconds in comm_handle_cb() reading and processing packet | new : g_ir-key@0x7f2a5000eec0 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f2a50002010: computed shared DH secret key@0x7f2a5000eec0 | dh-shared : g^ir-key@0x7f2a5000eec0 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f2a540039a0 (length 64) | 24 d2 c2 9e 1c 53 18 91 db 47 8c 36 d3 df bd b2 | 1a 0e fc 2d f5 92 a6 be a4 46 ff 67 80 35 22 da | 99 a4 f1 4d 04 48 65 ea b9 39 82 0b e7 86 03 b5 | 10 fc e7 0c ac 18 e6 13 53 7e 0c 1b 65 3b c0 97 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a5f82a670 | result: Ni | Nr-key@0x7f2a500069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x7f2a500069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f82a658 | result: Ni | Nr-key@0x564e2d1a8430 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x7f2a500069f0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f2a54003aa0 from Ni | Nr-key@0x564e2d1a8430 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f2a54003aa0 from Ni | Nr-key@0x564e2d1a8430 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x564e2d1a8430 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f2a54006c30 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x7f2a5000eec0 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x7f2a5000eec0 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x7f2a5000eec0 | nss hmac digest hack: symkey-key@0x7f2a5000eec0 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)1602396880: ffffff92 11 ffffffda 0d 62 ffffffe4 ffffffed 68 06 17 ffffffc7 ffffffee fffffffb 63 18 27 50 34 04 ffffffdb 63 49 ffffffe2 21 15 ffffffe3 22 0d 66 0d 7f 1b ffffff90 ffffffe3 ffffffbe ffffffaf ffffffb3 0e 0c ffffffad 20 ffffffd4 ffffffe5 ffffffaf 3c ffffffd9 5a ffffffc1 1d 4f 7c ffffffed 75 ffffffce ffffff82 51 ffffffc9 14 67 3c ffffffe7 1a ffffffd3 fffffffc 55 08 03 48 ffffff9a 46 ffffffb0 25 fffffff0 ffffffe5 fffffff2 01 09 ffffffa0 fffffff9 ffffffad ffffffcd 01 ffffff91 ffffffcf ffffffb0 ffffffa8 fffffff8 ffffffc2 ffffffe2 4d 1c ffffff8e 71 70 04 ffffffb4 ffffff9d ffffffc8 ffffffff 04 7d fffffff4 0d ffffffdf 01 2b 4b 33 ffffffac ffffffc5 ffffffc7 ffffff80 0d 7d 4b ffffff85 27 ffffffea ffffffb1 ffffff84 16 47 36 ffffff8a 00 5a ffffffec fffffff2 00 fffffff1 ffffff92 62 62 ffffffb3 69 43 1a ffffffd0 44 ffffffda 36 ffffff95 51 0f 21 69 ffffffca ffffffd8 2f 33 2e 4b ffffffa5 ffffffe5 5c 4a ffffff96 21 5f 2e 16 1c ffffffb1 51 ffffff | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 256 bytes at 0x7f2a540078b0 | unwrapped: b5 0a d4 b3 b3 fb 08 4d 59 99 71 0a af 4c 3f 5f | unwrapped: d7 95 e6 c0 ed 64 c3 fa 1b cb 75 58 6d 32 c7 f1 | unwrapped: 7e 8f be 20 12 ac d5 52 ca 7d 41 77 26 c3 fc 05 | unwrapped: 73 73 92 a1 76 6a 24 4b 64 a8 fc c2 8b 8e 1a 26 | unwrapped: 5d c2 30 13 25 aa a9 1e d8 ab e8 37 7d da 2b fd | unwrapped: 59 e1 e5 0b 9a ea a9 99 2f a4 dd 81 5c 7e ba a3 | unwrapped: ff 4f d1 07 09 50 72 07 33 da 33 b3 85 71 a2 f0 | unwrapped: bb 07 cc 7e 71 70 fe 6a 4f e3 3e ac bd 73 29 18 | unwrapped: a6 97 18 c4 c1 6b 18 7f 91 c6 44 5c e4 00 ef b7 | unwrapped: 03 e1 8d 40 ed bf ba 6e a4 36 aa 57 7c 33 d3 18 | unwrapped: 91 02 bb 94 ae a1 62 72 52 83 d9 c4 96 09 ce 0c | unwrapped: 15 30 35 26 6a bb e3 25 4b 76 73 6a bc 99 ce bb | unwrapped: e5 d5 f2 6a af bc 94 f1 f6 c4 0b 58 d1 50 58 f8 | unwrapped: 3b 38 be dd c1 bf ca dd a7 74 c5 52 f2 13 62 2b | unwrapped: 49 79 fa 2f 6a a4 ec c1 6b ea ad 27 b1 f9 be 88 | unwrapped: 28 70 05 5e b3 58 15 58 ed 54 e7 62 52 36 5e dd | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a5f82a690 | result: final-key@0x7f2a500069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a500069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f82a678 | result: final-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a500069f0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x564e2d1a8430 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a5f82a600 | result: data=Ni-key@0x564e2d1bff30 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x564e2d1bff30 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f82a5e8 | result: data=Ni-key@0x7f2a500069f0 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x564e2d1bff30 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a500069f0 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f2a5f82a5f0 | result: data+=Nr-key@0x564e2d1bff30 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f2a500069f0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d1bff30 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f2a5f82a5f0 | result: data+=SPIi-key@0x7f2a500069f0 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564e2d1bff30 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a500069f0 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f2a5f82a5f0 | result: data+=SPIr-key@0x564e2d1bff30 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f2a500069f0 | prf+0 PRF sha init key-key@0x564e2d1a8430 (size 20) | prf+0: key-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f82a518 | result: clone-key@0x7f2a500069f0 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f2a54003aa0 from key-key@0x7f2a500069f0 | prf+0 prf: begin sha with context 0x7f2a54003aa0 from key-key@0x7f2a500069f0 | prf+0: release clone-key@0x7f2a500069f0 | prf+0 PRF sha crypt-prf@0x7f2a54007090 | prf+0 PRF sha update seed-key@0x564e2d1bff30 (size 80) | prf+0: seed-key@0x564e2d1bff30 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564e2d1bff30 | nss hmac digest hack: symkey-key@0x564e2d1bff30 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1602396512: 75 ffffffcc fffffff7 ffffffec 06 ffffff86 3e ffffffdb ffffffd5 ffffff82 67 ffffffd9 ffffffc8 08 7f 37 ffffff8c 77 ffffffca 5e ffffffad fffffffc ffffffae ffffffab 61 ffffffeb 7d ffffffef 5a ffffffbe 74 ffffffa9 69 4b 05 4f ffffffe7 ffffff96 ffffffa5 ffffffb2 ffffffe7 60 ffffffaa ffffffab 14 77 ffffffcf ffffffd2 ffffffe2 ffffffbd 4b ffffffce ffffffb7 ffffff9a ffffffae ffffffff 40 ffffff9a 3a ffffff9c 02 ffffff94 ffffffaf 77 ffffff9c 51 27 ffffffd1 ffffff82 ffffffb2 ffffffef ffffffda 0e ffffff83 ffffff88 ffffffcb ffffffac fffffff0 35 ffffffe8 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a54007d50 | unwrapped: 24 d2 c2 9e 1c 53 18 91 db 47 8c 36 d3 df bd b2 | unwrapped: 1a 0e fc 2d f5 92 a6 be a4 46 ff 67 80 35 22 da | unwrapped: 99 a4 f1 4d 04 48 65 ea b9 39 82 0b e7 86 03 b5 | unwrapped: 10 fc e7 0c ac 18 e6 13 53 7e 0c 1b 65 3b c0 97 | unwrapped: 32 8c 0a 7b f8 de 47 71 2c 2f 54 a7 a1 72 6f 05 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a5f82a520 | result: final-key@0x7f2a40006450 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a40006450 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f82a508 | result: final-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a40006450 | prf+0 PRF sha final-key@0x7f2a500069f0 (size 20) | prf+0: key-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x7f2a500069f0 | prf+N PRF sha init key-key@0x564e2d1a8430 (size 20) | prf+N: key-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f82a518 | result: clone-key@0x7f2a40006450 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a54003aa0 from key-key@0x7f2a40006450 | prf+N prf: begin sha with context 0x7f2a54003aa0 from key-key@0x7f2a40006450 | prf+N: release clone-key@0x7f2a40006450 | prf+N PRF sha crypt-prf@0x7f2a540010c0 | prf+N PRF sha update old_t-key@0x7f2a500069f0 (size 20) | prf+N: old_t-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f2a500069f0 | nss hmac digest hack: symkey-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1602396512: 25 12 ffffffaf ffffffd4 ffffffcf 35 ffffff92 ffffffde fffffff5 27 ffffffb3 ffffff88 6f ffffffe1 0f ffffffed 27 18 ffffffd9 22 2e ffffffa2 7d 20 ffffffb1 ffffffac 59 ffffffd7 ffffffa2 16 ffffffab 5d | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a540070d0 | unwrapped: 80 af 59 3e 8a 42 d5 e9 cd 31 23 93 73 bd 74 81 | unwrapped: a2 db 99 a4 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564e2d1bff30 (size 80) | prf+N: seed-key@0x564e2d1bff30 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564e2d1bff30 | nss hmac digest hack: symkey-key@0x564e2d1bff30 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1602396512: 75 ffffffcc fffffff7 ffffffec 06 ffffff86 3e ffffffdb ffffffd5 ffffff82 67 ffffffd9 ffffffc8 08 7f 37 ffffff8c 77 ffffffca 5e ffffffad fffffffc ffffffae ffffffab 61 ffffffeb 7d ffffffef 5a ffffffbe 74 ffffffa9 69 4b 05 4f ffffffe7 ffffff96 ffffffa5 ffffffb2 ffffffe7 60 ffffffaa ffffffab 14 77 ffffffcf ffffffd2 ffffffe2 ffffffbd 4b ffffffce ffffffb7 ffffff9a ffffffae ffffffff 40 ffffff9a 3a ffffff9c 02 ffffff94 ffffffaf 77 ffffff9c 51 27 ffffffd1 ffffff82 ffffffb2 ffffffef ffffffda 0e ffffff83 ffffff88 ffffffcb ffffffac fffffff0 35 ffffffe8 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a54007cf0 | unwrapped: 24 d2 c2 9e 1c 53 18 91 db 47 8c 36 d3 df bd b2 | unwrapped: 1a 0e fc 2d f5 92 a6 be a4 46 ff 67 80 35 22 da | unwrapped: 99 a4 f1 4d 04 48 65 ea b9 39 82 0b e7 86 03 b5 | unwrapped: 10 fc e7 0c ac 18 e6 13 53 7e 0c 1b 65 3b c0 97 | unwrapped: 32 8c 0a 7b f8 de 47 71 2c 2f 54 a7 a1 72 6f 05 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a5f82a520 | result: final-key@0x564e2d1c1a10 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d1c1a10 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f82a508 | result: final-key@0x7f2a40006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564e2d1c1a10 | prf+N PRF sha final-key@0x7f2a40006450 (size 20) | prf+N: key-key@0x7f2a40006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a5f82a598 | result: result-key@0x564e2d1c1a10 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a500069f0 | prfplus: release old_t[N]-key@0x7f2a500069f0 | prf+N PRF sha init key-key@0x564e2d1a8430 (size 20) | prf+N: key-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f82a518 | result: clone-key@0x7f2a500069f0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a54003aa0 from key-key@0x7f2a500069f0 | prf+N prf: begin sha with context 0x7f2a54003aa0 from key-key@0x7f2a500069f0 | prf+N: release clone-key@0x7f2a500069f0 | prf+N PRF sha crypt-prf@0x7f2a54002a80 | prf+N PRF sha update old_t-key@0x7f2a40006450 (size 20) | prf+N: old_t-key@0x7f2a40006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f2a40006450 | nss hmac digest hack: symkey-key@0x7f2a40006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1602396512: ffffffb3 ffffff8d ffffffba ffffffda fffffff6 41 ffffff9f 5e ffffffb5 75 4a ffffff91 ffffffb0 36 18 66 ffffffe7 1d ffffff97 ffffffa3 79 51 ffffffe5 ffffffab 72 0f 1b 5d ffffffde ffffffd9 ffffffa4 31 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a54007dd0 | unwrapped: f6 07 86 86 8f 0e fb f8 39 08 ee 25 e1 94 47 ad | unwrapped: 49 20 d2 c9 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564e2d1bff30 (size 80) | prf+N: seed-key@0x564e2d1bff30 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564e2d1bff30 | nss hmac digest hack: symkey-key@0x564e2d1bff30 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1602396512: 75 ffffffcc fffffff7 ffffffec 06 ffffff86 3e ffffffdb ffffffd5 ffffff82 67 ffffffd9 ffffffc8 08 7f 37 ffffff8c 77 ffffffca 5e ffffffad fffffffc ffffffae ffffffab 61 ffffffeb 7d ffffffef 5a ffffffbe 74 ffffffa9 69 4b 05 4f ffffffe7 ffffff96 ffffffa5 ffffffb2 ffffffe7 60 ffffffaa ffffffab 14 77 ffffffcf ffffffd2 ffffffe2 ffffffbd 4b ffffffce ffffffb7 ffffff9a ffffffae ffffffff 40 ffffff9a 3a ffffff9c 02 ffffff94 ffffffaf 77 ffffff9c 51 27 ffffffd1 ffffff82 ffffffb2 ffffffef ffffffda 0e ffffff83 ffffff88 ffffffcb ffffffac fffffff0 35 ffffffe8 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a54007c90 | unwrapped: 24 d2 c2 9e 1c 53 18 91 db 47 8c 36 d3 df bd b2 | unwrapped: 1a 0e fc 2d f5 92 a6 be a4 46 ff 67 80 35 22 da | unwrapped: 99 a4 f1 4d 04 48 65 ea b9 39 82 0b e7 86 03 b5 | unwrapped: 10 fc e7 0c ac 18 e6 13 53 7e 0c 1b 65 3b c0 97 | unwrapped: 32 8c 0a 7b f8 de 47 71 2c 2f 54 a7 a1 72 6f 05 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a5f82a520 | result: final-key@0x7f2a4000bdb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a4000bdb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f82a508 | result: final-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a4000bdb0 | prf+N PRF sha final-key@0x7f2a500069f0 (size 20) | prf+N: key-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d1c1a10 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a5f82a598 | result: result-key@0x7f2a4000bdb0 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564e2d1c1a10 | prfplus: release old_t[N]-key@0x7f2a40006450 | prf+N PRF sha init key-key@0x564e2d1a8430 (size 20) | prf+N: key-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f82a518 | result: clone-key@0x7f2a40006450 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a54003aa0 from key-key@0x7f2a40006450 | prf+N prf: begin sha with context 0x7f2a54003aa0 from key-key@0x7f2a40006450 | prf+N: release clone-key@0x7f2a40006450 | prf+N PRF sha crypt-prf@0x7f2a540010c0 | prf+N PRF sha update old_t-key@0x7f2a500069f0 (size 20) | prf+N: old_t-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f2a500069f0 | nss hmac digest hack: symkey-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1602396512: ffffffe4 ffffffcc 66 ffffffc5 fffffff7 ffffffa3 5b ffffffc0 18 4c ffffffee 5d ffffffec ffffffae ffffffb9 56 5d ffffffb3 fffffffd ffffffa7 ffffff8f 3b 7a 1d 4f 4e 71 fffffff4 17 fffffff6 56 ffffffb1 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a540089f0 | unwrapped: f9 2a 23 67 f1 76 21 f5 53 9c 8d e3 7b 83 cf 59 | unwrapped: a8 e8 0e e5 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564e2d1bff30 (size 80) | prf+N: seed-key@0x564e2d1bff30 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564e2d1bff30 | nss hmac digest hack: symkey-key@0x564e2d1bff30 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1602396512: 75 ffffffcc fffffff7 ffffffec 06 ffffff86 3e ffffffdb ffffffd5 ffffff82 67 ffffffd9 ffffffc8 08 7f 37 ffffff8c 77 ffffffca 5e ffffffad fffffffc ffffffae ffffffab 61 ffffffeb 7d ffffffef 5a ffffffbe 74 ffffffa9 69 4b 05 4f ffffffe7 ffffff96 ffffffa5 ffffffb2 ffffffe7 60 ffffffaa ffffffab 14 77 ffffffcf ffffffd2 ffffffe2 ffffffbd 4b ffffffce ffffffb7 ffffff9a ffffffae ffffffff 40 ffffff9a 3a ffffff9c 02 ffffff94 ffffffaf 77 ffffff9c 51 27 ffffffd1 ffffff82 ffffffb2 ffffffef ffffffda 0e ffffff83 ffffff88 ffffffcb ffffffac fffffff0 35 ffffffe8 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a54007c30 | unwrapped: 24 d2 c2 9e 1c 53 18 91 db 47 8c 36 d3 df bd b2 | unwrapped: 1a 0e fc 2d f5 92 a6 be a4 46 ff 67 80 35 22 da | unwrapped: 99 a4 f1 4d 04 48 65 ea b9 39 82 0b e7 86 03 b5 | unwrapped: 10 fc e7 0c ac 18 e6 13 53 7e 0c 1b 65 3b c0 97 | unwrapped: 32 8c 0a 7b f8 de 47 71 2c 2f 54 a7 a1 72 6f 05 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a5f82a520 | result: final-key@0x564e2d1c1a10 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d1c1a10 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f82a508 | result: final-key@0x7f2a40006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564e2d1c1a10 | prf+N PRF sha final-key@0x7f2a40006450 (size 20) | prf+N: key-key@0x7f2a40006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a4000bdb0 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a5f82a598 | result: result-key@0x564e2d1c1a10 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a4000bdb0 | prfplus: release old_t[N]-key@0x7f2a500069f0 | prf+N PRF sha init key-key@0x564e2d1a8430 (size 20) | prf+N: key-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f82a518 | result: clone-key@0x7f2a500069f0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a54003aa0 from key-key@0x7f2a500069f0 | prf+N prf: begin sha with context 0x7f2a54003aa0 from key-key@0x7f2a500069f0 | prf+N: release clone-key@0x7f2a500069f0 | prf+N PRF sha crypt-prf@0x7f2a54002a80 | prf+N PRF sha update old_t-key@0x7f2a40006450 (size 20) | prf+N: old_t-key@0x7f2a40006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f2a40006450 | nss hmac digest hack: symkey-key@0x7f2a40006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1602396512: fffffffe 62 1c 52 ffffffe0 ffffffa1 ffffffeb 1b 06 ffffffb7 5d 6f 22 37 ffffffb2 ffffffe8 30 65 ffffff9a 3c 63 70 ffffffef 15 ffffffd9 ffffff92 ffffffaf ffffffeb 29 0a ffffffc7 ffffffbc | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a540089c0 | unwrapped: 3a 53 78 9a 7d ac 61 e7 01 4c 0f 65 aa e9 95 16 | unwrapped: 41 78 51 59 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564e2d1bff30 (size 80) | prf+N: seed-key@0x564e2d1bff30 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564e2d1bff30 | nss hmac digest hack: symkey-key@0x564e2d1bff30 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1602396512: 75 ffffffcc fffffff7 ffffffec 06 ffffff86 3e ffffffdb ffffffd5 ffffff82 67 ffffffd9 ffffffc8 08 7f 37 ffffff8c 77 ffffffca 5e ffffffad fffffffc ffffffae ffffffab 61 ffffffeb 7d ffffffef 5a ffffffbe 74 ffffffa9 69 4b 05 4f ffffffe7 ffffff96 ffffffa5 ffffffb2 ffffffe7 60 ffffffaa ffffffab 14 77 ffffffcf ffffffd2 ffffffe2 ffffffbd 4b ffffffce ffffffb7 ffffff9a ffffffae ffffffff 40 ffffff9a 3a ffffff9c 02 ffffff94 ffffffaf 77 ffffff9c 51 27 ffffffd1 ffffff82 ffffffb2 ffffffef ffffffda 0e ffffff83 ffffff88 ffffffcb ffffffac fffffff0 35 ffffffe8 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a54008a20 | unwrapped: 24 d2 c2 9e 1c 53 18 91 db 47 8c 36 d3 df bd b2 | unwrapped: 1a 0e fc 2d f5 92 a6 be a4 46 ff 67 80 35 22 da | unwrapped: 99 a4 f1 4d 04 48 65 ea b9 39 82 0b e7 86 03 b5 | unwrapped: 10 fc e7 0c ac 18 e6 13 53 7e 0c 1b 65 3b c0 97 | unwrapped: 32 8c 0a 7b f8 de 47 71 2c 2f 54 a7 a1 72 6f 05 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a5f82a520 | result: final-key@0x7f2a4000bdb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a4000bdb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f82a508 | result: final-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a4000bdb0 | prf+N PRF sha final-key@0x7f2a500069f0 (size 20) | prf+N: key-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d1c1a10 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a5f82a598 | result: result-key@0x7f2a4000bdb0 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564e2d1c1a10 | prfplus: release old_t[N]-key@0x7f2a40006450 | prf+N PRF sha init key-key@0x564e2d1a8430 (size 20) | prf+N: key-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f82a518 | result: clone-key@0x7f2a40006450 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a540075e0 from key-key@0x7f2a40006450 | prf+N prf: begin sha with context 0x7f2a540075e0 from key-key@0x7f2a40006450 | prf+N: release clone-key@0x7f2a40006450 | prf+N PRF sha crypt-prf@0x7f2a540010c0 | prf+N PRF sha update old_t-key@0x7f2a500069f0 (size 20) | prf+N: old_t-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f2a500069f0 | nss hmac digest hack: symkey-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1602396512: 1d ffffffbb 7b ffffffd6 08 ffffffdf 4b ffffff9f 73 ffffff8d 22 ffffffe2 52 58 53 fffffff4 54 ffffff91 7b 6d 28 72 ffffffa9 70 ffffffd8 ffffffdd 0e ffffffaf ffffff8f fffffff1 22 60 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a540089f0 | unwrapped: 52 e3 6f c9 d2 c4 d1 fa ce 17 0c ce 63 f8 85 cb | unwrapped: 1d 5a f9 e6 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564e2d1bff30 (size 80) | prf+N: seed-key@0x564e2d1bff30 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564e2d1bff30 | nss hmac digest hack: symkey-key@0x564e2d1bff30 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1602396512: 75 ffffffcc fffffff7 ffffffec 06 ffffff86 3e ffffffdb ffffffd5 ffffff82 67 ffffffd9 ffffffc8 08 7f 37 ffffff8c 77 ffffffca 5e ffffffad fffffffc ffffffae ffffffab 61 ffffffeb 7d ffffffef 5a ffffffbe 74 ffffffa9 69 4b 05 4f ffffffe7 ffffff96 ffffffa5 ffffffb2 ffffffe7 60 ffffffaa ffffffab 14 77 ffffffcf ffffffd2 ffffffe2 ffffffbd 4b ffffffce ffffffb7 ffffff9a ffffffae ffffffff 40 ffffff9a 3a ffffff9c 02 ffffff94 ffffffaf 77 ffffff9c 51 27 ffffffd1 ffffff82 ffffffb2 ffffffef ffffffda 0e ffffff83 ffffff88 ffffffcb ffffffac fffffff0 35 ffffffe8 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a54007cf0 | unwrapped: 24 d2 c2 9e 1c 53 18 91 db 47 8c 36 d3 df bd b2 | unwrapped: 1a 0e fc 2d f5 92 a6 be a4 46 ff 67 80 35 22 da | unwrapped: 99 a4 f1 4d 04 48 65 ea b9 39 82 0b e7 86 03 b5 | unwrapped: 10 fc e7 0c ac 18 e6 13 53 7e 0c 1b 65 3b c0 97 | unwrapped: 32 8c 0a 7b f8 de 47 71 2c 2f 54 a7 a1 72 6f 05 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a5f82a520 | result: final-key@0x564e2d1c1a10 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d1c1a10 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f82a508 | result: final-key@0x7f2a40006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564e2d1c1a10 | prf+N PRF sha final-key@0x7f2a40006450 (size 20) | prf+N: key-key@0x7f2a40006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a4000bdb0 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a5f82a598 | result: result-key@0x564e2d1c1a10 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a4000bdb0 | prfplus: release old_t[N]-key@0x7f2a500069f0 | prf+N PRF sha init key-key@0x564e2d1a8430 (size 20) | prf+N: key-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f82a518 | result: clone-key@0x7f2a500069f0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a54003aa0 from key-key@0x7f2a500069f0 | prf+N prf: begin sha with context 0x7f2a54003aa0 from key-key@0x7f2a500069f0 | prf+N: release clone-key@0x7f2a500069f0 | prf+N PRF sha crypt-prf@0x7f2a54002a80 | prf+N PRF sha update old_t-key@0x7f2a40006450 (size 20) | prf+N: old_t-key@0x7f2a40006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f2a40006450 | nss hmac digest hack: symkey-key@0x7f2a40006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1602396512: fffffffe ffffff9d ffffff97 ffffffbf ffffff8e 4d ffffff92 48 63 4e ffffff94 ffffffae ffffffd3 15 29 75 ffffff88 75 02 14 0d ffffff95 75 25 4e 7a fffffff7 fffffff0 75 ffffffd1 28 ffffffa1 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a540089c0 | unwrapped: 80 0a 07 3e 41 aa b1 83 c1 72 16 c2 46 ad a5 ff | unwrapped: 97 d8 9b 54 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564e2d1bff30 (size 80) | prf+N: seed-key@0x564e2d1bff30 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564e2d1bff30 | nss hmac digest hack: symkey-key@0x564e2d1bff30 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1602396512: 75 ffffffcc fffffff7 ffffffec 06 ffffff86 3e ffffffdb ffffffd5 ffffff82 67 ffffffd9 ffffffc8 08 7f 37 ffffff8c 77 ffffffca 5e ffffffad fffffffc ffffffae ffffffab 61 ffffffeb 7d ffffffef 5a ffffffbe 74 ffffffa9 69 4b 05 4f ffffffe7 ffffff96 ffffffa5 ffffffb2 ffffffe7 60 ffffffaa ffffffab 14 77 ffffffcf ffffffd2 ffffffe2 ffffffbd 4b ffffffce ffffffb7 ffffff9a ffffffae ffffffff 40 ffffff9a 3a ffffff9c 02 ffffff94 ffffffaf 77 ffffff9c 51 27 ffffffd1 ffffff82 ffffffb2 ffffffef ffffffda 0e ffffff83 ffffff88 ffffffcb ffffffac fffffff0 35 ffffffe8 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a54008a20 | unwrapped: 24 d2 c2 9e 1c 53 18 91 db 47 8c 36 d3 df bd b2 | unwrapped: 1a 0e fc 2d f5 92 a6 be a4 46 ff 67 80 35 22 da | unwrapped: 99 a4 f1 4d 04 48 65 ea b9 39 82 0b e7 86 03 b5 | unwrapped: 10 fc e7 0c ac 18 e6 13 53 7e 0c 1b 65 3b c0 97 | unwrapped: 32 8c 0a 7b f8 de 47 71 2c 2f 54 a7 a1 72 6f 05 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a5f82a520 | result: final-key@0x7f2a4000bdb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a4000bdb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f82a508 | result: final-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a4000bdb0 | prf+N PRF sha final-key@0x7f2a500069f0 (size 20) | prf+N: key-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d1c1a10 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a5f82a598 | result: result-key@0x7f2a4000bdb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564e2d1c1a10 | prfplus: release old_t[N]-key@0x7f2a40006450 | prfplus: release old_t[final]-key@0x7f2a500069f0 | ike_sa_keymat: release data-key@0x564e2d1bff30 | calc_skeyseed_v2: release skeyseed_k-key@0x564e2d1a8430 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a4000bdb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f82a738 | result: result-key@0x564e2d1a8430 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a4000bdb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f82a738 | result: result-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a4000bdb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f82a738 | result: result-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f2a4000bdb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f82a748 | result: SK_ei_k-key@0x7f2a40006450 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f2a4000bdb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f82a748 | result: SK_er_k-key@0x564e2d1c1a10 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a4000bdb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f82a748 | result: result-key@0x7f2a4000eee0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x7f2a4000eee0 | chunk_SK_pi: symkey-key@0x7f2a4000eee0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1717968997: fffffffe 23 7a 2f ffffffac 71 5a 55 ffffff90 ffffffa5 ffffff80 fffffff6 ffffffcb ffffffe8 ffffffe9 fffffffb ffffff8f ffffffae ffffffb3 51 78 ffffffeb ffffffec 5e fffffff4 69 ffffffad 2b 43 ffffff9a fffffffa ffffff89 | chunk_SK_pi: release slot-key-key@0x564e2d1a1c00 | chunk_SK_pi extracted len 32 bytes at 0x7f2a54007fb0 | unwrapped: 63 f8 85 cb 1d 5a f9 e6 80 0a 07 3e 41 aa b1 83 | unwrapped: c1 72 16 c2 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a4000bdb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5f82a748 | result: result-key@0x7f2a40009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x7f2a40009e40 | chunk_SK_pr: symkey-key@0x7f2a40009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1717968997: ffffffee ffffffa5 2d ffffff94 ffffffab ffffffe6 0e ffffffe3 66 1c ffffff83 ffffff98 68 2d 60 15 ffffffc2 62 23 ffffffa2 ffffffd0 7b 5e ffffff8b fffffff6 51 4b 2e 17 5e 50 ffffff89 | chunk_SK_pr: release slot-key-key@0x564e2d1a1c00 | chunk_SK_pr extracted len 32 bytes at 0x7f2a54008b80 | unwrapped: 46 ad a5 ff 97 d8 9b 54 53 cf f5 69 72 c5 5b 4f | unwrapped: 14 06 82 cb 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x7f2a4000bdb0 | calc_skeyseed_v2 pointers: shared-key@0x7f2a5000eec0, SK_d-key@0x564e2d1a8430, SK_ai-key@0x564e2d1bff30, SK_ar-key@0x7f2a500069f0, SK_ei-key@0x7f2a40006450, SK_er-key@0x564e2d1c1a10, SK_pi-key@0x7f2a4000eee0, SK_pr-key@0x7f2a40009e40 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | 63 f8 85 cb 1d 5a f9 e6 80 0a 07 3e 41 aa b1 83 | c1 72 16 c2 | calc_skeyseed_v2 SK_pr | 46 ad a5 ff 97 d8 9b 54 53 cf f5 69 72 c5 5b 4f | 14 06 82 cb | crypto helper 4 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 10 time elapsed 0.002491 seconds | (#13) spent 2.47 milliseconds in crypto helper computing work-order 10: ikev2_inI2outR2 KE (pcr) | crypto helper 4 sending results from work-order 10 for state #13 to event queue | scheduling resume sending helper answer for #13 | libevent_malloc: new ptr-libevent@0x7f2a54008da0 size 128 | crypto helper 4 waiting (nothing to do) | processing resume sending helper answer for #13 | start processing: state #13 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 4 replies to request ID 10 | calling continuation function 0x564e2b454630 | ikev2_parent_inI2outR2_continue for #13: calculating g^{xy}, sending R2 | DH secret MODP2048@0x7f2a50002010: transferring ownership from helper IKEv2 DH to state #13 | finish_dh_v2: release st_shared_nss-key@NULL | #13 in state PARENT_R1: received v2I1, sent v2R1 | hmac PRF sha init symkey-key@0x564e2d1bff30 (size 20) | hmac: symkey-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1bff30 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d766178 | result: clone-key@0x7f2a4000bdb0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x7f2a4000bdb0 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x7f2a4000bdb0 | hmac: release clone-key@0x7f2a4000bdb0 | hmac PRF sha crypt-prf@0x564e2d1be510 | hmac PRF sha update data-bytes@0x564e2d1c4f80 (length 192) | 32 8c 0a 7b f8 de 47 71 2c 2f 54 a7 a1 72 6f 05 | 2e 20 23 08 00 00 00 01 00 00 00 cc 23 00 00 b0 | 07 99 cc ad fa 41 ec b2 4f e9 bc e3 09 6c d8 e1 | 97 85 59 7a b2 3d 97 5c f2 5f 6c 3a 1d 87 c6 1f | 64 c7 01 50 17 fd 21 25 5c f3 29 f0 31 2e 95 07 | d9 f4 0f db d2 39 33 7a 2d 88 c1 1c 2b 13 e7 24 | e2 58 42 b3 ef a9 50 20 a2 af bf f6 51 99 a5 ef | 85 e2 ea c9 1b bc fc f2 4d fa 77 0c 36 bb 6b 49 | 32 3d ee 14 69 7a 68 72 ed fb 43 18 48 90 36 7f | fb 93 2f b3 96 cc 22 59 a7 0a a0 be e4 60 92 40 | 26 4b 66 82 5d e3 4c 96 c4 e8 42 20 68 5e 63 fa | 8a 2f 3d 31 26 5b 9b df 2a a3 c3 9d 05 48 7b a7 | hmac PRF sha final-bytes@0x7fff8d766340 (length 20) | 95 5f 42 d1 21 3b e4 6b 2e 05 97 2c ff 91 9a 68 | e7 6f b1 37 | data for hmac: 32 8c 0a 7b f8 de 47 71 2c 2f 54 a7 a1 72 6f 05 | data for hmac: 2e 20 23 08 00 00 00 01 00 00 00 cc 23 00 00 b0 | data for hmac: 07 99 cc ad fa 41 ec b2 4f e9 bc e3 09 6c d8 e1 | data for hmac: 97 85 59 7a b2 3d 97 5c f2 5f 6c 3a 1d 87 c6 1f | data for hmac: 64 c7 01 50 17 fd 21 25 5c f3 29 f0 31 2e 95 07 | data for hmac: d9 f4 0f db d2 39 33 7a 2d 88 c1 1c 2b 13 e7 24 | data for hmac: e2 58 42 b3 ef a9 50 20 a2 af bf f6 51 99 a5 ef | data for hmac: 85 e2 ea c9 1b bc fc f2 4d fa 77 0c 36 bb 6b 49 | data for hmac: 32 3d ee 14 69 7a 68 72 ed fb 43 18 48 90 36 7f | data for hmac: fb 93 2f b3 96 cc 22 59 a7 0a a0 be e4 60 92 40 | data for hmac: 26 4b 66 82 5d e3 4c 96 c4 e8 42 20 68 5e 63 fa | data for hmac: 8a 2f 3d 31 26 5b 9b df 2a a3 c3 9d 05 48 7b a7 | calculated auth: 95 5f 42 d1 21 3b e4 6b 2e 05 97 2c | provided auth: 95 5f 42 d1 21 3b e4 6b 2e 05 97 2c | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 07 99 cc ad fa 41 ec b2 4f e9 bc e3 09 6c d8 e1 | payload before decryption: | 97 85 59 7a b2 3d 97 5c f2 5f 6c 3a 1d 87 c6 1f | 64 c7 01 50 17 fd 21 25 5c f3 29 f0 31 2e 95 07 | d9 f4 0f db d2 39 33 7a 2d 88 c1 1c 2b 13 e7 24 | e2 58 42 b3 ef a9 50 20 a2 af bf f6 51 99 a5 ef | 85 e2 ea c9 1b bc fc f2 4d fa 77 0c 36 bb 6b 49 | 32 3d ee 14 69 7a 68 72 ed fb 43 18 48 90 36 7f | fb 93 2f b3 96 cc 22 59 a7 0a a0 be e4 60 92 40 | 26 4b 66 82 5d e3 4c 96 c4 e8 42 20 68 5e 63 fa | 8a 2f 3d 31 26 5b 9b df 2a a3 c3 9d 05 48 7b a7 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | b7 42 26 47 3f da f0 cc 9c 94 c2 fb b9 9c 29 26 | e4 70 fd f6 2c 00 00 28 00 00 00 24 01 03 04 03 | 56 9c ad 86 03 00 00 08 01 00 00 0c 03 00 00 08 | 03 00 00 02 00 00 00 08 05 00 00 00 2d 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 01 00 | c0 00 01 ff 00 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 02 00 c0 00 02 ff 00 01 02 03 | stripping 4 octets as pad | #13 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) | **parse IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDi (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SA (len=36) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Responder: process IKE_AUTH request | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request "east" #13: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} | #13 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | received IDr payload - extracting our alleged ID | refine_host_connection for IKEv2: starting with "east" | match_id a=@west | b=@west | results matched | refine_host_connection: checking "east" against "east", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) | Warning: not switching back to template of current instance | Peer expects us to be @east (ID_FQDN) according to its IDr payload | This connection's local id is @east (ID_FQDN) | refine_host_connection: checked east against east, now for see if best | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x564e2d1ae180 (line=1) | concluding with best_match=014 best=0x564e2d1ae180 (lineno=1) | returning because exact peer id match | offered CA: '%none' "east" #13: IKEv2 mode peer ID is ID_FQDN: '@west' | hmac PRF sha init symkey-key@0x7f2a4000eee0 (size 20) | hmac: symkey-key@0x7f2a4000eee0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4000eee0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765be8 | result: clone-key@0x7f2a4000bdb0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x7f2a4000bdb0 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x7f2a4000bdb0 | hmac: release clone-key@0x7f2a4000bdb0 | hmac PRF sha crypt-prf@0x564e2d1c1aa0 | idhash verify I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x564e2d1c4fb4 (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7fff8d765da0 (length 20) | 4d c5 05 d1 59 4f 24 1f 9b e6 a3 e6 4e 35 48 70 | f1 2c 3d 5e | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x564e2d1ae180 (line=1) | concluding with best_match=014 best=0x564e2d1ae180 (lineno=1) | inputs to hash1 (first packet) | 32 8c 0a 7b f8 de 47 71 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 0b 37 c5 ca 75 d3 ab bc b8 05 cf 7c | 4d 45 1e 9e fd 12 32 ff 39 45 9b d4 55 bb d5 05 | 2f 0e 81 8f e5 6c 56 37 04 9a 49 95 6a ae 5d 3c | 2f b9 56 fd e2 1e 4c bd c9 47 53 d0 eb d2 55 e9 | 4e 7f 43 3b be c0 77 15 a5 ca 2d ff 02 5e 27 d7 | 10 2c cc d7 59 6f c2 40 63 e2 f9 98 9d 4a 81 12 | 5b b1 7e 06 e4 7d 4d eb f7 1f fe 75 4e fc b3 f4 | f2 0a 53 e7 13 4c 38 22 97 12 90 17 67 20 f5 ed | fd c8 c8 81 9b b8 4e 72 fc f3 82 17 5d d4 c4 33 | cb 7b 67 4b 62 1b 3b d3 07 e1 c4 90 fd 39 f1 3e | 65 78 d5 bb a3 f8 3a 71 45 f9 c0 f0 08 8c 2b 06 | 95 f1 7e 2e ab 5e 2c a0 27 65 8e d6 62 00 96 88 | a0 c5 46 68 20 b5 6b e5 60 48 4e e8 75 7a a4 47 | 75 c7 e6 61 5c c5 47 48 7b ad 74 16 b0 12 bc 70 | 8b 29 f8 b2 04 be 70 1b c8 18 a2 e2 d5 18 3d 80 | c6 db cd f7 4c 50 07 76 cb 4f 0b 5a 97 ca d0 dd | 55 5f 2c d4 29 00 00 24 24 d2 c2 9e 1c 53 18 91 | db 47 8c 36 d3 df bd b2 1a 0e fc 2d f5 92 a6 be | a4 46 ff 67 80 35 22 da 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 f3 3c ac f4 c4 fb 3c 36 | c4 92 5c 1f 1b 51 5b 0e 28 f3 95 df 00 00 00 1c | 00 00 40 05 dd 08 2b 8a 69 ae 03 41 a2 d9 9a d7 | 44 c0 08 d7 b0 2e 2b c5 | verify: initiator inputs to hash2 (responder nonce) | 99 a4 f1 4d 04 48 65 ea b9 39 82 0b e7 86 03 b5 | 10 fc e7 0c ac 18 e6 13 53 7e 0c 1b 65 3b c0 97 | idhash 4d c5 05 d1 59 4f 24 1f 9b e6 a3 e6 4e 35 48 70 | idhash f1 2c 3d 5e | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x564e2d1b8960 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d7659f0 | result: shared secret-key@0x7f2a4c006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7f2a4c006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7659d8 | result: shared secret-key@0x7f2a4000bdb0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7f2a4c006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x564e2d1a1160 from shared secret-key@0x7f2a4000bdb0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x564e2d1a1160 from shared secret-key@0x7f2a4000bdb0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f2a4000bdb0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x564e2d1be510 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x564e2b4e7bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765a10 | result: final-key@0x7f2a4c006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a4c006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7659f8 | result: final-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a4c006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f2a4000bdb0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f2a4000bdb0 (size 20) | = prf(, ): -key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765a08 | result: clone-key@0x7f2a4c006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x564e2d1a1160 from -key@0x7f2a4c006900 | = prf(, ) prf: begin sha with context 0x564e2d1a1160 from -key@0x7f2a4c006900 | = prf(, ): release clone-key@0x7f2a4c006900 | = prf(, ) PRF sha crypt-prf@0x564e2d1c3390 | = prf(, ) PRF sha update first-packet-bytes@0x564e2d1c66d0 (length 440) | 32 8c 0a 7b f8 de 47 71 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 0b 37 c5 ca 75 d3 ab bc b8 05 cf 7c | 4d 45 1e 9e fd 12 32 ff 39 45 9b d4 55 bb d5 05 | 2f 0e 81 8f e5 6c 56 37 04 9a 49 95 6a ae 5d 3c | 2f b9 56 fd e2 1e 4c bd c9 47 53 d0 eb d2 55 e9 | 4e 7f 43 3b be c0 77 15 a5 ca 2d ff 02 5e 27 d7 | 10 2c cc d7 59 6f c2 40 63 e2 f9 98 9d 4a 81 12 | 5b b1 7e 06 e4 7d 4d eb f7 1f fe 75 4e fc b3 f4 | f2 0a 53 e7 13 4c 38 22 97 12 90 17 67 20 f5 ed | fd c8 c8 81 9b b8 4e 72 fc f3 82 17 5d d4 c4 33 | cb 7b 67 4b 62 1b 3b d3 07 e1 c4 90 fd 39 f1 3e | 65 78 d5 bb a3 f8 3a 71 45 f9 c0 f0 08 8c 2b 06 | 95 f1 7e 2e ab 5e 2c a0 27 65 8e d6 62 00 96 88 | a0 c5 46 68 20 b5 6b e5 60 48 4e e8 75 7a a4 47 | 75 c7 e6 61 5c c5 47 48 7b ad 74 16 b0 12 bc 70 | 8b 29 f8 b2 04 be 70 1b c8 18 a2 e2 d5 18 3d 80 | c6 db cd f7 4c 50 07 76 cb 4f 0b 5a 97 ca d0 dd | 55 5f 2c d4 29 00 00 24 24 d2 c2 9e 1c 53 18 91 | db 47 8c 36 d3 df bd b2 1a 0e fc 2d f5 92 a6 be | a4 46 ff 67 80 35 22 da 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 f3 3c ac f4 c4 fb 3c 36 | c4 92 5c 1f 1b 51 5b 0e 28 f3 95 df 00 00 00 1c | 00 00 40 05 dd 08 2b 8a 69 ae 03 41 a2 d9 9a d7 | 44 c0 08 d7 b0 2e 2b c5 | = prf(, ) PRF sha update nonce-bytes@0x7f2a5000a380 (length 32) | 99 a4 f1 4d 04 48 65 ea b9 39 82 0b e7 86 03 b5 | 10 fc e7 0c ac 18 e6 13 53 7e 0c 1b 65 3b c0 97 | = prf(, ) PRF sha update hash-bytes@0x7fff8d765da0 (length 20) | 4d c5 05 d1 59 4f 24 1f 9b e6 a3 e6 4e 35 48 70 | f1 2c 3d 5e | = prf(, ) PRF sha final-chunk@0x564e2d1c1aa0 (length 20) | b7 42 26 47 3f da f0 cc 9c 94 c2 fb b9 9c 29 26 | e4 70 fd f6 | psk_auth: release prf-psk-key@0x7f2a4000bdb0 | Received PSK auth octets | b7 42 26 47 3f da f0 cc 9c 94 c2 fb b9 9c 29 26 | e4 70 fd f6 | Calculated PSK auth octets | b7 42 26 47 3f da f0 cc 9c 94 c2 fb b9 9c 29 26 | e4 70 fd f6 "east" #13: Authenticated using authby=secret | parent state #13: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) | #13 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) | state #13 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f2a480060f0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564e2d1be610 | event_schedule: new EVENT_SA_REKEY-pe@0x564e2d1be610 | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #13 | libevent_malloc: new ptr-libevent@0x7f2a480060f0 size 128 | pstats #13 ikev2.ike established | **emit ISAKMP Message: | initiator cookie: | 32 8c 0a 7b f8 de 47 71 | responder cookie: | 2c 2f 54 a7 a1 72 6f 05 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | hmac PRF sha init symkey-key@0x7f2a40009e40 (size 20) | hmac: symkey-key@0x7f2a40009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a40009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765558 | result: clone-key@0x7f2a4000bdb0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x7f2a4000bdb0 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x7f2a4000bdb0 | hmac: release clone-key@0x7f2a4000bdb0 | hmac PRF sha crypt-prf@0x564e2d1c19f0 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload | my identity 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | idhash calc R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x564e2b553974 (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7fff8d765860 (length 20) | 06 a2 a9 ad 4f 6c fe be 62 2c 62 ea f9 3b 37 5d | 5c e8 e2 c9 | assembled IDr payload | CHILD SA proposals received | going to assemble AUTH payload | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x564e2d1ae180 (line=1) | concluding with best_match=014 best=0x564e2d1ae180 (lineno=1) | inputs to hash1 (first packet) | 32 8c 0a 7b f8 de 47 71 2c 2f 54 a7 a1 72 6f 05 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 47 54 1c ab 3f 61 a3 6d a7 96 4a a0 | 0f 4f 14 2a b4 41 00 3f 6a df ca 90 e6 a1 b0 57 | 72 dc 1a 8f 45 4b b8 27 61 69 87 24 6d 0d 87 a5 | 69 3f e7 01 03 4f 5a 6c d9 bf eb 21 66 9d 86 8c | 5c f4 2f d2 b7 ab f8 8f 95 d2 58 00 bc 98 31 04 | e6 5c 5c 43 f7 78 23 e8 bd e6 9f 6f 81 74 58 cc | 7d fb 29 f4 b0 29 ef f7 11 ae 4a 14 8e e4 f1 0d | ca 8d c0 6e e6 5f 24 26 5e 01 ef b4 2b 67 50 78 | 58 9f ed b8 10 b7 e0 92 3a c0 ad d0 f5 c1 c2 e4 | 45 96 96 1b 4b 38 6a c0 e3 79 d8 4c 05 ea f4 19 | cd c9 b6 ac 25 b8 e0 2b 85 b4 38 ae 64 4c 39 01 | 81 ed d1 d5 57 e9 a9 9e 78 c1 25 83 6c e7 44 85 | d8 3d 41 d9 74 3f ba 5d 03 66 0b 8f a9 cc fe 16 | 52 59 92 ae 22 52 3a b0 ac 4a 82 7e 3e d9 b5 cd | 2d 61 e0 14 78 1f 80 8c fd 67 5f 74 3d 4b 6d 10 | c2 93 3c ce 48 84 af 6f 1a c6 f8 e3 4d 50 17 e6 | 94 26 aa ae 29 00 00 24 99 a4 f1 4d 04 48 65 ea | b9 39 82 0b e7 86 03 b5 10 fc e7 0c ac 18 e6 13 | 53 7e 0c 1b 65 3b c0 97 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 59 42 f9 60 4c 17 34 e8 | 61 c5 61 e9 6f 51 7e fa be 38 fd 41 00 00 00 1c | 00 00 40 05 97 c4 a4 96 af c0 33 a2 9f f2 c4 2a | 10 86 16 e1 48 97 8c 03 | create: responder inputs to hash2 (initiator nonce) | 24 d2 c2 9e 1c 53 18 91 db 47 8c 36 d3 df bd b2 | 1a 0e fc 2d f5 92 a6 be a4 46 ff 67 80 35 22 da | idhash 06 a2 a9 ad 4f 6c fe be 62 2c 62 ea f9 3b 37 5d | idhash 5c e8 e2 c9 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x564e2d1b8960 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765350 | result: shared secret-key@0x7f2a4c006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7f2a4c006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765338 | result: shared secret-key@0x7f2a4000bdb0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7f2a4c006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x564e2d1a1160 from shared secret-key@0x7f2a4000bdb0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x564e2d1a1160 from shared secret-key@0x7f2a4000bdb0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f2a4000bdb0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x564e2d1c1aa0 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x564e2b4e7bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765370 | result: final-key@0x7f2a4c006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a4c006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765358 | result: final-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a4c006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f2a4000bdb0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f2a4000bdb0 (size 20) | = prf(, ): -key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765368 | result: clone-key@0x7f2a4c006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x564e2d1a1160 from -key@0x7f2a4c006900 | = prf(, ) prf: begin sha with context 0x564e2d1a1160 from -key@0x7f2a4c006900 | = prf(, ): release clone-key@0x7f2a4c006900 | = prf(, ) PRF sha crypt-prf@0x564e2d1be510 | = prf(, ) PRF sha update first-packet-bytes@0x564e2d1c6890 (length 440) | 32 8c 0a 7b f8 de 47 71 2c 2f 54 a7 a1 72 6f 05 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 47 54 1c ab 3f 61 a3 6d a7 96 4a a0 | 0f 4f 14 2a b4 41 00 3f 6a df ca 90 e6 a1 b0 57 | 72 dc 1a 8f 45 4b b8 27 61 69 87 24 6d 0d 87 a5 | 69 3f e7 01 03 4f 5a 6c d9 bf eb 21 66 9d 86 8c | 5c f4 2f d2 b7 ab f8 8f 95 d2 58 00 bc 98 31 04 | e6 5c 5c 43 f7 78 23 e8 bd e6 9f 6f 81 74 58 cc | 7d fb 29 f4 b0 29 ef f7 11 ae 4a 14 8e e4 f1 0d | ca 8d c0 6e e6 5f 24 26 5e 01 ef b4 2b 67 50 78 | 58 9f ed b8 10 b7 e0 92 3a c0 ad d0 f5 c1 c2 e4 | 45 96 96 1b 4b 38 6a c0 e3 79 d8 4c 05 ea f4 19 | cd c9 b6 ac 25 b8 e0 2b 85 b4 38 ae 64 4c 39 01 | 81 ed d1 d5 57 e9 a9 9e 78 c1 25 83 6c e7 44 85 | d8 3d 41 d9 74 3f ba 5d 03 66 0b 8f a9 cc fe 16 | 52 59 92 ae 22 52 3a b0 ac 4a 82 7e 3e d9 b5 cd | 2d 61 e0 14 78 1f 80 8c fd 67 5f 74 3d 4b 6d 10 | c2 93 3c ce 48 84 af 6f 1a c6 f8 e3 4d 50 17 e6 | 94 26 aa ae 29 00 00 24 99 a4 f1 4d 04 48 65 ea | b9 39 82 0b e7 86 03 b5 10 fc e7 0c ac 18 e6 13 | 53 7e 0c 1b 65 3b c0 97 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 59 42 f9 60 4c 17 34 e8 | 61 c5 61 e9 6f 51 7e fa be 38 fd 41 00 00 00 1c | 00 00 40 05 97 c4 a4 96 af c0 33 a2 9f f2 c4 2a | 10 86 16 e1 48 97 8c 03 | = prf(, ) PRF sha update nonce-bytes@0x7f2a48005f00 (length 32) | 24 d2 c2 9e 1c 53 18 91 db 47 8c 36 d3 df bd b2 | 1a 0e fc 2d f5 92 a6 be a4 46 ff 67 80 35 22 da | = prf(, ) PRF sha update hash-bytes@0x7fff8d765860 (length 20) | 06 a2 a9 ad 4f 6c fe be 62 2c 62 ea f9 3b 37 5d | 5c e8 e2 c9 | = prf(, ) PRF sha final-chunk@0x564e2d1c19f0 (length 20) | 7f 95 45 8b 31 c3 0f 39 af 8b 79 59 8f dc 7c 63 | fa 62 ae 61 | psk_auth: release prf-psk-key@0x7f2a4000bdb0 | PSK auth octets 7f 95 45 8b 31 c3 0f 39 af 8b 79 59 8f dc 7c 63 | PSK auth octets fa 62 ae 61 | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth 7f 95 45 8b 31 c3 0f 39 af 8b 79 59 8f dc 7c 63 | PSK auth fa 62 ae 61 | emitting length of IKEv2 Authentication Payload: 28 | creating state object #14 at 0x564e2d1cbdd0 | State DB: adding IKEv2 state #14 in UNDEFINED | pstats #14 ikev2.child started | duplicating state object #13 "east" as #14 for IPSEC SA | #14 setting local endpoint to 192.1.2.23:500 from #13.st_localport (in duplicate_state() at state.c:1481) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x564e2d1a8430 | duplicate_state: reference st_skey_ai_nss-key@0x564e2d1bff30 | duplicate_state: reference st_skey_ar_nss-key@0x7f2a500069f0 | duplicate_state: reference st_skey_ei_nss-key@0x7f2a40006450 | duplicate_state: reference st_skey_er_nss-key@0x564e2d1c1a10 | duplicate_state: reference st_skey_pi_nss-key@0x7f2a4000eee0 | duplicate_state: reference st_skey_pr_nss-key@0x7f2a40009e40 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #13.#14; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #13 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 | Message ID: switch-to #13.#14 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 | Child SA TS Request has ike->sa == md->st; so using parent connection | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | looking for best SPD in current connection | evaluating our conn="east" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found better spd route for TSi[0],TSr[0] | looking for better host pair | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | checking hostpair 192.0.2.0/24:0 -> 192.0.1.0/24:0 is found | investigating connection "east" as a better match | match_id a=@west | b=@west | results matched | evaluating our conn="east" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | did not find a better connection using host pair | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | using existing local ESP/AH proposals for east (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED 2:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 0 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 1 transforms | local proposal 2 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 36 (0x24) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI 56 9c ad 86 | Comparing remote proposal 1 containing 3 transforms against local proposal [1..2] of 2 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: INTEG+ESN; unmatched: ENCR | remote proposal 1 does not match; unmatched remote transforms: ENCR "east" #13: no local proposal matches remote proposals 1:ESP:ENCR=AES_CBC;INTEG=HMAC_SHA1_96;ESN=DISABLED "east" #13: IKE_AUTH responder matching remote ESP/AH proposals failed, responder SA processing returned STF_FAIL+v2N_NO_PROPOSAL_CHOSEN | ikev2_child_sa_respond returned STF_FAIL+v2N_NO_PROPOSAL_CHOSEN | ikev2_parent_inI2outR2_continue_tail returned STF_FAIL+v2N_NO_PROPOSAL_CHOSEN | #13 spent 0.992 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() | suspend processing: state #13 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #14 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #14 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_FAIL+v2N_NO_PROPOSAL_CHOSEN | sending a notification reply "east" #14: responding to IKE_AUTH message (ID 1) from 192.1.2.45:500 with encrypted notification NO_PROPOSAL_CHOSEN | Opening output PBS encrypted notification | **emit ISAKMP Message: | initiator cookie: | 32 8c 0a 7b f8 de 47 71 | responder cookie: | 2c 2f 54 a7 a1 72 6f 05 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'encrypted notification' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | Adding a v2N Payload | ****emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'encrypted notification' | emitting length of IKEv2 Notify Payload: 8 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | f5 c0 f9 70 32 7d 46 15 f8 3e 99 1e 39 02 01 44 | data before encryption: | 00 00 00 08 00 00 00 0e 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 73 65 d7 2e 2a f2 54 a1 fb c7 c5 e2 c4 b8 b8 9c | hmac PRF sha init symkey-key@0x7f2a500069f0 (size 20) | hmac: symkey-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765628 | result: clone-key@0x7f2a4000bdb0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x7f2a4000bdb0 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x7f2a4000bdb0 | hmac: release clone-key@0x7f2a4000bdb0 | hmac PRF sha crypt-prf@0x564e2d1c1af0 | hmac PRF sha update data-bytes@0x7fff8d765a60 (length 64) | 32 8c 0a 7b f8 de 47 71 2c 2f 54 a7 a1 72 6f 05 | 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | f5 c0 f9 70 32 7d 46 15 f8 3e 99 1e 39 02 01 44 | 73 65 d7 2e 2a f2 54 a1 fb c7 c5 e2 c4 b8 b8 9c | hmac PRF sha final-bytes@0x7fff8d765aa0 (length 20) | 67 f7 cd bf 24 7b 5b 63 51 ca c1 88 34 04 6a 6d | a7 8c 2a 6c | data being hmac: 32 8c 0a 7b f8 de 47 71 2c 2f 54 a7 a1 72 6f 05 | data being hmac: 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | data being hmac: f5 c0 f9 70 32 7d 46 15 f8 3e 99 1e 39 02 01 44 | data being hmac: 73 65 d7 2e 2a f2 54 a1 fb c7 c5 e2 c4 b8 b8 9c | out calculated auth: | 67 f7 cd bf 24 7b 5b 63 51 ca c1 88 | sending 76 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #13) | 32 8c 0a 7b f8 de 47 71 2c 2f 54 a7 a1 72 6f 05 | 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | f5 c0 f9 70 32 7d 46 15 f8 3e 99 1e 39 02 01 44 | 73 65 d7 2e 2a f2 54 a1 fb c7 c5 e2 c4 b8 b8 9c | 67 f7 cd bf 24 7b 5b 63 51 ca c1 88 | forcing #14 to a discard event | event_schedule: new EVENT_SO_DISCARD-pe@0x564e2d1c4cf0 | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #14 | libevent_malloc: new ptr-libevent@0x7f2a50011520 size 128 | state transition function for STATE_UNDEFINED failed: v2N_NO_PROPOSAL_CHOSEN | resume sending helper answer for #13 suppresed complete_v2_state_transition() | #13 spent 1.52 milliseconds in resume sending helper answer | stop processing: state #14 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f2a54008da0 | spent 0.00259 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 8f b8 e0 55 77 b6 fa 77 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 00 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 56 0f 4a 49 b6 d8 ef 5e 9a 20 49 08 | dd 4f f6 f4 4c c1 98 0c 10 59 a0 6d 0a 3f 22 e6 | fd eb e3 cc dd e7 45 14 1e d1 a2 5a bb b5 9f b3 | 53 c4 d2 50 f8 ca 28 88 0d c1 6f ce 83 8c cc 10 | c8 0e 29 2e 7d 8f 78 58 73 eb e5 19 3e 2f 28 fd | e8 ca 3a 57 2b 23 2e 44 9f b8 3c 2d c1 90 58 12 | 61 c6 a3 a1 90 10 12 de 30 5a f3 38 d1 cc c6 f7 | aa bd 37 df 5b 83 df b1 41 88 0a 3c f2 ef 23 6b | ea 57 ca 38 6b fd 28 64 df ba 18 24 54 83 d4 9f | 67 56 79 c1 36 20 8f 64 4b 17 43 44 bd 61 e6 31 | 50 24 7e da 46 17 ca 99 af 74 b2 3f 39 57 1e 86 | 8c b0 e6 83 22 dc 3a 59 dc 63 78 1b fd 05 74 87 | d9 3b 77 39 77 71 1f b4 5c f8 52 2a 99 cc a6 bb | 1b 6f 32 54 ac 55 a8 7a c8 f9 87 70 0b 4a e4 80 | 3f dd 2a 8f fd fd 92 e2 7a e6 16 60 3b ba 22 ba | 13 d3 2e 14 6b 35 ce 90 5e 77 1d d8 a5 47 ea 87 | 5f fb 80 f4 29 00 00 24 19 54 a8 29 bd ca 2a 0e | db 5e 5e 3e cd b8 b3 cb cf 49 5e 6c 04 bf 09 00 | 41 49 39 40 09 44 58 db 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 0e d4 2b 9e bc 40 ea 1d | dc 27 df 40 a7 bc 01 b2 37 18 d4 99 00 00 00 1c | 00 00 40 05 fe 37 2d b6 5f 19 70 d2 b2 72 a1 83 | ce fd 41 91 61 7d af 95 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 8f b8 e0 55 77 b6 fa 77 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x564e2d1ba2a0 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x564e2b547700 (length 32) | 62 69 c2 24 61 0b eb 03 31 69 8e 34 fa 62 6b 0f | 9f 9c e7 e3 dc ef ed d7 ff d6 12 6f b4 c1 0b 04 | IKE SPIr hash sha2_256 digest counter-bytes@0x564e2b5476e0 (length 4) | 0a 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff8d7668e0 (length 32) | c2 49 4e 63 8e d9 05 6b 7c 27 e8 17 82 e1 95 d5 | bb 27 9b 7f b9 ac 2f 7b ec 10 3b 97 a9 2f 1f 6c | creating state object #15 at 0x564e2d1bd370 | State DB: adding IKEv2 state #15 in UNDEFINED | pstats #15 ikev2.ike started | Message ID: init #15: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #15: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #15; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #15 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #15 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #15 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #15 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #15 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #15 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #15 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) "east" #15: af+type of IKEv2 Attribute Substructure Payload has an unknown value: 14 (0xe) "east" #15: remote proposal 1 transform 0 contains corrupt attribute "east" #15: partial list of remote proposals: 1:IKE:[corrupt-attribute] "east" #15: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification INVALID_SYNTAX | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | 8f b8 e0 55 77 b6 fa 77 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_INVALID_SYNTAX (0x7) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | 8f b8 e0 55 77 b6 fa 77 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 07 | #15 spent 0.191 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #15 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #15 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #15 has no whack fd | pstats #15 ikev2.ike deleted other | [RE]START processing: state #15 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #15: deleting state (STATE_PARENT_R0) aged 0.001s and NOT sending notification | parent state #15: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #15 in PARENT_R0 | parent state #15: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #15 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #15 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.742 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00284 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | cb 78 6f 84 f9 0f 2e af 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 00 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 03 e2 eb fa 70 a7 86 21 02 15 5f ae | 73 25 ee 5a 8f 71 3e e1 f7 47 a1 b3 52 c1 df ca | 35 6c c4 c2 20 e5 cf 4c 85 07 53 a1 e4 db 14 68 | f9 f7 bc 79 7a bf e1 3c f4 53 b3 62 ff 92 70 90 | 74 dc d4 3f 9b aa c5 b6 29 cf d8 2c 50 c2 4e fc | fa 22 f2 ce 96 c4 91 b2 5a 9b 25 db 0a 8c da 40 | 5b ba ba dd 84 9b 81 cc 43 d7 5f ba 21 75 ab 6e | 8a 70 b2 ce 2a 98 8a 6d 09 93 ef 6e 95 af 27 d7 | 01 02 6e 86 07 fd 1c b0 20 1f de 01 a2 aa 19 9e | 65 0f 05 db de 1d cd 89 b6 ec 46 38 5c 09 51 15 | 6f 11 7b 85 4a 9b 27 ff da f3 35 27 78 25 7a 67 | 10 2a 80 ba bd 6b d2 19 d1 62 cb ca 3a 0d e0 10 | 6e be e5 09 90 31 7f c9 56 3a a7 b9 b1 46 1d ca | cc 89 12 5a 5a b1 24 2c 01 b2 95 92 8b 3c 16 bc | 66 e1 3d d9 ff 2e 30 d3 71 86 15 86 75 af 1a 68 | 17 f8 b1 20 6b 2c 00 c8 f6 60 f1 0a 7e a4 4c 26 | 92 ac f8 d1 29 00 00 24 dd e0 e1 96 58 ee 0b e4 | bd c7 2b 3a cb 7f d8 6e fb 1b ee 7e b1 15 4c e1 | 49 52 d9 90 b6 e5 a4 76 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 25 e2 6b 54 fa 4c e4 09 | b1 55 fb d3 74 64 85 f1 b3 6d 1a 6f 00 00 00 1c | 00 00 40 05 e0 cc 04 61 17 07 f3 ec b5 09 a7 45 | 96 5d 99 a5 9d eb 13 4c | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | cb 78 6f 84 f9 0f 2e af | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x564e2d1ba2a0 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x564e2b547700 (length 32) | 62 69 c2 24 61 0b eb 03 31 69 8e 34 fa 62 6b 0f | 9f 9c e7 e3 dc ef ed d7 ff d6 12 6f b4 c1 0b 04 | IKE SPIr hash sha2_256 digest counter-bytes@0x564e2b5476e0 (length 4) | 0b 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff8d7668e0 (length 32) | c9 40 e2 69 a9 65 8c dc bc 68 de c0 7c 0c 09 e2 | da a2 cb fc d8 55 ea 79 81 ac 67 ff 8f 5e 7c 9e | creating state object #16 at 0x564e2d1bd370 | State DB: adding IKEv2 state #16 in UNDEFINED | pstats #16 ikev2.ike started | Message ID: init #16: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #16: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #16; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #16 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #16 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #16 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #16 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #16 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #16 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #16 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) "east" #16: af+type of IKEv2 Attribute Substructure Payload has an unknown value: 14 (0xe) "east" #16: remote proposal 1 transform 0 contains corrupt attribute "east" #16: partial list of remote proposals: 1:IKE:[corrupt-attribute] "east" #16: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification INVALID_SYNTAX | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | cb 78 6f 84 f9 0f 2e af | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_INVALID_SYNTAX (0x7) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | cb 78 6f 84 f9 0f 2e af 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 07 | #16 spent 0.151 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #16 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #16 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #16 has no whack fd | pstats #16 ikev2.ike deleted other | [RE]START processing: state #16 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #16: deleting state (STATE_PARENT_R0) aged 0.000s and NOT sending notification | parent state #16: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #16 in PARENT_R0 | parent state #16: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #16 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #16 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.645 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00264 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | e4 28 0a 78 88 3f a0 b2 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 00 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 c0 12 cf 89 3a ec 22 d3 de 58 72 b3 | 0c a1 c9 c3 90 99 b0 12 17 8d 71 42 ff 71 43 d6 | 6f bf 31 15 51 bf ee a3 f1 99 7e e6 60 46 02 59 | ec c0 4a 5e 9a b1 6c 8e 6d 59 2c 49 b4 b3 1f 20 | 6b 68 20 b2 5e 2e 04 7f d6 ea 8b 0c 4d 5d 0f 47 | bf b3 5b 8f f5 0a e4 02 fe 69 6d 2c 23 b6 36 70 | 3d 8f 5c 4d 4a 33 ff 7e 32 ca e7 ad 4d aa 25 69 | 67 e2 e9 4d 5e e8 d0 6d da 15 a8 15 4a 01 aa 6c | da 24 5d 63 fe 38 d4 a3 44 28 72 a8 1c 73 f0 a5 | 5e af db a6 81 6e b2 16 4f 08 4a 50 76 2b cf db | c9 35 83 f1 70 69 37 67 88 c7 8b 31 91 c3 f3 7d | e9 33 9a 73 1e 79 ba 20 be 98 33 b7 4a 8b 02 ff | 05 03 72 0d ef 40 b2 3c c1 f6 bb 64 61 93 30 70 | 92 22 71 eb e8 4d 30 3d 71 3f 5c 8c 47 f9 bb b5 | 59 22 38 4c eb 8f 69 ab 00 eb d0 0d 40 a5 4c 05 | af 72 10 f8 f1 87 af 4b cc d5 8d a9 ff 66 30 ec | ba 9b ca bc 29 00 00 24 af 2c 31 db 93 db ed b0 | ac f9 70 ad 8a 58 70 ed 98 f9 09 d1 50 a1 68 e1 | 3e 73 7a 28 40 96 99 95 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 fc f2 02 84 27 93 70 63 | 2a 34 89 a2 68 8e 53 a1 43 f4 d3 e5 00 00 00 1c | 00 00 40 05 e1 11 32 cd af 36 08 e1 b3 88 e9 31 | 6c 2d 0f a2 2a cf fe 9b | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | e4 28 0a 78 88 3f a0 b2 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x564e2d1ba2a0 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x564e2b547700 (length 32) | 62 69 c2 24 61 0b eb 03 31 69 8e 34 fa 62 6b 0f | 9f 9c e7 e3 dc ef ed d7 ff d6 12 6f b4 c1 0b 04 | IKE SPIr hash sha2_256 digest counter-bytes@0x564e2b5476e0 (length 4) | 0c 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff8d7668e0 (length 32) | e1 34 74 3d 0a b0 3d 30 b3 02 66 96 3a 76 c9 bd | 8b 42 24 8a 5d d6 71 4f 0f 23 c3 e9 3c 35 9d ef | creating state object #17 at 0x564e2d1bd370 | State DB: adding IKEv2 state #17 in UNDEFINED | pstats #17 ikev2.ike started | Message ID: init #17: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #17: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #17; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #17 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #17 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #17 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #17 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #17 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #17 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #17 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) "east" #17: af+type of IKEv2 Attribute Substructure Payload has an unknown value: 14 (0xe) "east" #17: remote proposal 1 transform 0 contains corrupt attribute "east" #17: partial list of remote proposals: 1:IKE:[corrupt-attribute] "east" #17: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification INVALID_SYNTAX | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | e4 28 0a 78 88 3f a0 b2 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_INVALID_SYNTAX (0x7) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | e4 28 0a 78 88 3f a0 b2 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 07 | #17 spent 0.143 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #17 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #17 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #17 has no whack fd | pstats #17 ikev2.ike deleted other | [RE]START processing: state #17 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #17: deleting state (STATE_PARENT_R0) aged 0.000s and NOT sending notification | parent state #17: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #17 in PARENT_R0 | parent state #17: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #17 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #17 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.646 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00289 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | ca ef f6 ba 4f 39 78 4c 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 00 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 50 45 56 e9 cf 2d 77 9b bf c9 36 13 | 63 92 48 98 e3 69 11 e2 c2 fe f6 bb cb 73 74 d7 | 4a c8 2e 07 d7 98 eb 18 9b e4 ed 10 ce dd 60 b6 | f8 60 3d 3a fc 03 8d 09 67 c3 7c 80 d3 dd 57 26 | 80 6d 0a a1 25 20 eb d7 03 4f 9b c7 d4 2f 59 79 | 4f 53 0d 18 bb a0 25 a1 5d f7 de cf ca 29 b9 94 | aa b8 f4 ff 6e d5 ce 75 a8 0c 5b 0e 07 e3 56 90 | 68 83 26 70 6b f3 d5 39 18 b4 da 45 ed 3a 4b 93 | 9d 6c ae 30 0a 0f a5 a8 74 96 1d dd da 45 cd 86 | 10 86 a1 78 e7 db fc dc 12 49 b2 0b fe 71 76 6f | 26 54 5b a9 c1 cb f3 03 7b e9 b6 f5 18 86 67 83 | 8c 88 49 4c a0 d0 2d c7 ee 4d b9 97 f5 49 9a c1 | 8a c8 ae ee 53 3f b9 bd c3 e2 f0 c6 d5 62 2f 82 | 08 ad 59 f5 52 06 72 9c 07 c7 23 f8 ed 5f 55 f4 | d2 62 3f ca 3b 97 4f 04 2b 42 ab d0 96 56 00 95 | b2 96 4a 0d 29 36 9c aa 11 da 61 c4 eb a4 8e 8e | 34 8c 06 f3 29 00 00 24 56 45 63 de c1 05 1f f7 | 02 bc c6 1f a1 1a 21 77 19 b2 bf 57 64 ff 22 04 | 5e 93 44 63 84 a8 66 26 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 a5 fb f5 71 6f a5 3d a0 | dc a6 7f 15 97 fe 2c ec 74 89 a3 81 00 00 00 1c | 00 00 40 05 16 33 e7 2c 25 c0 95 1d 30 8c 95 7b | b4 15 d8 bc 0d 98 09 4f | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | ca ef f6 ba 4f 39 78 4c | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x564e2d1ba2a0 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x564e2b547700 (length 32) | 62 69 c2 24 61 0b eb 03 31 69 8e 34 fa 62 6b 0f | 9f 9c e7 e3 dc ef ed d7 ff d6 12 6f b4 c1 0b 04 | IKE SPIr hash sha2_256 digest counter-bytes@0x564e2b5476e0 (length 4) | 0d 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff8d7668e0 (length 32) | 76 c2 74 e8 e1 ff 7c 01 28 0e 1b 5e fa 48 30 58 | c2 f9 37 ae a9 8f 05 a0 f2 35 f7 c8 67 63 15 6b | creating state object #18 at 0x564e2d1bd370 | State DB: adding IKEv2 state #18 in UNDEFINED | pstats #18 ikev2.ike started | Message ID: init #18: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #18: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #18; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #18 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #18 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #18 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #18 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #18 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #18 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #18 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) "east" #18: af+type of IKEv2 Attribute Substructure Payload has an unknown value: 14 (0xe) "east" #18: remote proposal 1 transform 0 contains corrupt attribute "east" #18: partial list of remote proposals: 1:IKE:[corrupt-attribute] "east" #18: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification INVALID_SYNTAX | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | ca ef f6 ba 4f 39 78 4c | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_INVALID_SYNTAX (0x7) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | ca ef f6 ba 4f 39 78 4c 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 07 | #18 spent 0.151 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #18 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #18 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #18 has no whack fd | pstats #18 ikev2.ike deleted other | [RE]START processing: state #18 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #18: deleting state (STATE_PARENT_R0) aged 0.000s and NOT sending notification | parent state #18: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #18 in PARENT_R0 | parent state #18: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #18 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #18 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.633 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00252 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 436 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 77 b7 16 f5 93 c2 45 01 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | fc a6 33 33 e8 8a e7 83 c7 8d 84 29 25 23 a0 e1 | ee ea 09 e2 73 d5 47 d3 59 9b a0 98 28 8d d2 a1 | b8 5e 31 d2 fa 43 5a 9e 7e 97 6e 21 1f 12 bd ff | 77 04 b5 1e 44 c4 61 93 61 a9 03 2b de 3c 1b fe | 22 54 be 08 8a cc fe 8a ff 22 30 4c c7 ea 6e 8e | 38 41 f7 3f fd 64 63 c8 fd e1 d3 83 54 76 bc a4 | 04 b3 b9 26 f9 75 75 a9 7c cd e4 e0 9c ea 48 e7 | 45 7c a8 71 fd cf 26 2d d6 81 36 0e 7e cc 38 e5 | f4 7c b8 0d 2c fd 9a b6 3c db e8 2b 4b 31 e0 cb | 4a c2 ad 1d 12 c2 b9 32 a4 9c 03 ef 37 64 c9 92 | 2e a6 8b a9 e1 85 71 e5 7f 99 16 05 5f c4 ce 02 | 2b c3 61 d8 8f 6e 06 94 9f 48 9d c1 1f df 09 ab | 22 8c 85 cc 25 78 ec c9 27 cb 23 7c 82 a6 33 2c | fb 3e f1 f3 aa 97 a0 b3 58 0a f2 d0 85 9f 5b 39 | a8 74 40 59 16 be f4 54 cd f9 12 f1 29 6c aa 8a | b7 c2 45 76 9d b8 e3 53 d2 dd 7e b9 dd fb 29 b6 | 29 00 00 24 82 a0 03 80 06 37 a7 c5 93 c8 65 21 | 86 0b 0b d6 1f 11 93 80 f9 76 4e c6 bb 49 37 fc | 0f 0b dd 83 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 9c 0d c6 18 90 d9 15 25 e6 5d 73 e3 | 19 72 28 5a be 28 a4 fa 00 00 00 1c 00 00 40 05 | 92 e1 e0 8b c0 2a 75 c4 94 db 0d 96 ad 87 7b d0 | 78 94 25 da | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 77 b7 16 f5 93 c2 45 01 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 436 (0x1b4) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x564e2d1ba2a0 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x564e2b547700 (length 32) | 62 69 c2 24 61 0b eb 03 31 69 8e 34 fa 62 6b 0f | 9f 9c e7 e3 dc ef ed d7 ff d6 12 6f b4 c1 0b 04 | IKE SPIr hash sha2_256 digest counter-bytes@0x564e2b5476e0 (length 4) | 0e 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff8d7668e0 (length 32) | 4d 0c 58 38 db f7 da 56 df d6 90 f3 5a a6 30 dd | 46 a8 94 9e 62 d4 75 17 ca 8a 56 f7 b3 33 06 aa | creating state object #19 at 0x564e2d1bd370 | State DB: adding IKEv2 state #19 in UNDEFINED | pstats #19 ikev2.ike started | Message ID: init #19: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #19: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #19; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #19 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #19 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #19 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #19 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #19 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #19 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | remote proposal 1 transform 0 (ENCR=3DES) matches local proposal 2 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: PRF+INTEG+DH | remote proposal 1 does not match local proposal 1; unmatched transforms: ENCR; missing transforms: ENCR | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 2; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 2 "east" #19: proposal 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: 3DES=3, found 3DES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | DH public value received: | fc a6 33 33 e8 8a e7 83 c7 8d 84 29 25 23 a0 e1 | ee ea 09 e2 73 d5 47 d3 59 9b a0 98 28 8d d2 a1 | b8 5e 31 d2 fa 43 5a 9e 7e 97 6e 21 1f 12 bd ff | 77 04 b5 1e 44 c4 61 93 61 a9 03 2b de 3c 1b fe | 22 54 be 08 8a cc fe 8a ff 22 30 4c c7 ea 6e 8e | 38 41 f7 3f fd 64 63 c8 fd e1 d3 83 54 76 bc a4 | 04 b3 b9 26 f9 75 75 a9 7c cd e4 e0 9c ea 48 e7 | 45 7c a8 71 fd cf 26 2d d6 81 36 0e 7e cc 38 e5 | f4 7c b8 0d 2c fd 9a b6 3c db e8 2b 4b 31 e0 cb | 4a c2 ad 1d 12 c2 b9 32 a4 9c 03 ef 37 64 c9 92 | 2e a6 8b a9 e1 85 71 e5 7f 99 16 05 5f c4 ce 02 | 2b c3 61 d8 8f 6e 06 94 9f 48 9d c1 1f df 09 ab | 22 8c 85 cc 25 78 ec c9 27 cb 23 7c 82 a6 33 2c | fb 3e f1 f3 aa 97 a0 b3 58 0a f2 d0 85 9f 5b 39 | a8 74 40 59 16 be f4 54 cd f9 12 f1 29 6c aa 8a | b7 c2 45 76 9d b8 e3 53 d2 dd 7e b9 dd fb 29 b6 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff8d7662e0 (length 8) | 77 b7 16 f5 93 c2 45 01 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff8d7662e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff8d766274 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff8d766266 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff8d7662f0 (length 20) | 92 e1 e0 8b c0 2a 75 c4 94 db 0d 96 ad 87 7b d0 | 78 94 25 da | natd_hash: hasher=0x564e2b52a7a0(20) | natd_hash: icookie= 77 b7 16 f5 93 c2 45 01 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 92 e1 e0 8b c0 2a 75 c4 94 db 0d 96 ad 87 7b d0 | natd_hash: hash= 78 94 25 da | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff8d7662e0 (length 8) | 77 b7 16 f5 93 c2 45 01 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff8d7662e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff8d766274 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff8d766266 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff8d766310 (length 20) | 9c 0d c6 18 90 d9 15 25 e6 5d 73 e3 19 72 28 5a | be 28 a4 fa | natd_hash: hasher=0x564e2b52a7a0(20) | natd_hash: icookie= 77 b7 16 f5 93 c2 45 01 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 9c 0d c6 18 90 d9 15 25 e6 5d 73 e3 19 72 28 5a | natd_hash: hash= be 28 a4 fa | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 | adding ikev2_inI1outR1 KE work-order 11 for state #19 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f2a4c002b20 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #19 | libevent_malloc: new ptr-libevent@0x7f2a54008da0 size 128 | #19 spent 0.276 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | crypto helper 5 resuming | crypto helper 5 starting work-order 11 for state #19 | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | crypto helper 5 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 11 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | #19 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND | suspending state #19 and saving MD | #19 is busy; has a suspended MD | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266) | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | "east" #19 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | stop processing: state #19 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | #19 spent 0.677 milliseconds in ikev2_process_packet() | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | NSS: Value of base: 02 | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.695 milliseconds in comm_handle_cb() reading and processing packet | DH secret MODP2048@0x7f2a48002010: created | NSS: Local DH MODP2048 secret (pointer): 0x7f2a48002010 | NSS: Public DH wire value: | 3b d2 e1 39 da 3d e9 2a 83 0c d2 04 be ce d8 df | f5 48 b7 94 ce 04 9d 8c 0b b1 42 07 1f 6d 4a 7a | 4f 4c 03 3e de 3d b6 fe e3 d1 d2 62 9e 26 8d 80 | 51 fa a1 55 77 04 5b f6 cb 15 28 d9 9f a1 25 e9 | b9 c7 05 cc 85 c2 c2 b0 a4 6f b0 fe 95 21 cc 77 | af 3d 89 a5 7e de b2 2f db 81 6c 24 be 21 b6 b3 | b4 5c 3a 25 fe b8 22 c4 ba c2 2d 48 ee 23 62 bc | 44 cf 53 22 62 85 ca d8 27 42 cf 8c 45 f5 16 20 | a6 1d fd ae 99 9c eb 0a 87 c5 0e 89 05 ff 4c 6f | 41 d4 4d 46 49 60 90 c1 4c 18 34 ed 03 8a 70 e3 | d0 33 2d 45 ea db 58 c0 27 81 dd cb 43 39 a7 bc | 38 59 7e ba bd 4c 30 c9 0a 28 79 a5 54 6e e4 13 | 42 6b 68 ed f7 ea 2d 88 89 24 35 9a 21 ee 33 17 | 8f ad 85 00 85 e6 58 3b 96 d2 ea 28 06 73 dd 20 | d8 3d 2a 54 fe 1a bf b9 9a 66 66 dd 85 26 51 c7 | 4c 04 15 c7 4f c0 64 bc a4 1d b4 1a 7c ad 72 c4 | Generated nonce: 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 7b f1 e3 e6 | Generated nonce: 35 4f 19 fb cf a6 4f 83 35 0a 52 1a c7 9c 46 ce | crypto helper 5 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 11 time elapsed 0.001175 seconds | (#19) spent 1.12 milliseconds in crypto helper computing work-order 11: ikev2_inI1outR1 KE (pcr) | crypto helper 5 sending results from work-order 11 for state #19 to event queue | scheduling resume sending helper answer for #19 | libevent_malloc: new ptr-libevent@0x7f2a480067f0 size 128 | crypto helper 5 waiting (nothing to do) | processing resume sending helper answer for #19 | start processing: state #19 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 5 replies to request ID 11 | calling continuation function 0x564e2b454630 | ikev2_parent_inI1outR1_continue for #19: calculated ke+nonce, sending R1 | **emit ISAKMP Message: | initiator cookie: | 77 b7 16 f5 93 c2 45 01 | responder cookie: | 4d 0c 58 38 db f7 da 56 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Emitting ikev2_proposal ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f2a48002010: transferring ownership from helper KE to state #19 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 3b d2 e1 39 da 3d e9 2a 83 0c d2 04 be ce d8 df | ikev2 g^x f5 48 b7 94 ce 04 9d 8c 0b b1 42 07 1f 6d 4a 7a | ikev2 g^x 4f 4c 03 3e de 3d b6 fe e3 d1 d2 62 9e 26 8d 80 | ikev2 g^x 51 fa a1 55 77 04 5b f6 cb 15 28 d9 9f a1 25 e9 | ikev2 g^x b9 c7 05 cc 85 c2 c2 b0 a4 6f b0 fe 95 21 cc 77 | ikev2 g^x af 3d 89 a5 7e de b2 2f db 81 6c 24 be 21 b6 b3 | ikev2 g^x b4 5c 3a 25 fe b8 22 c4 ba c2 2d 48 ee 23 62 bc | ikev2 g^x 44 cf 53 22 62 85 ca d8 27 42 cf 8c 45 f5 16 20 | ikev2 g^x a6 1d fd ae 99 9c eb 0a 87 c5 0e 89 05 ff 4c 6f | ikev2 g^x 41 d4 4d 46 49 60 90 c1 4c 18 34 ed 03 8a 70 e3 | ikev2 g^x d0 33 2d 45 ea db 58 c0 27 81 dd cb 43 39 a7 bc | ikev2 g^x 38 59 7e ba bd 4c 30 c9 0a 28 79 a5 54 6e e4 13 | ikev2 g^x 42 6b 68 ed f7 ea 2d 88 89 24 35 9a 21 ee 33 17 | ikev2 g^x 8f ad 85 00 85 e6 58 3b 96 d2 ea 28 06 73 dd 20 | ikev2 g^x d8 3d 2a 54 fe 1a bf b9 9a 66 66 dd 85 26 51 c7 | ikev2 g^x 4c 04 15 c7 4f c0 64 bc a4 1d b4 1a 7c ad 72 c4 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 7b f1 e3 e6 | IKEv2 nonce 35 4f 19 fb cf a6 4f 83 35 0a 52 1a c7 9c 46 ce | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff8d766830 (length 8) | 77 b7 16 f5 93 c2 45 01 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff8d766838 (length 8) | 4d 0c 58 38 db f7 da 56 | NATD hash sha digest IP addr-bytes@0x7fff8d766764 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff8d766756 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff8d7667e0 (length 20) | f1 05 de 2d 07 2f 07 6d f2 56 c0 e2 35 f6 36 ab | 3f 59 63 c6 | natd_hash: hasher=0x564e2b52a7a0(20) | natd_hash: icookie= 77 b7 16 f5 93 c2 45 01 | natd_hash: rcookie= 4d 0c 58 38 db f7 da 56 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= f1 05 de 2d 07 2f 07 6d f2 56 c0 e2 35 f6 36 ab | natd_hash: hash= 3f 59 63 c6 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data f1 05 de 2d 07 2f 07 6d f2 56 c0 e2 35 f6 36 ab | Notify data 3f 59 63 c6 | emitting length of IKEv2 Notify Payload: 28 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff8d766830 (length 8) | 77 b7 16 f5 93 c2 45 01 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff8d766838 (length 8) | 4d 0c 58 38 db f7 da 56 | NATD hash sha digest IP addr-bytes@0x7fff8d766764 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff8d766756 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff8d7667e0 (length 20) | db 3f ad ff d9 41 57 4c 05 c7 50 98 15 16 56 5d | cf 1d 80 22 | natd_hash: hasher=0x564e2b52a7a0(20) | natd_hash: icookie= 77 b7 16 f5 93 c2 45 01 | natd_hash: rcookie= 4d 0c 58 38 db f7 da 56 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= db 3f ad ff d9 41 57 4c 05 c7 50 98 15 16 56 5d | natd_hash: hash= cf 1d 80 22 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data db 3f ad ff d9 41 57 4c 05 c7 50 98 15 16 56 5d | Notify data cf 1d 80 22 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 436 | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #19 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 | parent state #19: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) | Message ID: updating counters for #19 to 0 after switching state | Message ID: recv #19 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 | Message ID: sent #19 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 "east" #19: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=3DES_CBC_192 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 436 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #19) | 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | 3b d2 e1 39 da 3d e9 2a 83 0c d2 04 be ce d8 df | f5 48 b7 94 ce 04 9d 8c 0b b1 42 07 1f 6d 4a 7a | 4f 4c 03 3e de 3d b6 fe e3 d1 d2 62 9e 26 8d 80 | 51 fa a1 55 77 04 5b f6 cb 15 28 d9 9f a1 25 e9 | b9 c7 05 cc 85 c2 c2 b0 a4 6f b0 fe 95 21 cc 77 | af 3d 89 a5 7e de b2 2f db 81 6c 24 be 21 b6 b3 | b4 5c 3a 25 fe b8 22 c4 ba c2 2d 48 ee 23 62 bc | 44 cf 53 22 62 85 ca d8 27 42 cf 8c 45 f5 16 20 | a6 1d fd ae 99 9c eb 0a 87 c5 0e 89 05 ff 4c 6f | 41 d4 4d 46 49 60 90 c1 4c 18 34 ed 03 8a 70 e3 | d0 33 2d 45 ea db 58 c0 27 81 dd cb 43 39 a7 bc | 38 59 7e ba bd 4c 30 c9 0a 28 79 a5 54 6e e4 13 | 42 6b 68 ed f7 ea 2d 88 89 24 35 9a 21 ee 33 17 | 8f ad 85 00 85 e6 58 3b 96 d2 ea 28 06 73 dd 20 | d8 3d 2a 54 fe 1a bf b9 9a 66 66 dd 85 26 51 c7 | 4c 04 15 c7 4f c0 64 bc a4 1d b4 1a 7c ad 72 c4 | 29 00 00 24 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 | 7b f1 e3 e6 35 4f 19 fb cf a6 4f 83 35 0a 52 1a | c7 9c 46 ce 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 f1 05 de 2d 07 2f 07 6d f2 56 c0 e2 | 35 f6 36 ab 3f 59 63 c6 00 00 00 1c 00 00 40 05 | db 3f ad ff d9 41 57 4c 05 c7 50 98 15 16 56 5d | cf 1d 80 22 | state #19 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f2a54008da0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f2a4c002b20 | event_schedule: new EVENT_SO_DISCARD-pe@0x7f2a4c002b20 | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #19 | libevent_malloc: new ptr-libevent@0x7f2a54008da0 size 128 | resume sending helper answer for #19 suppresed complete_v2_state_transition() | #19 spent 0.554 milliseconds in resume sending helper answer | stop processing: state #19 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f2a480067f0 | spent 0.00249 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 196 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | a6 c2 c8 d1 d1 e9 70 7f 41 9d 18 8f 9e 2b 7d 3f | f3 c8 86 3a 3e ea 6e 1d 57 2f c7 80 7c 51 5a ba | 8e c2 f7 e4 d3 c3 07 ca ea d5 b1 18 dd ec 34 2b | 04 3b 96 c7 ad 06 8e 92 40 f1 2c ac e8 91 49 7a | fa 93 3a b9 d8 e3 be e5 d3 e0 c3 fa 01 8a 49 ff | 29 64 e4 c4 dc 6b d1 44 c5 a6 64 80 3c de 8f 72 | 4c 98 60 81 7f 25 bc 32 6c 66 ed 6a 5e e8 85 ab | ee c8 ff b8 70 f9 9d ae c5 fa 77 2b 58 b8 b1 b4 | aa 94 f4 b8 76 fe 27 e5 9f 85 59 75 ca b4 e4 31 | 98 d6 5f 4c 87 8f 7b 07 a6 98 a5 a0 de c6 11 6c | eb 31 67 d0 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 77 b7 16 f5 93 c2 45 01 | responder cookie: | 4d 0c 58 38 db f7 da 56 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 196 (0xc4) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request | State DB: found IKEv2 state #19 in PARENT_R1 (find_v2_ike_sa) | start processing: state #19 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #19 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 | Message ID: #19 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 168 (0xa8) | processing payload: ISAKMP_NEXT_v2SK (len=164) | Message ID: start-responder #19 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 | #19 in state PARENT_R1: received v2I1, sent v2R1 | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request (no SKEYSEED) | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=3DES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f2a48002010: transferring ownership from state #19 to helper IKEv2 DH | adding ikev2_inI2outR2 KE work-order 12 for state #19 | state #19 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x7f2a54008da0 | free_event_entry: release EVENT_SO_DISCARD-pe@0x7f2a4c002b20 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f2a4c002b20 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #19 | libevent_malloc: new ptr-libevent@0x7f2a54008da0 size 128 | #19 spent 0.0343 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() | crypto helper 3 resuming | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | crypto helper 3 starting work-order 12 for state #19 | crypto helper 3 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 12 | peer's g: fc a6 33 33 e8 8a e7 83 c7 8d 84 29 25 23 a0 e1 | peer's g: ee ea 09 e2 73 d5 47 d3 59 9b a0 98 28 8d d2 a1 | peer's g: b8 5e 31 d2 fa 43 5a 9e 7e 97 6e 21 1f 12 bd ff | peer's g: 77 04 b5 1e 44 c4 61 93 61 a9 03 2b de 3c 1b fe | peer's g: 22 54 be 08 8a cc fe 8a ff 22 30 4c c7 ea 6e 8e | peer's g: 38 41 f7 3f fd 64 63 c8 fd e1 d3 83 54 76 bc a4 | peer's g: 04 b3 b9 26 f9 75 75 a9 7c cd e4 e0 9c ea 48 e7 | #19 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND | suspending state #19 and saving MD | #19 is busy; has a suspended MD | peer's g: 45 7c a8 71 fd cf 26 2d d6 81 36 0e 7e cc 38 e5 | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266) | peer's g: f4 7c b8 0d 2c fd 9a b6 3c db e8 2b 4b 31 e0 cb | peer's g: 4a c2 ad 1d 12 c2 b9 32 a4 9c 03 ef 37 64 c9 92 | peer's g: 2e a6 8b a9 e1 85 71 e5 7f 99 16 05 5f c4 ce 02 | peer's g: 2b c3 61 d8 8f 6e 06 94 9f 48 9d c1 1f df 09 ab | peer's g: 22 8c 85 cc 25 78 ec c9 27 cb 23 7c 82 a6 33 2c | peer's g: fb 3e f1 f3 aa 97 a0 b3 58 0a f2 d0 85 9f 5b 39 | peer's g: a8 74 40 59 16 be f4 54 cd f9 12 f1 29 6c aa 8a | peer's g: b7 c2 45 76 9d b8 e3 53 d2 dd 7e b9 dd fb 29 b6 | "east" #19 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | Started DH shared-secret computation in NSS: | stop processing: state #19 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #19 spent 0.206 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.217 milliseconds in comm_handle_cb() reading and processing packet | new : g_ir-key@0x7f2a4000bdb0 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f2a48002010: computed shared DH secret key@0x7f2a4000bdb0 | dh-shared : g^ir-key@0x7f2a4000bdb0 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=24 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x564e2d19c6a0 (length 64) | 82 a0 03 80 06 37 a7 c5 93 c8 65 21 86 0b 0b d6 | 1f 11 93 80 f9 76 4e c6 bb 49 37 fc 0f 0b dd 83 | 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 7b f1 e3 e6 | 35 4f 19 fb cf a6 4f 83 35 0a 52 1a c7 9c 46 ce | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6002b670 | result: Ni | Nr-key@0x564e2d1c3300 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x564e2d1c3300 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6002b658 | result: Ni | Nr-key@0x7f2a4c006900 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x564e2d1c3300 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f2a4c003aa0 from Ni | Nr-key@0x7f2a4c006900 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f2a4c003aa0 from Ni | Nr-key@0x7f2a4c006900 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x7f2a4c006900 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f2a4c000d60 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x7f2a4000bdb0 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x7f2a4000bdb0 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x7f2a4000bdb0 | nss hmac digest hack: symkey-key@0x7f2a4000bdb0 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)1610789584: 6a 6a ffffffa1 ffffffff 3d 17 ffffffe6 34 46 ffffffad 59 37 ffffffaa 22 06 ffffffec ffffff96 ffffff8e 1b ffffff9c ffffffea ffffffb0 ffffffb8 ffffff8f 0c 4f ffffff8c 20 fffffff4 ffffff88 ffffffb6 ffffff85 ffffff8a 52 6e fffffff0 fffffff7 08 ffffff91 7b 7b 61 ffffffe7 4c 30 32 1e 4d 35 ffffffae fffffff8 fffffff4 19 ffffffc7 ffffffc0 15 75 39 ffffffc0 18 44 ffffffa8 ffffff8e 24 ffffff82 ffffffd6 fffffffb 58 0d ffffff85 fffffff9 3b 18 72 ffffffdc ffffffa8 08 ffffffae 5b ffffffe9 6e 09 4c 6f 52 05 ffffff82 66 ffffffd0 04 08 60 ffffff84 ffffff8e 30 ffffff8e ffffffd3 28 23 36 01 75 ffffffce 67 ffffff93 ffffffbf ffffff91 53 ffffffd4 28 3c 3a 2a 10 ffffff8f ffffffff 4b 55 ffffffba 4e ffffffa3 ffffff94 2d fffffffa ffffff8b ffffffd2 ffffff8b ffffffe9 fffffff4 40 1a ffffffc0 ffffffb7 20 4d ffffffe3 6e ffffffb0 ffffffc1 ffffffd9 06 3c ffffffa4 ffffff9f ffffffe7 2f ffffff9f fffffffc ffffff81 54 1a 1d 3e ffffff9f fffffffb ffffffbb 55 fffffff2 53 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 256 bytes at 0x7f2a4c0043d0 | unwrapped: b7 12 7d 50 a0 6f 73 b1 7c 78 5c a7 7d 1b 73 65 | unwrapped: c5 75 3c 82 17 03 e8 02 d8 87 26 64 c7 aa 43 e6 | unwrapped: 84 11 ed ea 56 aa 41 22 65 f9 8a 19 db b0 f8 e1 | unwrapped: 25 45 8e c9 05 d7 cd 8a 17 71 cd d1 b4 30 4f f1 | unwrapped: 18 11 57 21 31 9e 4a 41 a7 65 10 67 f5 b6 1a f3 | unwrapped: f6 8c b0 13 91 33 4f a5 34 c5 86 6c 63 3f 7b f5 | unwrapped: ff 23 7b 72 14 ce 78 ba b1 ad 41 09 62 dc 71 2e | unwrapped: 28 fe c7 c5 f2 ed 2a 2b 00 5f d1 05 f5 9b 2c 7d | unwrapped: 97 42 6b 52 89 21 d8 c8 14 e6 ac 5d fb 0c 48 c9 | unwrapped: 34 7e c3 1c 89 ad f1 c3 64 54 ce 42 dd 03 e8 c5 | unwrapped: 58 6a c5 49 6a 8b 39 bd 91 f0 62 92 49 9a 15 93 | unwrapped: 05 49 f5 d5 0c c9 e5 de 81 c1 1a 31 ef 8d 1f 20 | unwrapped: 01 62 b8 a4 9f 62 3b af b6 32 12 84 e9 73 6d d3 | unwrapped: ab 82 7a 59 23 33 e3 42 f2 9d 6c 62 6f b1 64 f9 | unwrapped: 17 da 81 d2 cb c1 2f 4c d9 fe 30 0f 3f 23 f4 4d | unwrapped: c9 26 5c 71 dc 9b 7e 60 28 f7 77 10 34 14 44 bf | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6002b690 | result: final-key@0x564e2d1c3300 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d1c3300 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6002b678 | result: final-key@0x7f2a4c006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564e2d1c3300 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x7f2a4c006900 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x7f2a4c006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6002b600 | result: data=Ni-key@0x7f2a58006900 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x7f2a58006900 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6002b5e8 | result: data=Ni-key@0x564e2d1c3300 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x7f2a58006900 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d1c3300 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f2a6002b5f0 | result: data+=Nr-key@0x7f2a58006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564e2d1c3300 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a58006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f2a6002b5f0 | result: data+=SPIi-key@0x564e2d1c3300 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f2a58006900 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d1c3300 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f2a6002b5f0 | result: data+=SPIr-key@0x7f2a58006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564e2d1c3300 | prf+0 PRF sha init key-key@0x7f2a4c006900 (size 20) | prf+0: key-key@0x7f2a4c006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4c006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6002b518 | result: clone-key@0x564e2d1c3300 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f2a4c003aa0 from key-key@0x564e2d1c3300 | prf+0 prf: begin sha with context 0x7f2a4c003aa0 from key-key@0x564e2d1c3300 | prf+0: release clone-key@0x564e2d1c3300 | prf+0 PRF sha crypt-prf@0x7f2a4c0016e0 | prf+0 PRF sha update seed-key@0x7f2a58006900 (size 80) | prf+0: seed-key@0x7f2a58006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7f2a58006900 | nss hmac digest hack: symkey-key@0x7f2a58006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1610789216: 3d fffffff2 ffffffb8 02 24 ffffffee 50 34 ffffff96 08 07 ffffffeb 6c 72 ffffffc7 ffffffc8 ffffff8f ffffffbc fffffff6 22 ffffffd0 4c 18 ffffffe4 ffffffcc ffffffb4 28 69 ffffff92 ffffffbc ffffffab ffffffcc ffffffe9 ffffffb2 56 ffffff85 19 26 fffffff5 2a 7c ffffffbf fffffffc 37 6e 4b 6b ffffffca ffffffbe ffffffb6 ffffffbf fffffff9 29 ffffffe6 ffffffb8 50 1a 0c 48 19 04 fffffff4 1b ffffff93 ffffff9e ffffffec ffffffe6 ffffffb1 ffffffb5 09 32 ffffffdb 5a 21 ffffffc1 12 1c 73 ffffffa3 ffffffc6 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a4c005980 | unwrapped: 82 a0 03 80 06 37 a7 c5 93 c8 65 21 86 0b 0b d6 | unwrapped: 1f 11 93 80 f9 76 4e c6 bb 49 37 fc 0f 0b dd 83 | unwrapped: 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 7b f1 e3 e6 | unwrapped: 35 4f 19 fb cf a6 4f 83 35 0a 52 1a c7 9c 46 ce | unwrapped: 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6002b520 | result: final-key@0x564e2d1ca300 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d1ca300 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6002b508 | result: final-key@0x564e2d1c3300 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564e2d1ca300 | prf+0 PRF sha final-key@0x564e2d1c3300 (size 20) | prf+0: key-key@0x564e2d1c3300 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x564e2d1c3300 | prf+N PRF sha init key-key@0x7f2a4c006900 (size 20) | prf+N: key-key@0x7f2a4c006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4c006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6002b518 | result: clone-key@0x564e2d1ca300 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a4c003aa0 from key-key@0x564e2d1ca300 | prf+N prf: begin sha with context 0x7f2a4c003aa0 from key-key@0x564e2d1ca300 | prf+N: release clone-key@0x564e2d1ca300 | prf+N PRF sha crypt-prf@0x7f2a4c0010c0 | prf+N PRF sha update old_t-key@0x564e2d1c3300 (size 20) | prf+N: old_t-key@0x564e2d1c3300 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564e2d1c3300 | nss hmac digest hack: symkey-key@0x564e2d1c3300 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1610789216: ffffffdb ffffff95 06 34 fffffff6 7f 50 6b 1e ffffff86 ffffff8d 7a 2a 3c 0c ffffff91 71 16 73 ffffff8f 21 fffffffe 43 75 69 ffffffcd 7a ffffff88 5c ffffffc7 62 ffffffa1 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a4c005fb0 | unwrapped: a1 61 61 1d c2 cd 87 3e 2a a2 e1 76 d6 40 5d d9 | unwrapped: 8d 29 7b 5a 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f2a58006900 (size 80) | prf+N: seed-key@0x7f2a58006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7f2a58006900 | nss hmac digest hack: symkey-key@0x7f2a58006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1610789216: 3d fffffff2 ffffffb8 02 24 ffffffee 50 34 ffffff96 08 07 ffffffeb 6c 72 ffffffc7 ffffffc8 ffffff8f ffffffbc fffffff6 22 ffffffd0 4c 18 ffffffe4 ffffffcc ffffffb4 28 69 ffffff92 ffffffbc ffffffab ffffffcc ffffffe9 ffffffb2 56 ffffff85 19 26 fffffff5 2a 7c ffffffbf fffffffc 37 6e 4b 6b ffffffca ffffffbe ffffffb6 ffffffbf fffffff9 29 ffffffe6 ffffffb8 50 1a 0c 48 19 04 fffffff4 1b ffffff93 ffffff9e ffffffec ffffffe6 ffffffb1 ffffffb5 09 32 ffffffdb 5a 21 ffffffc1 12 1c 73 ffffffa3 ffffffc6 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a4c004ad0 | unwrapped: 82 a0 03 80 06 37 a7 c5 93 c8 65 21 86 0b 0b d6 | unwrapped: 1f 11 93 80 f9 76 4e c6 bb 49 37 fc 0f 0b dd 83 | unwrapped: 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 7b f1 e3 e6 | unwrapped: 35 4f 19 fb cf a6 4f 83 35 0a 52 1a c7 9c 46 ce | unwrapped: 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6002b520 | result: final-key@0x7f2a4c001a70 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a4c001a70 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6002b508 | result: final-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a4c001a70 | prf+N PRF sha final-key@0x564e2d1ca300 (size 20) | prf+N: key-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d1c3300 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a6002b598 | result: result-key@0x7f2a4c001a70 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564e2d1c3300 | prfplus: release old_t[N]-key@0x564e2d1c3300 | prf+N PRF sha init key-key@0x7f2a4c006900 (size 20) | prf+N: key-key@0x7f2a4c006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4c006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6002b518 | result: clone-key@0x564e2d1c3300 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a4c003aa0 from key-key@0x564e2d1c3300 | prf+N prf: begin sha with context 0x7f2a4c003aa0 from key-key@0x564e2d1c3300 | prf+N: release clone-key@0x564e2d1c3300 | prf+N PRF sha crypt-prf@0x7f2a4c002a80 | prf+N PRF sha update old_t-key@0x564e2d1ca300 (size 20) | prf+N: old_t-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564e2d1ca300 | nss hmac digest hack: symkey-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1610789216: ffffffa0 1a 2c 20 fffffff8 30 10 ffffffe1 5c 7c ffffff96 3e ffffff9b 05 36 1a ffffff8f 60 7f 17 ffffffc2 28 fffffff9 27 49 ffffffd1 59 41 ffffff88 fffffff6 ffffffa3 ffffffcd | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a4c0067a0 | unwrapped: b3 58 65 f4 94 29 0c 2d 47 90 8c 95 09 6f 62 68 | unwrapped: 92 10 79 44 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f2a58006900 (size 80) | prf+N: seed-key@0x7f2a58006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7f2a58006900 | nss hmac digest hack: symkey-key@0x7f2a58006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1610789216: 3d fffffff2 ffffffb8 02 24 ffffffee 50 34 ffffff96 08 07 ffffffeb 6c 72 ffffffc7 ffffffc8 ffffff8f ffffffbc fffffff6 22 ffffffd0 4c 18 ffffffe4 ffffffcc ffffffb4 28 69 ffffff92 ffffffbc ffffffab ffffffcc ffffffe9 ffffffb2 56 ffffff85 19 26 fffffff5 2a 7c ffffffbf fffffffc 37 6e 4b 6b ffffffca ffffffbe ffffffb6 ffffffbf fffffff9 29 ffffffe6 ffffffb8 50 1a 0c 48 19 04 fffffff4 1b ffffff93 ffffff9e ffffffec ffffffe6 ffffffb1 ffffffb5 09 32 ffffffdb 5a 21 ffffffc1 12 1c 73 ffffffa3 ffffffc6 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a4c004a70 | unwrapped: 82 a0 03 80 06 37 a7 c5 93 c8 65 21 86 0b 0b d6 | unwrapped: 1f 11 93 80 f9 76 4e c6 bb 49 37 fc 0f 0b dd 83 | unwrapped: 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 7b f1 e3 e6 | unwrapped: 35 4f 19 fb cf a6 4f 83 35 0a 52 1a c7 9c 46 ce | unwrapped: 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6002b520 | result: final-key@0x7f2a4c005db0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a4c005db0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6002b508 | result: final-key@0x564e2d1c3300 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a4c005db0 | prf+N PRF sha final-key@0x564e2d1c3300 (size 20) | prf+N: key-key@0x564e2d1c3300 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a4c001a70 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a6002b598 | result: result-key@0x7f2a4c005db0 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a4c001a70 | prfplus: release old_t[N]-key@0x564e2d1ca300 | prf+N PRF sha init key-key@0x7f2a4c006900 (size 20) | prf+N: key-key@0x7f2a4c006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4c006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6002b518 | result: clone-key@0x564e2d1ca300 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a4c003aa0 from key-key@0x564e2d1ca300 | prf+N prf: begin sha with context 0x7f2a4c003aa0 from key-key@0x564e2d1ca300 | prf+N: release clone-key@0x564e2d1ca300 | prf+N PRF sha crypt-prf@0x7f2a4c0010c0 | prf+N PRF sha update old_t-key@0x564e2d1c3300 (size 20) | prf+N: old_t-key@0x564e2d1c3300 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564e2d1c3300 | nss hmac digest hack: symkey-key@0x564e2d1c3300 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1610789216: 4b ffffffe1 71 fffffff9 ffffff9c 35 44 6e 70 ffffffb3 5e ffffffec ffffffd2 ffffffa5 16 ffffff8c 0c ffffffe3 16 ffffffa8 79 54 24 ffffffa0 53 29 ffffffbf 0a 79 ffffffa4 ffffffa2 ffffffb2 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a4c006770 | unwrapped: c0 9d 33 66 12 77 c7 f5 fd 37 8c 41 45 fa 0e d2 | unwrapped: 4c 5f 0f ce 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f2a58006900 (size 80) | prf+N: seed-key@0x7f2a58006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7f2a58006900 | nss hmac digest hack: symkey-key@0x7f2a58006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1610789216: 3d fffffff2 ffffffb8 02 24 ffffffee 50 34 ffffff96 08 07 ffffffeb 6c 72 ffffffc7 ffffffc8 ffffff8f ffffffbc fffffff6 22 ffffffd0 4c 18 ffffffe4 ffffffcc ffffffb4 28 69 ffffff92 ffffffbc ffffffab ffffffcc ffffffe9 ffffffb2 56 ffffff85 19 26 fffffff5 2a 7c ffffffbf fffffffc 37 6e 4b 6b ffffffca ffffffbe ffffffb6 ffffffbf fffffff9 29 ffffffe6 ffffffb8 50 1a 0c 48 19 04 fffffff4 1b ffffff93 ffffff9e ffffffec ffffffe6 ffffffb1 ffffffb5 09 32 ffffffdb 5a 21 ffffffc1 12 1c 73 ffffffa3 ffffffc6 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a4c0048b0 | unwrapped: 82 a0 03 80 06 37 a7 c5 93 c8 65 21 86 0b 0b d6 | unwrapped: 1f 11 93 80 f9 76 4e c6 bb 49 37 fc 0f 0b dd 83 | unwrapped: 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 7b f1 e3 e6 | unwrapped: 35 4f 19 fb cf a6 4f 83 35 0a 52 1a c7 9c 46 ce | unwrapped: 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6002b520 | result: final-key@0x7f2a4c001a70 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a4c001a70 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6002b508 | result: final-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a4c001a70 | prf+N PRF sha final-key@0x564e2d1ca300 (size 20) | prf+N: key-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a4c005db0 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a6002b598 | result: result-key@0x7f2a4c001a70 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a4c005db0 | prfplus: release old_t[N]-key@0x564e2d1c3300 | prf+N PRF sha init key-key@0x7f2a4c006900 (size 20) | prf+N: key-key@0x7f2a4c006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4c006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6002b518 | result: clone-key@0x564e2d1c3300 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a4c003aa0 from key-key@0x564e2d1c3300 | prf+N prf: begin sha with context 0x7f2a4c003aa0 from key-key@0x564e2d1c3300 | prf+N: release clone-key@0x564e2d1c3300 | prf+N PRF sha crypt-prf@0x7f2a4c002a80 | prf+N PRF sha update old_t-key@0x564e2d1ca300 (size 20) | prf+N: old_t-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564e2d1ca300 | nss hmac digest hack: symkey-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1610789216: 39 ffffffa6 10 2c fffffffb fffffff3 ffffffe8 ffffffcc ffffffae 25 4e 7d ffffffb6 ffffff98 04 ffffffdf 5f ffffffd1 36 63 ffffffb4 33 fffffffb ffffff89 fffffff2 ffffffc1 0b ffffffbc 4e 4b 58 ffffffcd | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a4c001460 | unwrapped: b3 f6 8e ce 3b a4 b2 03 c0 01 78 56 a4 2d 2f cd | unwrapped: bd 08 2f cf 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f2a58006900 (size 80) | prf+N: seed-key@0x7f2a58006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7f2a58006900 | nss hmac digest hack: symkey-key@0x7f2a58006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1610789216: 3d fffffff2 ffffffb8 02 24 ffffffee 50 34 ffffff96 08 07 ffffffeb 6c 72 ffffffc7 ffffffc8 ffffff8f ffffffbc fffffff6 22 ffffffd0 4c 18 ffffffe4 ffffffcc ffffffb4 28 69 ffffff92 ffffffbc ffffffab ffffffcc ffffffe9 ffffffb2 56 ffffff85 19 26 fffffff5 2a 7c ffffffbf fffffffc 37 6e 4b 6b ffffffca ffffffbe ffffffb6 ffffffbf fffffff9 29 ffffffe6 ffffffb8 50 1a 0c 48 19 04 fffffff4 1b ffffff93 ffffff9e ffffffec ffffffe6 ffffffb1 ffffffb5 09 32 ffffffdb 5a 21 ffffffc1 12 1c 73 ffffffa3 ffffffc6 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a4c00c050 | unwrapped: 82 a0 03 80 06 37 a7 c5 93 c8 65 21 86 0b 0b d6 | unwrapped: 1f 11 93 80 f9 76 4e c6 bb 49 37 fc 0f 0b dd 83 | unwrapped: 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 7b f1 e3 e6 | unwrapped: 35 4f 19 fb cf a6 4f 83 35 0a 52 1a c7 9c 46 ce | unwrapped: 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6002b520 | result: final-key@0x7f2a4c005db0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a4c005db0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6002b508 | result: final-key@0x564e2d1c3300 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a4c005db0 | prf+N PRF sha final-key@0x564e2d1c3300 (size 20) | prf+N: key-key@0x564e2d1c3300 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a4c001a70 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a6002b598 | result: result-key@0x7f2a4c005db0 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a4c001a70 | prfplus: release old_t[N]-key@0x564e2d1ca300 | prf+N PRF sha init key-key@0x7f2a4c006900 (size 20) | prf+N: key-key@0x7f2a4c006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4c006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6002b518 | result: clone-key@0x564e2d1ca300 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a4c0065a0 from key-key@0x564e2d1ca300 | prf+N prf: begin sha with context 0x7f2a4c0065a0 from key-key@0x564e2d1ca300 | prf+N: release clone-key@0x564e2d1ca300 | prf+N PRF sha crypt-prf@0x7f2a4c0010c0 | prf+N PRF sha update old_t-key@0x564e2d1c3300 (size 20) | prf+N: old_t-key@0x564e2d1c3300 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564e2d1c3300 | nss hmac digest hack: symkey-key@0x564e2d1c3300 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1610789216: fffffff4 06 ffffffd0 ffffffaa ffffffc3 02 ffffff9d ffffffd8 ffffffc5 18 07 ffffffc5 18 72 fffffffb fffffff1 ffffffa1 1d ffffff87 33 2a ffffffa2 26 ffffffba ffffffd8 0e 16 5f 1e 0e fffffffe 24 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a4c006770 | unwrapped: 70 82 e8 22 43 41 bb 69 b7 6d b4 60 d1 3b 2a 37 | unwrapped: ab c4 3b fe 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f2a58006900 (size 80) | prf+N: seed-key@0x7f2a58006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7f2a58006900 | nss hmac digest hack: symkey-key@0x7f2a58006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1610789216: 3d fffffff2 ffffffb8 02 24 ffffffee 50 34 ffffff96 08 07 ffffffeb 6c 72 ffffffc7 ffffffc8 ffffff8f ffffffbc fffffff6 22 ffffffd0 4c 18 ffffffe4 ffffffcc ffffffb4 28 69 ffffff92 ffffffbc ffffffab ffffffcc ffffffe9 ffffffb2 56 ffffff85 19 26 fffffff5 2a 7c ffffffbf fffffffc 37 6e 4b 6b ffffffca ffffffbe ffffffb6 ffffffbf fffffff9 29 ffffffe6 ffffffb8 50 1a 0c 48 19 04 fffffff4 1b ffffff93 ffffff9e ffffffec ffffffe6 ffffffb1 ffffffb5 09 32 ffffffdb 5a 21 ffffffc1 12 1c 73 ffffffa3 ffffffc6 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a4c004ad0 | unwrapped: 82 a0 03 80 06 37 a7 c5 93 c8 65 21 86 0b 0b d6 | unwrapped: 1f 11 93 80 f9 76 4e c6 bb 49 37 fc 0f 0b dd 83 | unwrapped: 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 7b f1 e3 e6 | unwrapped: 35 4f 19 fb cf a6 4f 83 35 0a 52 1a c7 9c 46 ce | unwrapped: 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6002b520 | result: final-key@0x7f2a4c001a70 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a4c001a70 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6002b508 | result: final-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a4c001a70 | prf+N PRF sha final-key@0x564e2d1ca300 (size 20) | prf+N: key-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a4c005db0 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a6002b598 | result: result-key@0x7f2a4c001a70 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a4c005db0 | prfplus: release old_t[N]-key@0x564e2d1c3300 | prf+N PRF sha init key-key@0x7f2a4c006900 (size 20) | prf+N: key-key@0x7f2a4c006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4c006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6002b518 | result: clone-key@0x564e2d1c3300 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a4c003aa0 from key-key@0x564e2d1c3300 | prf+N prf: begin sha with context 0x7f2a4c003aa0 from key-key@0x564e2d1c3300 | prf+N: release clone-key@0x564e2d1c3300 | prf+N PRF sha crypt-prf@0x7f2a4c002a80 | prf+N PRF sha update old_t-key@0x564e2d1ca300 (size 20) | prf+N: old_t-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564e2d1ca300 | nss hmac digest hack: symkey-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1610789216: 54 11 ffffffab 34 06 fffffff7 5d ffffffb6 43 22 51 ffffffe9 38 ffffffc8 ffffffa1 ffffffdc 27 fffffffb ffffffe6 ffffff9b ffffffa9 ffffffc8 04 ffffffea fffffff0 5b ffffff8e 20 ffffffa5 ffffffae ffffff82 fffffff6 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a4c001460 | unwrapped: b6 c1 4f 5b 5e 69 57 82 3b 52 79 95 dd 2c f0 bb | unwrapped: 56 b2 18 d7 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f2a58006900 (size 80) | prf+N: seed-key@0x7f2a58006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7f2a58006900 | nss hmac digest hack: symkey-key@0x7f2a58006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1610789216: 3d fffffff2 ffffffb8 02 24 ffffffee 50 34 ffffff96 08 07 ffffffeb 6c 72 ffffffc7 ffffffc8 ffffff8f ffffffbc fffffff6 22 ffffffd0 4c 18 ffffffe4 ffffffcc ffffffb4 28 69 ffffff92 ffffffbc ffffffab ffffffcc ffffffe9 ffffffb2 56 ffffff85 19 26 fffffff5 2a 7c ffffffbf fffffffc 37 6e 4b 6b ffffffca ffffffbe ffffffb6 ffffffbf fffffff9 29 ffffffe6 ffffffb8 50 1a 0c 48 19 04 fffffff4 1b ffffff93 ffffff9e ffffffec ffffffe6 ffffffb1 ffffffb5 09 32 ffffffdb 5a 21 ffffffc1 12 1c 73 ffffffa3 ffffffc6 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a4c00c050 | unwrapped: 82 a0 03 80 06 37 a7 c5 93 c8 65 21 86 0b 0b d6 | unwrapped: 1f 11 93 80 f9 76 4e c6 bb 49 37 fc 0f 0b dd 83 | unwrapped: 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 7b f1 e3 e6 | unwrapped: 35 4f 19 fb cf a6 4f 83 35 0a 52 1a c7 9c 46 ce | unwrapped: 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6002b520 | result: final-key@0x7f2a4c005db0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a4c005db0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6002b508 | result: final-key@0x564e2d1c3300 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a4c005db0 | prf+N PRF sha final-key@0x564e2d1c3300 (size 20) | prf+N: key-key@0x564e2d1c3300 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a4c001a70 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a6002b598 | result: result-key@0x7f2a4c005db0 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a4c001a70 | prfplus: release old_t[N]-key@0x564e2d1ca300 | prf+N PRF sha init key-key@0x7f2a4c006900 (size 20) | prf+N: key-key@0x7f2a4c006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4c006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6002b518 | result: clone-key@0x564e2d1ca300 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a4c003aa0 from key-key@0x564e2d1ca300 | prf+N prf: begin sha with context 0x7f2a4c003aa0 from key-key@0x564e2d1ca300 | prf+N: release clone-key@0x564e2d1ca300 | prf+N PRF sha crypt-prf@0x7f2a4c0010c0 | prf+N PRF sha update old_t-key@0x564e2d1c3300 (size 20) | prf+N: old_t-key@0x564e2d1c3300 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564e2d1c3300 | nss hmac digest hack: symkey-key@0x564e2d1c3300 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1610789216: 06 ffffffe3 7d 19 ffffffb6 ffffffc5 ffffffb1 3e 65 14 78 1d ffffffeb 18 04 2d 24 1f ffffffce 69 fffffff1 31 26 24 73 ffffff8e 1f ffffffc1 35 ffffffc9 ffffffae ffffffcf | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a4c00c1b0 | unwrapped: e9 38 46 26 a9 99 c1 aa 09 f9 66 64 fd ba c7 08 | unwrapped: 2c 82 db c2 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f2a58006900 (size 80) | prf+N: seed-key@0x7f2a58006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7f2a58006900 | nss hmac digest hack: symkey-key@0x7f2a58006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1610789216: 3d fffffff2 ffffffb8 02 24 ffffffee 50 34 ffffff96 08 07 ffffffeb 6c 72 ffffffc7 ffffffc8 ffffff8f ffffffbc fffffff6 22 ffffffd0 4c 18 ffffffe4 ffffffcc ffffffb4 28 69 ffffff92 ffffffbc ffffffab ffffffcc ffffffe9 ffffffb2 56 ffffff85 19 26 fffffff5 2a 7c ffffffbf fffffffc 37 6e 4b 6b ffffffca ffffffbe ffffffb6 ffffffbf fffffff9 29 ffffffe6 ffffffb8 50 1a 0c 48 19 04 fffffff4 1b ffffff93 ffffff9e ffffffec ffffffe6 ffffffb1 ffffffb5 09 32 ffffffdb 5a 21 ffffffc1 12 1c 73 ffffffa3 ffffffc6 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a4c004a70 | unwrapped: 82 a0 03 80 06 37 a7 c5 93 c8 65 21 86 0b 0b d6 | unwrapped: 1f 11 93 80 f9 76 4e c6 bb 49 37 fc 0f 0b dd 83 | unwrapped: 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 7b f1 e3 e6 | unwrapped: 35 4f 19 fb cf a6 4f 83 35 0a 52 1a c7 9c 46 ce | unwrapped: 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | prf+N PRF sha update N++-byte@0x8 (8) | 08 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a6002b520 | result: final-key@0x7f2a4c001a70 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a4c001a70 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6002b508 | result: final-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a4c001a70 | prf+N PRF sha final-key@0x564e2d1ca300 (size 20) | prf+N: key-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a4c005db0 (140-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a6002b598 | result: result-key@0x7f2a4c001a70 (160-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a4c005db0 | prfplus: release old_t[N]-key@0x564e2d1c3300 | prfplus: release old_t[final]-key@0x564e2d1ca300 | ike_sa_keymat: release data-key@0x7f2a58006900 | calc_skeyseed_v2: release skeyseed_k-key@0x7f2a4c006900 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a4c001a70 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6002b738 | result: result-key@0x7f2a4c006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a4c001a70 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6002b738 | result: result-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a4c001a70 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6002b738 | result: result-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: DES3_CBC | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x7f2a4c001a70 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6002b748 | result: SK_ei_k-key@0x564e2d1c3300 (24-bytes, DES3_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 84, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: DES3_CBC | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x7f2a4c001a70 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6002b748 | result: SK_er_k-key@0x7f2a4c005db0 (24-bytes, DES3_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 108, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a4c001a70 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6002b748 | result: result-key@0x7f2a4c00c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x7f2a4c00c3d0 | chunk_SK_pi: symkey-key@0x7f2a4c00c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)540291104: 40 ffffff82 ffffff9e fffffff7 41 ffffffcb ffffff8e ffffffa0 29 ffffff8c 3f fffffff4 17 30 fffffff9 34 ffffffbc 3f 3b ffffffab ffffffc5 03 ffffff90 ffffffff ffffffb7 ffffffe2 58 38 6c ffffffab 42 ffffffb8 | chunk_SK_pi: release slot-key-key@0x564e2d1a1c00 | chunk_SK_pi extracted len 32 bytes at 0x7f2a4c00c1e0 | unwrapped: 3b 52 79 95 dd 2c f0 bb 56 b2 18 d7 e9 38 46 26 | unwrapped: a9 99 c1 aa 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 128, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a4c001a70 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a6002b748 | result: result-key@0x7f2a4c00c5c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x7f2a4c00c5c0 | chunk_SK_pr: symkey-key@0x7f2a4c00c5c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)540291104: 49 3d ffffff81 fffffff1 ffffff8f 53 78 ffffff99 ffffffe4 2d 1b 4d fffffff5 ffffff9d ffffffb7 ffffffff 7d 03 ffffffa9 02 ffffffe4 ffffff9f 3a ffffff8d ffffff9b ffffff9e 2a 5d ffffffa2 09 ffffff95 fffffff9 | chunk_SK_pr: release slot-key-key@0x564e2d1a1c00 | chunk_SK_pr extracted len 32 bytes at 0x7f2a4c003900 | unwrapped: 09 f9 66 64 fd ba c7 08 2c 82 db c2 b2 76 5a bd | unwrapped: 81 5d 4b da 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x7f2a4c001a70 | calc_skeyseed_v2 pointers: shared-key@0x7f2a4000bdb0, SK_d-key@0x7f2a4c006900, SK_ai-key@0x7f2a58006900, SK_ar-key@0x564e2d1ca300, SK_ei-key@0x564e2d1c3300, SK_er-key@0x7f2a4c005db0, SK_pi-key@0x7f2a4c00c3d0, SK_pr-key@0x7f2a4c00c5c0 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | 3b 52 79 95 dd 2c f0 bb 56 b2 18 d7 e9 38 46 26 | a9 99 c1 aa | calc_skeyseed_v2 SK_pr | 09 f9 66 64 fd ba c7 08 2c 82 db c2 b2 76 5a bd | 81 5d 4b da | crypto helper 3 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 12 time elapsed 0.003623 seconds | (#19) spent 3.24 milliseconds in crypto helper computing work-order 12: ikev2_inI2outR2 KE (pcr) | crypto helper 3 sending results from work-order 12 for state #19 to event queue | scheduling resume sending helper answer for #19 | libevent_malloc: new ptr-libevent@0x7f2a4c0037a0 size 128 | crypto helper 3 waiting (nothing to do) | processing resume sending helper answer for #19 | start processing: state #19 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 12 | calling continuation function 0x564e2b454630 | ikev2_parent_inI2outR2_continue for #19: calculating g^{xy}, sending R2 | DH secret MODP2048@0x7f2a48002010: transferring ownership from helper IKEv2 DH to state #19 | finish_dh_v2: release st_shared_nss-key@NULL | #19 in state PARENT_R1: received v2I1, sent v2R1 | hmac PRF sha init symkey-key@0x7f2a58006900 (size 20) | hmac: symkey-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d766178 | result: clone-key@0x7f2a4c001a70 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x7f2a4c001a70 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x7f2a4c001a70 | hmac: release clone-key@0x7f2a4c001a70 | hmac PRF sha crypt-prf@0x564e2d1c19f0 | hmac PRF sha update data-bytes@0x564e2d139510 (length 184) | 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | a6 c2 c8 d1 d1 e9 70 7f 41 9d 18 8f 9e 2b 7d 3f | f3 c8 86 3a 3e ea 6e 1d 57 2f c7 80 7c 51 5a ba | 8e c2 f7 e4 d3 c3 07 ca ea d5 b1 18 dd ec 34 2b | 04 3b 96 c7 ad 06 8e 92 40 f1 2c ac e8 91 49 7a | fa 93 3a b9 d8 e3 be e5 d3 e0 c3 fa 01 8a 49 ff | 29 64 e4 c4 dc 6b d1 44 c5 a6 64 80 3c de 8f 72 | 4c 98 60 81 7f 25 bc 32 6c 66 ed 6a 5e e8 85 ab | ee c8 ff b8 70 f9 9d ae c5 fa 77 2b 58 b8 b1 b4 | aa 94 f4 b8 76 fe 27 e5 9f 85 59 75 ca b4 e4 31 | 98 d6 5f 4c 87 8f 7b 07 | hmac PRF sha final-bytes@0x7fff8d766340 (length 20) | a6 98 a5 a0 de c6 11 6c eb 31 67 d0 c5 d8 41 98 | 33 25 d0 58 | data for hmac: 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | data for hmac: 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | data for hmac: a6 c2 c8 d1 d1 e9 70 7f 41 9d 18 8f 9e 2b 7d 3f | data for hmac: f3 c8 86 3a 3e ea 6e 1d 57 2f c7 80 7c 51 5a ba | data for hmac: 8e c2 f7 e4 d3 c3 07 ca ea d5 b1 18 dd ec 34 2b | data for hmac: 04 3b 96 c7 ad 06 8e 92 40 f1 2c ac e8 91 49 7a | data for hmac: fa 93 3a b9 d8 e3 be e5 d3 e0 c3 fa 01 8a 49 ff | data for hmac: 29 64 e4 c4 dc 6b d1 44 c5 a6 64 80 3c de 8f 72 | data for hmac: 4c 98 60 81 7f 25 bc 32 6c 66 ed 6a 5e e8 85 ab | data for hmac: ee c8 ff b8 70 f9 9d ae c5 fa 77 2b 58 b8 b1 b4 | data for hmac: aa 94 f4 b8 76 fe 27 e5 9f 85 59 75 ca b4 e4 31 | data for hmac: 98 d6 5f 4c 87 8f 7b 07 | calculated auth: a6 98 a5 a0 de c6 11 6c eb 31 67 d0 | provided auth: a6 98 a5 a0 de c6 11 6c eb 31 67 d0 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | a6 c2 c8 d1 d1 e9 70 7f | payload before decryption: | 41 9d 18 8f 9e 2b 7d 3f f3 c8 86 3a 3e ea 6e 1d | 57 2f c7 80 7c 51 5a ba 8e c2 f7 e4 d3 c3 07 ca | ea d5 b1 18 dd ec 34 2b 04 3b 96 c7 ad 06 8e 92 | 40 f1 2c ac e8 91 49 7a fa 93 3a b9 d8 e3 be e5 | d3 e0 c3 fa 01 8a 49 ff 29 64 e4 c4 dc 6b d1 44 | c5 a6 64 80 3c de 8f 72 4c 98 60 81 7f 25 bc 32 | 6c 66 ed 6a 5e e8 85 ab ee c8 ff b8 70 f9 9d ae | c5 fa 77 2b 58 b8 b1 b4 aa 94 f4 b8 76 fe 27 e5 | 9f 85 59 75 ca b4 e4 31 98 d6 5f 4c 87 8f 7b 07 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | payload after decryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | c3 b3 38 e7 96 bc c0 2c 96 c2 33 7e 33 7c b0 cb | fb 2c d9 4f 2c 00 00 28 00 00 00 24 01 03 04 03 | e5 85 2e 50 03 00 00 08 01 00 00 03 03 00 00 08 | 03 00 00 02 00 00 00 08 05 00 00 00 2d 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 01 00 | c0 00 01 ff 00 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 02 00 c0 00 02 ff 00 01 02 03 | stripping 4 octets as pad | #19 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) | **parse IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDi (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SA (len=36) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Responder: process IKE_AUTH request | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request "east" #19: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} | #19 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | received IDr payload - extracting our alleged ID | refine_host_connection for IKEv2: starting with "east" | match_id a=@west | b=@west | results matched | refine_host_connection: checking "east" against "east", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) | Warning: not switching back to template of current instance | Peer expects us to be @east (ID_FQDN) according to its IDr payload | This connection's local id is @east (ID_FQDN) | refine_host_connection: checked east against east, now for see if best | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x564e2d1ae180 (line=1) | concluding with best_match=014 best=0x564e2d1ae180 (lineno=1) | returning because exact peer id match | offered CA: '%none' "east" #19: IKEv2 mode peer ID is ID_FQDN: '@west' | hmac PRF sha init symkey-key@0x7f2a4c00c3d0 (size 20) | hmac: symkey-key@0x7f2a4c00c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4c00c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765be8 | result: clone-key@0x7f2a4c001a70 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x7f2a4c001a70 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x7f2a4c001a70 | hmac: release clone-key@0x7f2a4c001a70 | hmac PRF sha crypt-prf@0x564e2d1bb660 | idhash verify I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x564e2d13953c (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7fff8d765da0 (length 20) | 45 9e 94 2d 80 2b 55 29 22 79 c8 da 24 24 9e 26 | cc a9 ce b3 | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x564e2d1ae180 (line=1) | concluding with best_match=014 best=0x564e2d1ae180 (lineno=1) | inputs to hash1 (first packet) | 77 b7 16 f5 93 c2 45 01 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | fc a6 33 33 e8 8a e7 83 c7 8d 84 29 25 23 a0 e1 | ee ea 09 e2 73 d5 47 d3 59 9b a0 98 28 8d d2 a1 | b8 5e 31 d2 fa 43 5a 9e 7e 97 6e 21 1f 12 bd ff | 77 04 b5 1e 44 c4 61 93 61 a9 03 2b de 3c 1b fe | 22 54 be 08 8a cc fe 8a ff 22 30 4c c7 ea 6e 8e | 38 41 f7 3f fd 64 63 c8 fd e1 d3 83 54 76 bc a4 | 04 b3 b9 26 f9 75 75 a9 7c cd e4 e0 9c ea 48 e7 | 45 7c a8 71 fd cf 26 2d d6 81 36 0e 7e cc 38 e5 | f4 7c b8 0d 2c fd 9a b6 3c db e8 2b 4b 31 e0 cb | 4a c2 ad 1d 12 c2 b9 32 a4 9c 03 ef 37 64 c9 92 | 2e a6 8b a9 e1 85 71 e5 7f 99 16 05 5f c4 ce 02 | 2b c3 61 d8 8f 6e 06 94 9f 48 9d c1 1f df 09 ab | 22 8c 85 cc 25 78 ec c9 27 cb 23 7c 82 a6 33 2c | fb 3e f1 f3 aa 97 a0 b3 58 0a f2 d0 85 9f 5b 39 | a8 74 40 59 16 be f4 54 cd f9 12 f1 29 6c aa 8a | b7 c2 45 76 9d b8 e3 53 d2 dd 7e b9 dd fb 29 b6 | 29 00 00 24 82 a0 03 80 06 37 a7 c5 93 c8 65 21 | 86 0b 0b d6 1f 11 93 80 f9 76 4e c6 bb 49 37 fc | 0f 0b dd 83 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 9c 0d c6 18 90 d9 15 25 e6 5d 73 e3 | 19 72 28 5a be 28 a4 fa 00 00 00 1c 00 00 40 05 | 92 e1 e0 8b c0 2a 75 c4 94 db 0d 96 ad 87 7b d0 | 78 94 25 da | verify: initiator inputs to hash2 (responder nonce) | 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 7b f1 e3 e6 | 35 4f 19 fb cf a6 4f 83 35 0a 52 1a c7 9c 46 ce | idhash 45 9e 94 2d 80 2b 55 29 22 79 c8 da 24 24 9e 26 | idhash cc a9 ce b3 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x564e2d1b8960 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d7659f0 | result: shared secret-key@0x7f2a480067f0 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7f2a480067f0 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7659d8 | result: shared secret-key@0x7f2a4c001a70 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7f2a480067f0 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x564e2d1a1160 from shared secret-key@0x7f2a4c001a70 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x564e2d1a1160 from shared secret-key@0x7f2a4c001a70 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f2a4c001a70 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x564e2d1c19f0 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x564e2b4e7bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765a10 | result: final-key@0x7f2a480067f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a480067f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7659f8 | result: final-key@0x7f2a4c001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a480067f0 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f2a4c001a70 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f2a4c001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f2a4c001a70 (size 20) | = prf(, ): -key@0x7f2a4c001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4c001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765a08 | result: clone-key@0x7f2a480067f0 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x564e2d1a1160 from -key@0x7f2a480067f0 | = prf(, ) prf: begin sha with context 0x564e2d1a1160 from -key@0x7f2a480067f0 | = prf(, ): release clone-key@0x7f2a480067f0 | = prf(, ) PRF sha crypt-prf@0x564e2d1c3390 | = prf(, ) PRF sha update first-packet-bytes@0x564e2d1c6a50 (length 436) | 77 b7 16 f5 93 c2 45 01 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | fc a6 33 33 e8 8a e7 83 c7 8d 84 29 25 23 a0 e1 | ee ea 09 e2 73 d5 47 d3 59 9b a0 98 28 8d d2 a1 | b8 5e 31 d2 fa 43 5a 9e 7e 97 6e 21 1f 12 bd ff | 77 04 b5 1e 44 c4 61 93 61 a9 03 2b de 3c 1b fe | 22 54 be 08 8a cc fe 8a ff 22 30 4c c7 ea 6e 8e | 38 41 f7 3f fd 64 63 c8 fd e1 d3 83 54 76 bc a4 | 04 b3 b9 26 f9 75 75 a9 7c cd e4 e0 9c ea 48 e7 | 45 7c a8 71 fd cf 26 2d d6 81 36 0e 7e cc 38 e5 | f4 7c b8 0d 2c fd 9a b6 3c db e8 2b 4b 31 e0 cb | 4a c2 ad 1d 12 c2 b9 32 a4 9c 03 ef 37 64 c9 92 | 2e a6 8b a9 e1 85 71 e5 7f 99 16 05 5f c4 ce 02 | 2b c3 61 d8 8f 6e 06 94 9f 48 9d c1 1f df 09 ab | 22 8c 85 cc 25 78 ec c9 27 cb 23 7c 82 a6 33 2c | fb 3e f1 f3 aa 97 a0 b3 58 0a f2 d0 85 9f 5b 39 | a8 74 40 59 16 be f4 54 cd f9 12 f1 29 6c aa 8a | b7 c2 45 76 9d b8 e3 53 d2 dd 7e b9 dd fb 29 b6 | 29 00 00 24 82 a0 03 80 06 37 a7 c5 93 c8 65 21 | 86 0b 0b d6 1f 11 93 80 f9 76 4e c6 bb 49 37 fc | 0f 0b dd 83 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 9c 0d c6 18 90 d9 15 25 e6 5d 73 e3 | 19 72 28 5a be 28 a4 fa 00 00 00 1c 00 00 40 05 | 92 e1 e0 8b c0 2a 75 c4 94 db 0d 96 ad 87 7b d0 | 78 94 25 da | = prf(, ) PRF sha update nonce-bytes@0x7f2a48005cd0 (length 32) | 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 7b f1 e3 e6 | 35 4f 19 fb cf a6 4f 83 35 0a 52 1a c7 9c 46 ce | = prf(, ) PRF sha update hash-bytes@0x7fff8d765da0 (length 20) | 45 9e 94 2d 80 2b 55 29 22 79 c8 da 24 24 9e 26 | cc a9 ce b3 | = prf(, ) PRF sha final-chunk@0x564e2d1bb660 (length 20) | c3 b3 38 e7 96 bc c0 2c 96 c2 33 7e 33 7c b0 cb | fb 2c d9 4f | psk_auth: release prf-psk-key@0x7f2a4c001a70 | Received PSK auth octets | c3 b3 38 e7 96 bc c0 2c 96 c2 33 7e 33 7c b0 cb | fb 2c d9 4f | Calculated PSK auth octets | c3 b3 38 e7 96 bc c0 2c 96 c2 33 7e 33 7c b0 cb | fb 2c d9 4f "east" #19: Authenticated using authby=secret | parent state #19: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) | #19 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) | state #19 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f2a54008da0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f2a4c002b20 | event_schedule: new EVENT_SA_REKEY-pe@0x7f2a4c002b20 | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #19 | libevent_malloc: new ptr-libevent@0x7f2a54008da0 size 128 | pstats #19 ikev2.ike established | **emit ISAKMP Message: | initiator cookie: | 77 b7 16 f5 93 c2 45 01 | responder cookie: | 4d 0c 58 38 db f7 da 56 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | hmac PRF sha init symkey-key@0x7f2a4c00c5c0 (size 20) | hmac: symkey-key@0x7f2a4c00c5c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4c00c5c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765558 | result: clone-key@0x7f2a4c001a70 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x7f2a4c001a70 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x7f2a4c001a70 | hmac: release clone-key@0x7f2a4c001a70 | hmac PRF sha crypt-prf@0x564e2d1be510 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload | my identity 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | idhash calc R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x564e2b55396c (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7fff8d765860 (length 20) | b5 0b 3f 0e 9a 56 cf 6c 78 9c 3c 93 19 95 0e 1c | 43 a8 a1 73 | assembled IDr payload | CHILD SA proposals received | going to assemble AUTH payload | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x564e2d1ae180 (line=1) | concluding with best_match=014 best=0x564e2d1ae180 (lineno=1) | inputs to hash1 (first packet) | 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | 3b d2 e1 39 da 3d e9 2a 83 0c d2 04 be ce d8 df | f5 48 b7 94 ce 04 9d 8c 0b b1 42 07 1f 6d 4a 7a | 4f 4c 03 3e de 3d b6 fe e3 d1 d2 62 9e 26 8d 80 | 51 fa a1 55 77 04 5b f6 cb 15 28 d9 9f a1 25 e9 | b9 c7 05 cc 85 c2 c2 b0 a4 6f b0 fe 95 21 cc 77 | af 3d 89 a5 7e de b2 2f db 81 6c 24 be 21 b6 b3 | b4 5c 3a 25 fe b8 22 c4 ba c2 2d 48 ee 23 62 bc | 44 cf 53 22 62 85 ca d8 27 42 cf 8c 45 f5 16 20 | a6 1d fd ae 99 9c eb 0a 87 c5 0e 89 05 ff 4c 6f | 41 d4 4d 46 49 60 90 c1 4c 18 34 ed 03 8a 70 e3 | d0 33 2d 45 ea db 58 c0 27 81 dd cb 43 39 a7 bc | 38 59 7e ba bd 4c 30 c9 0a 28 79 a5 54 6e e4 13 | 42 6b 68 ed f7 ea 2d 88 89 24 35 9a 21 ee 33 17 | 8f ad 85 00 85 e6 58 3b 96 d2 ea 28 06 73 dd 20 | d8 3d 2a 54 fe 1a bf b9 9a 66 66 dd 85 26 51 c7 | 4c 04 15 c7 4f c0 64 bc a4 1d b4 1a 7c ad 72 c4 | 29 00 00 24 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 | 7b f1 e3 e6 35 4f 19 fb cf a6 4f 83 35 0a 52 1a | c7 9c 46 ce 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 f1 05 de 2d 07 2f 07 6d f2 56 c0 e2 | 35 f6 36 ab 3f 59 63 c6 00 00 00 1c 00 00 40 05 | db 3f ad ff d9 41 57 4c 05 c7 50 98 15 16 56 5d | cf 1d 80 22 | create: responder inputs to hash2 (initiator nonce) | 82 a0 03 80 06 37 a7 c5 93 c8 65 21 86 0b 0b d6 | 1f 11 93 80 f9 76 4e c6 bb 49 37 fc 0f 0b dd 83 | idhash b5 0b 3f 0e 9a 56 cf 6c 78 9c 3c 93 19 95 0e 1c | idhash 43 a8 a1 73 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x564e2d1b8960 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765350 | result: shared secret-key@0x7f2a480067f0 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7f2a480067f0 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765338 | result: shared secret-key@0x7f2a4c001a70 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7f2a480067f0 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x564e2d1a1160 from shared secret-key@0x7f2a4c001a70 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x564e2d1a1160 from shared secret-key@0x7f2a4c001a70 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f2a4c001a70 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x564e2d1bb660 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x564e2b4e7bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765370 | result: final-key@0x7f2a480067f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a480067f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765358 | result: final-key@0x7f2a4c001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a480067f0 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f2a4c001a70 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f2a4c001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f2a4c001a70 (size 20) | = prf(, ): -key@0x7f2a4c001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4c001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765368 | result: clone-key@0x7f2a480067f0 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x564e2d1a1160 from -key@0x7f2a480067f0 | = prf(, ) prf: begin sha with context 0x564e2d1a1160 from -key@0x7f2a480067f0 | = prf(, ): release clone-key@0x7f2a480067f0 | = prf(, ) PRF sha crypt-prf@0x564e2d1c19f0 | = prf(, ) PRF sha update first-packet-bytes@0x564e2d1c6e50 (length 436) | 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | 3b d2 e1 39 da 3d e9 2a 83 0c d2 04 be ce d8 df | f5 48 b7 94 ce 04 9d 8c 0b b1 42 07 1f 6d 4a 7a | 4f 4c 03 3e de 3d b6 fe e3 d1 d2 62 9e 26 8d 80 | 51 fa a1 55 77 04 5b f6 cb 15 28 d9 9f a1 25 e9 | b9 c7 05 cc 85 c2 c2 b0 a4 6f b0 fe 95 21 cc 77 | af 3d 89 a5 7e de b2 2f db 81 6c 24 be 21 b6 b3 | b4 5c 3a 25 fe b8 22 c4 ba c2 2d 48 ee 23 62 bc | 44 cf 53 22 62 85 ca d8 27 42 cf 8c 45 f5 16 20 | a6 1d fd ae 99 9c eb 0a 87 c5 0e 89 05 ff 4c 6f | 41 d4 4d 46 49 60 90 c1 4c 18 34 ed 03 8a 70 e3 | d0 33 2d 45 ea db 58 c0 27 81 dd cb 43 39 a7 bc | 38 59 7e ba bd 4c 30 c9 0a 28 79 a5 54 6e e4 13 | 42 6b 68 ed f7 ea 2d 88 89 24 35 9a 21 ee 33 17 | 8f ad 85 00 85 e6 58 3b 96 d2 ea 28 06 73 dd 20 | d8 3d 2a 54 fe 1a bf b9 9a 66 66 dd 85 26 51 c7 | 4c 04 15 c7 4f c0 64 bc a4 1d b4 1a 7c ad 72 c4 | 29 00 00 24 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 | 7b f1 e3 e6 35 4f 19 fb cf a6 4f 83 35 0a 52 1a | c7 9c 46 ce 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 f1 05 de 2d 07 2f 07 6d f2 56 c0 e2 | 35 f6 36 ab 3f 59 63 c6 00 00 00 1c 00 00 40 05 | db 3f ad ff d9 41 57 4c 05 c7 50 98 15 16 56 5d | cf 1d 80 22 | = prf(, ) PRF sha update nonce-bytes@0x7f2a540089c0 (length 32) | 82 a0 03 80 06 37 a7 c5 93 c8 65 21 86 0b 0b d6 | 1f 11 93 80 f9 76 4e c6 bb 49 37 fc 0f 0b dd 83 | = prf(, ) PRF sha update hash-bytes@0x7fff8d765860 (length 20) | b5 0b 3f 0e 9a 56 cf 6c 78 9c 3c 93 19 95 0e 1c | 43 a8 a1 73 | = prf(, ) PRF sha final-chunk@0x564e2d1be510 (length 20) | c8 cc 08 80 af 92 26 31 d3 01 33 bd a8 f9 b2 b9 | 80 ce c6 52 | psk_auth: release prf-psk-key@0x7f2a4c001a70 | PSK auth octets c8 cc 08 80 af 92 26 31 d3 01 33 bd a8 f9 b2 b9 | PSK auth octets 80 ce c6 52 | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth c8 cc 08 80 af 92 26 31 d3 01 33 bd a8 f9 b2 b9 | PSK auth 80 ce c6 52 | emitting length of IKEv2 Authentication Payload: 28 | creating state object #20 at 0x564e2d1cd440 | State DB: adding IKEv2 state #20 in UNDEFINED | pstats #20 ikev2.child started | duplicating state object #19 "east" as #20 for IPSEC SA | #20 setting local endpoint to 192.1.2.23:500 from #19.st_localport (in duplicate_state() at state.c:1481) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x7f2a4c006900 | duplicate_state: reference st_skey_ai_nss-key@0x7f2a58006900 | duplicate_state: reference st_skey_ar_nss-key@0x564e2d1ca300 | duplicate_state: reference st_skey_ei_nss-key@0x564e2d1c3300 | duplicate_state: reference st_skey_er_nss-key@0x7f2a4c005db0 | duplicate_state: reference st_skey_pi_nss-key@0x7f2a4c00c3d0 | duplicate_state: reference st_skey_pr_nss-key@0x7f2a4c00c5c0 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #19.#20; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #19 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 | Message ID: switch-to #19.#20 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 | Child SA TS Request has ike->sa == md->st; so using parent connection | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | looking for best SPD in current connection | evaluating our conn="east" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found better spd route for TSi[0],TSr[0] | looking for better host pair | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | checking hostpair 192.0.2.0/24:0 -> 192.0.1.0/24:0 is found | investigating connection "east" as a better match | match_id a=@west | b=@west | results matched | evaluating our conn="east" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | did not find a better connection using host pair | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | using existing local ESP/AH proposals for east (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED 2:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 0 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 1 transforms | local proposal 2 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 36 (0x24) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI e5 85 2e 50 | Comparing remote proposal 1 containing 3 transforms against local proposal [1..2] of 2 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | remote proposal 1 transform 0 (ENCR=3DES) matches local proposal 2 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: INTEG+ESN | remote proposal 1 does not match local proposal 1; unmatched transforms: ENCR; missing transforms: ENCR | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 2; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 2 "east" #19: proposal 1:ESP:SPI=e5852e50;ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=e5852e50;ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: 3DES=3, found 3DES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | netlink_get_spi: allocated 0xf92283f4 for esp.0@192.1.2.23 | Emitting ikev2_proposal ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi f9 22 83 f4 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 36 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 40 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 01 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 02 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | integ=sha: .key_size=20 encrypt=3des_cbc: .key_size=24 .salt_size=0 keymat_len=44 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d7653e0 | result: data=Ni-key@0x7f2a480067f0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x7f2a480067f0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7653c8 | result: data=Ni-key@0x7f2a4c001a70 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x7f2a480067f0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a4c001a70 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff8d7653d0 | result: data+=Nr-key@0x7f2a480067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f2a4c001a70 | prf+0 PRF sha init key-key@0x7f2a4c006900 (size 20) | prf+0: key-key@0x7f2a4c006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4c006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652f8 | result: clone-key@0x7f2a4c001a70 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x564e2d1a1160 from key-key@0x7f2a4c001a70 | prf+0 prf: begin sha with context 0x564e2d1a1160 from key-key@0x7f2a4c001a70 | prf+0: release clone-key@0x7f2a4c001a70 | prf+0 PRF sha crypt-prf@0x564e2d1c3390 | prf+0 PRF sha update seed-key@0x7f2a480067f0 (size 64) | prf+0: seed-key@0x7f2a480067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f2a480067f0 | nss hmac digest hack: symkey-key@0x7f2a480067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1921626304: 3d fffffff2 ffffffb8 02 24 ffffffee 50 34 ffffff96 08 07 ffffffeb 6c 72 ffffffc7 ffffffc8 ffffff8f ffffffbc fffffff6 22 ffffffd0 4c 18 ffffffe4 ffffffcc ffffffb4 28 69 ffffff92 ffffffbc ffffffab ffffffcc ffffffe9 ffffffb2 56 ffffff85 19 26 fffffff5 2a 7c ffffffbf fffffffc 37 6e 4b 6b ffffffca ffffffbe ffffffb6 ffffffbf fffffff9 29 ffffffe6 ffffffb8 50 1a 0c 48 19 04 fffffff4 1b ffffff93 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 64 bytes at 0x564e2d1c18f0 | unwrapped: 82 a0 03 80 06 37 a7 c5 93 c8 65 21 86 0b 0b d6 | unwrapped: 1f 11 93 80 f9 76 4e c6 bb 49 37 fc 0f 0b dd 83 | unwrapped: 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 7b f1 e3 e6 | unwrapped: 35 4f 19 fb cf a6 4f 83 35 0a 52 1a c7 9c 46 ce | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765300 | result: final-key@0x7f2a44006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a44006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652e8 | result: final-key@0x7f2a4c001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a44006900 | prf+0 PRF sha final-key@0x7f2a4c001a70 (size 20) | prf+0: key-key@0x7f2a4c001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x7f2a4c001a70 | prf+N PRF sha init key-key@0x7f2a4c006900 (size 20) | prf+N: key-key@0x7f2a4c006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4c006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652f8 | result: clone-key@0x7f2a44006900 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x564e2d1a1160 from key-key@0x7f2a44006900 | prf+N prf: begin sha with context 0x564e2d1a1160 from key-key@0x7f2a44006900 | prf+N: release clone-key@0x7f2a44006900 | prf+N PRF sha crypt-prf@0x564e2d1bb660 | prf+N PRF sha update old_t-key@0x7f2a4c001a70 (size 20) | prf+N: old_t-key@0x7f2a4c001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f2a4c001a70 | nss hmac digest hack: symkey-key@0x7f2a4c001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1921626304: ffffffb8 6c ffffffb6 23 ffffffe6 2b 2d ffffffb5 29 ffffffd9 10 ffffffba ffffffc4 ffffffde 09 33 fffffff7 ffffff91 42 72 fffffff5 ffffffb2 5c ffffff84 ffffffe9 ffffffa6 28 ffffffd5 ffffffed 36 6d ffffffb6 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x564e2d1c0150 | unwrapped: 85 f9 86 b4 3d ba 5a 88 6e cc 1e 46 98 e5 c6 93 | unwrapped: 9e a7 5e b4 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f2a480067f0 (size 64) | prf+N: seed-key@0x7f2a480067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f2a480067f0 | nss hmac digest hack: symkey-key@0x7f2a480067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1921626304: 3d fffffff2 ffffffb8 02 24 ffffffee 50 34 ffffff96 08 07 ffffffeb 6c 72 ffffffc7 ffffffc8 ffffff8f ffffffbc fffffff6 22 ffffffd0 4c 18 ffffffe4 ffffffcc ffffffb4 28 69 ffffff92 ffffffbc ffffffab ffffffcc ffffffe9 ffffffb2 56 ffffff85 19 26 fffffff5 2a 7c ffffffbf fffffffc 37 6e 4b 6b ffffffca ffffffbe ffffffb6 ffffffbf fffffff9 29 ffffffe6 ffffffb8 50 1a 0c 48 19 04 fffffff4 1b ffffff93 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 64 bytes at 0x564e2d1c1800 | unwrapped: 82 a0 03 80 06 37 a7 c5 93 c8 65 21 86 0b 0b d6 | unwrapped: 1f 11 93 80 f9 76 4e c6 bb 49 37 fc 0f 0b dd 83 | unwrapped: 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 7b f1 e3 e6 | unwrapped: 35 4f 19 fb cf a6 4f 83 35 0a 52 1a c7 9c 46 ce | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765300 | result: final-key@0x7f2a58006720 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a58006720 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652e8 | result: final-key@0x7f2a44006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a58006720 | prf+N PRF sha final-key@0x7f2a44006900 (size 20) | prf+N: key-key@0x7f2a44006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a4c001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff8d765378 | result: result-key@0x7f2a58006720 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a4c001a70 | prfplus: release old_t[N]-key@0x7f2a4c001a70 | prf+N PRF sha init key-key@0x7f2a4c006900 (size 20) | prf+N: key-key@0x7f2a4c006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4c006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652f8 | result: clone-key@0x7f2a4c001a70 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x564e2d1a1160 from key-key@0x7f2a4c001a70 | prf+N prf: begin sha with context 0x564e2d1a1160 from key-key@0x7f2a4c001a70 | prf+N: release clone-key@0x7f2a4c001a70 | prf+N PRF sha crypt-prf@0x564e2d1c1aa0 | prf+N PRF sha update old_t-key@0x7f2a44006900 (size 20) | prf+N: old_t-key@0x7f2a44006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f2a44006900 | nss hmac digest hack: symkey-key@0x7f2a44006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1921626304: ffffff85 ffffffa3 ffffff86 fffffff4 22 ffffffc9 ffffffc4 28 ffffffeb ffffffe4 58 4f 03 4c ffffffcc ffffffaf ffffffc4 14 3a 4a ffffffd4 fffffff5 ffffffda 63 fffffff7 0f ffffffa8 ffffffa8 ffffff87 fffffff7 51 ffffffae | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x564e2d1c33b0 | unwrapped: 37 b6 8e d1 50 64 00 f6 3a 65 ab eb 86 43 7d 5a | unwrapped: 2c 55 e1 10 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f2a480067f0 (size 64) | prf+N: seed-key@0x7f2a480067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f2a480067f0 | nss hmac digest hack: symkey-key@0x7f2a480067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1921626304: 3d fffffff2 ffffffb8 02 24 ffffffee 50 34 ffffff96 08 07 ffffffeb 6c 72 ffffffc7 ffffffc8 ffffff8f ffffffbc fffffff6 22 ffffffd0 4c 18 ffffffe4 ffffffcc ffffffb4 28 69 ffffff92 ffffffbc ffffffab ffffffcc ffffffe9 ffffffb2 56 ffffff85 19 26 fffffff5 2a 7c ffffffbf fffffffc 37 6e 4b 6b ffffffca ffffffbe ffffffb6 ffffffbf fffffff9 29 ffffffe6 ffffffb8 50 1a 0c 48 19 04 fffffff4 1b ffffff93 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 64 bytes at 0x564e2d1b9380 | unwrapped: 82 a0 03 80 06 37 a7 c5 93 c8 65 21 86 0b 0b d6 | unwrapped: 1f 11 93 80 f9 76 4e c6 bb 49 37 fc 0f 0b dd 83 | unwrapped: 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 7b f1 e3 e6 | unwrapped: 35 4f 19 fb cf a6 4f 83 35 0a 52 1a c7 9c 46 ce | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765300 | result: final-key@0x564e2d1ca390 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d1ca390 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652e8 | result: final-key@0x7f2a4c001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564e2d1ca390 | prf+N PRF sha final-key@0x7f2a4c001a70 (size 20) | prf+N: key-key@0x7f2a4c001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a58006720 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff8d765378 | result: result-key@0x564e2d1ca390 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a58006720 | prfplus: release old_t[N]-key@0x7f2a44006900 | prf+N PRF sha init key-key@0x7f2a4c006900 (size 20) | prf+N: key-key@0x7f2a4c006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4c006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652f8 | result: clone-key@0x7f2a44006900 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x564e2d1a1160 from key-key@0x7f2a44006900 | prf+N prf: begin sha with context 0x564e2d1a1160 from key-key@0x7f2a44006900 | prf+N: release clone-key@0x7f2a44006900 | prf+N PRF sha crypt-prf@0x564e2d1c19f0 | prf+N PRF sha update old_t-key@0x7f2a4c001a70 (size 20) | prf+N: old_t-key@0x7f2a4c001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f2a4c001a70 | nss hmac digest hack: symkey-key@0x7f2a4c001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1921626304: 0b ffffffe7 fffffff6 ffffffba 71 ffffff95 ffffffae ffffff80 0b 63 25 0a ffffff90 ffffffc5 40 68 fffffff9 2f ffffffce 1a 67 ffffffa6 34 16 ffffffa3 75 fffffffa 45 ffffffd7 25 60 35 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x564e2d1c33b0 | unwrapped: f9 b3 94 bb af a0 94 35 a2 20 8a 27 60 76 22 21 | unwrapped: fe 5e 93 93 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f2a480067f0 (size 64) | prf+N: seed-key@0x7f2a480067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f2a480067f0 | nss hmac digest hack: symkey-key@0x7f2a480067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1921626304: 3d fffffff2 ffffffb8 02 24 ffffffee 50 34 ffffff96 08 07 ffffffeb 6c 72 ffffffc7 ffffffc8 ffffff8f ffffffbc fffffff6 22 ffffffd0 4c 18 ffffffe4 ffffffcc ffffffb4 28 69 ffffff92 ffffffbc ffffffab ffffffcc ffffffe9 ffffffb2 56 ffffff85 19 26 fffffff5 2a 7c ffffffbf fffffffc 37 6e 4b 6b ffffffca ffffffbe ffffffb6 ffffffbf fffffff9 29 ffffffe6 ffffffb8 50 1a 0c 48 19 04 fffffff4 1b ffffff93 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 64 bytes at 0x564e2d1c17b0 | unwrapped: 82 a0 03 80 06 37 a7 c5 93 c8 65 21 86 0b 0b d6 | unwrapped: 1f 11 93 80 f9 76 4e c6 bb 49 37 fc 0f 0b dd 83 | unwrapped: 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 7b f1 e3 e6 | unwrapped: 35 4f 19 fb cf a6 4f 83 35 0a 52 1a c7 9c 46 ce | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765300 | result: final-key@0x7f2a58006720 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a58006720 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652e8 | result: final-key@0x7f2a44006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a58006720 | prf+N PRF sha final-key@0x7f2a44006900 (size 20) | prf+N: key-key@0x7f2a44006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d1ca390 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff8d765378 | result: result-key@0x7f2a58006720 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564e2d1ca390 | prfplus: release old_t[N]-key@0x7f2a4c001a70 | prf+N PRF sha init key-key@0x7f2a4c006900 (size 20) | prf+N: key-key@0x7f2a4c006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4c006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652f8 | result: clone-key@0x7f2a4c001a70 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x564e2d1a1160 from key-key@0x7f2a4c001a70 | prf+N prf: begin sha with context 0x564e2d1a1160 from key-key@0x7f2a4c001a70 | prf+N: release clone-key@0x7f2a4c001a70 | prf+N PRF sha crypt-prf@0x564e2d1c1aa0 | prf+N PRF sha update old_t-key@0x7f2a44006900 (size 20) | prf+N: old_t-key@0x7f2a44006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f2a44006900 | nss hmac digest hack: symkey-key@0x7f2a44006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1921626304: 67 ffffffb9 ffffff8c ffffffda 76 26 ffffffab ffffffcf ffffff94 5f 57 ffffffdc 25 26 ffffffa8 61 55 6d ffffff83 ffffffd1 ffffffdf ffffff8c 79 ffffffb0 68 7a 26 59 ffffffcf 43 07 76 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x564e2d1c0150 | unwrapped: 54 9a 4b 8c 5e d7 63 ea 6d 63 34 12 50 1a b5 ed | unwrapped: 71 0a a7 99 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f2a480067f0 (size 64) | prf+N: seed-key@0x7f2a480067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f2a480067f0 | nss hmac digest hack: symkey-key@0x7f2a480067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1921626304: 3d fffffff2 ffffffb8 02 24 ffffffee 50 34 ffffff96 08 07 ffffffeb 6c 72 ffffffc7 ffffffc8 ffffff8f ffffffbc fffffff6 22 ffffffd0 4c 18 ffffffe4 ffffffcc ffffffb4 28 69 ffffff92 ffffffbc ffffffab ffffffcc ffffffe9 ffffffb2 56 ffffff85 19 26 fffffff5 2a 7c ffffffbf fffffffc 37 6e 4b 6b ffffffca ffffffbe ffffffb6 ffffffbf fffffff9 29 ffffffe6 ffffffb8 50 1a 0c 48 19 04 fffffff4 1b ffffff93 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 64 bytes at 0x564e2d1c18f0 | unwrapped: 82 a0 03 80 06 37 a7 c5 93 c8 65 21 86 0b 0b d6 | unwrapped: 1f 11 93 80 f9 76 4e c6 bb 49 37 fc 0f 0b dd 83 | unwrapped: 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 7b f1 e3 e6 | unwrapped: 35 4f 19 fb cf a6 4f 83 35 0a 52 1a c7 9c 46 ce | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765300 | result: final-key@0x564e2d1ca390 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d1ca390 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652e8 | result: final-key@0x7f2a4c001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564e2d1ca390 | prf+N PRF sha final-key@0x7f2a4c001a70 (size 20) | prf+N: key-key@0x7f2a4c001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a58006720 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff8d765378 | result: result-key@0x564e2d1ca390 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a58006720 | prfplus: release old_t[N]-key@0x7f2a44006900 | prfplus: release old_t[final]-key@0x7f2a4c001a70 | child_sa_keymat: release data-key@0x7f2a480067f0 | key-offset: 0, key-size: 44 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 44-bytes | base: base-key@0x564e2d1ca390 (100-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765458 | result: result-key@0x7f2a480067f0 (44-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 44 bytes of key@0x7f2a480067f0 | initiator to responder keys: symkey-key@0x7f2a480067f0 (44-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x564e2d1a1c00 (44-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)538982710: ffffffb8 6c ffffffb6 23 ffffffe6 2b 2d ffffffb5 29 ffffffd9 10 ffffffba ffffffc4 ffffffde 09 33 ffffff91 ffffff89 24 ffffffb1 48 ffffffb8 2e 3e ffffff8e ffffff98 ffffffa9 52 02 65 ffffffe0 ffffffa8 ffffffe4 04 14 4e 01 ffffffe4 ffffff8c ffffff85 6f ffffffc0 08 ffffff87 72 ffffffb5 2d ffffffb0 | initiator to responder keys: release slot-key-key@0x564e2d1a1c00 | initiator to responder keys extracted len 48 bytes at 0x564e2d1bb840 | unwrapped: 85 f9 86 b4 3d ba 5a 88 6e cc 1e 46 98 e5 c6 93 | unwrapped: 9e a7 5e b4 37 b6 8e d1 50 64 00 f6 3a 65 ab eb | unwrapped: 86 43 7d 5a 2c 55 e1 10 f9 b3 94 bb 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x7f2a480067f0 | key-offset: 44, key-size: 44 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 44-bytes | base: base-key@0x564e2d1ca390 (100-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765458 | result: result-key@0x7f2a480067f0 (44-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 44 bytes of key@0x7f2a480067f0 | responder to initiator keys:: symkey-key@0x7f2a480067f0 (44-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x564e2d1a1c00 (44-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)538982710: 73 ffffff89 ffffff82 fffffff7 67 48 5e 76 28 0d ffffffba 10 ffffffde 0f ffffffaa fffffffe 67 ffffffb9 ffffff8c ffffffda 76 26 ffffffab ffffffcf ffffff94 5f 57 ffffffdc 25 26 ffffffa8 61 fffffff9 ffffffd4 ffffffdc 7e ffffffeb 20 ffffffb9 fffffff2 ffffffe0 70 fffffff0 ffffffa6 ffffff9c ffffffc7 ffffffc4 ffffff80 | responder to initiator keys:: release slot-key-key@0x564e2d1a1c00 | responder to initiator keys: extracted len 48 bytes at 0x564e2d1bb7d0 | unwrapped: af a0 94 35 a2 20 8a 27 60 76 22 21 fe 5e 93 93 | unwrapped: 54 9a 4b 8c 5e d7 63 ea 6d 63 34 12 50 1a b5 ed | unwrapped: 71 0a a7 99 32 1f 08 9e 64 76 ab 17 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x7f2a480067f0 | ikev2_derive_child_keys: release keymat-key@0x564e2d1ca390 | FOR_EACH_CONNECTION_... in ISAKMP_SA_established | #19 spent 2.77 milliseconds | install_ipsec_sa() for #20: inbound and outbound | could_route called for east (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" prospective erouted: self; eroute owner: self | looking for alg with encrypt: 3DES_CBC keylen: 192 integ: HMAC_SHA1_96 | encrypt 3DES_CBC keylen=192 transid=3, key_size=24, encryptalg=3 | st->st_esp.keymat_len=44 is encrypt_keymat_size=24 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.e5852e50@192.1.2.45 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: 3DES_CBC keylen: 192 integ: HMAC_SHA1_96 | encrypt 3DES_CBC keylen=192 transid=3, key_size=24, encryptalg=3 | st->st_esp.keymat_len=44 is encrypt_keymat_size=24 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.f92283f4@192.1.2.23 included non-error error | priority calculation of connection "east" is 0xfe7e7 | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #20: prospective erouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" prospective erouted: self; eroute owner: self | route_and_eroute with c: east (next: none) ero:east esr:{(nil)} ro:east rosr:{(nil)} and state: #20 | priority calculation of connection "east" is 0xfe7e7 | eroute_connection replace eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45>tun.0@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xe5852e50 SPI_OUT=0xf92 | popen cmd is 1020 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFA: | cmd( 80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' : | cmd( 160):PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_M: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1638: | cmd( 320):8' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_: | cmd( 400):CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK=': | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKE: | cmd( 640):V2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO: | cmd( 720):_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_IN: | cmd( 800):FO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_: | cmd( 880):CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=: | cmd( 960):'no' SPI_IN=0xe5852e50 SPI_OUT=0xf92283f4 ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | route_and_eroute: instance "east", setting eroute_owner {spd=0x564e2d1b9a50,sr=0x564e2d1b9a50} to #20 (was #0) (newest_ipsec_sa=#0) | #19 spent 0.698 milliseconds in install_ipsec_sa() | ISAKMP_v2_IKE_AUTH: instance east[0], setting IKEv2 newest_ipsec_sa to #20 (was #0) (spd.eroute=#20) cloned from #19 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 160 | emitting length of ISAKMP Message: 188 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 60 75 d1 ed 13 c9 3e b1 | data before encryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 c8 cc 08 80 af 92 26 31 d3 01 33 bd | a8 f9 b2 b9 80 ce c6 52 2c 00 00 28 00 00 00 24 | 01 03 04 03 f9 22 83 f4 03 00 00 08 01 00 00 03 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | a8 b6 d1 69 d4 c4 83 ef a3 cc 2d 68 3b 7c c6 fb | 71 2c ad e1 36 e6 8b 0d ea 39 82 cc d2 b3 64 a1 | 40 f2 4d 23 a4 10 9f 4f 4f 74 b1 55 3b df ea 12 | b9 dc b6 9f 1d 07 dc f3 a1 91 9e e0 63 fe 68 61 | 5c 85 24 33 93 ec 11 90 ef ac 72 f2 ac 6b bd f7 | 77 fb 9c 88 fc 0b 01 f4 91 d1 e8 52 0b 5d 99 ac | ea 94 b9 d1 99 41 5d 47 7f 3e 62 fc 1a d1 a5 ba | 9b 32 f4 21 72 6d 96 5b 32 ce 23 11 24 c3 6e eb | db b8 62 64 6c 77 33 1b | hmac PRF sha init symkey-key@0x564e2d1ca300 (size 20) | hmac: symkey-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765468 | result: clone-key@0x564e2d1ca390 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x564e2d1ca390 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x564e2d1ca390 | hmac: release clone-key@0x564e2d1ca390 | hmac PRF sha crypt-prf@0x564e2d1c19f0 | hmac PRF sha update data-bytes@0x564e2b553940 (length 176) | 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | 60 75 d1 ed 13 c9 3e b1 a8 b6 d1 69 d4 c4 83 ef | a3 cc 2d 68 3b 7c c6 fb 71 2c ad e1 36 e6 8b 0d | ea 39 82 cc d2 b3 64 a1 40 f2 4d 23 a4 10 9f 4f | 4f 74 b1 55 3b df ea 12 b9 dc b6 9f 1d 07 dc f3 | a1 91 9e e0 63 fe 68 61 5c 85 24 33 93 ec 11 90 | ef ac 72 f2 ac 6b bd f7 77 fb 9c 88 fc 0b 01 f4 | 91 d1 e8 52 0b 5d 99 ac ea 94 b9 d1 99 41 5d 47 | 7f 3e 62 fc 1a d1 a5 ba 9b 32 f4 21 72 6d 96 5b | 32 ce 23 11 24 c3 6e eb db b8 62 64 6c 77 33 1b | hmac PRF sha final-bytes@0x564e2b5539f0 (length 20) | 72 c3 f8 ca 44 e1 88 6d d0 39 2f 0d cd dd 21 1c | bb 43 f6 c0 | data being hmac: 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | data being hmac: 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | data being hmac: 60 75 d1 ed 13 c9 3e b1 a8 b6 d1 69 d4 c4 83 ef | data being hmac: a3 cc 2d 68 3b 7c c6 fb 71 2c ad e1 36 e6 8b 0d | data being hmac: ea 39 82 cc d2 b3 64 a1 40 f2 4d 23 a4 10 9f 4f | data being hmac: 4f 74 b1 55 3b df ea 12 b9 dc b6 9f 1d 07 dc f3 | data being hmac: a1 91 9e e0 63 fe 68 61 5c 85 24 33 93 ec 11 90 | data being hmac: ef ac 72 f2 ac 6b bd f7 77 fb 9c 88 fc 0b 01 f4 | data being hmac: 91 d1 e8 52 0b 5d 99 ac ea 94 b9 d1 99 41 5d 47 | data being hmac: 7f 3e 62 fc 1a d1 a5 ba 9b 32 f4 21 72 6d 96 5b | data being hmac: 32 ce 23 11 24 c3 6e eb db b8 62 64 6c 77 33 1b | out calculated auth: | 72 c3 f8 ca 44 e1 88 6d d0 39 2f 0d | ikev2_parent_inI2outR2_continue_tail returned STF_OK | #19 spent 3.69 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() | suspend processing: state #19 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #20 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #20 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R | child state #20: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) | Message ID: updating counters for #20 to 1 after switching state | Message ID: recv #19.#20 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 | Message ID: sent #19.#20 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 | pstats #20 ikev2.child established "east" #20: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0] | NAT-T: encaps is 'auto' "east" #20: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0xe5852e50 <0xf92283f4 xfrm=3DES_CBC-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 188 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #19) | 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | 60 75 d1 ed 13 c9 3e b1 a8 b6 d1 69 d4 c4 83 ef | a3 cc 2d 68 3b 7c c6 fb 71 2c ad e1 36 e6 8b 0d | ea 39 82 cc d2 b3 64 a1 40 f2 4d 23 a4 10 9f 4f | 4f 74 b1 55 3b df ea 12 b9 dc b6 9f 1d 07 dc f3 | a1 91 9e e0 63 fe 68 61 5c 85 24 33 93 ec 11 90 | ef ac 72 f2 ac 6b bd f7 77 fb 9c 88 fc 0b 01 f4 | 91 d1 e8 52 0b 5d 99 ac ea 94 b9 d1 99 41 5d 47 | 7f 3e 62 fc 1a d1 a5 ba 9b 32 f4 21 72 6d 96 5b | 32 ce 23 11 24 c3 6e eb db b8 62 64 6c 77 33 1b | 72 c3 f8 ca 44 e1 88 6d d0 39 2f 0d | releasing whack for #20 (sock=fd@-1) | releasing whack and unpending for parent #19 | unpending state #19 connection "east" | #20 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x564e2d1c33e0 | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #20 | libevent_malloc: new ptr-libevent@0x7f2a40010760 size 128 | resume sending helper answer for #19 suppresed complete_v2_state_transition() | #19 spent 4.11 milliseconds in resume sending helper answer | stop processing: state #20 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f2a4c0037a0 | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00453 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.0023 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 68 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | bb 9e 19 6b ad 07 f7 2e 73 8f 29 86 9c 6f 2e 95 | 1d ed 87 c1 6a 12 2c 0c 6e fc 92 f3 b5 7a 75 8f | ca 22 eb 66 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 77 b7 16 f5 93 c2 45 01 | responder cookie: | 4d 0c 58 38 db f7 da 56 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | length: 68 (0x44) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #19 in PARENT_R2 (find_v2_ike_sa) | start processing: state #19 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #19 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 | Message ID: #19 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SK (len=36) | Message ID: start-responder #19 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 | #19 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x7f2a58006900 (size 20) | hmac: symkey-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7660b8 | result: clone-key@0x564e2d1ca390 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x564e2d1ca390 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x564e2d1ca390 | hmac: release clone-key@0x564e2d1ca390 | hmac PRF sha crypt-prf@0x564e2d1bb660 | hmac PRF sha update data-bytes@0x564e2d1c18f0 (length 56) | 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | bb 9e 19 6b ad 07 f7 2e 73 8f 29 86 9c 6f 2e 95 | 1d ed 87 c1 6a 12 2c 0c | hmac PRF sha final-bytes@0x7fff8d766280 (length 20) | 6e fc 92 f3 b5 7a 75 8f ca 22 eb 66 00 0a a5 84 | 1a 4b af fd | data for hmac: 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | data for hmac: 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | data for hmac: bb 9e 19 6b ad 07 f7 2e 73 8f 29 86 9c 6f 2e 95 | data for hmac: 1d ed 87 c1 6a 12 2c 0c | calculated auth: 6e fc 92 f3 b5 7a 75 8f ca 22 eb 66 | provided auth: 6e fc 92 f3 b5 7a 75 8f ca 22 eb 66 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | bb 9e 19 6b ad 07 f7 2e | payload before decryption: | 73 8f 29 86 9c 6f 2e 95 1d ed 87 c1 6a 12 2c 0c | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | payload after decryption: | 00 00 00 0c 03 04 00 01 e5 85 2e 50 00 01 02 03 | stripping 4 octets as pad | #19 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 12 (0xc) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | processing payload: ISAKMP_NEXT_v2D (len=4) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | 77 b7 16 f5 93 c2 45 01 | responder cookie: | 4d 0c 58 38 db f7 da 56 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | parsing 4 raw bytes of IKEv2 Delete Payload into SPI | SPI e5 85 2e 50 | delete PROTO_v2_ESP SA(0xe5852e50) | v2 CHILD SA #20 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_R | State DB: found IKEv2 state #20 in V2_IPSEC_R (find_v2_child_sa_by_outbound_spi) | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0xe5852e50) "east" #19: received Delete SA payload: delete IPsec State #20 now | pstats #20 ikev2.child deleted completed | suspend processing: state #19 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) | start processing: state #20 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #20: deleting other state #20 (STATE_V2_IPSEC_R) aged 0.671s and NOT sending notification | child state #20: V2_IPSEC_R(established CHILD SA) => delete | get_sa_info esp.e5852e50@192.1.2.45 | get_sa_info esp.f92283f4@192.1.2.23 "east" #20: ESP traffic information: in=84B out=84B | child state #20: V2_IPSEC_R(established CHILD SA) => CHILDSA_DEL(informational) | state #20 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7f2a40010760 | free_event_entry: release EVENT_SA_REKEY-pe@0x564e2d1c33e0 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050313' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xe5852e50 | popen cmd is 1031 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east: | cmd( 160):' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='1569050313' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUN: | cmd( 640):NEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMA: | cmd( 720):NENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_: | cmd( 800):PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER: | cmd( 880):='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' : | cmd( 960):VTI_SHARED='no' SPI_IN=0xe5852e50 SPI_OUT=0xf92283f4 ipsec _updown 2>&1: | shunt_eroute() called for connection 'east' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.2.0/24:0 --0->- 192.0.1.0/24:0 | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.1.0/24:0 | priority calculation of connection "east" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.e5852e50@192.1.2.45 | netlink response for Del SA esp.e5852e50@192.1.2.45 included non-error error | priority calculation of connection "east" is 0xfe7e7 | delete inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) | raw_eroute result=success | delete esp.f92283f4@192.1.2.23 | netlink response for Del SA esp.f92283f4@192.1.2.23 included non-error error | in connection_discard for connection east | State DB: deleting IKEv2 state #20 in CHILDSA_DEL | child state #20: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #20 from 192.1.2.45:500 (in delete_state() at state.c:1143) | resume processing: state #19 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f2a4c006900 | delete_state: release st->st_skey_ai_nss-key@0x7f2a58006900 | delete_state: release st->st_skey_ar_nss-key@0x564e2d1ca300 | delete_state: release st->st_skey_ei_nss-key@0x564e2d1c3300 | delete_state: release st->st_skey_er_nss-key@0x7f2a4c005db0 | delete_state: release st->st_skey_pi_nss-key@0x7f2a4c00c3d0 | delete_state: release st->st_skey_pr_nss-key@0x7f2a4c00c5c0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload | local SPIs f9 22 83 f4 | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 40 | emitting length of ISAKMP Message: 68 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 89 79 e9 32 91 4e e9 10 | data before encryption: | 00 00 00 0c 03 04 00 01 f9 22 83 f4 00 01 02 03 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | 19 a1 f0 bf 18 23 88 b1 bd d5 48 35 ef 7a 75 08 | hmac PRF sha init symkey-key@0x564e2d1ca300 (size 20) | hmac: symkey-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765c78 | result: clone-key@0x564e2d1ca390 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x564e2d1ca390 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x564e2d1ca390 | hmac: release clone-key@0x564e2d1ca390 | hmac PRF sha crypt-prf@0x564e2d1c3390 | hmac PRF sha update data-bytes@0x564e2b553940 (length 56) | 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | 2e 20 25 20 00 00 00 02 00 00 00 44 2a 00 00 28 | 89 79 e9 32 91 4e e9 10 19 a1 f0 bf 18 23 88 b1 | bd d5 48 35 ef 7a 75 08 | hmac PRF sha final-bytes@0x564e2b553978 (length 20) | 96 c1 22 a0 c7 99 18 6f fa fb 0e 27 4a 8e 73 ed | f0 01 3c ad | data being hmac: 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | data being hmac: 2e 20 25 20 00 00 00 02 00 00 00 44 2a 00 00 28 | data being hmac: 89 79 e9 32 91 4e e9 10 19 a1 f0 bf 18 23 88 b1 | data being hmac: bd d5 48 35 ef 7a 75 08 | out calculated auth: | 96 c1 22 a0 c7 99 18 6f fa fb 0e 27 | sending 68 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #19) | 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | 2e 20 25 20 00 00 00 02 00 00 00 44 2a 00 00 28 | 89 79 e9 32 91 4e e9 10 19 a1 f0 bf 18 23 88 b1 | bd d5 48 35 ef 7a 75 08 96 c1 22 a0 c7 99 18 6f | fa fb 0e 27 | Message ID: #19 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2 | Message ID: sent #19 response 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1->2 responder.recv=1 wip.initiator=-1 wip.responder=2 | #19 spent 0.762 milliseconds in processing: R2: process INFORMATIONAL Request in ikev2_process_state_packet() | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #19 complete_v2_state_transition() PARENT_R2->PARENT_R2 with status STF_OK | Message ID: updating counters for #19 to 2 after switching state | Message ID: recv #19 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=1->2 wip.initiator=-1 wip.responder=2->-1 | Message ID: #19 skipping update_send as nothing to send; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1 "east" #19: STATE_PARENT_R2: received v2I2, PARENT SA established | stop processing: state #19 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #19 spent 1.02 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.04 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00475 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00284 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 68 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | 93 f0 74 5e 13 64 17 50 9b 7c c8 6a fc 0d cd b9 | de 22 46 9a c1 c9 66 b6 ff 81 e6 49 c7 a4 e7 cd | 42 2e a4 b3 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 77 b7 16 f5 93 c2 45 01 | responder cookie: | 4d 0c 58 38 db f7 da 56 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | length: 68 (0x44) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #19 in PARENT_R2 (find_v2_ike_sa) | start processing: state #19 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #19 st.st_msgid_lastrecv 2 md.hdr.isa_msgid 00000003 | Message ID: #19 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SK (len=36) | Message ID: start-responder #19 request 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1->3 | #19 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x7f2a58006900 (size 20) | hmac: symkey-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7660b8 | result: clone-key@0x564e2d1ca390 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x564e2d1ca390 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x564e2d1ca390 | hmac: release clone-key@0x564e2d1ca390 | hmac PRF sha crypt-prf@0x564e2d1bb660 | hmac PRF sha update data-bytes@0x564e2d1c18f0 (length 56) | 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | 93 f0 74 5e 13 64 17 50 9b 7c c8 6a fc 0d cd b9 | de 22 46 9a c1 c9 66 b6 | hmac PRF sha final-bytes@0x7fff8d766280 (length 20) | ff 81 e6 49 c7 a4 e7 cd 42 2e a4 b3 d7 b4 3d a6 | 29 7b 44 b4 | data for hmac: 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | data for hmac: 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | data for hmac: 93 f0 74 5e 13 64 17 50 9b 7c c8 6a fc 0d cd b9 | data for hmac: de 22 46 9a c1 c9 66 b6 | calculated auth: ff 81 e6 49 c7 a4 e7 cd 42 2e a4 b3 | provided auth: ff 81 e6 49 c7 a4 e7 cd 42 2e a4 b3 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 93 f0 74 5e 13 64 17 50 | payload before decryption: | 9b 7c c8 6a fc 0d cd b9 de 22 46 9a c1 c9 66 b6 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | payload after decryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | stripping 8 octets as pad | #19 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | processing payload: ISAKMP_NEXT_v2D (len=0) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | 77 b7 16 f5 93 c2 45 01 | responder cookie: | 4d 0c 58 38 db f7 da 56 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 32 | emitting length of ISAKMP Message: 60 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | e0 4a 58 68 84 78 25 ba | data before encryption: | 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | 75 e9 97 f6 10 26 17 bd | hmac PRF sha init symkey-key@0x564e2d1ca300 (size 20) | hmac: symkey-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765c78 | result: clone-key@0x564e2d1ca390 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x564e2d1ca390 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x564e2d1ca390 | hmac: release clone-key@0x564e2d1ca390 | hmac PRF sha crypt-prf@0x564e2d1bff10 | hmac PRF sha update data-bytes@0x564e2b553940 (length 48) | 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | 2e 20 25 20 00 00 00 03 00 00 00 3c 00 00 00 20 | e0 4a 58 68 84 78 25 ba 75 e9 97 f6 10 26 17 bd | hmac PRF sha final-bytes@0x564e2b553970 (length 20) | a9 19 6b e8 a3 ab 57 67 c3 3b 16 e3 41 bc 90 22 | 86 2f 34 45 | data being hmac: 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | data being hmac: 2e 20 25 20 00 00 00 03 00 00 00 3c 00 00 00 20 | data being hmac: e0 4a 58 68 84 78 25 ba 75 e9 97 f6 10 26 17 bd | out calculated auth: | a9 19 6b e8 a3 ab 57 67 c3 3b 16 e3 | sending 60 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #19) | 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | 2e 20 25 20 00 00 00 03 00 00 00 3c 00 00 00 20 | e0 4a 58 68 84 78 25 ba 75 e9 97 f6 10 26 17 bd | a9 19 6b e8 a3 ab 57 67 c3 3b 16 e3 | Message ID: #19 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=3 | Message ID: sent #19 response 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2->3 responder.recv=2 wip.initiator=-1 wip.responder=3 | State DB: IKEv2 state not found (delete_my_family) | parent state #19: PARENT_R2(established IKE SA) => IKESA_DEL(established IKE SA) | pstats #19 ikev2.ike deleted completed | #19 spent 10.9 milliseconds in total | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #19: deleting state (STATE_IKESA_DEL) aged 0.730s and NOT sending notification | parent state #19: IKESA_DEL(established IKE SA) => delete | state #19 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7f2a54008da0 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f2a4c002b20 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #19 in IKESA_DEL | parent state #19: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f2a48002010: destroyed | stop processing: state #19 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x7f2a4000bdb0 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f2a4c006900 | delete_state: release st->st_skey_ai_nss-key@0x7f2a58006900 | delete_state: release st->st_skey_ar_nss-key@0x564e2d1ca300 | delete_state: release st->st_skey_ei_nss-key@0x564e2d1c3300 | delete_state: release st->st_skey_er_nss-key@0x7f2a4c005db0 | delete_state: release st->st_skey_pi_nss-key@0x7f2a4c00c3d0 | delete_state: release st->st_skey_pr_nss-key@0x7f2a4c00c5c0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | in statetime_stop() and could not find #19 | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3376) | #0 complete_v2_state_transition() md.from_state=PARENT_R2 md.svm.state[from]=PARENT_R2 UNDEFINED->PARENT_R2 with status STF_OK | STF_OK but no state object remains | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #19 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.621 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00309 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | a5 70 a7 02 5a 87 dd 89 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 16 47 44 cb 23 ac 7c 65 06 4b 4a c9 | bd c6 bc 54 43 1e 85 ad 0f 33 4b 94 3f 1e f2 8f | 68 d6 56 5a 49 f4 3a a1 f8 74 ec 94 e4 7b a8 6c | 90 bf 70 50 1c e6 c8 4b f7 d1 96 bf c8 67 72 85 | 29 4b ce 00 50 57 9e 4e 3e bb 02 95 71 63 0f 88 | cb 85 a7 22 df 4d 00 28 a9 96 53 a1 1f 6d 75 24 | 2c 7b 50 1c 67 a6 1a 75 fe cd be 5d e0 e4 39 c5 | f8 3f a6 71 23 2b b7 b5 e1 c1 a8 40 6e b4 71 5f | 0d 01 79 32 dd ea 68 e1 9d ae df bc 15 60 33 2d | aa b7 13 84 c3 7e 03 9e 91 46 85 8d c5 e8 c8 e2 | 66 0a 97 3d 4b e4 80 77 fe 13 fc 56 07 dd f8 12 | d6 fd 3b 5f 27 ed db 2d 82 aa ef 2e 72 be d7 ae | 9f 45 a0 ae 1e 55 87 bb 90 27 84 19 36 fd 51 29 | d4 c4 74 7c f0 13 d1 b7 d2 2f 87 8c ab 3c 5f 29 | 4d cb 9b 2d ab 89 58 28 a2 ab 25 6f 2c 87 95 ed | 34 4a 51 d3 d7 6b 23 98 2d 9f e5 93 06 cc 6c 95 | 01 55 49 31 29 00 00 24 11 fb d8 80 92 48 63 a3 | 19 68 72 2b 24 e9 26 b7 50 59 d5 5d 84 72 9d 73 | fb bb 93 fc 39 17 f0 df 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 21 08 d2 37 60 ad cd 6a | 13 51 70 04 1f 54 ea c5 b8 8a bf 60 00 00 00 1c | 00 00 40 05 b3 ec 68 c9 16 91 3f b1 ae 3f 86 cd | 46 0d 2d 2e a7 74 68 b3 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | a5 70 a7 02 5a 87 dd 89 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x564e2d1ba2a0 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x564e2b547700 (length 32) | 62 69 c2 24 61 0b eb 03 31 69 8e 34 fa 62 6b 0f | 9f 9c e7 e3 dc ef ed d7 ff d6 12 6f b4 c1 0b 04 | IKE SPIr hash sha2_256 digest counter-bytes@0x564e2b5476e0 (length 4) | 0f 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff8d7668e0 (length 32) | 61 87 c1 53 46 1c 40 b4 44 71 d3 14 6a ef 21 0c | 97 73 58 e7 3b 2b 9f ef 1c d3 21 81 6e 03 d7 0f | creating state object #21 at 0x564e2d1bd370 | State DB: adding IKEv2 state #21 in UNDEFINED | pstats #21 ikev2.ike started | Message ID: init #21: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #21: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #21; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #21 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #21 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #21 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #21 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #21 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #21 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 0 (0x0) | remote proposal 1 transform 0 (ENCR=3DES) matches local proposal 2 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: PRF+INTEG+DH | remote proposal 1 does not match local proposal 1; unmatched transforms: ENCR; missing transforms: ENCR | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 2; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 2 "east" #21: proposal 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: 3DES=3, found 3DES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | DH public value received: | 16 47 44 cb 23 ac 7c 65 06 4b 4a c9 bd c6 bc 54 | 43 1e 85 ad 0f 33 4b 94 3f 1e f2 8f 68 d6 56 5a | 49 f4 3a a1 f8 74 ec 94 e4 7b a8 6c 90 bf 70 50 | 1c e6 c8 4b f7 d1 96 bf c8 67 72 85 29 4b ce 00 | 50 57 9e 4e 3e bb 02 95 71 63 0f 88 cb 85 a7 22 | df 4d 00 28 a9 96 53 a1 1f 6d 75 24 2c 7b 50 1c | 67 a6 1a 75 fe cd be 5d e0 e4 39 c5 f8 3f a6 71 | 23 2b b7 b5 e1 c1 a8 40 6e b4 71 5f 0d 01 79 32 | dd ea 68 e1 9d ae df bc 15 60 33 2d aa b7 13 84 | c3 7e 03 9e 91 46 85 8d c5 e8 c8 e2 66 0a 97 3d | 4b e4 80 77 fe 13 fc 56 07 dd f8 12 d6 fd 3b 5f | 27 ed db 2d 82 aa ef 2e 72 be d7 ae 9f 45 a0 ae | 1e 55 87 bb 90 27 84 19 36 fd 51 29 d4 c4 74 7c | f0 13 d1 b7 d2 2f 87 8c ab 3c 5f 29 4d cb 9b 2d | ab 89 58 28 a2 ab 25 6f 2c 87 95 ed 34 4a 51 d3 | d7 6b 23 98 2d 9f e5 93 06 cc 6c 95 01 55 49 31 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff8d7662e0 (length 8) | a5 70 a7 02 5a 87 dd 89 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff8d7662e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff8d766274 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff8d766266 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff8d7662f0 (length 20) | b3 ec 68 c9 16 91 3f b1 ae 3f 86 cd 46 0d 2d 2e | a7 74 68 b3 | natd_hash: hasher=0x564e2b52a7a0(20) | natd_hash: icookie= a5 70 a7 02 5a 87 dd 89 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= b3 ec 68 c9 16 91 3f b1 ae 3f 86 cd 46 0d 2d 2e | natd_hash: hash= a7 74 68 b3 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff8d7662e0 (length 8) | a5 70 a7 02 5a 87 dd 89 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff8d7662e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff8d766274 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff8d766266 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff8d766310 (length 20) | 21 08 d2 37 60 ad cd 6a 13 51 70 04 1f 54 ea c5 | b8 8a bf 60 | natd_hash: hasher=0x564e2b52a7a0(20) | natd_hash: icookie= a5 70 a7 02 5a 87 dd 89 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 21 08 d2 37 60 ad cd 6a 13 51 70 04 1f 54 ea c5 | natd_hash: hash= b8 8a bf 60 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 | adding ikev2_inI1outR1 KE work-order 13 for state #21 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564e2d1c33e0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #21 | libevent_malloc: new ptr-libevent@0x7f2a54008da0 size 128 | #21 spent 0.298 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | crypto helper 0 resuming | #21 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND | suspending state #21 and saving MD | #21 is busy; has a suspended MD | crypto helper 0 starting work-order 13 for state #21 | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266) | crypto helper 0 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 13 | "east" #21 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #21 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #21 spent 0.687 milliseconds in ikev2_process_packet() | NSS: Value of Prime: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | spent 0.706 milliseconds in comm_handle_cb() reading and processing packet | DH secret MODP2048@0x7f2a40002010: created | NSS: Local DH MODP2048 secret (pointer): 0x7f2a40002010 | NSS: Public DH wire value: | 7c 89 07 e2 3f c6 b7 6d 85 15 65 a9 b4 5a c8 b5 | 33 2f 56 da b5 44 08 02 af c2 86 cc 6a 7f 6c 7d | 22 55 be 0f a2 42 25 92 26 e7 45 60 66 c0 e9 ec | ec 61 84 76 c7 8b 35 44 86 e0 50 38 50 72 05 c8 | ea f9 cf 29 49 54 61 2f 6e 15 a4 8a db 58 16 01 | 39 fd 0a f3 59 68 a5 79 0d 5e 0e 9f f6 c0 44 46 | 0a 20 f0 2e c7 89 03 8e 22 f1 46 87 33 b6 40 f7 | 45 94 73 9c 4f 8e e1 95 cb 5a c7 1f 7a 25 06 9e | d9 a9 ae fb 71 8e 8c 0d db 00 e7 5e ce e3 5f 7a | b5 db 5a 45 ff 36 96 7b dd a1 4d 39 24 c2 3b 8d | f3 e1 cf 1c ab f1 9b 84 59 b2 41 68 3e 7c e6 81 | f4 fb f4 69 e2 c8 79 72 99 7c 18 3b b2 0e 56 44 | 9f 76 7b 31 7c d0 50 e6 33 68 68 f7 d5 ae 72 aa | f8 ac 1f 3f 3f 9a 3c ec 2b 0b 9f f7 de b1 e0 1c | 51 4b d4 5a b9 70 2d f8 d3 9d 06 db 99 a5 11 67 | 43 11 37 2c 25 23 05 19 7a 87 05 3d 7d 65 6e eb | Generated nonce: 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 7f 84 c9 ef | Generated nonce: 77 12 15 95 94 21 1e 67 2d e6 61 7b 58 a5 6f b2 | crypto helper 0 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 13 time elapsed 0.001116 seconds | (#21) spent 0.994 milliseconds in crypto helper computing work-order 13: ikev2_inI1outR1 KE (pcr) | crypto helper 0 sending results from work-order 13 for state #21 to event queue | scheduling resume sending helper answer for #21 | libevent_malloc: new ptr-libevent@0x7f2a40012d70 size 128 | crypto helper 0 waiting (nothing to do) | processing resume sending helper answer for #21 | start processing: state #21 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 13 | calling continuation function 0x564e2b454630 | ikev2_parent_inI1outR1_continue for #21: calculated ke+nonce, sending R1 | **emit ISAKMP Message: | initiator cookie: | a5 70 a7 02 5a 87 dd 89 | responder cookie: | 61 87 c1 53 46 1c 40 b4 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Emitting ikev2_proposal ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f2a40002010: transferring ownership from helper KE to state #21 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 7c 89 07 e2 3f c6 b7 6d 85 15 65 a9 b4 5a c8 b5 | ikev2 g^x 33 2f 56 da b5 44 08 02 af c2 86 cc 6a 7f 6c 7d | ikev2 g^x 22 55 be 0f a2 42 25 92 26 e7 45 60 66 c0 e9 ec | ikev2 g^x ec 61 84 76 c7 8b 35 44 86 e0 50 38 50 72 05 c8 | ikev2 g^x ea f9 cf 29 49 54 61 2f 6e 15 a4 8a db 58 16 01 | ikev2 g^x 39 fd 0a f3 59 68 a5 79 0d 5e 0e 9f f6 c0 44 46 | ikev2 g^x 0a 20 f0 2e c7 89 03 8e 22 f1 46 87 33 b6 40 f7 | ikev2 g^x 45 94 73 9c 4f 8e e1 95 cb 5a c7 1f 7a 25 06 9e | ikev2 g^x d9 a9 ae fb 71 8e 8c 0d db 00 e7 5e ce e3 5f 7a | ikev2 g^x b5 db 5a 45 ff 36 96 7b dd a1 4d 39 24 c2 3b 8d | ikev2 g^x f3 e1 cf 1c ab f1 9b 84 59 b2 41 68 3e 7c e6 81 | ikev2 g^x f4 fb f4 69 e2 c8 79 72 99 7c 18 3b b2 0e 56 44 | ikev2 g^x 9f 76 7b 31 7c d0 50 e6 33 68 68 f7 d5 ae 72 aa | ikev2 g^x f8 ac 1f 3f 3f 9a 3c ec 2b 0b 9f f7 de b1 e0 1c | ikev2 g^x 51 4b d4 5a b9 70 2d f8 d3 9d 06 db 99 a5 11 67 | ikev2 g^x 43 11 37 2c 25 23 05 19 7a 87 05 3d 7d 65 6e eb | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 7f 84 c9 ef | IKEv2 nonce 77 12 15 95 94 21 1e 67 2d e6 61 7b 58 a5 6f b2 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff8d766830 (length 8) | a5 70 a7 02 5a 87 dd 89 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff8d766838 (length 8) | 61 87 c1 53 46 1c 40 b4 | NATD hash sha digest IP addr-bytes@0x7fff8d766764 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff8d766756 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff8d7667e0 (length 20) | 16 34 12 ff be de 72 95 e6 a6 e8 e6 79 f3 76 0c | 21 d7 96 91 | natd_hash: hasher=0x564e2b52a7a0(20) | natd_hash: icookie= a5 70 a7 02 5a 87 dd 89 | natd_hash: rcookie= 61 87 c1 53 46 1c 40 b4 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 16 34 12 ff be de 72 95 e6 a6 e8 e6 79 f3 76 0c | natd_hash: hash= 21 d7 96 91 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 16 34 12 ff be de 72 95 e6 a6 e8 e6 79 f3 76 0c | Notify data 21 d7 96 91 | emitting length of IKEv2 Notify Payload: 28 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff8d766830 (length 8) | a5 70 a7 02 5a 87 dd 89 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff8d766838 (length 8) | 61 87 c1 53 46 1c 40 b4 | NATD hash sha digest IP addr-bytes@0x7fff8d766764 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff8d766756 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff8d7667e0 (length 20) | 59 1f b9 7f 5a 69 25 9a 86 19 93 92 e7 4d b5 f2 | e1 c3 80 7d | natd_hash: hasher=0x564e2b52a7a0(20) | natd_hash: icookie= a5 70 a7 02 5a 87 dd 89 | natd_hash: rcookie= 61 87 c1 53 46 1c 40 b4 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 59 1f b9 7f 5a 69 25 9a 86 19 93 92 e7 4d b5 f2 | natd_hash: hash= e1 c3 80 7d | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 59 1f b9 7f 5a 69 25 9a 86 19 93 92 e7 4d b5 f2 | Notify data e1 c3 80 7d | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 436 | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #21 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 | parent state #21: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) | Message ID: updating counters for #21 to 0 after switching state | Message ID: recv #21 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 | Message ID: sent #21 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 "east" #21: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=3DES_CBC_192 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 436 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #21) | a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | 7c 89 07 e2 3f c6 b7 6d 85 15 65 a9 b4 5a c8 b5 | 33 2f 56 da b5 44 08 02 af c2 86 cc 6a 7f 6c 7d | 22 55 be 0f a2 42 25 92 26 e7 45 60 66 c0 e9 ec | ec 61 84 76 c7 8b 35 44 86 e0 50 38 50 72 05 c8 | ea f9 cf 29 49 54 61 2f 6e 15 a4 8a db 58 16 01 | 39 fd 0a f3 59 68 a5 79 0d 5e 0e 9f f6 c0 44 46 | 0a 20 f0 2e c7 89 03 8e 22 f1 46 87 33 b6 40 f7 | 45 94 73 9c 4f 8e e1 95 cb 5a c7 1f 7a 25 06 9e | d9 a9 ae fb 71 8e 8c 0d db 00 e7 5e ce e3 5f 7a | b5 db 5a 45 ff 36 96 7b dd a1 4d 39 24 c2 3b 8d | f3 e1 cf 1c ab f1 9b 84 59 b2 41 68 3e 7c e6 81 | f4 fb f4 69 e2 c8 79 72 99 7c 18 3b b2 0e 56 44 | 9f 76 7b 31 7c d0 50 e6 33 68 68 f7 d5 ae 72 aa | f8 ac 1f 3f 3f 9a 3c ec 2b 0b 9f f7 de b1 e0 1c | 51 4b d4 5a b9 70 2d f8 d3 9d 06 db 99 a5 11 67 | 43 11 37 2c 25 23 05 19 7a 87 05 3d 7d 65 6e eb | 29 00 00 24 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 | 7f 84 c9 ef 77 12 15 95 94 21 1e 67 2d e6 61 7b | 58 a5 6f b2 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 16 34 12 ff be de 72 95 e6 a6 e8 e6 | 79 f3 76 0c 21 d7 96 91 00 00 00 1c 00 00 40 05 | 59 1f b9 7f 5a 69 25 9a 86 19 93 92 e7 4d b5 f2 | e1 c3 80 7d | state #21 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f2a54008da0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564e2d1c33e0 | event_schedule: new EVENT_SO_DISCARD-pe@0x564e2d1c33e0 | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #21 | libevent_malloc: new ptr-libevent@0x7f2a54008da0 size 128 | resume sending helper answer for #21 suppresed complete_v2_state_transition() | #21 spent 0.471 milliseconds in resume sending helper answer | stop processing: state #21 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f2a40012d70 | spent 0.00281 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 196 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | ce 67 57 a6 40 69 12 a4 0d 9b f6 75 fd d8 19 9c | af 43 7b 7c cd a3 5a b0 6f 17 22 61 32 cb ea ca | a5 b3 d3 1c 41 91 71 07 ed 44 eb 50 05 c2 41 ce | 49 96 84 01 4a c3 9e ce e4 1d ad 95 7b aa 83 61 | 2b a9 39 d0 d4 95 2d ef 77 ec 08 6f c8 3b f2 4f | 08 57 dd c5 a5 79 27 75 19 9c 78 2e bf 25 82 2c | 43 0b a2 49 df 2e 45 44 48 93 aa ae 97 92 7a 0f | 3f f9 54 18 e1 08 cf 42 a9 4d 50 72 30 86 7e b4 | 36 29 fc c8 35 3a 73 af cc f4 37 dd f3 9f 77 99 | f0 5a 33 be 82 5c 5d 96 e0 6e be 1c c7 8c 8a 9e | 21 9f 4a 70 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | a5 70 a7 02 5a 87 dd 89 | responder cookie: | 61 87 c1 53 46 1c 40 b4 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 196 (0xc4) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request | State DB: found IKEv2 state #21 in PARENT_R1 (find_v2_ike_sa) | start processing: state #21 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #21 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 | Message ID: #21 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 168 (0xa8) | processing payload: ISAKMP_NEXT_v2SK (len=164) | Message ID: start-responder #21 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 | #21 in state PARENT_R1: received v2I1, sent v2R1 | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request (no SKEYSEED) | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=3DES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f2a40002010: transferring ownership from state #21 to helper IKEv2 DH | adding ikev2_inI2outR2 KE work-order 14 for state #21 | state #21 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x7f2a54008da0 | free_event_entry: release EVENT_SO_DISCARD-pe@0x564e2d1c33e0 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564e2d1c33e0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #21 | libevent_malloc: new ptr-libevent@0x7f2a54008da0 size 128 | #21 spent 0.0351 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #21 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND | suspending state #21 and saving MD | #21 is busy; has a suspended MD | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266) | "east" #21 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #21 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #21 spent 0.176 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.19 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 6 resuming | crypto helper 6 starting work-order 14 for state #21 | crypto helper 6 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 14 | peer's g: 16 47 44 cb 23 ac 7c 65 06 4b 4a c9 bd c6 bc 54 | peer's g: 43 1e 85 ad 0f 33 4b 94 3f 1e f2 8f 68 d6 56 5a | peer's g: 49 f4 3a a1 f8 74 ec 94 e4 7b a8 6c 90 bf 70 50 | peer's g: 1c e6 c8 4b f7 d1 96 bf c8 67 72 85 29 4b ce 00 | peer's g: 50 57 9e 4e 3e bb 02 95 71 63 0f 88 cb 85 a7 22 | peer's g: df 4d 00 28 a9 96 53 a1 1f 6d 75 24 2c 7b 50 1c | peer's g: 67 a6 1a 75 fe cd be 5d e0 e4 39 c5 f8 3f a6 71 | peer's g: 23 2b b7 b5 e1 c1 a8 40 6e b4 71 5f 0d 01 79 32 | peer's g: dd ea 68 e1 9d ae df bc 15 60 33 2d aa b7 13 84 | peer's g: c3 7e 03 9e 91 46 85 8d c5 e8 c8 e2 66 0a 97 3d | peer's g: 4b e4 80 77 fe 13 fc 56 07 dd f8 12 d6 fd 3b 5f | peer's g: 27 ed db 2d 82 aa ef 2e 72 be d7 ae 9f 45 a0 ae | peer's g: 1e 55 87 bb 90 27 84 19 36 fd 51 29 d4 c4 74 7c | peer's g: f0 13 d1 b7 d2 2f 87 8c ab 3c 5f 29 4d cb 9b 2d | peer's g: ab 89 58 28 a2 ab 25 6f 2c 87 95 ed 34 4a 51 d3 | peer's g: d7 6b 23 98 2d 9f e5 93 06 cc 6c 95 01 55 49 31 | Started DH shared-secret computation in NSS: | new : g_ir-key@0x7f2a4c00c5c0 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f2a40002010: computed shared DH secret key@0x7f2a4c00c5c0 | dh-shared : g^ir-key@0x7f2a4c00c5c0 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=24 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f2a440039a0 (length 64) | 11 fb d8 80 92 48 63 a3 19 68 72 2b 24 e9 26 b7 | 50 59 d5 5d 84 72 9d 73 fb bb 93 fc 39 17 f0 df | 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 7f 84 c9 ef | 77 12 15 95 94 21 1e 67 2d e6 61 7b 58 a5 6f b2 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a5e828670 | result: Ni | Nr-key@0x7f2a4c005db0 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x7f2a4c005db0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5e828658 | result: Ni | Nr-key@0x7f2a4c00c3d0 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x7f2a4c005db0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f2a44003aa0 from Ni | Nr-key@0x7f2a4c00c3d0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f2a44003aa0 from Ni | Nr-key@0x7f2a4c00c3d0 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x7f2a4c00c3d0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f2a44000d60 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x7f2a4c00c5c0 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x7f2a4c00c5c0 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x7f2a4c00c5c0 | nss hmac digest hack: symkey-key@0x7f2a4c00c5c0 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)1585611472: 05 16 68 ffffffc1 49 ffffffb5 ffffffcf 72 03 ffffffa0 3e 2f 52 69 15 ffffffcc ffffffa3 51 52 26 ffffffa2 fffffffd 1a 7f ffffffcf 44 ffffff9b ffffff8f ffffffda ffffffcc ffffffcf 4d ffffffc4 3c 40 ffffffaf 5c ffffffa5 ffffff91 02 11 ffffffd7 ffffff8c ffffffbc fffffffa 5f ffffff98 58 ffffffa1 20 ffffff94 ffffffbb fffffff7 6e 22 35 60 ffffffd4 5b 6d fffffff6 ffffffb4 ffffffd1 ffffffc9 2c ffffffe4 ffffff9d 6a 48 04 ffffffc8 ffffff89 4f 5c 2a ffffffe0 79 4a 3e ffffffa1 fffffff6 ffffffb6 ffffffbc ffffffdc 4c ffffff99 ffffffe5 ffffff9b 33 ffffff8e ffffff84 ffffffff ffffffb8 65 ffffffa9 ffffff95 ffffffc7 12 ffffffa6 ffffffbf 60 ffffffc2 51 ffffffb2 ffffffd0 ffffffca ffffffa9 ffffffb3 ffffffb0 ffffffdb 26 08 ffffffce 03 0b ffffff87 ffffff88 11 6a 0b fffffffd ffffffd0 36 79 ffffffdb 32 fffffff4 65 ffffffda ffffffb2 ffffffbe ffffff92 5c 21 ffffff93 5c 04 ffffffc1 ffffff87 75 7e 39 44 fffffffe 29 5e ffffffde ffffffe9 ffffffaf 53 2f ffffffe7 fff | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 256 bytes at 0x7f2a440043d0 | unwrapped: dc 8a 95 4b f5 b6 13 df 30 b9 14 16 03 f6 46 f1 | unwrapped: 91 78 49 d3 da 74 70 25 00 2b 8d b7 23 a9 c1 a1 | unwrapped: 7c cc f7 a0 33 8e 4b 71 4f 77 de 7c af 60 a1 51 | unwrapped: 8a 75 dd b4 27 61 40 3f 9a 0a c9 8a 52 fd 65 e4 | unwrapped: 2c d2 bd 94 1c 40 0e 88 ba 23 45 9f 61 f0 cb 25 | unwrapped: ab cd 8d f0 e6 0c 12 27 0e 9d fb a9 50 e0 4a 60 | unwrapped: 33 3a 36 d8 37 ac 33 f1 61 e9 bd 5d 83 fe 4a aa | unwrapped: d8 33 4b 1a 6d 4e 36 aa a8 ea 9e dd 5c 3b 23 52 | unwrapped: f8 82 68 6a 1a eb d1 08 e5 54 a4 ab 19 b1 59 2d | unwrapped: 44 ad 48 64 98 30 6c b4 b6 00 71 b1 2f ae 92 9f | unwrapped: d2 7b c8 8f b1 5a 51 15 bc 71 e4 0f 02 0b 8a a9 | unwrapped: 23 ef 1a 2f b0 7b 47 c2 c4 a4 68 fa 29 6f fd 0f | unwrapped: d4 bb 6a c6 76 0b 87 e1 b5 e5 a1 dd b9 4d 26 42 | unwrapped: a8 92 ba 53 8a 98 05 0b ea e4 0a 6e 47 63 16 c6 | unwrapped: cc af 7d 51 f9 0f 00 ff aa 07 9f 5f d7 99 8c 2d | unwrapped: f9 86 ff fd b4 97 bd 55 07 42 3b d5 84 ab 27 a5 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a5e828690 | result: final-key@0x7f2a4c005db0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a4c005db0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5e828678 | result: final-key@0x7f2a4c00c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a4c005db0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x7f2a4c00c3d0 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x7f2a4c00c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a5e828600 | result: data=Ni-key@0x564e2d1c3300 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x564e2d1c3300 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5e8285e8 | result: data=Ni-key@0x7f2a4c005db0 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x564e2d1c3300 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a4c005db0 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f2a5e8285f0 | result: data+=Nr-key@0x564e2d1c3300 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f2a4c005db0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d1c3300 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f2a5e8285f0 | result: data+=SPIi-key@0x7f2a4c005db0 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564e2d1c3300 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a4c005db0 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f2a5e8285f0 | result: data+=SPIr-key@0x564e2d1c3300 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f2a4c005db0 | prf+0 PRF sha init key-key@0x7f2a4c00c3d0 (size 20) | prf+0: key-key@0x7f2a4c00c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4c00c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5e828518 | result: clone-key@0x7f2a4c005db0 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f2a44003aa0 from key-key@0x7f2a4c005db0 | prf+0 prf: begin sha with context 0x7f2a44003aa0 from key-key@0x7f2a4c005db0 | prf+0: release clone-key@0x7f2a4c005db0 | prf+0 PRF sha crypt-prf@0x7f2a440016e0 | prf+0 PRF sha update seed-key@0x564e2d1c3300 (size 80) | prf+0: seed-key@0x564e2d1c3300 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564e2d1c3300 | nss hmac digest hack: symkey-key@0x564e2d1c3300 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1585611104: 00 04 fffffffa 17 2f 10 ffffffd6 ffffffe6 41 16 ffffffbb 3f ffffffbc 47 fffffff7 07 6f ffffffc8 40 52 ffffffee ffffffe2 ffffff80 ffffffc1 65 29 6e ffffffab 44 ffffffa9 fffffff5 ffffffc4 39 ffffff85 15 ffffffed ffffffc0 ffffffcf ffffffd6 ffffffda fffffffc ffffff8f fffffff4 ffffffd9 61 2e 0a ffffffde ffffffb9 ffffff84 ffffff9b 5d ffffff99 19 18 25 ffffffb3 fffffff9 ffffff8c 23 3c ffffff8f 73 ffffffe8 3c ffffffd5 48 5d 3e fffffff4 ffffff93 30 1e 49 ffffffa7 ffffffde ffffffbb ffffffbf 1b 26 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a44001a70 | unwrapped: 11 fb d8 80 92 48 63 a3 19 68 72 2b 24 e9 26 b7 | unwrapped: 50 59 d5 5d 84 72 9d 73 fb bb 93 fc 39 17 f0 df | unwrapped: 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 7f 84 c9 ef | unwrapped: 77 12 15 95 94 21 1e 67 2d e6 61 7b 58 a5 6f b2 | unwrapped: a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a5e828520 | result: final-key@0x564e2d1ca300 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564e2d1ca300 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5e828508 | result: final-key@0x7f2a4c005db0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564e2d1ca300 | prf+0 PRF sha final-key@0x7f2a4c005db0 (size 20) | prf+0: key-key@0x7f2a4c005db0 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x7f2a4c005db0 | prf+N PRF sha init key-key@0x7f2a4c00c3d0 (size 20) | prf+N: key-key@0x7f2a4c00c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4c00c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5e828518 | result: clone-key@0x564e2d1ca300 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a44003aa0 from key-key@0x564e2d1ca300 | prf+N prf: begin sha with context 0x7f2a44003aa0 from key-key@0x564e2d1ca300 | prf+N: release clone-key@0x564e2d1ca300 | prf+N PRF sha crypt-prf@0x7f2a440010c0 | prf+N PRF sha update old_t-key@0x7f2a4c005db0 (size 20) | prf+N: old_t-key@0x7f2a4c005db0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f2a4c005db0 | nss hmac digest hack: symkey-key@0x7f2a4c005db0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1585611104: ffffff9b 27 41 23 0a 0e ffffffc3 ffffff92 1a fffffff0 ffffffd8 ffffffe5 ffffffdc 2f 5a ffffffbf 0a ffffff90 ffffffa0 6e 3d 08 ffffff88 2c fffffff3 48 ffffffb2 fffffff3 ffffffb8 53 00 63 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a44001ad0 | unwrapped: fd 2f c3 06 dd 92 cc ce c5 c3 bb 6a f0 4a c1 f0 | unwrapped: 04 3d 46 89 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564e2d1c3300 (size 80) | prf+N: seed-key@0x564e2d1c3300 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564e2d1c3300 | nss hmac digest hack: symkey-key@0x564e2d1c3300 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1585611104: 00 04 fffffffa 17 2f 10 ffffffd6 ffffffe6 41 16 ffffffbb 3f ffffffbc 47 fffffff7 07 6f ffffffc8 40 52 ffffffee ffffffe2 ffffff80 ffffffc1 65 29 6e ffffffab 44 ffffffa9 fffffff5 ffffffc4 39 ffffff85 15 ffffffed ffffffc0 ffffffcf ffffffd6 ffffffda fffffffc ffffff8f fffffff4 ffffffd9 61 2e 0a ffffffde ffffffb9 ffffff84 ffffff9b 5d ffffff99 19 18 25 ffffffb3 fffffff9 ffffff8c 23 3c ffffff8f 73 ffffffe8 3c ffffffd5 48 5d 3e fffffff4 ffffff93 30 1e 49 ffffffa7 ffffffde ffffffbb ffffffbf 1b 26 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a44004810 | unwrapped: 11 fb d8 80 92 48 63 a3 19 68 72 2b 24 e9 26 b7 | unwrapped: 50 59 d5 5d 84 72 9d 73 fb bb 93 fc 39 17 f0 df | unwrapped: 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 7f 84 c9 ef | unwrapped: 77 12 15 95 94 21 1e 67 2d e6 61 7b 58 a5 6f b2 | unwrapped: a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a5e828520 | result: final-key@0x7f2a58006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a58006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5e828508 | result: final-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a58006900 | prf+N PRF sha final-key@0x564e2d1ca300 (size 20) | prf+N: key-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a4c005db0 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a5e828598 | result: result-key@0x7f2a58006900 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a4c005db0 | prfplus: release old_t[N]-key@0x7f2a4c005db0 | prf+N PRF sha init key-key@0x7f2a4c00c3d0 (size 20) | prf+N: key-key@0x7f2a4c00c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4c00c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5e828518 | result: clone-key@0x7f2a4c005db0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a44003aa0 from key-key@0x7f2a4c005db0 | prf+N prf: begin sha with context 0x7f2a44003aa0 from key-key@0x7f2a4c005db0 | prf+N: release clone-key@0x7f2a4c005db0 | prf+N PRF sha crypt-prf@0x7f2a44002a80 | prf+N PRF sha update old_t-key@0x564e2d1ca300 (size 20) | prf+N: old_t-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564e2d1ca300 | nss hmac digest hack: symkey-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1585611104: 65 47 23 ffffffc4 ffffffe0 08 01 6e 07 ffffffe0 ffffffe3 25 ffffff80 2d ffffffda 6d 05 58 ffffffda ffffffba ffffffed 73 fffffff1 ffffffc2 69 25 ffffff9f 50 fffffff5 6d 4d 26 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a44005f40 | unwrapped: 68 d5 96 66 94 5d 0f 94 28 a9 09 41 94 0e a9 3c | unwrapped: 93 e3 62 d5 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564e2d1c3300 (size 80) | prf+N: seed-key@0x564e2d1c3300 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564e2d1c3300 | nss hmac digest hack: symkey-key@0x564e2d1c3300 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1585611104: 00 04 fffffffa 17 2f 10 ffffffd6 ffffffe6 41 16 ffffffbb 3f ffffffbc 47 fffffff7 07 6f ffffffc8 40 52 ffffffee ffffffe2 ffffff80 ffffffc1 65 29 6e ffffffab 44 ffffffa9 fffffff5 ffffffc4 39 ffffff85 15 ffffffed ffffffc0 ffffffcf ffffffd6 ffffffda fffffffc ffffff8f fffffff4 ffffffd9 61 2e 0a ffffffde ffffffb9 ffffff84 ffffff9b 5d ffffff99 19 18 25 ffffffb3 fffffff9 ffffff8c 23 3c ffffff8f 73 ffffffe8 3c ffffffd5 48 5d 3e fffffff4 ffffff93 30 1e 49 ffffffa7 ffffffde ffffffbb ffffffbf 1b 26 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a440047b0 | unwrapped: 11 fb d8 80 92 48 63 a3 19 68 72 2b 24 e9 26 b7 | unwrapped: 50 59 d5 5d 84 72 9d 73 fb bb 93 fc 39 17 f0 df | unwrapped: 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 7f 84 c9 ef | unwrapped: 77 12 15 95 94 21 1e 67 2d e6 61 7b 58 a5 6f b2 | unwrapped: a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a5e828520 | result: final-key@0x7f2a4c006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a4c006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5e828508 | result: final-key@0x7f2a4c005db0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a4c006900 | prf+N PRF sha final-key@0x7f2a4c005db0 (size 20) | prf+N: key-key@0x7f2a4c005db0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a58006900 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a5e828598 | result: result-key@0x7f2a4c006900 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a58006900 | prfplus: release old_t[N]-key@0x564e2d1ca300 | prf+N PRF sha init key-key@0x7f2a4c00c3d0 (size 20) | prf+N: key-key@0x7f2a4c00c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4c00c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5e828518 | result: clone-key@0x564e2d1ca300 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a44003aa0 from key-key@0x564e2d1ca300 | prf+N prf: begin sha with context 0x7f2a44003aa0 from key-key@0x564e2d1ca300 | prf+N: release clone-key@0x564e2d1ca300 | prf+N PRF sha crypt-prf@0x7f2a440010c0 | prf+N PRF sha update old_t-key@0x7f2a4c005db0 (size 20) | prf+N: old_t-key@0x7f2a4c005db0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f2a4c005db0 | nss hmac digest hack: symkey-key@0x7f2a4c005db0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1585611104: ffffff85 2f ffffffbc 76 3d ffffffce ffffffe6 11 ffffffa5 ffffff95 ffffffec ffffffd2 ffffffb6 ffffff8a fffffffc 57 ffffff99 ffffff86 ffffffe4 54 64 ffffff83 25 ffffffad ffffffba ffffffa0 4f 4a 3e fffffff2 68 ffffff98 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a44005f10 | unwrapped: e7 87 c7 bb af 44 9f 42 fb 30 b8 56 66 bb 77 f7 | unwrapped: 86 87 92 36 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564e2d1c3300 (size 80) | prf+N: seed-key@0x564e2d1c3300 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564e2d1c3300 | nss hmac digest hack: symkey-key@0x564e2d1c3300 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1585611104: 00 04 fffffffa 17 2f 10 ffffffd6 ffffffe6 41 16 ffffffbb 3f ffffffbc 47 fffffff7 07 6f ffffffc8 40 52 ffffffee ffffffe2 ffffff80 ffffffc1 65 29 6e ffffffab 44 ffffffa9 fffffff5 ffffffc4 39 ffffff85 15 ffffffed ffffffc0 ffffffcf ffffffd6 ffffffda fffffffc ffffff8f fffffff4 ffffffd9 61 2e 0a ffffffde ffffffb9 ffffff84 ffffff9b 5d ffffff99 19 18 25 ffffffb3 fffffff9 ffffff8c 23 3c ffffff8f 73 ffffffe8 3c ffffffd5 48 5d 3e fffffff4 ffffff93 30 1e 49 ffffffa7 ffffffde ffffffbb ffffffbf 1b 26 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a44004750 | unwrapped: 11 fb d8 80 92 48 63 a3 19 68 72 2b 24 e9 26 b7 | unwrapped: 50 59 d5 5d 84 72 9d 73 fb bb 93 fc 39 17 f0 df | unwrapped: 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 7f 84 c9 ef | unwrapped: 77 12 15 95 94 21 1e 67 2d e6 61 7b 58 a5 6f b2 | unwrapped: a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a5e828520 | result: final-key@0x7f2a58006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a58006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5e828508 | result: final-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a58006900 | prf+N PRF sha final-key@0x564e2d1ca300 (size 20) | prf+N: key-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a4c006900 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a5e828598 | result: result-key@0x7f2a58006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a4c006900 | prfplus: release old_t[N]-key@0x7f2a4c005db0 | prf+N PRF sha init key-key@0x7f2a4c00c3d0 (size 20) | prf+N: key-key@0x7f2a4c00c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4c00c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5e828518 | result: clone-key@0x7f2a4c005db0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a44003aa0 from key-key@0x7f2a4c005db0 | prf+N prf: begin sha with context 0x7f2a44003aa0 from key-key@0x7f2a4c005db0 | prf+N: release clone-key@0x7f2a4c005db0 | prf+N PRF sha crypt-prf@0x7f2a44002a80 | prf+N PRF sha update old_t-key@0x564e2d1ca300 (size 20) | prf+N: old_t-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564e2d1ca300 | nss hmac digest hack: symkey-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1585611104: fffffff7 6c ffffff94 ffffffc7 ffffffa7 ffffff9a 7b 4a 08 ffffffeb ffffffee 6e 5f ffffffc0 ffffffd6 fffffff9 ffffffd5 72 54 ffffffce 3a ffffffb7 11 ffffffa7 ffffffab ffffffae 49 ffffffd7 6b 7b 05 ffffff8e | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a440061e0 | unwrapped: 26 f9 e9 ad 30 e9 26 8d 61 75 15 ae 37 9c 26 bc | unwrapped: 41 61 36 57 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564e2d1c3300 (size 80) | prf+N: seed-key@0x564e2d1c3300 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564e2d1c3300 | nss hmac digest hack: symkey-key@0x564e2d1c3300 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1585611104: 00 04 fffffffa 17 2f 10 ffffffd6 ffffffe6 41 16 ffffffbb 3f ffffffbc 47 fffffff7 07 6f ffffffc8 40 52 ffffffee ffffffe2 ffffff80 ffffffc1 65 29 6e ffffffab 44 ffffffa9 fffffff5 ffffffc4 39 ffffff85 15 ffffffed ffffffc0 ffffffcf ffffffd6 ffffffda fffffffc ffffff8f fffffff4 ffffffd9 61 2e 0a ffffffde ffffffb9 ffffff84 ffffff9b 5d ffffff99 19 18 25 ffffffb3 fffffff9 ffffff8c 23 3c ffffff8f 73 ffffffe8 3c ffffffd5 48 5d 3e fffffff4 ffffff93 30 1e 49 ffffffa7 ffffffde ffffffbb ffffffbf 1b 26 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a44006090 | unwrapped: 11 fb d8 80 92 48 63 a3 19 68 72 2b 24 e9 26 b7 | unwrapped: 50 59 d5 5d 84 72 9d 73 fb bb 93 fc 39 17 f0 df | unwrapped: 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 7f 84 c9 ef | unwrapped: 77 12 15 95 94 21 1e 67 2d e6 61 7b 58 a5 6f b2 | unwrapped: a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a5e828520 | result: final-key@0x7f2a4c006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a4c006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5e828508 | result: final-key@0x7f2a4c005db0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a4c006900 | prf+N PRF sha final-key@0x7f2a4c005db0 (size 20) | prf+N: key-key@0x7f2a4c005db0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a58006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a5e828598 | result: result-key@0x7f2a4c006900 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a58006900 | prfplus: release old_t[N]-key@0x564e2d1ca300 | prf+N PRF sha init key-key@0x7f2a4c00c3d0 (size 20) | prf+N: key-key@0x7f2a4c00c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4c00c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5e828518 | result: clone-key@0x564e2d1ca300 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a44004b10 from key-key@0x564e2d1ca300 | prf+N prf: begin sha with context 0x7f2a44004b10 from key-key@0x564e2d1ca300 | prf+N: release clone-key@0x564e2d1ca300 | prf+N PRF sha crypt-prf@0x7f2a440010c0 | prf+N PRF sha update old_t-key@0x7f2a4c005db0 (size 20) | prf+N: old_t-key@0x7f2a4c005db0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f2a4c005db0 | nss hmac digest hack: symkey-key@0x7f2a4c005db0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1585611104: 31 ffffffd6 ffffffa4 ffffff85 ffffff81 ffffffb6 ffffffca ffffff87 ffffffaa 0f ffffffbc ffffff88 ffffffb7 43 17 69 ffffffd5 1f ffffffdc 4e ffffffa8 45 2a ffffff8a 6b 63 32 39 3c 41 4c 74 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a440065e0 | unwrapped: 23 af 36 0f 89 e0 17 8e d4 0c b9 30 4d 6e e1 74 | unwrapped: bd 76 90 4f 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564e2d1c3300 (size 80) | prf+N: seed-key@0x564e2d1c3300 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564e2d1c3300 | nss hmac digest hack: symkey-key@0x564e2d1c3300 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1585611104: 00 04 fffffffa 17 2f 10 ffffffd6 ffffffe6 41 16 ffffffbb 3f ffffffbc 47 fffffff7 07 6f ffffffc8 40 52 ffffffee ffffffe2 ffffff80 ffffffc1 65 29 6e ffffffab 44 ffffffa9 fffffff5 ffffffc4 39 ffffff85 15 ffffffed ffffffc0 ffffffcf ffffffd6 ffffffda fffffffc ffffff8f fffffff4 ffffffd9 61 2e 0a ffffffde ffffffb9 ffffff84 ffffff9b 5d ffffff99 19 18 25 ffffffb3 fffffff9 ffffff8c 23 3c ffffff8f 73 ffffffe8 3c ffffffd5 48 5d 3e fffffff4 ffffff93 30 1e 49 ffffffa7 ffffffde ffffffbb ffffffbf 1b 26 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a44004810 | unwrapped: 11 fb d8 80 92 48 63 a3 19 68 72 2b 24 e9 26 b7 | unwrapped: 50 59 d5 5d 84 72 9d 73 fb bb 93 fc 39 17 f0 df | unwrapped: 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 7f 84 c9 ef | unwrapped: 77 12 15 95 94 21 1e 67 2d e6 61 7b 58 a5 6f b2 | unwrapped: a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a5e828520 | result: final-key@0x7f2a58006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a58006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5e828508 | result: final-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a58006900 | prf+N PRF sha final-key@0x564e2d1ca300 (size 20) | prf+N: key-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a4c006900 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a5e828598 | result: result-key@0x7f2a58006900 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a4c006900 | prfplus: release old_t[N]-key@0x7f2a4c005db0 | prf+N PRF sha init key-key@0x7f2a4c00c3d0 (size 20) | prf+N: key-key@0x7f2a4c00c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4c00c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5e828518 | result: clone-key@0x7f2a4c005db0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a44003aa0 from key-key@0x7f2a4c005db0 | prf+N prf: begin sha with context 0x7f2a44003aa0 from key-key@0x7f2a4c005db0 | prf+N: release clone-key@0x7f2a4c005db0 | prf+N PRF sha crypt-prf@0x7f2a44002a80 | prf+N PRF sha update old_t-key@0x564e2d1ca300 (size 20) | prf+N: old_t-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564e2d1ca300 | nss hmac digest hack: symkey-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1585611104: 17 ffffffa2 10 75 ffffffff 4d 03 ffffff97 ffffffa3 44 ffffff9f ffffffcc ffffff9e 04 50 7c 57 62 05 00 ffffffc2 ffffffed ffffffaa 6b fffffffa 14 ffffff85 fffffff8 ffffffc1 ffffff97 ffffff99 ffffffb4 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a44006290 | unwrapped: e2 40 fd d1 c9 e1 ca 07 5a e6 61 67 61 76 db 09 | unwrapped: fd 83 b4 50 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564e2d1c3300 (size 80) | prf+N: seed-key@0x564e2d1c3300 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564e2d1c3300 | nss hmac digest hack: symkey-key@0x564e2d1c3300 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1585611104: 00 04 fffffffa 17 2f 10 ffffffd6 ffffffe6 41 16 ffffffbb 3f ffffffbc 47 fffffff7 07 6f ffffffc8 40 52 ffffffee ffffffe2 ffffff80 ffffffc1 65 29 6e ffffffab 44 ffffffa9 fffffff5 ffffffc4 39 ffffff85 15 ffffffed ffffffc0 ffffffcf ffffffd6 ffffffda fffffffc ffffff8f fffffff4 ffffffd9 61 2e 0a ffffffde ffffffb9 ffffff84 ffffff9b 5d ffffff99 19 18 25 ffffffb3 fffffff9 ffffff8c 23 3c ffffff8f 73 ffffffe8 3c ffffffd5 48 5d 3e fffffff4 ffffff93 30 1e 49 ffffffa7 ffffffde ffffffbb ffffffbf 1b 26 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a44006090 | unwrapped: 11 fb d8 80 92 48 63 a3 19 68 72 2b 24 e9 26 b7 | unwrapped: 50 59 d5 5d 84 72 9d 73 fb bb 93 fc 39 17 f0 df | unwrapped: 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 7f 84 c9 ef | unwrapped: 77 12 15 95 94 21 1e 67 2d e6 61 7b 58 a5 6f b2 | unwrapped: a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a5e828520 | result: final-key@0x7f2a4c006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a4c006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5e828508 | result: final-key@0x7f2a4c005db0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a4c006900 | prf+N PRF sha final-key@0x7f2a4c005db0 (size 20) | prf+N: key-key@0x7f2a4c005db0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a58006900 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a5e828598 | result: result-key@0x7f2a4c006900 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a58006900 | prfplus: release old_t[N]-key@0x564e2d1ca300 | prf+N PRF sha init key-key@0x7f2a4c00c3d0 (size 20) | prf+N: key-key@0x7f2a4c00c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4c00c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5e828518 | result: clone-key@0x564e2d1ca300 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f2a44003aa0 from key-key@0x564e2d1ca300 | prf+N prf: begin sha with context 0x7f2a44003aa0 from key-key@0x564e2d1ca300 | prf+N: release clone-key@0x564e2d1ca300 | prf+N PRF sha crypt-prf@0x7f2a440010c0 | prf+N PRF sha update old_t-key@0x7f2a4c005db0 (size 20) | prf+N: old_t-key@0x7f2a4c005db0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f2a4c005db0 | nss hmac digest hack: symkey-key@0x7f2a4c005db0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1585611104: ffffffa6 ffffff9b ffffffab ffffff9c ffffffc0 5c ffffffe5 ffffffba ffffffd6 57 ffffff87 ffffffd5 2c 5c ffffff88 7e fffffffd ffffffd5 ffffff84 fffffff0 42 08 75 6b 55 ffffffb7 fffffffe 23 07 14 3f fffffff6 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x7f2a44006290 | unwrapped: 0c af 06 84 74 92 95 6e e6 cf 0b 47 97 ec 09 69 | unwrapped: e2 83 3d ed 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564e2d1c3300 (size 80) | prf+N: seed-key@0x564e2d1c3300 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564e2d1c3300 | nss hmac digest hack: symkey-key@0x564e2d1c3300 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1585611104: 00 04 fffffffa 17 2f 10 ffffffd6 ffffffe6 41 16 ffffffbb 3f ffffffbc 47 fffffff7 07 6f ffffffc8 40 52 ffffffee ffffffe2 ffffff80 ffffffc1 65 29 6e ffffffab 44 ffffffa9 fffffff5 ffffffc4 39 ffffff85 15 ffffffed ffffffc0 ffffffcf ffffffd6 ffffffda fffffffc ffffff8f fffffff4 ffffffd9 61 2e 0a ffffffde ffffffb9 ffffff84 ffffff9b 5d ffffff99 19 18 25 ffffffb3 fffffff9 ffffff8c 23 3c ffffff8f 73 ffffffe8 3c ffffffd5 48 5d 3e fffffff4 ffffff93 30 1e 49 ffffffa7 ffffffde ffffffbb ffffffbf 1b 26 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 80 bytes at 0x7f2a440047b0 | unwrapped: 11 fb d8 80 92 48 63 a3 19 68 72 2b 24 e9 26 b7 | unwrapped: 50 59 d5 5d 84 72 9d 73 fb bb 93 fc 39 17 f0 df | unwrapped: 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 7f 84 c9 ef | unwrapped: 77 12 15 95 94 21 1e 67 2d e6 61 7b 58 a5 6f b2 | unwrapped: a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | prf+N PRF sha update N++-byte@0x8 (8) | 08 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f2a5e828520 | result: final-key@0x7f2a58006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a58006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5e828508 | result: final-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a58006900 | prf+N PRF sha final-key@0x564e2d1ca300 (size 20) | prf+N: key-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a4c006900 (140-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f2a5e828598 | result: result-key@0x7f2a58006900 (160-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a4c006900 | prfplus: release old_t[N]-key@0x7f2a4c005db0 | prfplus: release old_t[final]-key@0x564e2d1ca300 | ike_sa_keymat: release data-key@0x564e2d1c3300 | calc_skeyseed_v2: release skeyseed_k-key@0x7f2a4c00c3d0 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a58006900 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5e828738 | result: result-key@0x7f2a4c00c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a58006900 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5e828738 | result: result-key@0x564e2d1c3300 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a58006900 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5e828738 | result: result-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: DES3_CBC | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x7f2a58006900 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5e828748 | result: SK_ei_k-key@0x7f2a4c005db0 (24-bytes, DES3_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 84, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: DES3_CBC | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x7f2a58006900 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5e828748 | result: SK_er_k-key@0x7f2a4c006900 (24-bytes, DES3_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 108, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a58006900 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5e828748 | result: result-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x7f2a4000bdb0 | chunk_SK_pi: symkey-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1717986918: 6f ffffff9b 48 79 0e ffffffc3 ffffff8d ffffffbb ffffffa4 ffffffc2 5a 10 ffffff98 3e 66 65 0e fffffff5 67 30 08 4f ffffffdc ffffffc8 61 ffffffb7 4e ffffffa5 4a fffffff8 07 46 | chunk_SK_pi: release slot-key-key@0x564e2d1a1c00 | chunk_SK_pi extracted len 32 bytes at 0x7f2a44006290 | unwrapped: 5a e6 61 67 61 76 db 09 fd 83 b4 50 0c af 06 84 | unwrapped: 74 92 95 6e 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 128, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a58006900 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f2a5e828748 | result: result-key@0x564e2d1ca390 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x564e2d1ca390 | chunk_SK_pr: symkey-key@0x564e2d1ca390 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1717986918: 2b ffffff8f 59 ffffffcc 53 ffffff82 ffffff8a 51 ffffff81 ffffff88 ffffff8c 43 3b 24 2b ffffffcd ffffffcd ffffff84 19 ffffffe5 ffffffa4 ffffffea fffffffc ffffffaf 16 23 ffffffd4 67 ffffff8b 51 ffffffa3 04 | chunk_SK_pr: release slot-key-key@0x564e2d1a1c00 | chunk_SK_pr extracted len 32 bytes at 0x7f2a440061e0 | unwrapped: e6 cf 0b 47 97 ec 09 69 e2 83 3d ed cf 1d 5b a7 | unwrapped: db d1 b1 c2 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x7f2a58006900 | calc_skeyseed_v2 pointers: shared-key@0x7f2a4c00c5c0, SK_d-key@0x7f2a4c00c3d0, SK_ai-key@0x564e2d1c3300, SK_ar-key@0x564e2d1ca300, SK_ei-key@0x7f2a4c005db0, SK_er-key@0x7f2a4c006900, SK_pi-key@0x7f2a4000bdb0, SK_pr-key@0x564e2d1ca390 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | 5a e6 61 67 61 76 db 09 fd 83 b4 50 0c af 06 84 | 74 92 95 6e | calc_skeyseed_v2 SK_pr | e6 cf 0b 47 97 ec 09 69 e2 83 3d ed cf 1d 5b a7 | db d1 b1 c2 | crypto helper 6 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 14 time elapsed 0.003287 seconds | (#21) spent 3.28 milliseconds in crypto helper computing work-order 14: ikev2_inI2outR2 KE (pcr) | crypto helper 6 sending results from work-order 14 for state #21 to event queue | scheduling resume sending helper answer for #21 | libevent_malloc: new ptr-libevent@0x7f2a440037a0 size 128 | crypto helper 6 waiting (nothing to do) | processing resume sending helper answer for #21 | start processing: state #21 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 6 replies to request ID 14 | calling continuation function 0x564e2b454630 | ikev2_parent_inI2outR2_continue for #21: calculating g^{xy}, sending R2 | DH secret MODP2048@0x7f2a40002010: transferring ownership from helper IKEv2 DH to state #21 | finish_dh_v2: release st_shared_nss-key@NULL | #21 in state PARENT_R1: received v2I1, sent v2R1 | hmac PRF sha init symkey-key@0x564e2d1c3300 (size 20) | hmac: symkey-key@0x564e2d1c3300 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1c3300 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d766178 | result: clone-key@0x7f2a58006900 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x7f2a58006900 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x7f2a58006900 | hmac: release clone-key@0x7f2a58006900 | hmac PRF sha crypt-prf@0x564e2d1c19f0 | hmac PRF sha update data-bytes@0x564e2d1395e0 (length 184) | a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | ce 67 57 a6 40 69 12 a4 0d 9b f6 75 fd d8 19 9c | af 43 7b 7c cd a3 5a b0 6f 17 22 61 32 cb ea ca | a5 b3 d3 1c 41 91 71 07 ed 44 eb 50 05 c2 41 ce | 49 96 84 01 4a c3 9e ce e4 1d ad 95 7b aa 83 61 | 2b a9 39 d0 d4 95 2d ef 77 ec 08 6f c8 3b f2 4f | 08 57 dd c5 a5 79 27 75 19 9c 78 2e bf 25 82 2c | 43 0b a2 49 df 2e 45 44 48 93 aa ae 97 92 7a 0f | 3f f9 54 18 e1 08 cf 42 a9 4d 50 72 30 86 7e b4 | 36 29 fc c8 35 3a 73 af cc f4 37 dd f3 9f 77 99 | f0 5a 33 be 82 5c 5d 96 | hmac PRF sha final-bytes@0x7fff8d766340 (length 20) | e0 6e be 1c c7 8c 8a 9e 21 9f 4a 70 a5 3f 36 13 | 12 bf f0 e2 | data for hmac: a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | data for hmac: 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | data for hmac: ce 67 57 a6 40 69 12 a4 0d 9b f6 75 fd d8 19 9c | data for hmac: af 43 7b 7c cd a3 5a b0 6f 17 22 61 32 cb ea ca | data for hmac: a5 b3 d3 1c 41 91 71 07 ed 44 eb 50 05 c2 41 ce | data for hmac: 49 96 84 01 4a c3 9e ce e4 1d ad 95 7b aa 83 61 | data for hmac: 2b a9 39 d0 d4 95 2d ef 77 ec 08 6f c8 3b f2 4f | data for hmac: 08 57 dd c5 a5 79 27 75 19 9c 78 2e bf 25 82 2c | data for hmac: 43 0b a2 49 df 2e 45 44 48 93 aa ae 97 92 7a 0f | data for hmac: 3f f9 54 18 e1 08 cf 42 a9 4d 50 72 30 86 7e b4 | data for hmac: 36 29 fc c8 35 3a 73 af cc f4 37 dd f3 9f 77 99 | data for hmac: f0 5a 33 be 82 5c 5d 96 | calculated auth: e0 6e be 1c c7 8c 8a 9e 21 9f 4a 70 | provided auth: e0 6e be 1c c7 8c 8a 9e 21 9f 4a 70 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | ce 67 57 a6 40 69 12 a4 | payload before decryption: | 0d 9b f6 75 fd d8 19 9c af 43 7b 7c cd a3 5a b0 | 6f 17 22 61 32 cb ea ca a5 b3 d3 1c 41 91 71 07 | ed 44 eb 50 05 c2 41 ce 49 96 84 01 4a c3 9e ce | e4 1d ad 95 7b aa 83 61 2b a9 39 d0 d4 95 2d ef | 77 ec 08 6f c8 3b f2 4f 08 57 dd c5 a5 79 27 75 | 19 9c 78 2e bf 25 82 2c 43 0b a2 49 df 2e 45 44 | 48 93 aa ae 97 92 7a 0f 3f f9 54 18 e1 08 cf 42 | a9 4d 50 72 30 86 7e b4 36 29 fc c8 35 3a 73 af | cc f4 37 dd f3 9f 77 99 f0 5a 33 be 82 5c 5d 96 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | payload after decryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | 99 bd 0a 89 01 4d 2d 64 4e 14 9b b4 f5 4d 32 95 | 7e da b9 2d 2c 00 00 28 00 00 00 24 01 03 04 03 | 7b 0b 5d cb 03 00 00 08 01 00 00 03 03 00 00 08 | 03 00 00 02 00 00 00 08 05 00 00 00 2d 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 01 00 | c0 00 01 ff 00 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 02 00 c0 00 02 ff 00 01 02 03 | stripping 4 octets as pad | #21 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) | **parse IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDi (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SA (len=36) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Responder: process IKE_AUTH request | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request "east" #21: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} | #21 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | received IDr payload - extracting our alleged ID | refine_host_connection for IKEv2: starting with "east" | match_id a=@west | b=@west | results matched | refine_host_connection: checking "east" against "east", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) | Warning: not switching back to template of current instance | Peer expects us to be @east (ID_FQDN) according to its IDr payload | This connection's local id is @east (ID_FQDN) | refine_host_connection: checked east against east, now for see if best | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x564e2d1ae180 (line=1) | concluding with best_match=014 best=0x564e2d1ae180 (lineno=1) | returning because exact peer id match | offered CA: '%none' "east" #21: IKEv2 mode peer ID is ID_FQDN: '@west' | hmac PRF sha init symkey-key@0x7f2a4000bdb0 (size 20) | hmac: symkey-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4000bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765be8 | result: clone-key@0x7f2a58006900 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x7f2a58006900 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x7f2a58006900 | hmac: release clone-key@0x7f2a58006900 | hmac PRF sha crypt-prf@0x564e2d1bff10 | idhash verify I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x564e2d13960c (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7fff8d765da0 (length 20) | 54 8d 07 01 31 fc e8 10 24 18 9e 5c 29 0a 67 b0 | 0f d6 83 24 | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x564e2d1ae180 (line=1) | concluding with best_match=014 best=0x564e2d1ae180 (lineno=1) | inputs to hash1 (first packet) | a5 70 a7 02 5a 87 dd 89 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 16 47 44 cb 23 ac 7c 65 06 4b 4a c9 | bd c6 bc 54 43 1e 85 ad 0f 33 4b 94 3f 1e f2 8f | 68 d6 56 5a 49 f4 3a a1 f8 74 ec 94 e4 7b a8 6c | 90 bf 70 50 1c e6 c8 4b f7 d1 96 bf c8 67 72 85 | 29 4b ce 00 50 57 9e 4e 3e bb 02 95 71 63 0f 88 | cb 85 a7 22 df 4d 00 28 a9 96 53 a1 1f 6d 75 24 | 2c 7b 50 1c 67 a6 1a 75 fe cd be 5d e0 e4 39 c5 | f8 3f a6 71 23 2b b7 b5 e1 c1 a8 40 6e b4 71 5f | 0d 01 79 32 dd ea 68 e1 9d ae df bc 15 60 33 2d | aa b7 13 84 c3 7e 03 9e 91 46 85 8d c5 e8 c8 e2 | 66 0a 97 3d 4b e4 80 77 fe 13 fc 56 07 dd f8 12 | d6 fd 3b 5f 27 ed db 2d 82 aa ef 2e 72 be d7 ae | 9f 45 a0 ae 1e 55 87 bb 90 27 84 19 36 fd 51 29 | d4 c4 74 7c f0 13 d1 b7 d2 2f 87 8c ab 3c 5f 29 | 4d cb 9b 2d ab 89 58 28 a2 ab 25 6f 2c 87 95 ed | 34 4a 51 d3 d7 6b 23 98 2d 9f e5 93 06 cc 6c 95 | 01 55 49 31 29 00 00 24 11 fb d8 80 92 48 63 a3 | 19 68 72 2b 24 e9 26 b7 50 59 d5 5d 84 72 9d 73 | fb bb 93 fc 39 17 f0 df 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 21 08 d2 37 60 ad cd 6a | 13 51 70 04 1f 54 ea c5 b8 8a bf 60 00 00 00 1c | 00 00 40 05 b3 ec 68 c9 16 91 3f b1 ae 3f 86 cd | 46 0d 2d 2e a7 74 68 b3 | verify: initiator inputs to hash2 (responder nonce) | 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 7f 84 c9 ef | 77 12 15 95 94 21 1e 67 2d e6 61 7b 58 a5 6f b2 | idhash 54 8d 07 01 31 fc e8 10 24 18 9e 5c 29 0a 67 b0 | idhash 0f d6 83 24 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x564e2d1b8960 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d7659f0 | result: shared secret-key@0x7f2a480067f0 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7f2a480067f0 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7659d8 | result: shared secret-key@0x7f2a58006900 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7f2a480067f0 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x564e2d1a1160 from shared secret-key@0x7f2a58006900 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x564e2d1a1160 from shared secret-key@0x7f2a58006900 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f2a58006900 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x564e2d1c19f0 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x564e2b4e7bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765a10 | result: final-key@0x7f2a480067f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a480067f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7659f8 | result: final-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a480067f0 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f2a58006900 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f2a58006900 (size 20) | = prf(, ): -key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765a08 | result: clone-key@0x7f2a480067f0 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x564e2d1a1160 from -key@0x7f2a480067f0 | = prf(, ) prf: begin sha with context 0x564e2d1a1160 from -key@0x7f2a480067f0 | = prf(, ): release clone-key@0x7f2a480067f0 | = prf(, ) PRF sha crypt-prf@0x564e2d1c3390 | = prf(, ) PRF sha update first-packet-bytes@0x564e2d1c6e50 (length 440) | a5 70 a7 02 5a 87 dd 89 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 16 47 44 cb 23 ac 7c 65 06 4b 4a c9 | bd c6 bc 54 43 1e 85 ad 0f 33 4b 94 3f 1e f2 8f | 68 d6 56 5a 49 f4 3a a1 f8 74 ec 94 e4 7b a8 6c | 90 bf 70 50 1c e6 c8 4b f7 d1 96 bf c8 67 72 85 | 29 4b ce 00 50 57 9e 4e 3e bb 02 95 71 63 0f 88 | cb 85 a7 22 df 4d 00 28 a9 96 53 a1 1f 6d 75 24 | 2c 7b 50 1c 67 a6 1a 75 fe cd be 5d e0 e4 39 c5 | f8 3f a6 71 23 2b b7 b5 e1 c1 a8 40 6e b4 71 5f | 0d 01 79 32 dd ea 68 e1 9d ae df bc 15 60 33 2d | aa b7 13 84 c3 7e 03 9e 91 46 85 8d c5 e8 c8 e2 | 66 0a 97 3d 4b e4 80 77 fe 13 fc 56 07 dd f8 12 | d6 fd 3b 5f 27 ed db 2d 82 aa ef 2e 72 be d7 ae | 9f 45 a0 ae 1e 55 87 bb 90 27 84 19 36 fd 51 29 | d4 c4 74 7c f0 13 d1 b7 d2 2f 87 8c ab 3c 5f 29 | 4d cb 9b 2d ab 89 58 28 a2 ab 25 6f 2c 87 95 ed | 34 4a 51 d3 d7 6b 23 98 2d 9f e5 93 06 cc 6c 95 | 01 55 49 31 29 00 00 24 11 fb d8 80 92 48 63 a3 | 19 68 72 2b 24 e9 26 b7 50 59 d5 5d 84 72 9d 73 | fb bb 93 fc 39 17 f0 df 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 21 08 d2 37 60 ad cd 6a | 13 51 70 04 1f 54 ea c5 b8 8a bf 60 00 00 00 1c | 00 00 40 05 b3 ec 68 c9 16 91 3f b1 ae 3f 86 cd | 46 0d 2d 2e a7 74 68 b3 | = prf(, ) PRF sha update nonce-bytes@0x7f2a4000bc20 (length 32) | 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 7f 84 c9 ef | 77 12 15 95 94 21 1e 67 2d e6 61 7b 58 a5 6f b2 | = prf(, ) PRF sha update hash-bytes@0x7fff8d765da0 (length 20) | 54 8d 07 01 31 fc e8 10 24 18 9e 5c 29 0a 67 b0 | 0f d6 83 24 | = prf(, ) PRF sha final-chunk@0x564e2d1bff10 (length 20) | 99 bd 0a 89 01 4d 2d 64 4e 14 9b b4 f5 4d 32 95 | 7e da b9 2d | psk_auth: release prf-psk-key@0x7f2a58006900 | Received PSK auth octets | 99 bd 0a 89 01 4d 2d 64 4e 14 9b b4 f5 4d 32 95 | 7e da b9 2d | Calculated PSK auth octets | 99 bd 0a 89 01 4d 2d 64 4e 14 9b b4 f5 4d 32 95 | 7e da b9 2d "east" #21: Authenticated using authby=secret | parent state #21: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) | #21 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) | state #21 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f2a54008da0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564e2d1c33e0 | event_schedule: new EVENT_SA_REKEY-pe@0x564e2d1c33e0 | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #21 | libevent_malloc: new ptr-libevent@0x7f2a54008da0 size 128 | pstats #21 ikev2.ike established | **emit ISAKMP Message: | initiator cookie: | a5 70 a7 02 5a 87 dd 89 | responder cookie: | 61 87 c1 53 46 1c 40 b4 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | hmac PRF sha init symkey-key@0x564e2d1ca390 (size 20) | hmac: symkey-key@0x564e2d1ca390 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1ca390 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765558 | result: clone-key@0x7f2a58006900 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x7f2a58006900 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x7f2a58006900 | hmac: release clone-key@0x7f2a58006900 | hmac PRF sha crypt-prf@0x564e2d1bb660 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload | my identity 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | idhash calc R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x564e2b55396c (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7fff8d765860 (length 20) | 97 1e 63 6b e2 90 b9 62 95 e9 3f 7b 6c 2a 1a db | db 5e a5 99 | assembled IDr payload | CHILD SA proposals received | going to assemble AUTH payload | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x564e2d1ae180 (line=1) | concluding with best_match=014 best=0x564e2d1ae180 (lineno=1) | inputs to hash1 (first packet) | a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | 7c 89 07 e2 3f c6 b7 6d 85 15 65 a9 b4 5a c8 b5 | 33 2f 56 da b5 44 08 02 af c2 86 cc 6a 7f 6c 7d | 22 55 be 0f a2 42 25 92 26 e7 45 60 66 c0 e9 ec | ec 61 84 76 c7 8b 35 44 86 e0 50 38 50 72 05 c8 | ea f9 cf 29 49 54 61 2f 6e 15 a4 8a db 58 16 01 | 39 fd 0a f3 59 68 a5 79 0d 5e 0e 9f f6 c0 44 46 | 0a 20 f0 2e c7 89 03 8e 22 f1 46 87 33 b6 40 f7 | 45 94 73 9c 4f 8e e1 95 cb 5a c7 1f 7a 25 06 9e | d9 a9 ae fb 71 8e 8c 0d db 00 e7 5e ce e3 5f 7a | b5 db 5a 45 ff 36 96 7b dd a1 4d 39 24 c2 3b 8d | f3 e1 cf 1c ab f1 9b 84 59 b2 41 68 3e 7c e6 81 | f4 fb f4 69 e2 c8 79 72 99 7c 18 3b b2 0e 56 44 | 9f 76 7b 31 7c d0 50 e6 33 68 68 f7 d5 ae 72 aa | f8 ac 1f 3f 3f 9a 3c ec 2b 0b 9f f7 de b1 e0 1c | 51 4b d4 5a b9 70 2d f8 d3 9d 06 db 99 a5 11 67 | 43 11 37 2c 25 23 05 19 7a 87 05 3d 7d 65 6e eb | 29 00 00 24 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 | 7f 84 c9 ef 77 12 15 95 94 21 1e 67 2d e6 61 7b | 58 a5 6f b2 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 16 34 12 ff be de 72 95 e6 a6 e8 e6 | 79 f3 76 0c 21 d7 96 91 00 00 00 1c 00 00 40 05 | 59 1f b9 7f 5a 69 25 9a 86 19 93 92 e7 4d b5 f2 | e1 c3 80 7d | create: responder inputs to hash2 (initiator nonce) | 11 fb d8 80 92 48 63 a3 19 68 72 2b 24 e9 26 b7 | 50 59 d5 5d 84 72 9d 73 fb bb 93 fc 39 17 f0 df | idhash 97 1e 63 6b e2 90 b9 62 95 e9 3f 7b 6c 2a 1a db | idhash db 5e a5 99 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x564e2d1b8960 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765350 | result: shared secret-key@0x7f2a480067f0 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7f2a480067f0 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765338 | result: shared secret-key@0x7f2a58006900 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7f2a480067f0 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x564e2d1a1160 from shared secret-key@0x7f2a58006900 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x564e2d1a1160 from shared secret-key@0x7f2a58006900 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f2a58006900 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x564e2d1bff10 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x564e2b4e7bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765370 | result: final-key@0x7f2a480067f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a480067f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765358 | result: final-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a480067f0 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f2a58006900 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f2a58006900 (size 20) | = prf(, ): -key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765368 | result: clone-key@0x7f2a480067f0 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x564e2d1a1160 from -key@0x7f2a480067f0 | = prf(, ) prf: begin sha with context 0x564e2d1a1160 from -key@0x7f2a480067f0 | = prf(, ): release clone-key@0x7f2a480067f0 | = prf(, ) PRF sha crypt-prf@0x564e2d1c19f0 | = prf(, ) PRF sha update first-packet-bytes@0x564e2d1bdf40 (length 436) | a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | 7c 89 07 e2 3f c6 b7 6d 85 15 65 a9 b4 5a c8 b5 | 33 2f 56 da b5 44 08 02 af c2 86 cc 6a 7f 6c 7d | 22 55 be 0f a2 42 25 92 26 e7 45 60 66 c0 e9 ec | ec 61 84 76 c7 8b 35 44 86 e0 50 38 50 72 05 c8 | ea f9 cf 29 49 54 61 2f 6e 15 a4 8a db 58 16 01 | 39 fd 0a f3 59 68 a5 79 0d 5e 0e 9f f6 c0 44 46 | 0a 20 f0 2e c7 89 03 8e 22 f1 46 87 33 b6 40 f7 | 45 94 73 9c 4f 8e e1 95 cb 5a c7 1f 7a 25 06 9e | d9 a9 ae fb 71 8e 8c 0d db 00 e7 5e ce e3 5f 7a | b5 db 5a 45 ff 36 96 7b dd a1 4d 39 24 c2 3b 8d | f3 e1 cf 1c ab f1 9b 84 59 b2 41 68 3e 7c e6 81 | f4 fb f4 69 e2 c8 79 72 99 7c 18 3b b2 0e 56 44 | 9f 76 7b 31 7c d0 50 e6 33 68 68 f7 d5 ae 72 aa | f8 ac 1f 3f 3f 9a 3c ec 2b 0b 9f f7 de b1 e0 1c | 51 4b d4 5a b9 70 2d f8 d3 9d 06 db 99 a5 11 67 | 43 11 37 2c 25 23 05 19 7a 87 05 3d 7d 65 6e eb | 29 00 00 24 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 | 7f 84 c9 ef 77 12 15 95 94 21 1e 67 2d e6 61 7b | 58 a5 6f b2 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 16 34 12 ff be de 72 95 e6 a6 e8 e6 | 79 f3 76 0c 21 d7 96 91 00 00 00 1c 00 00 40 05 | 59 1f b9 7f 5a 69 25 9a 86 19 93 92 e7 4d b5 f2 | e1 c3 80 7d | = prf(, ) PRF sha update nonce-bytes@0x7f2a480053d0 (length 32) | 11 fb d8 80 92 48 63 a3 19 68 72 2b 24 e9 26 b7 | 50 59 d5 5d 84 72 9d 73 fb bb 93 fc 39 17 f0 df | = prf(, ) PRF sha update hash-bytes@0x7fff8d765860 (length 20) | 97 1e 63 6b e2 90 b9 62 95 e9 3f 7b 6c 2a 1a db | db 5e a5 99 | = prf(, ) PRF sha final-chunk@0x564e2d1bb660 (length 20) | 09 be 8a 64 9e b5 bd 3b 6e 2e eb ab 12 e3 5e 81 | d8 c1 b3 e3 | psk_auth: release prf-psk-key@0x7f2a58006900 | PSK auth octets 09 be 8a 64 9e b5 bd 3b 6e 2e eb ab 12 e3 5e 81 | PSK auth octets d8 c1 b3 e3 | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth 09 be 8a 64 9e b5 bd 3b 6e 2e eb ab 12 e3 5e 81 | PSK auth d8 c1 b3 e3 | emitting length of IKEv2 Authentication Payload: 28 | creating state object #22 at 0x564e2d1cd440 | State DB: adding IKEv2 state #22 in UNDEFINED | pstats #22 ikev2.child started | duplicating state object #21 "east" as #22 for IPSEC SA | #22 setting local endpoint to 192.1.2.23:500 from #21.st_localport (in duplicate_state() at state.c:1481) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x7f2a4c00c3d0 | duplicate_state: reference st_skey_ai_nss-key@0x564e2d1c3300 | duplicate_state: reference st_skey_ar_nss-key@0x564e2d1ca300 | duplicate_state: reference st_skey_ei_nss-key@0x7f2a4c005db0 | duplicate_state: reference st_skey_er_nss-key@0x7f2a4c006900 | duplicate_state: reference st_skey_pi_nss-key@0x7f2a4000bdb0 | duplicate_state: reference st_skey_pr_nss-key@0x564e2d1ca390 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #21.#22; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #21 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 | Message ID: switch-to #21.#22 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 | Child SA TS Request has ike->sa == md->st; so using parent connection | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | looking for best SPD in current connection | evaluating our conn="east" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found better spd route for TSi[0],TSr[0] | looking for better host pair | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | checking hostpair 192.0.2.0/24:0 -> 192.0.1.0/24:0 is found | investigating connection "east" as a better match | match_id a=@west | b=@west | results matched | evaluating our conn="east" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | did not find a better connection using host pair | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | using existing local ESP/AH proposals for east (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED 2:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 0 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 1 transforms | local proposal 2 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 36 (0x24) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI 7b 0b 5d cb | Comparing remote proposal 1 containing 3 transforms against local proposal [1..2] of 2 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | remote proposal 1 transform 0 (ENCR=3DES) matches local proposal 2 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: INTEG+ESN | remote proposal 1 does not match local proposal 1; unmatched transforms: ENCR; missing transforms: ENCR | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 2; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 2 "east" #21: proposal 1:ESP:SPI=7b0b5dcb;ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=7b0b5dcb;ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: 3DES=3, found 3DES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | netlink_get_spi: allocated 0x44f6520a for esp.0@192.1.2.23 | Emitting ikev2_proposal ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 44 f6 52 0a | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 36 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 40 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 01 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 02 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | integ=sha: .key_size=20 encrypt=3des_cbc: .key_size=24 .salt_size=0 keymat_len=44 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d7653e0 | result: data=Ni-key@0x7f2a480067f0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x7f2a480067f0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7653c8 | result: data=Ni-key@0x7f2a58006900 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x7f2a480067f0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a58006900 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff8d7653d0 | result: data+=Nr-key@0x7f2a480067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f2a58006900 | prf+0 PRF sha init key-key@0x7f2a4c00c3d0 (size 20) | prf+0: key-key@0x7f2a4c00c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4c00c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652f8 | result: clone-key@0x7f2a58006900 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x564e2d1a1160 from key-key@0x7f2a58006900 | prf+0 prf: begin sha with context 0x564e2d1a1160 from key-key@0x7f2a58006900 | prf+0: release clone-key@0x7f2a58006900 | prf+0 PRF sha crypt-prf@0x564e2d1c3390 | prf+0 PRF sha update seed-key@0x7f2a480067f0 (size 64) | prf+0: seed-key@0x7f2a480067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f2a480067f0 | nss hmac digest hack: symkey-key@0x7f2a480067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1921626304: 00 04 fffffffa 17 2f 10 ffffffd6 ffffffe6 41 16 ffffffbb 3f ffffffbc 47 fffffff7 07 6f ffffffc8 40 52 ffffffee ffffffe2 ffffff80 ffffffc1 65 29 6e ffffffab 44 ffffffa9 fffffff5 ffffffc4 39 ffffff85 15 ffffffed ffffffc0 ffffffcf ffffffd6 ffffffda fffffffc ffffff8f fffffff4 ffffffd9 61 2e 0a ffffffde ffffffb9 ffffff84 ffffff9b 5d ffffff99 19 18 25 ffffffb3 fffffff9 ffffff8c 23 3c ffffff8f 73 ffffffe8 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 64 bytes at 0x564e2d1c4dd0 | unwrapped: 11 fb d8 80 92 48 63 a3 19 68 72 2b 24 e9 26 b7 | unwrapped: 50 59 d5 5d 84 72 9d 73 fb bb 93 fc 39 17 f0 df | unwrapped: 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 7f 84 c9 ef | unwrapped: 77 12 15 95 94 21 1e 67 2d e6 61 7b 58 a5 6f b2 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765300 | result: final-key@0x7f2a4c001a70 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a4c001a70 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652e8 | result: final-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a4c001a70 | prf+0 PRF sha final-key@0x7f2a58006900 (size 20) | prf+0: key-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x7f2a58006900 | prf+N PRF sha init key-key@0x7f2a4c00c3d0 (size 20) | prf+N: key-key@0x7f2a4c00c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4c00c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652f8 | result: clone-key@0x7f2a4c001a70 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x564e2d1a1160 from key-key@0x7f2a4c001a70 | prf+N prf: begin sha with context 0x564e2d1a1160 from key-key@0x7f2a4c001a70 | prf+N: release clone-key@0x7f2a4c001a70 | prf+N PRF sha crypt-prf@0x564e2d1bff10 | prf+N PRF sha update old_t-key@0x7f2a58006900 (size 20) | prf+N: old_t-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f2a58006900 | nss hmac digest hack: symkey-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1921626304: 70 ffffffb3 ffffff96 37 ffffff8f 12 ffffffbd 19 ffffff81 ffffffe3 ffffffde ffffff8b ffffff99 1f ffffffa2 70 38 ffffffd8 ffffffbc 71 ffffff86 ffffffe8 ffffffe4 fffffff9 ffffffd6 6f 60 ffffff88 ffffffcf 1f 1e ffffff95 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x564e2d1c33b0 | unwrapped: b6 10 4a 0d cc 72 8b 38 f0 ec c8 dc 59 49 27 78 | unwrapped: 4d b8 2d 3b 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f2a480067f0 (size 64) | prf+N: seed-key@0x7f2a480067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f2a480067f0 | nss hmac digest hack: symkey-key@0x7f2a480067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1921626304: 00 04 fffffffa 17 2f 10 ffffffd6 ffffffe6 41 16 ffffffbb 3f ffffffbc 47 fffffff7 07 6f ffffffc8 40 52 ffffffee ffffffe2 ffffff80 ffffffc1 65 29 6e ffffffab 44 ffffffa9 fffffff5 ffffffc4 39 ffffff85 15 ffffffed ffffffc0 ffffffcf ffffffd6 ffffffda fffffffc ffffff8f fffffff4 ffffffd9 61 2e 0a ffffffde ffffffb9 ffffff84 ffffff9b 5d ffffff99 19 18 25 ffffffb3 fffffff9 ffffff8c 23 3c ffffff8f 73 ffffffe8 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 64 bytes at 0x564e2d1b93d0 | unwrapped: 11 fb d8 80 92 48 63 a3 19 68 72 2b 24 e9 26 b7 | unwrapped: 50 59 d5 5d 84 72 9d 73 fb bb 93 fc 39 17 f0 df | unwrapped: 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 7f 84 c9 ef | unwrapped: 77 12 15 95 94 21 1e 67 2d e6 61 7b 58 a5 6f b2 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765300 | result: final-key@0x7f2a44006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a44006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652e8 | result: final-key@0x7f2a4c001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a44006900 | prf+N PRF sha final-key@0x7f2a4c001a70 (size 20) | prf+N: key-key@0x7f2a4c001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff8d765378 | result: result-key@0x7f2a44006900 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a58006900 | prfplus: release old_t[N]-key@0x7f2a58006900 | prf+N PRF sha init key-key@0x7f2a4c00c3d0 (size 20) | prf+N: key-key@0x7f2a4c00c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4c00c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652f8 | result: clone-key@0x7f2a58006900 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x564e2d1a1160 from key-key@0x7f2a58006900 | prf+N prf: begin sha with context 0x564e2d1a1160 from key-key@0x7f2a58006900 | prf+N: release clone-key@0x7f2a58006900 | prf+N PRF sha crypt-prf@0x564e2d1c19d0 | prf+N PRF sha update old_t-key@0x7f2a4c001a70 (size 20) | prf+N: old_t-key@0x7f2a4c001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f2a4c001a70 | nss hmac digest hack: symkey-key@0x7f2a4c001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1921626304: ffffff89 5d ffffffa6 77 7e ffffffd2 02 fffffff2 ffffffca 4c 28 04 54 1f ffffff9d ffffffec 25 ffffffdc 5e 11 2c ffffffb6 26 ffffffbd 14 ffffffe9 ffffffd3 ffffff92 30 74 ffffffa8 2d | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x564e2d1c6c60 | unwrapped: 96 74 ef de 0f 0e c3 b3 48 26 bb 46 d1 1e ec 81 | unwrapped: 97 96 4b 48 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f2a480067f0 (size 64) | prf+N: seed-key@0x7f2a480067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f2a480067f0 | nss hmac digest hack: symkey-key@0x7f2a480067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1921626304: 00 04 fffffffa 17 2f 10 ffffffd6 ffffffe6 41 16 ffffffbb 3f ffffffbc 47 fffffff7 07 6f ffffffc8 40 52 ffffffee ffffffe2 ffffff80 ffffffc1 65 29 6e ffffffab 44 ffffffa9 fffffff5 ffffffc4 39 ffffff85 15 ffffffed ffffffc0 ffffffcf ffffffd6 ffffffda fffffffc ffffff8f fffffff4 ffffffd9 61 2e 0a ffffffde ffffffb9 ffffff84 ffffff9b 5d ffffff99 19 18 25 ffffffb3 fffffff9 ffffff8c 23 3c ffffff8f 73 ffffffe8 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 64 bytes at 0x564e2d1c17b0 | unwrapped: 11 fb d8 80 92 48 63 a3 19 68 72 2b 24 e9 26 b7 | unwrapped: 50 59 d5 5d 84 72 9d 73 fb bb 93 fc 39 17 f0 df | unwrapped: 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 7f 84 c9 ef | unwrapped: 77 12 15 95 94 21 1e 67 2d e6 61 7b 58 a5 6f b2 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765300 | result: final-key@0x7f2a58006720 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a58006720 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652e8 | result: final-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a58006720 | prf+N PRF sha final-key@0x7f2a58006900 (size 20) | prf+N: key-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a44006900 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff8d765378 | result: result-key@0x7f2a58006720 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a44006900 | prfplus: release old_t[N]-key@0x7f2a4c001a70 | prf+N PRF sha init key-key@0x7f2a4c00c3d0 (size 20) | prf+N: key-key@0x7f2a4c00c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4c00c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652f8 | result: clone-key@0x7f2a4c001a70 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x564e2d1a1160 from key-key@0x7f2a4c001a70 | prf+N prf: begin sha with context 0x564e2d1a1160 from key-key@0x7f2a4c001a70 | prf+N: release clone-key@0x7f2a4c001a70 | prf+N PRF sha crypt-prf@0x564e2d1c19f0 | prf+N PRF sha update old_t-key@0x7f2a58006900 (size 20) | prf+N: old_t-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f2a58006900 | nss hmac digest hack: symkey-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1921626304: ffffffed fffffffc 1d 10 6e ffffffcb 40 4e ffffff92 fffffffb 52 ffffffd4 6f ffffffcd 5c 08 ffffffef ffffffb3 fffffff1 70 ffffff96 39 00 fffffff7 ffffffe1 ffffffe6 7e ffffffd3 ffffff85 ffffffeb fffffff5 ffffffbb | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x564e2d1c6c60 | unwrapped: 0d ac 22 f4 0d 90 05 4a ab 80 14 24 90 d8 37 88 | unwrapped: 6d 5e 55 15 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f2a480067f0 (size 64) | prf+N: seed-key@0x7f2a480067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f2a480067f0 | nss hmac digest hack: symkey-key@0x7f2a480067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1921626304: 00 04 fffffffa 17 2f 10 ffffffd6 ffffffe6 41 16 ffffffbb 3f ffffffbc 47 fffffff7 07 6f ffffffc8 40 52 ffffffee ffffffe2 ffffff80 ffffffc1 65 29 6e ffffffab 44 ffffffa9 fffffff5 ffffffc4 39 ffffff85 15 ffffffed ffffffc0 ffffffcf ffffffd6 ffffffda fffffffc ffffff8f fffffff4 ffffffd9 61 2e 0a ffffffde ffffffb9 ffffff84 ffffff9b 5d ffffff99 19 18 25 ffffffb3 fffffff9 ffffff8c 23 3c ffffff8f 73 ffffffe8 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 64 bytes at 0x564e2d1c4e20 | unwrapped: 11 fb d8 80 92 48 63 a3 19 68 72 2b 24 e9 26 b7 | unwrapped: 50 59 d5 5d 84 72 9d 73 fb bb 93 fc 39 17 f0 df | unwrapped: 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 7f 84 c9 ef | unwrapped: 77 12 15 95 94 21 1e 67 2d e6 61 7b 58 a5 6f b2 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765300 | result: final-key@0x7f2a44006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a44006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652e8 | result: final-key@0x7f2a4c001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a44006900 | prf+N PRF sha final-key@0x7f2a4c001a70 (size 20) | prf+N: key-key@0x7f2a4c001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a58006720 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff8d765378 | result: result-key@0x7f2a44006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a58006720 | prfplus: release old_t[N]-key@0x7f2a58006900 | prf+N PRF sha init key-key@0x7f2a4c00c3d0 (size 20) | prf+N: key-key@0x7f2a4c00c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a4c00c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652f8 | result: clone-key@0x7f2a58006900 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x564e2d1a1160 from key-key@0x7f2a58006900 | prf+N prf: begin sha with context 0x564e2d1a1160 from key-key@0x7f2a58006900 | prf+N: release clone-key@0x7f2a58006900 | prf+N PRF sha crypt-prf@0x564e2d1c19d0 | prf+N PRF sha update old_t-key@0x7f2a4c001a70 (size 20) | prf+N: old_t-key@0x7f2a4c001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f2a4c001a70 | nss hmac digest hack: symkey-key@0x7f2a4c001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1921626304: ffffff94 ffffffa0 ffffffa0 39 ffffffe3 ffffffd6 43 ffffff80 ffffff8e 6c fffffffd ffffff91 25 18 ffffffcd 57 67 ffffff9d 07 27 4e 2c ffffffa0 ffffff83 7f ffffff8d ffffffed ffffffcd ffffffe1 26 7e 31 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 32 bytes at 0x564e2d1c33b0 | unwrapped: 35 e5 b4 7e e0 f2 71 9d 83 1c ae b6 75 eb 16 af | unwrapped: d1 35 81 1d 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f2a480067f0 (size 64) | prf+N: seed-key@0x7f2a480067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f2a480067f0 | nss hmac digest hack: symkey-key@0x7f2a480067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564e2d1a1c00 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1921626304: 00 04 fffffffa 17 2f 10 ffffffd6 ffffffe6 41 16 ffffffbb 3f ffffffbc 47 fffffff7 07 6f ffffffc8 40 52 ffffffee ffffffe2 ffffff80 ffffffc1 65 29 6e ffffffab 44 ffffffa9 fffffff5 ffffffc4 39 ffffff85 15 ffffffed ffffffc0 ffffffcf ffffffd6 ffffffda fffffffc ffffff8f fffffff4 ffffffd9 61 2e 0a ffffffde ffffffb9 ffffff84 ffffff9b 5d ffffff99 19 18 25 ffffffb3 fffffff9 ffffff8c 23 3c ffffff8f 73 ffffffe8 | nss hmac digest hack: release slot-key-key@0x564e2d1a1c00 | nss hmac digest hack extracted len 64 bytes at 0x564e2d1c4dd0 | unwrapped: 11 fb d8 80 92 48 63 a3 19 68 72 2b 24 e9 26 b7 | unwrapped: 50 59 d5 5d 84 72 9d 73 fb bb 93 fc 39 17 f0 df | unwrapped: 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 7f 84 c9 ef | unwrapped: 77 12 15 95 94 21 1e 67 2d e6 61 7b 58 a5 6f b2 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff8d765300 | result: final-key@0x7f2a58006720 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f2a58006720 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7652e8 | result: final-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f2a58006720 | prf+N PRF sha final-key@0x7f2a58006900 (size 20) | prf+N: key-key@0x7f2a58006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f2a44006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff8d765378 | result: result-key@0x7f2a58006720 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f2a44006900 | prfplus: release old_t[N]-key@0x7f2a4c001a70 | prfplus: release old_t[final]-key@0x7f2a58006900 | child_sa_keymat: release data-key@0x7f2a480067f0 | key-offset: 0, key-size: 44 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 44-bytes | base: base-key@0x7f2a58006720 (100-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765458 | result: result-key@0x7f2a480067f0 (44-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 44 bytes of key@0x7f2a480067f0 | initiator to responder keys: symkey-key@0x7f2a480067f0 (44-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x564e2d1a1c00 (44-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)540631398: 70 ffffffb3 ffffff96 37 ffffff8f 12 ffffffbd 19 ffffff81 ffffffe3 ffffffde ffffff8b ffffff99 1f ffffffa2 70 58 ffffffd0 78 ffffffd5 49 1e 57 60 14 ffffffc5 7e 14 ffffffe7 ffffffe7 ffffffa5 ffffffef 79 00 ffffffcd ffffffb2 ffffff90 ffffff95 ffffffd4 ffffffdd ffffffc6 6a 76 fffffffd ffffffae ffffffba ffffffcf 26 | initiator to responder keys: release slot-key-key@0x564e2d1a1c00 | initiator to responder keys extracted len 48 bytes at 0x564e2d1bb840 | unwrapped: b6 10 4a 0d cc 72 8b 38 f0 ec c8 dc 59 49 27 78 | unwrapped: 4d b8 2d 3b 96 74 ef de 0f 0e c3 b3 48 26 bb 46 | unwrapped: d1 1e ec 81 97 96 4b 48 0d ac 22 f4 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x7f2a480067f0 | key-offset: 44, key-size: 44 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 44-bytes | base: base-key@0x7f2a58006720 (100-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765458 | result: result-key@0x7f2a480067f0 (44-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 44 bytes of key@0x7f2a480067f0 | responder to initiator keys:: symkey-key@0x7f2a480067f0 (44-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564e2d11e080 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x564e2d1a1c00 (44-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)540631398: ffffff9b ffffffd7 ffffff9b ffffffb0 ffffffb5 ffffffc9 04 59 42 ffffffa7 ffffffe3 6a ffffff8d ffffffa8 63 fffffff8 ffffff94 ffffffa0 ffffffa0 39 ffffffe3 ffffffd6 43 ffffff80 ffffff8e 6c fffffffd ffffff91 25 18 ffffffcd 57 5b 4e ffffffec 12 ffffffc6 ffffffdb ffffffe8 ffffff89 77 ffffffde ffffffc6 09 09 05 39 ffffffcb | responder to initiator keys:: release slot-key-key@0x564e2d1a1c00 | responder to initiator keys: extracted len 48 bytes at 0x564e2d1bdee0 | unwrapped: 0d 90 05 4a ab 80 14 24 90 d8 37 88 6d 5e 55 15 | unwrapped: 35 e5 b4 7e e0 f2 71 9d 83 1c ae b6 75 eb 16 af | unwrapped: d1 35 81 1d bd 8c 16 57 cb 7b 63 49 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x7f2a480067f0 | ikev2_derive_child_keys: release keymat-key@0x7f2a58006720 | FOR_EACH_CONNECTION_... in ISAKMP_SA_established | #21 spent 2.83 milliseconds | install_ipsec_sa() for #22: inbound and outbound | could_route called for east (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" prospective erouted: self; eroute owner: self | looking for alg with encrypt: 3DES_CBC keylen: 192 integ: HMAC_SHA1_96 | encrypt 3DES_CBC keylen=192 transid=3, key_size=24, encryptalg=3 | st->st_esp.keymat_len=44 is encrypt_keymat_size=24 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.7b0b5dcb@192.1.2.45 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: 3DES_CBC keylen: 192 integ: HMAC_SHA1_96 | encrypt 3DES_CBC keylen=192 transid=3, key_size=24, encryptalg=3 | st->st_esp.keymat_len=44 is encrypt_keymat_size=24 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.44f6520a@192.1.2.23 included non-error error | priority calculation of connection "east" is 0xfe7e7 | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #22: prospective erouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" prospective erouted: self; eroute owner: self | route_and_eroute with c: east (next: none) ero:east esr:{(nil)} ro:east rosr:{(nil)} and state: #22 | priority calculation of connection "east" is 0xfe7e7 | eroute_connection replace eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45>tun.0@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x7b0b5dcb SPI_OUT=0x44f | popen cmd is 1020 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFA: | cmd( 80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' : | cmd( 160):PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_M: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1638: | cmd( 320):8' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_: | cmd( 400):CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK=': | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKE: | cmd( 640):V2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO: | cmd( 720):_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_IN: | cmd( 800):FO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_: | cmd( 880):CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=: | cmd( 960):'no' SPI_IN=0x7b0b5dcb SPI_OUT=0x44f6520a ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | route_and_eroute: instance "east", setting eroute_owner {spd=0x564e2d1b9a50,sr=0x564e2d1b9a50} to #22 (was #0) (newest_ipsec_sa=#0) | #21 spent 0.515 milliseconds in install_ipsec_sa() | ISAKMP_v2_IKE_AUTH: instance east[0], setting IKEv2 newest_ipsec_sa to #22 (was #0) (spd.eroute=#22) cloned from #21 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 160 | emitting length of ISAKMP Message: 188 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 50 9f 3c e1 4a 55 0d 58 | data before encryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 09 be 8a 64 9e b5 bd 3b 6e 2e eb ab | 12 e3 5e 81 d8 c1 b3 e3 2c 00 00 28 00 00 00 24 | 01 03 04 03 44 f6 52 0a 03 00 00 08 01 00 00 03 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | d3 0b e3 a8 91 c2 5f ac 9c a9 b8 a9 a3 69 28 b7 | a8 60 4d 3b 98 11 b7 c0 31 c5 d2 ea 14 9c 00 66 | 91 93 89 06 da 3a b6 a0 71 a7 1f 23 3e c9 3f e9 | 37 ce 2e 0d 4a c3 a2 60 b2 2a ea 47 c9 e3 be ff | 64 c3 c3 de ca a6 d6 b8 6e 03 c6 70 a3 a9 b3 a8 | 88 3f 3d 7b 0a a9 10 af 2c c3 a3 a7 30 3d 9f 81 | a3 a0 5d 7b 27 cf 6b dc 22 f2 23 96 cd f5 7e 11 | 3d 79 24 43 15 51 64 82 f4 94 c0 b3 03 fa f6 db | 4b fe 27 44 a1 e6 3e f2 | hmac PRF sha init symkey-key@0x564e2d1ca300 (size 20) | hmac: symkey-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765468 | result: clone-key@0x7f2a58006720 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x7f2a58006720 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x7f2a58006720 | hmac: release clone-key@0x7f2a58006720 | hmac PRF sha crypt-prf@0x564e2d1c19f0 | hmac PRF sha update data-bytes@0x564e2b553940 (length 176) | a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | 50 9f 3c e1 4a 55 0d 58 d3 0b e3 a8 91 c2 5f ac | 9c a9 b8 a9 a3 69 28 b7 a8 60 4d 3b 98 11 b7 c0 | 31 c5 d2 ea 14 9c 00 66 91 93 89 06 da 3a b6 a0 | 71 a7 1f 23 3e c9 3f e9 37 ce 2e 0d 4a c3 a2 60 | b2 2a ea 47 c9 e3 be ff 64 c3 c3 de ca a6 d6 b8 | 6e 03 c6 70 a3 a9 b3 a8 88 3f 3d 7b 0a a9 10 af | 2c c3 a3 a7 30 3d 9f 81 a3 a0 5d 7b 27 cf 6b dc | 22 f2 23 96 cd f5 7e 11 3d 79 24 43 15 51 64 82 | f4 94 c0 b3 03 fa f6 db 4b fe 27 44 a1 e6 3e f2 | hmac PRF sha final-bytes@0x564e2b5539f0 (length 20) | 9a 7c fe 8f b6 e6 f7 68 b6 52 d8 5c b1 a8 88 71 | 0e a6 99 90 | data being hmac: a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | data being hmac: 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | data being hmac: 50 9f 3c e1 4a 55 0d 58 d3 0b e3 a8 91 c2 5f ac | data being hmac: 9c a9 b8 a9 a3 69 28 b7 a8 60 4d 3b 98 11 b7 c0 | data being hmac: 31 c5 d2 ea 14 9c 00 66 91 93 89 06 da 3a b6 a0 | data being hmac: 71 a7 1f 23 3e c9 3f e9 37 ce 2e 0d 4a c3 a2 60 | data being hmac: b2 2a ea 47 c9 e3 be ff 64 c3 c3 de ca a6 d6 b8 | data being hmac: 6e 03 c6 70 a3 a9 b3 a8 88 3f 3d 7b 0a a9 10 af | data being hmac: 2c c3 a3 a7 30 3d 9f 81 a3 a0 5d 7b 27 cf 6b dc | data being hmac: 22 f2 23 96 cd f5 7e 11 3d 79 24 43 15 51 64 82 | data being hmac: f4 94 c0 b3 03 fa f6 db 4b fe 27 44 a1 e6 3e f2 | out calculated auth: | 9a 7c fe 8f b6 e6 f7 68 b6 52 d8 5c | ikev2_parent_inI2outR2_continue_tail returned STF_OK | #21 spent 3.56 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() | suspend processing: state #21 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #22 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #22 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R | child state #22: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) | Message ID: updating counters for #22 to 1 after switching state | Message ID: recv #21.#22 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 | Message ID: sent #21.#22 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 | pstats #22 ikev2.child established "east" #22: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0] | NAT-T: encaps is 'auto' "east" #22: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0x7b0b5dcb <0x44f6520a xfrm=3DES_CBC-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 188 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #21) | a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | 50 9f 3c e1 4a 55 0d 58 d3 0b e3 a8 91 c2 5f ac | 9c a9 b8 a9 a3 69 28 b7 a8 60 4d 3b 98 11 b7 c0 | 31 c5 d2 ea 14 9c 00 66 91 93 89 06 da 3a b6 a0 | 71 a7 1f 23 3e c9 3f e9 37 ce 2e 0d 4a c3 a2 60 | b2 2a ea 47 c9 e3 be ff 64 c3 c3 de ca a6 d6 b8 | 6e 03 c6 70 a3 a9 b3 a8 88 3f 3d 7b 0a a9 10 af | 2c c3 a3 a7 30 3d 9f 81 a3 a0 5d 7b 27 cf 6b dc | 22 f2 23 96 cd f5 7e 11 3d 79 24 43 15 51 64 82 | f4 94 c0 b3 03 fa f6 db 4b fe 27 44 a1 e6 3e f2 | 9a 7c fe 8f b6 e6 f7 68 b6 52 d8 5c | releasing whack for #22 (sock=fd@-1) | releasing whack and unpending for parent #21 | unpending state #21 connection "east" | #22 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x564e2d1bb7d0 | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #22 | libevent_malloc: new ptr-libevent@0x7f2a40012d70 size 128 | resume sending helper answer for #21 suppresed complete_v2_state_transition() | #21 spent 3.94 milliseconds in resume sending helper answer | stop processing: state #22 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f2a440037a0 | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.0049 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00286 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 68 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | 52 65 51 c0 e5 be 98 16 61 49 30 02 49 2c 48 7e | 0e 0b 08 07 a9 28 03 08 61 46 6f d4 1f 12 7f 0f | 06 01 e2 85 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | a5 70 a7 02 5a 87 dd 89 | responder cookie: | 61 87 c1 53 46 1c 40 b4 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | length: 68 (0x44) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #21 in PARENT_R2 (find_v2_ike_sa) | start processing: state #21 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #21 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 | Message ID: #21 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SK (len=36) | Message ID: start-responder #21 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 | #21 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x564e2d1c3300 (size 20) | hmac: symkey-key@0x564e2d1c3300 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1c3300 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7660b8 | result: clone-key@0x7f2a58006720 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x7f2a58006720 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x7f2a58006720 | hmac: release clone-key@0x7f2a58006720 | hmac PRF sha crypt-prf@0x564e2d1bff10 | hmac PRF sha update data-bytes@0x564e2d1c4dd0 (length 56) | a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | 52 65 51 c0 e5 be 98 16 61 49 30 02 49 2c 48 7e | 0e 0b 08 07 a9 28 03 08 | hmac PRF sha final-bytes@0x7fff8d766280 (length 20) | 61 46 6f d4 1f 12 7f 0f 06 01 e2 85 ac 77 6f ec | cc 40 a0 cb | data for hmac: a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | data for hmac: 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | data for hmac: 52 65 51 c0 e5 be 98 16 61 49 30 02 49 2c 48 7e | data for hmac: 0e 0b 08 07 a9 28 03 08 | calculated auth: 61 46 6f d4 1f 12 7f 0f 06 01 e2 85 | provided auth: 61 46 6f d4 1f 12 7f 0f 06 01 e2 85 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 52 65 51 c0 e5 be 98 16 | payload before decryption: | 61 49 30 02 49 2c 48 7e 0e 0b 08 07 a9 28 03 08 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | payload after decryption: | 00 00 00 0c 03 04 00 01 7b 0b 5d cb 00 01 02 03 | stripping 4 octets as pad | #21 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 12 (0xc) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | processing payload: ISAKMP_NEXT_v2D (len=4) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | a5 70 a7 02 5a 87 dd 89 | responder cookie: | 61 87 c1 53 46 1c 40 b4 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | parsing 4 raw bytes of IKEv2 Delete Payload into SPI | SPI 7b 0b 5d cb | delete PROTO_v2_ESP SA(0x7b0b5dcb) | v2 CHILD SA #22 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_R | State DB: found IKEv2 state #22 in V2_IPSEC_R (find_v2_child_sa_by_outbound_spi) | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x7b0b5dcb) "east" #21: received Delete SA payload: delete IPsec State #22 now | pstats #22 ikev2.child deleted completed | suspend processing: state #21 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) | start processing: state #22 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #22: deleting other state #22 (STATE_V2_IPSEC_R) aged 0.317s and NOT sending notification | child state #22: V2_IPSEC_R(established CHILD SA) => delete | get_sa_info esp.7b0b5dcb@192.1.2.45 | get_sa_info esp.44f6520a@192.1.2.23 "east" #22: ESP traffic information: in=84B out=84B | child state #22: V2_IPSEC_R(established CHILD SA) => CHILDSA_DEL(informational) | state #22 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7f2a40012d70 | free_event_entry: release EVENT_SA_REKEY-pe@0x564e2d1bb7d0 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050314' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x7b0b5dcb | popen cmd is 1031 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east: | cmd( 160):' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='1569050314' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUN: | cmd( 640):NEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMA: | cmd( 720):NENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_: | cmd( 800):PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER: | cmd( 880):='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' : | cmd( 960):VTI_SHARED='no' SPI_IN=0x7b0b5dcb SPI_OUT=0x44f6520a ipsec _updown 2>&1: | shunt_eroute() called for connection 'east' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.2.0/24:0 --0->- 192.0.1.0/24:0 | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.1.0/24:0 | priority calculation of connection "east" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.7b0b5dcb@192.1.2.45 | netlink response for Del SA esp.7b0b5dcb@192.1.2.45 included non-error error | priority calculation of connection "east" is 0xfe7e7 | delete inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) | raw_eroute result=success | delete esp.44f6520a@192.1.2.23 | netlink response for Del SA esp.44f6520a@192.1.2.23 included non-error error | in connection_discard for connection east | State DB: deleting IKEv2 state #22 in CHILDSA_DEL | child state #22: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #22 from 192.1.2.45:500 (in delete_state() at state.c:1143) | resume processing: state #21 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f2a4c00c3d0 | delete_state: release st->st_skey_ai_nss-key@0x564e2d1c3300 | delete_state: release st->st_skey_ar_nss-key@0x564e2d1ca300 | delete_state: release st->st_skey_ei_nss-key@0x7f2a4c005db0 | delete_state: release st->st_skey_er_nss-key@0x7f2a4c006900 | delete_state: release st->st_skey_pi_nss-key@0x7f2a4000bdb0 | delete_state: release st->st_skey_pr_nss-key@0x564e2d1ca390 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload | local SPIs 44 f6 52 0a | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 40 | emitting length of ISAKMP Message: 68 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 1b e9 e6 9e f3 88 c2 04 | data before encryption: | 00 00 00 0c 03 04 00 01 44 f6 52 0a 00 01 02 03 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | 96 2a 11 64 e5 88 44 91 dc e1 92 62 a1 71 4b fe | hmac PRF sha init symkey-key@0x564e2d1ca300 (size 20) | hmac: symkey-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765c78 | result: clone-key@0x7f2a58006720 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x7f2a58006720 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x7f2a58006720 | hmac: release clone-key@0x7f2a58006720 | hmac PRF sha crypt-prf@0x564e2d1c3390 | hmac PRF sha update data-bytes@0x564e2b553940 (length 56) | a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | 2e 20 25 20 00 00 00 02 00 00 00 44 2a 00 00 28 | 1b e9 e6 9e f3 88 c2 04 96 2a 11 64 e5 88 44 91 | dc e1 92 62 a1 71 4b fe | hmac PRF sha final-bytes@0x564e2b553978 (length 20) | 92 9b 37 f1 7e dd 1e f7 92 08 7d 19 8c a1 40 b6 | fa 80 20 81 | data being hmac: a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | data being hmac: 2e 20 25 20 00 00 00 02 00 00 00 44 2a 00 00 28 | data being hmac: 1b e9 e6 9e f3 88 c2 04 96 2a 11 64 e5 88 44 91 | data being hmac: dc e1 92 62 a1 71 4b fe | out calculated auth: | 92 9b 37 f1 7e dd 1e f7 92 08 7d 19 | sending 68 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #21) | a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | 2e 20 25 20 00 00 00 02 00 00 00 44 2a 00 00 28 | 1b e9 e6 9e f3 88 c2 04 96 2a 11 64 e5 88 44 91 | dc e1 92 62 a1 71 4b fe 92 9b 37 f1 7e dd 1e f7 | 92 08 7d 19 | Message ID: #21 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2 | Message ID: sent #21 response 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1->2 responder.recv=1 wip.initiator=-1 wip.responder=2 | #21 spent 0.731 milliseconds in processing: R2: process INFORMATIONAL Request in ikev2_process_state_packet() | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #21 complete_v2_state_transition() PARENT_R2->PARENT_R2 with status STF_OK | Message ID: updating counters for #21 to 2 after switching state | Message ID: recv #21 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=1->2 wip.initiator=-1 wip.responder=2->-1 | Message ID: #21 skipping update_send as nothing to send; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1 "east" #21: STATE_PARENT_R2: received v2I2, PARENT SA established | stop processing: state #21 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #21 spent 1 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.02 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00478 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00328 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 68 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | df 6f 31 60 fc 18 3b 3f 40 08 08 7e 05 b2 98 03 | ed 7f 08 db 5c 07 c6 84 f1 5b 38 2d 13 73 4e 36 | ae 45 68 db | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | a5 70 a7 02 5a 87 dd 89 | responder cookie: | 61 87 c1 53 46 1c 40 b4 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | length: 68 (0x44) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #21 in PARENT_R2 (find_v2_ike_sa) | start processing: state #21 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #21 st.st_msgid_lastrecv 2 md.hdr.isa_msgid 00000003 | Message ID: #21 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SK (len=36) | Message ID: start-responder #21 request 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1->3 | #21 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x564e2d1c3300 (size 20) | hmac: symkey-key@0x564e2d1c3300 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1c3300 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d7660b8 | result: clone-key@0x7f2a58006720 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x7f2a58006720 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x7f2a58006720 | hmac: release clone-key@0x7f2a58006720 | hmac PRF sha crypt-prf@0x564e2d1bff10 | hmac PRF sha update data-bytes@0x564e2d1c4dd0 (length 56) | a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | df 6f 31 60 fc 18 3b 3f 40 08 08 7e 05 b2 98 03 | ed 7f 08 db 5c 07 c6 84 | hmac PRF sha final-bytes@0x7fff8d766280 (length 20) | f1 5b 38 2d 13 73 4e 36 ae 45 68 db 7e 2f 6e af | b9 85 f5 df | data for hmac: a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | data for hmac: 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | data for hmac: df 6f 31 60 fc 18 3b 3f 40 08 08 7e 05 b2 98 03 | data for hmac: ed 7f 08 db 5c 07 c6 84 | calculated auth: f1 5b 38 2d 13 73 4e 36 ae 45 68 db | provided auth: f1 5b 38 2d 13 73 4e 36 ae 45 68 db | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | df 6f 31 60 fc 18 3b 3f | payload before decryption: | 40 08 08 7e 05 b2 98 03 ed 7f 08 db 5c 07 c6 84 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | payload after decryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | stripping 8 octets as pad | #21 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | processing payload: ISAKMP_NEXT_v2D (len=0) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | a5 70 a7 02 5a 87 dd 89 | responder cookie: | 61 87 c1 53 46 1c 40 b4 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 32 | emitting length of ISAKMP Message: 60 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 92 74 09 05 4f a4 7c a9 | data before encryption: | 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | d4 65 56 05 f5 d5 c0 8a | hmac PRF sha init symkey-key@0x564e2d1ca300 (size 20) | hmac: symkey-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d1ca300 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d765c78 | result: clone-key@0x7f2a58006720 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x7f2a58006720 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x7f2a58006720 | hmac: release clone-key@0x7f2a58006720 | hmac PRF sha crypt-prf@0x564e2d1c7170 | hmac PRF sha update data-bytes@0x564e2b553940 (length 48) | a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | 2e 20 25 20 00 00 00 03 00 00 00 3c 00 00 00 20 | 92 74 09 05 4f a4 7c a9 d4 65 56 05 f5 d5 c0 8a | hmac PRF sha final-bytes@0x564e2b553970 (length 20) | eb f0 79 7a b9 8e 13 91 15 84 bc f5 18 f7 7a 1b | 6e 35 dd 44 | data being hmac: a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | data being hmac: 2e 20 25 20 00 00 00 03 00 00 00 3c 00 00 00 20 | data being hmac: 92 74 09 05 4f a4 7c a9 d4 65 56 05 f5 d5 c0 8a | out calculated auth: | eb f0 79 7a b9 8e 13 91 15 84 bc f5 | sending 60 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #21) | a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | 2e 20 25 20 00 00 00 03 00 00 00 3c 00 00 00 20 | 92 74 09 05 4f a4 7c a9 d4 65 56 05 f5 d5 c0 8a | eb f0 79 7a b9 8e 13 91 15 84 bc f5 | Message ID: #21 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=3 | Message ID: sent #21 response 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2->3 responder.recv=2 wip.initiator=-1 wip.responder=3 | State DB: IKEv2 state not found (delete_my_family) | parent state #21: PARENT_R2(established IKE SA) => IKESA_DEL(established IKE SA) | pstats #21 ikev2.ike deleted completed | #21 spent 10.6 milliseconds in total | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #21: deleting state (STATE_IKESA_DEL) aged 0.362s and NOT sending notification | parent state #21: IKESA_DEL(established IKE SA) => delete | state #21 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7f2a54008da0 | free_event_entry: release EVENT_SA_REKEY-pe@0x564e2d1c33e0 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #21 in IKESA_DEL | parent state #21: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f2a40002010: destroyed | stop processing: state #21 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x7f2a4c00c5c0 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f2a4c00c3d0 | delete_state: release st->st_skey_ai_nss-key@0x564e2d1c3300 | delete_state: release st->st_skey_ar_nss-key@0x564e2d1ca300 | delete_state: release st->st_skey_ei_nss-key@0x7f2a4c005db0 | delete_state: release st->st_skey_er_nss-key@0x7f2a4c006900 | delete_state: release st->st_skey_pi_nss-key@0x7f2a4000bdb0 | delete_state: release st->st_skey_pr_nss-key@0x564e2d1ca390 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | in statetime_stop() and could not find #21 | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3376) | #0 complete_v2_state_transition() md.from_state=PARENT_R2 md.svm.state[from]=PARENT_R2 UNDEFINED->PARENT_R2 with status STF_OK | STF_OK but no state object remains | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #21 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.633 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00294 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | a3 08 92 f5 70 72 62 39 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 c0 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 28 06 3d 66 7e d1 93 08 36 2f e4 1d | bf 5d b2 27 35 c5 8e 60 e6 1d 68 33 52 49 e7 c2 | a2 6d 6d 51 90 55 72 c4 00 56 ff 8c 64 ff ab 3d | 04 9c bf 43 90 db 9d 2d 88 5e a0 9a 39 12 a0 ab | ae 0f c4 2c b7 3b 26 4d 7c cc 99 87 80 a1 d0 aa | 65 e8 47 6a 47 99 29 24 40 13 15 8e c0 f8 d8 cc | 23 c5 89 e1 3b 04 61 9d 14 4a ac 7f 2c b4 a5 ad | 25 3f d5 cd 2c 5b 0a 4f a6 e0 62 2a 4d d8 ed 11 | e6 cd 3c c7 34 6b df 92 0c 81 5b 26 86 f9 a4 4d | bf 5f ef 7e c4 a5 0d 78 cc 14 ca 1a b1 e6 53 2d | 20 76 e9 da 85 b6 b5 dc 74 bc 69 51 56 ba 6f 2d | e4 ab 25 b5 d9 91 89 2d a2 d3 da 5a c7 eb e7 77 | df 7d 2a 52 0a 15 dc 07 0c d0 e5 98 cb fa 7f e1 | 91 4f 61 3e 26 ae 20 e3 93 27 9e da dd 92 75 88 | 64 c2 87 86 85 2e 8c de e8 2c cf a0 c6 4a 8a 0f | 9d ad 17 af 9f 33 0d 35 51 9e e6 fe 16 0b e4 b0 | a3 b5 00 90 29 00 00 24 be cd 92 62 41 3d a4 fd | 29 5d ab 8d c9 4e 5d 8a 39 01 33 54 7d 6a af 8e | e0 7b 3d 32 79 9b 17 3b 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 a1 b4 93 31 19 da 58 ac | 53 11 59 85 cb af 6e 31 fa 44 a8 83 00 00 00 1c | 00 00 40 05 94 35 8a 7a 0c d9 cf 01 0c 85 fa ff | 79 42 0b 0d 84 0a 36 9c | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | a3 08 92 f5 70 72 62 39 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x564e2d1ba2a0 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x564e2b547700 (length 32) | 62 69 c2 24 61 0b eb 03 31 69 8e 34 fa 62 6b 0f | 9f 9c e7 e3 dc ef ed d7 ff d6 12 6f b4 c1 0b 04 | IKE SPIr hash sha2_256 digest counter-bytes@0x564e2b5476e0 (length 4) | 10 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff8d7668e0 (length 32) | 86 eb 31 50 8a 8e 56 8c 63 70 7e a5 1c 34 a7 d0 | 22 c0 cc 21 8e 96 47 b2 fb d4 3d a1 f7 dd e8 8f | creating state object #23 at 0x564e2d1bd370 | State DB: adding IKEv2 state #23 in UNDEFINED | pstats #23 ikev2.ike started | Message ID: init #23: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #23: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #23; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #23 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #23 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #23 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #23 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #23 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #23 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #23 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 192 (0xc0) | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: PRF+INTEG+DH; unmatched: ENCR | remote proposal 1 does not match; unmatched remote transforms: ENCR "east" #23: no local proposal matches remote proposals 1:IKE:ENCR=3DES_192;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "east" #23: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification NO_PROPOSAL_CHOSEN | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | a3 08 92 f5 70 72 62 39 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | a3 08 92 f5 70 72 62 39 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | #23 spent 0.25 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #23 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #23 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #23 has no whack fd | pstats #23 ikev2.ike deleted other | [RE]START processing: state #23 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #23: deleting state (STATE_PARENT_R0) aged 0.000s and NOT sending notification | parent state #23: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #23 in PARENT_R0 | parent state #23: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #23 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #23 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.817 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00262 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | d5 47 a6 34 3e 72 71 10 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 c0 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 83 67 02 08 fe fa 26 2c 21 11 36 f0 | 2f 38 e1 66 58 ea d1 f8 80 8f 29 67 35 b5 be 7e | 1e 14 db 3c 72 a2 9a 93 a6 d8 12 26 0a 01 f0 0a | fc 89 f9 92 a1 57 b8 49 50 10 35 57 ad a3 f5 07 | e8 5e 0e d4 11 57 2b 77 af 5d 62 7b 16 d6 f5 67 | 11 27 a6 38 fb f7 af 2d 2c 3d 97 19 9c 9f b4 99 | 75 1d c3 b8 a3 77 76 0c 9d 45 cb fb 78 28 5d 62 | c9 cc 73 3d 7e f6 bf a5 e7 e6 f7 6f 60 0f e2 9b | fe 9e 4a de ab 5b 70 1d 45 0b 80 c2 bd 1a 3d 93 | b7 b3 59 76 1e 46 64 19 e2 d8 8c 81 b5 3e fd 15 | db 5c 74 6e 89 2b 18 8e 01 a7 06 50 6a 73 6d 4f | 4c 8c c8 3f b8 e3 3f 07 bf 26 35 c2 30 b8 ae 1e | 3c bb 7a 48 97 eb 0f da 54 6e 0e 6d 9b e4 e9 d5 | ed e2 42 8c 7a 18 ed 02 22 a2 45 6a eb 73 a7 59 | d3 02 b4 c1 25 b7 e3 81 fc f7 7c 8e 58 62 41 f7 | 03 05 7e 37 f5 b8 25 3d 40 36 b4 80 61 b2 63 cf | d0 11 62 b6 29 00 00 24 06 da 58 94 9c d6 7f df | ec 95 b6 78 b6 81 1f f9 f3 92 aa 52 4b cb a4 f5 | a9 8f 6f 14 b4 08 94 5e 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 8c 48 39 67 6e a6 89 8c | 8d fc f9 8a c9 21 28 c7 21 05 51 f5 00 00 00 1c | 00 00 40 05 79 ef b8 a3 3a 99 63 fc 31 11 85 a6 | cb 6b 7e 2b 4c 1e e5 d1 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | d5 47 a6 34 3e 72 71 10 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x564e2d1ba2a0 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x564e2b547700 (length 32) | 62 69 c2 24 61 0b eb 03 31 69 8e 34 fa 62 6b 0f | 9f 9c e7 e3 dc ef ed d7 ff d6 12 6f b4 c1 0b 04 | IKE SPIr hash sha2_256 digest counter-bytes@0x564e2b5476e0 (length 4) | 11 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff8d7668e0 (length 32) | 56 6e bb 9e 3f 83 5d 2b 82 ce b7 80 19 41 d4 7c | e3 68 82 a0 a3 63 04 ad c1 7e d0 83 ca b4 cc 8f | creating state object #24 at 0x564e2d1bd370 | State DB: adding IKEv2 state #24 in UNDEFINED | pstats #24 ikev2.ike started | Message ID: init #24: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #24: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #24; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #24 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #24 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #24 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #24 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #24 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #24 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #24 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 192 (0xc0) | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: PRF+INTEG+DH; unmatched: ENCR | remote proposal 1 does not match; unmatched remote transforms: ENCR "east" #24: no local proposal matches remote proposals 1:IKE:ENCR=3DES_192;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "east" #24: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification NO_PROPOSAL_CHOSEN | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | d5 47 a6 34 3e 72 71 10 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | d5 47 a6 34 3e 72 71 10 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | #24 spent 0.215 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #24 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #24 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #24 has no whack fd | pstats #24 ikev2.ike deleted other | [RE]START processing: state #24 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #24: deleting state (STATE_PARENT_R0) aged 0.000s and NOT sending notification | parent state #24: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #24 in PARENT_R0 | parent state #24: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #24 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #24 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.703 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_STATE_... in show_states_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.298 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) shutting down | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) | pluto_sd: executing action action: stopping(6), status 0 | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' | start processing: connection "east" (in delete_connection() at connections.c:189) | Deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #14 | suspend processing: connection "east" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #14 connection "east" from 192.1.2.45:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #14 ikev2.child deleted other | [RE]START processing: state #14 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #14: deleting state (STATE_UNDEFINED) aged 7.077s and NOT sending notification | child state #14: UNDEFINED(ignore) => delete | child state #14: UNDEFINED(ignore) => CHILDSA_DEL(informational) | state #14 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x7f2a50011520 | free_event_entry: release EVENT_SO_DISCARD-pe@0x564e2d1c4cf0 | priority calculation of connection "east" is 0xfe7e7 | delete inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) | raw_eroute result=success | stop processing: connection "east" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection east | State DB: deleting IKEv2 state #14 in CHILDSA_DEL | child state #14: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #14 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x564e2d1a8430 | delete_state: release st->st_skey_ai_nss-key@0x564e2d1bff30 | delete_state: release st->st_skey_ar_nss-key@0x7f2a500069f0 | delete_state: release st->st_skey_ei_nss-key@0x7f2a40006450 | delete_state: release st->st_skey_er_nss-key@0x564e2d1c1a10 | delete_state: release st->st_skey_pi_nss-key@0x7f2a4000eee0 | delete_state: release st->st_skey_pr_nss-key@0x7f2a40009e40 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #13 | state #6 | start processing: state #6 connection "east" from 192.1.2.45:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #6 ikev2.child deleted other | [RE]START processing: state #6 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #6: deleting state (STATE_UNDEFINED) aged 10.560s and NOT sending notification | child state #6: UNDEFINED(ignore) => delete | child state #6: UNDEFINED(ignore) => CHILDSA_DEL(informational) | state #6 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x7f2a54006900 | free_event_entry: release EVENT_SO_DISCARD-pe@0x564e2d1c4cb0 | priority calculation of connection "east" is 0xfe7e7 | delete inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) | raw_eroute result=success | in connection_discard for connection east | State DB: deleting IKEv2 state #6 in CHILDSA_DEL | child state #6: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #6 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f2a5000a510 | delete_state: release st->st_skey_ai_nss-key@0x564e2d1aba50 | delete_state: release st->st_skey_ar_nss-key@0x564e2d19f7a0 | delete_state: release st->st_skey_ei_nss-key@0x564e2d1a5000 | delete_state: release st->st_skey_er_nss-key@0x564e2d19df20 | delete_state: release st->st_skey_pi_nss-key@0x564e2d1aa0f0 | delete_state: release st->st_skey_pr_nss-key@0x564e2d1c1940 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #5 | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #13 | start processing: state #13 connection "east" from 192.1.2.45:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #13 ikev2.ike deleted completed | #13 spent 6.16 milliseconds in total | [RE]START processing: state #13 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #13: deleting state (STATE_PARENT_R2) aged 7.088s and sending notification | parent state #13: PARENT_R2(established IKE SA) => delete | #13 send IKEv2 delete notification for STATE_PARENT_R2 | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | 32 8c 0a 7b f8 de 47 71 | responder cookie: | 2c 2f 54 a7 a1 72 6f 05 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting length of IKEv2 Delete Payload: 8 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 32 d1 a1 27 64 41 0a c9 be 2e ec b2 38 f9 e2 43 | data before encryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 49 fb 56 da dc 17 98 7f ba 97 d1 45 f5 f6 45 7c | hmac PRF sha init symkey-key@0x7f2a500069f0 (size 20) | hmac: symkey-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f2a500069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d762e38 | result: clone-key@0x564e2d1ca390 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x564e2d1ca390 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x564e2d1ca390 | hmac: release clone-key@0x564e2d1ca390 | hmac PRF sha crypt-prf@0x564e2d1c3390 | hmac PRF sha update data-bytes@0x7fff8d763210 (length 64) | 32 8c 0a 7b f8 de 47 71 2c 2f 54 a7 a1 72 6f 05 | 2e 20 25 00 00 00 00 00 00 00 00 4c 2a 00 00 30 | 32 d1 a1 27 64 41 0a c9 be 2e ec b2 38 f9 e2 43 | 49 fb 56 da dc 17 98 7f ba 97 d1 45 f5 f6 45 7c | hmac PRF sha final-bytes@0x7fff8d763250 (length 20) | 15 19 59 cb 62 ac ec f4 4e f4 a9 29 22 29 b8 5a | ab d6 b7 79 | data being hmac: 32 8c 0a 7b f8 de 47 71 2c 2f 54 a7 a1 72 6f 05 | data being hmac: 2e 20 25 00 00 00 00 00 00 00 00 4c 2a 00 00 30 | data being hmac: 32 d1 a1 27 64 41 0a c9 be 2e ec b2 38 f9 e2 43 | data being hmac: 49 fb 56 da dc 17 98 7f ba 97 d1 45 f5 f6 45 7c | out calculated auth: | 15 19 59 cb 62 ac ec f4 4e f4 a9 29 | sending 76 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #13) | 32 8c 0a 7b f8 de 47 71 2c 2f 54 a7 a1 72 6f 05 | 2e 20 25 00 00 00 00 00 00 00 00 4c 2a 00 00 30 | 32 d1 a1 27 64 41 0a c9 be 2e ec b2 38 f9 e2 43 | 49 fb 56 da dc 17 98 7f ba 97 d1 45 f5 f6 45 7c | 15 19 59 cb 62 ac ec f4 4e f4 a9 29 | Message ID: IKE #13 sender #13 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 | Message ID: IKE #13 sender #13 in send_delete hacking around record ' send | Message ID: sent #13 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1->0 wip.responder=-1 | state #13 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7f2a480060f0 | free_event_entry: release EVENT_SA_REKEY-pe@0x564e2d1be610 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #13 in PARENT_R2 | parent state #13: PARENT_R2(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f2a50002010: destroyed | stop processing: state #13 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x7f2a5000eec0 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x564e2d1a8430 | delete_state: release st->st_skey_ai_nss-key@0x564e2d1bff30 | delete_state: release st->st_skey_ar_nss-key@0x7f2a500069f0 | delete_state: release st->st_skey_ei_nss-key@0x7f2a40006450 | delete_state: release st->st_skey_er_nss-key@0x564e2d1c1a10 | delete_state: release st->st_skey_pi_nss-key@0x7f2a4000eee0 | delete_state: release st->st_skey_pr_nss-key@0x7f2a40009e40 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #5 | start processing: state #5 connection "east" from 192.1.2.45:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #5 ikev2.ike deleted completed | #5 spent 7.41 milliseconds in total | [RE]START processing: state #5 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #5: deleting state (STATE_PARENT_R2) aged 10.572s and sending notification | parent state #5: PARENT_R2(established IKE SA) => delete | #5 send IKEv2 delete notification for STATE_PARENT_R2 | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | 82 4c a5 cc c5 8a 82 5d | responder cookie: | f8 1a 3c da 95 9b 7d 53 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting length of IKEv2 Delete Payload: 8 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 78 cb 5f d1 6a 9b 25 42 08 c1 5a be eb f3 7e e0 | data before encryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 9e cd ff 30 bd 62 ba 9e 8f f8 05 b5 30 9c 85 b2 | hmac PRF sha init symkey-key@0x564e2d19f7a0 (size 20) | hmac: symkey-key@0x564e2d19f7a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564e2d19f7a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff8d762e38 | result: clone-key@0x7f2a40009e40 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564e2d1a1160 from symkey-key@0x7f2a40009e40 | hmac prf: begin sha with context 0x564e2d1a1160 from symkey-key@0x7f2a40009e40 | hmac: release clone-key@0x7f2a40009e40 | hmac PRF sha crypt-prf@0x564e2d1c19f0 | hmac PRF sha update data-bytes@0x7fff8d763210 (length 64) | 82 4c a5 cc c5 8a 82 5d f8 1a 3c da 95 9b 7d 53 | 2e 20 25 00 00 00 00 00 00 00 00 4c 2a 00 00 30 | 78 cb 5f d1 6a 9b 25 42 08 c1 5a be eb f3 7e e0 | 9e cd ff 30 bd 62 ba 9e 8f f8 05 b5 30 9c 85 b2 | hmac PRF sha final-bytes@0x7fff8d763250 (length 20) | 5e 11 15 d5 56 3a 0c d6 0e 5f 05 9e e0 1b 1e b1 | 17 58 b0 bf | data being hmac: 82 4c a5 cc c5 8a 82 5d f8 1a 3c da 95 9b 7d 53 | data being hmac: 2e 20 25 00 00 00 00 00 00 00 00 4c 2a 00 00 30 | data being hmac: 78 cb 5f d1 6a 9b 25 42 08 c1 5a be eb f3 7e e0 | data being hmac: 9e cd ff 30 bd 62 ba 9e 8f f8 05 b5 30 9c 85 b2 | out calculated auth: | 5e 11 15 d5 56 3a 0c d6 0e 5f 05 9e | sending 76 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #5) | 82 4c a5 cc c5 8a 82 5d f8 1a 3c da 95 9b 7d 53 | 2e 20 25 00 00 00 00 00 00 00 00 4c 2a 00 00 30 | 78 cb 5f d1 6a 9b 25 42 08 c1 5a be eb f3 7e e0 | 9e cd ff 30 bd 62 ba 9e 8f f8 05 b5 30 9c 85 b2 | 5e 11 15 d5 56 3a 0c d6 0e 5f 05 9e | Message ID: IKE #5 sender #5 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 | Message ID: IKE #5 sender #5 in send_delete hacking around record ' send | Message ID: sent #5 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1->0 wip.responder=-1 | state #5 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x564e2d1bd2c0 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f2a54002b20 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #5 in PARENT_R2 | parent state #5: PARENT_R2(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f2a54000d60: destroyed | stop processing: state #5 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x7f2a5000d640 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f2a5000a510 | delete_state: release st->st_skey_ai_nss-key@0x564e2d1aba50 | delete_state: release st->st_skey_ar_nss-key@0x564e2d19f7a0 | delete_state: release st->st_skey_ei_nss-key@0x564e2d1a5000 | delete_state: release st->st_skey_er_nss-key@0x564e2d19df20 | delete_state: release st->st_skey_pi_nss-key@0x564e2d1aa0f0 | delete_state: release st->st_skey_pr_nss-key@0x564e2d1c1940 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | shunt_eroute() called for connection 'east' to 'delete' for rt_kind 'unrouted' using protoports 192.0.2.0/24:0 --0->- 192.0.1.0/24:0 | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.1.0/24:0 | priority calculation of connection "east" is 0xfe7e7 | priority calculation of connection "east" is 0xfe7e7 | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" unrouted: NULL | running updown command "ipsec _updown" for verb unroute | command executing unroute-client | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0 | popen cmd is 1012 chars long | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_IN: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@e: | cmd( 160):ast' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLI: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: | cmd( 320):'16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO: | cmd( 400):_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_: | cmd( 480):MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=': | cmd( 560):' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+P: | cmd( 640):FS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT': | cmd( 720): PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_: | cmd( 800):DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' : | cmd( 880):PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S: | cmd( 960):HARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. | free hp@0x564e2d185640 | flush revival: connection 'east' wasn't on the list | processing: STOP connection NULL (in discard_connection() at connections.c:249) | crl fetch request list locked by 'free_crl_fetch' | crl fetch request list unlocked by 'free_crl_fetch' shutting down interface lo/lo 127.0.0.1:4500 shutting down interface lo/lo 127.0.0.1:500 shutting down interface eth0/eth0 192.0.2.254:4500 shutting down interface eth0/eth0 192.0.2.254:500 shutting down interface eth1/eth1 192.1.2.23:4500 shutting down interface eth1/eth1 192.1.2.23:500 | FOR_EACH_STATE_... in delete_states_dead_interfaces | libevent_free: release ptr-libevent@0x564e2d1b8c00 | free_event_entry: release EVENT_NULL-pe@0x564e2d1b8bc0 | libevent_free: release ptr-libevent@0x564e2d1b8cf0 | free_event_entry: release EVENT_NULL-pe@0x564e2d1b8cb0 | libevent_free: release ptr-libevent@0x564e2d1b8de0 | free_event_entry: release EVENT_NULL-pe@0x564e2d1b8da0 | libevent_free: release ptr-libevent@0x564e2d1b8ed0 | free_event_entry: release EVENT_NULL-pe@0x564e2d1b8e90 | libevent_free: release ptr-libevent@0x564e2d1b8fc0 | free_event_entry: release EVENT_NULL-pe@0x564e2d1b8f80 | libevent_free: release ptr-libevent@0x564e2d1b90b0 | free_event_entry: release EVENT_NULL-pe@0x564e2d1b9070 | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | libevent_free: release ptr-libevent@0x564e2d1b84e0 | free_event_entry: release EVENT_NULL-pe@0x564e2d1a1120 | libevent_free: release ptr-libevent@0x564e2d1ae030 | free_event_entry: release EVENT_NULL-pe@0x564e2d19c2c0 | libevent_free: release ptr-libevent@0x564e2d1adfa0 | free_event_entry: release EVENT_NULL-pe@0x564e2d1a1210 | global timer EVENT_REINIT_SECRET uninitialized | global timer EVENT_SHUNT_SCAN uninitialized | global timer EVENT_PENDING_DDNS uninitialized | global timer EVENT_PENDING_PHASE2 uninitialized | global timer EVENT_CHECK_CRLS uninitialized | global timer EVENT_REVIVE_CONNS uninitialized | global timer EVENT_FREE_ROOT_CERTS uninitialized | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized | global timer EVENT_NAT_T_KEEPALIVE uninitialized | libevent_free: release ptr-libevent@0x564e2d1b85b0 | signal event handler PLUTO_SIGCHLD uninstalled | libevent_free: release ptr-libevent@0x564e2d1b8690 | signal event handler PLUTO_SIGTERM uninstalled | libevent_free: release ptr-libevent@0x564e2d1b8750 | signal event handler PLUTO_SIGHUP uninstalled | libevent_free: release ptr-libevent@0x564e2d1ad230 | signal event handler PLUTO_SIGSYS uninstalled | releasing event base | libevent_free: release ptr-libevent@0x564e2d1b8810 | libevent_free: release ptr-libevent@0x564e2d18deb0 | libevent_free: release ptr-libevent@0x564e2d19c5d0 | libevent_free: release ptr-libevent@0x564e2d1be480 | libevent_free: release ptr-libevent@0x564e2d19c5f0 | libevent_free: release ptr-libevent@0x564e2d1b8570 | libevent_free: release ptr-libevent@0x564e2d1b8650 | libevent_free: release ptr-libevent@0x564e2d19c680 | libevent_free: release ptr-libevent@0x564e2d19c8b0 | libevent_free: release ptr-libevent@0x564e2d1a12a0 | libevent_free: release ptr-libevent@0x564e2d1b9140 | libevent_free: release ptr-libevent@0x564e2d1b9050 | libevent_free: release ptr-libevent@0x564e2d1b8f60 | libevent_free: release ptr-libevent@0x564e2d1b8e70 | libevent_free: release ptr-libevent@0x564e2d1b8d80 | libevent_free: release ptr-libevent@0x564e2d1b8c90 | libevent_free: release ptr-libevent@0x564e2d11e370 | libevent_free: release ptr-libevent@0x564e2d1b8730 | libevent_free: release ptr-libevent@0x564e2d1b8670 | libevent_free: release ptr-libevent@0x564e2d1b8590 | libevent_free: release ptr-libevent@0x564e2d1b87f0 | libevent_free: release ptr-libevent@0x564e2d11c5b0 | libevent_free: release ptr-libevent@0x564e2d19c610 | libevent_free: release ptr-libevent@0x564e2d19c640 | libevent_free: release ptr-libevent@0x564e2d19c330 | releasing global libevent data | libevent_free: release ptr-libevent@0x564e2d19b070 | libevent_free: release ptr-libevent@0x564e2d19b0a0 | libevent_free: release ptr-libevent@0x564e2d19c300