FIPS Product: YES FIPS Kernel: NO FIPS Mode: NO NSS DB directory: sql:/etc/ipsec.d Initializing NSS Opening NSS database "sql:/etc/ipsec.d" read-only NSS initialized NSS crypto library initialized FIPS HMAC integrity support [enabled] FIPS mode disabled for pluto daemon FIPS HMAC integrity verification self-test FAILED libcap-ng support [enabled] Linux audit support [enabled] Linux audit activated Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:12712 core dump dir: /tmp secrets file: /etc/ipsec.secrets leak-detective disabled NSS crypto [enabled] XAUTH PAM support [enabled] | libevent is using pluto's memory allocator Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) | libevent_malloc: new ptr-libevent@0x564021df70f0 size 40 | libevent_malloc: new ptr-libevent@0x564021df83a0 size 40 | libevent_malloc: new ptr-libevent@0x564021df83d0 size 40 | creating event base | libevent_malloc: new ptr-libevent@0x564021df8360 size 56 | libevent_malloc: new ptr-libevent@0x564021df8400 size 664 | libevent_malloc: new ptr-libevent@0x564021df86a0 size 24 | libevent_malloc: new ptr-libevent@0x564021de9e30 size 384 | libevent_malloc: new ptr-libevent@0x564021df86c0 size 16 | libevent_malloc: new ptr-libevent@0x564021df86e0 size 40 | libevent_malloc: new ptr-libevent@0x564021df8710 size 48 | libevent_realloc: new ptr-libevent@0x564021d7a370 size 256 | libevent_malloc: new ptr-libevent@0x564021df8750 size 16 | libevent_free: release ptr-libevent@0x564021df8360 | libevent initialized | libevent_realloc: new ptr-libevent@0x564021df8770 size 64 | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds | init_nat_traversal() initialized with keep_alive=0s NAT-Traversal support [enabled] | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized | global one-shot timer EVENT_FREE_ROOT_CERTS initialized | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds | global one-shot timer EVENT_REVIVE_CONNS initialized | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds | encryption algorithm assertion checks | encryption algorithm AES_CCM_16, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 16, IKEv2 id: 16 | IKEv1 ESP ID id: 16 enum name: AES_CCM_C | IKEv2 ID id: 16 enum name: AES_CCM_C | encryption algorithm AES_CCM_12, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 15, IKEv2 id: 15 | IKEv1 ESP ID id: 15 enum name: AES_CCM_B | IKEv2 ID id: 15 enum name: AES_CCM_B | encryption algorithm AES_CCM_8, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 14, IKEv2 id: 14 | IKEv1 ESP ID id: 14 enum name: AES_CCM_A | IKEv2 ID id: 14 enum name: AES_CCM_A | encryption algorithm 3DES_CBC, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: 3, IKEv2 id: 3 | IKEv1 OAKLEY ID id: 5 enum name: 3DES_CBC | IKEv1 ESP ID id: 3 enum name: 3DES | IKEv2 ID id: 3 enum name: 3DES | encryption algorithm CAMELLIA_CTR, IKEv1 OAKLEY id: 24, IKEv1 ESP_INFO id: 24, IKEv2 id: 24 | IKEv1 OAKLEY ID id: 24 enum name: CAMELLIA_CTR | IKEv1 ESP ID id: 24 enum name: CAMELLIA_CTR | IKEv2 ID id: 24 enum name: CAMELLIA_CTR | encryption algorithm CAMELLIA_CBC, IKEv1 OAKLEY id: 8, IKEv1 ESP_INFO id: 22, IKEv2 id: 23 | IKEv1 OAKLEY ID id: 8 enum name: CAMELLIA_CBC | IKEv1 ESP ID id: 22 enum name: CAMELLIA | IKEv2 ID id: 23 enum name: CAMELLIA_CBC | encryption algorithm AES_GCM_16, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 20, IKEv2 id: 20 | IKEv1 ESP ID id: 20 enum name: AES_GCM_C | IKEv2 ID id: 20 enum name: AES_GCM_C | encryption algorithm AES_GCM_12, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 19, IKEv2 id: 19 | IKEv1 ESP ID id: 19 enum name: AES_GCM_B | IKEv2 ID id: 19 enum name: AES_GCM_B | encryption algorithm AES_GCM_8, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 18, IKEv2 id: 18 | IKEv1 ESP ID id: 18 enum name: AES_GCM_A | IKEv2 ID id: 18 enum name: AES_GCM_A | encryption algorithm AES_CTR, IKEv1 OAKLEY id: 13, IKEv1 ESP_INFO id: 13, IKEv2 id: 13 | IKEv1 OAKLEY ID id: 13 enum name: AES_CTR | IKEv1 ESP ID id: 13 enum name: AES_CTR | IKEv2 ID id: 13 enum name: AES_CTR | encryption algorithm AES_CBC, IKEv1 OAKLEY id: 7, IKEv1 ESP_INFO id: 12, IKEv2 id: 12 | IKEv1 OAKLEY ID id: 7 enum name: AES_CBC | IKEv1 ESP ID id: 12 enum name: AES | IKEv2 ID id: 12 enum name: AES_CBC | encryption algorithm SERPENT_CBC, IKEv1 OAKLEY id: 65004, IKEv1 ESP_INFO id: 252, IKEv2 id: 65004 | IKEv1 OAKLEY ID id: 65004 enum name: SERPENT_CBC | IKEv1 ESP ID id: 252 enum name: SERPENT | IKEv2 ID id: 65004 enum name: SERPENT_CBC | encryption algorithm TWOFISH_CBC, IKEv1 OAKLEY id: 65005, IKEv1 ESP_INFO id: 253, IKEv2 id: 65005 | IKEv1 OAKLEY ID id: 65005 enum name: TWOFISH_CBC | IKEv1 ESP ID id: 253 enum name: TWOFISH | IKEv2 ID id: 65005 enum name: TWOFISH_CBC | encryption algorithm TWOFISH_SSH, IKEv1 OAKLEY id: 65289, IKEv1 ESP_INFO id: -1, IKEv2 id: 65289 | IKEv1 OAKLEY ID id: 65289 enum name: TWOFISH_CBC_SSH | IKEv2 ID id: 65289 enum name: TWOFISH_CBC_SSH | encryption algorithm NULL_AUTH_AES_GMAC, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 23, IKEv2 id: 21 | IKEv1 ESP ID id: 23 enum name: NULL_AUTH_AES_GMAC | IKEv2 ID id: 21 enum name: NULL_AUTH_AES_GMAC | encryption algorithm NULL, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 11, IKEv2 id: 11 | IKEv1 ESP ID id: 11 enum name: NULL | IKEv2 ID id: 11 enum name: NULL | encryption algorithm CHACHA20_POLY1305, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: -1, IKEv2 id: 28 | IKEv2 ID id: 28 enum name: CHACHA20_POLY1305 Encryption algorithms: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac NULL IKEv1: ESP IKEv2: ESP [] CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 | hash algorithm assertion checks | hash algorithm MD5, IKEv1 OAKLEY id: 1, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 1 enum name: MD5 | hash algorithm SHA1, IKEv1 OAKLEY id: 2, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 2 enum name: SHA1 | hash algorithm SHA2_256, IKEv1 OAKLEY id: 4, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 4 enum name: SHA2_256 | hash algorithm SHA2_384, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 5 enum name: SHA2_384 | hash algorithm SHA2_512, IKEv1 OAKLEY id: 6, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 6 enum name: SHA2_512 Hash algorithms: MD5 IKEv1: IKE IKEv2: SHA1 IKEv1: IKE IKEv2: FIPS sha SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 | PRF algorithm assertion checks | PRF algorithm HMAC_MD5, IKEv1 OAKLEY id: 1, IKEv1 ESP_INFO id: -1, IKEv2 id: 1 | IKEv1 OAKLEY ID id: 1 enum name: MD5 | IKEv2 ID id: 1 enum name: HMAC_MD5 | PRF algorithm HMAC_SHA1, IKEv1 OAKLEY id: 2, IKEv1 ESP_INFO id: -1, IKEv2 id: 2 | IKEv1 OAKLEY ID id: 2 enum name: SHA1 | IKEv2 ID id: 2 enum name: HMAC_SHA1 | PRF algorithm HMAC_SHA2_256, IKEv1 OAKLEY id: 4, IKEv1 ESP_INFO id: -1, IKEv2 id: 5 | IKEv1 OAKLEY ID id: 4 enum name: SHA2_256 | IKEv2 ID id: 5 enum name: HMAC_SHA2_256 | PRF algorithm HMAC_SHA2_384, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: -1, IKEv2 id: 6 | IKEv1 OAKLEY ID id: 5 enum name: SHA2_384 | IKEv2 ID id: 6 enum name: HMAC_SHA2_384 | PRF algorithm HMAC_SHA2_512, IKEv1 OAKLEY id: 6, IKEv1 ESP_INFO id: -1, IKEv2 id: 7 | IKEv1 OAKLEY ID id: 6 enum name: SHA2_512 | IKEv2 ID id: 7 enum name: HMAC_SHA2_512 | PRF algorithm AES_XCBC, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: -1, IKEv2 id: 4 | IKEv2 ID id: 4 enum name: AES128_XCBC PRF algorithms: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc | integrity algorithm assertion checks | integrity algorithm HMAC_MD5_96, IKEv1 OAKLEY id: 1, IKEv1 ESP_INFO id: 1, IKEv2 id: 1 | IKEv1 OAKLEY ID id: 1 enum name: MD5 | IKEv1 ESP ID id: 1 enum name: HMAC_MD5 | IKEv2 ID id: 1 enum name: HMAC_MD5_96 | integrity algorithm HMAC_SHA1_96, IKEv1 OAKLEY id: 2, IKEv1 ESP_INFO id: 2, IKEv2 id: 2 | IKEv1 OAKLEY ID id: 2 enum name: SHA1 | IKEv1 ESP ID id: 2 enum name: HMAC_SHA1 | IKEv2 ID id: 2 enum name: HMAC_SHA1_96 | integrity algorithm HMAC_SHA2_512_256, IKEv1 OAKLEY id: 6, IKEv1 ESP_INFO id: 7, IKEv2 id: 14 | IKEv1 OAKLEY ID id: 6 enum name: SHA2_512 | IKEv1 ESP ID id: 7 enum name: HMAC_SHA2_512 | IKEv2 ID id: 14 enum name: HMAC_SHA2_512_256 | integrity algorithm HMAC_SHA2_384_192, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: 6, IKEv2 id: 13 | IKEv1 OAKLEY ID id: 5 enum name: SHA2_384 | IKEv1 ESP ID id: 6 enum name: HMAC_SHA2_384 | IKEv2 ID id: 13 enum name: HMAC_SHA2_384_192 | integrity algorithm HMAC_SHA2_256_128, IKEv1 OAKLEY id: 4, IKEv1 ESP_INFO id: 5, IKEv2 id: 12 | IKEv1 OAKLEY ID id: 4 enum name: SHA2_256 | IKEv1 ESP ID id: 5 enum name: HMAC_SHA2_256 | IKEv2 ID id: 12 enum name: HMAC_SHA2_256_128 | integrity algorithm HMAC_SHA2_256_TRUNCBUG, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 252, IKEv2 id: -1 | IKEv1 ESP ID id: 252 enum name: HMAC_SHA2_256_TRUNCBUG | integrity algorithm AES_XCBC_96, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 9, IKEv2 id: 5 | IKEv1 ESP ID id: 9 enum name: AES_XCBC | IKEv2 ID id: 5 enum name: AES_XCBC_96 | integrity algorithm AES_CMAC_96, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 250, IKEv2 id: 8 | IKEv1 ESP ID id: 250 enum name: AES_CMAC_96 | IKEv2 ID id: 8 enum name: AES_CMAC_96 | integrity algorithm NONE, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 0, IKEv2 id: 0 | IKEv1 ESP ID id: 0 enum name: NONE | IKEv2 ID id: 0 enum name: NONE Integrity algorithms: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac NONE IKEv1: ESP IKEv2: IKE ESP FIPS null | DH algorithm assertion checks | DH algorithm NONE, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: -1, IKEv2 id: 0 | IKEv2 ID id: 0 enum name: NONE | DH algorithm MODP1536, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: 5, IKEv2 id: 5 | IKEv1 OAKLEY ID id: 5 enum name: MODP1536 | IKEv1 ESP ID id: 5 enum name: MODP1536 | IKEv2 ID id: 5 enum name: MODP1536 | DH algorithm MODP2048, IKEv1 OAKLEY id: 14, IKEv1 ESP_INFO id: 14, IKEv2 id: 14 | IKEv1 OAKLEY ID id: 14 enum name: MODP2048 | IKEv1 ESP ID id: 14 enum name: MODP2048 | IKEv2 ID id: 14 enum name: MODP2048 | DH algorithm MODP3072, IKEv1 OAKLEY id: 15, IKEv1 ESP_INFO id: 15, IKEv2 id: 15 | IKEv1 OAKLEY ID id: 15 enum name: MODP3072 | IKEv1 ESP ID id: 15 enum name: MODP3072 | IKEv2 ID id: 15 enum name: MODP3072 | DH algorithm MODP4096, IKEv1 OAKLEY id: 16, IKEv1 ESP_INFO id: 16, IKEv2 id: 16 | IKEv1 OAKLEY ID id: 16 enum name: MODP4096 | IKEv1 ESP ID id: 16 enum name: MODP4096 | IKEv2 ID id: 16 enum name: MODP4096 | DH algorithm MODP6144, IKEv1 OAKLEY id: 17, IKEv1 ESP_INFO id: 17, IKEv2 id: 17 | IKEv1 OAKLEY ID id: 17 enum name: MODP6144 | IKEv1 ESP ID id: 17 enum name: MODP6144 | IKEv2 ID id: 17 enum name: MODP6144 | DH algorithm MODP8192, IKEv1 OAKLEY id: 18, IKEv1 ESP_INFO id: 18, IKEv2 id: 18 | IKEv1 OAKLEY ID id: 18 enum name: MODP8192 | IKEv1 ESP ID id: 18 enum name: MODP8192 | IKEv2 ID id: 18 enum name: MODP8192 | DH algorithm DH19, IKEv1 OAKLEY id: 19, IKEv1 ESP_INFO id: -1, IKEv2 id: 19 | IKEv1 OAKLEY ID id: 19 enum name: ECP_256 | IKEv2 ID id: 19 enum name: ECP_256 | DH algorithm DH20, IKEv1 OAKLEY id: 20, IKEv1 ESP_INFO id: -1, IKEv2 id: 20 | IKEv1 OAKLEY ID id: 20 enum name: ECP_384 | IKEv2 ID id: 20 enum name: ECP_384 | DH algorithm DH21, IKEv1 OAKLEY id: 21, IKEv1 ESP_INFO id: -1, IKEv2 id: 21 | IKEv1 OAKLEY ID id: 21 enum name: ECP_521 | IKEv2 ID id: 21 enum name: ECP_521 | DH algorithm DH31, IKEv1 OAKLEY id: 31, IKEv1 ESP_INFO id: -1, IKEv2 id: 31 | IKEv1 OAKLEY ID id: 31 enum name: CURVE25519 | IKEv2 ID id: 31 enum name: CURVE25519 DH algorithms: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 testing CAMELLIA_CBC: Camellia: 16 bytes with 128-bit key | decode_to_chunk: raw_key: input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd670 | result: symkey-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: CAMELLIA_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd658 | result: symkey-key@0x564021df9ff0 (16-bytes, CAMELLIA_CBC) | symkey: release tmp-key@0x564021dfb870 | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C" | decode_to_chunk: output: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: ciphertext: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C" | decode_to_chunk: output: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C" | decode_to_chunk: output: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c | decode_to_chunk: cipertext: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C" | decode_to_chunk: output: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x564021df9ff0 | test_ctr_vector: Camellia: 16 bytes with 128-bit key passed Camellia: 16 bytes with 128-bit key | decode_to_chunk: raw_key: input "0x00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF" | decode_to_chunk: output: | 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd670 | result: symkey-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: CAMELLIA_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd658 | result: symkey-key@0x564021df9ff0 (16-bytes, CAMELLIA_CBC) | symkey: release tmp-key@0x564021dfb870 | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37" | decode_to_chunk: output: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37 | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 " | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 | decode_to_chunk: ciphertext: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37" | decode_to_chunk: output: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37" | decode_to_chunk: output: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37 | decode_to_chunk: cipertext: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37" | decode_to_chunk: output: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37 | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 " | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x564021df9ff0 | test_ctr_vector: Camellia: 16 bytes with 128-bit key passed Camellia: 16 bytes with 256-bit key | decode_to_chunk: raw_key: input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd670 | result: symkey-key@0x564021dfb870 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: CAMELLIA_CBC | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x564021dfb870 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd658 | result: symkey-key@0x564021df9ff0 (32-bytes, CAMELLIA_CBC) | symkey: release tmp-key@0x564021dfb870 | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D" | decode_to_chunk: output: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: ciphertext: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D" | decode_to_chunk: output: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D" | decode_to_chunk: output: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d | decode_to_chunk: cipertext: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D" | decode_to_chunk: output: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x564021df9ff0 | test_ctr_vector: Camellia: 16 bytes with 256-bit key passed Camellia: 16 bytes with 256-bit key | decode_to_chunk: raw_key: input "0x00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF FF EE DD CC BB AA 99 88 77 66 55 44 33 22 11 00" | decode_to_chunk: output: | 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff | ff ee dd cc bb aa 99 88 77 66 55 44 33 22 11 00 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd670 | result: symkey-key@0x564021dfb870 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: CAMELLIA_CBC | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x564021dfb870 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd658 | result: symkey-key@0x564021df9ff0 (32-bytes, CAMELLIA_CBC) | symkey: release tmp-key@0x564021dfb870 | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 " | decode_to_chunk: output: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23 | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 | decode_to_chunk: ciphertext: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 " | decode_to_chunk: output: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 " | decode_to_chunk: output: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23 | decode_to_chunk: cipertext: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 " | decode_to_chunk: output: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23 | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x564021df9ff0 | test_ctr_vector: Camellia: 16 bytes with 256-bit key passed testing AES_GCM_16: empty string | decode_to_chunk: raw_key: input "0xcf063a34d4a9a76c2c86787d3f96db71" | decode_to_chunk: output: | cf 06 3a 34 d4 a9 a7 6c 2c 86 78 7d 3f 96 db 71 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd610 | result: symkey-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_GCM | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5f8 | result: symkey-key@0x564021df9ff0 (16-bytes, AES_GCM) | symkey: release tmp-key@0x564021dfb870 | decode_to_chunk: salted IV: input "0x113b9785971864c83b01c787" | decode_to_chunk: output: | 11 3b 97 85 97 18 64 c8 3b 01 c7 87 | decode_to_chunk: AAD: input "" | decode_to_chunk: output: | | decode_to_chunk: plaintext: input "" | decode_to_chunk: output: | | decode_to_chunk: ciphertext: input "" | decode_to_chunk: output: | | decode_to_chunk: tag: input "0x72ac8493e3a5228b5d130a69d2510e42" | decode_to_chunk: output: | 72 ac 84 93 e3 a5 22 8b 5d 13 0a 69 d2 51 0e 42 | test_gcm_vector: decrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=0 tag-size=16 | test_gcm_vector: text+tag on call | 72 ac 84 93 e3 a5 22 8b 5d 13 0a 69 d2 51 0e 42 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 72 ac 84 93 e3 a5 22 8b 5d 13 0a 69 d2 51 0e 42 | test_gcm_vector: encrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=0 tag-size=16 | test_gcm_vector: text+tag on call | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 72 ac 84 93 e3 a5 22 8b 5d 13 0a 69 d2 51 0e 42 | test_gcm_vector: release sym_key-key@0x564021df9ff0 | test_gcm_vector: passed one block | decode_to_chunk: raw_key: input "0xe98b72a9881a84ca6b76e0f43e68647a" | decode_to_chunk: output: | e9 8b 72 a9 88 1a 84 ca 6b 76 e0 f4 3e 68 64 7a | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd610 | result: symkey-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_GCM | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5f8 | result: symkey-key@0x564021df9ff0 (16-bytes, AES_GCM) | symkey: release tmp-key@0x564021dfb870 | decode_to_chunk: salted IV: input "0x8b23299fde174053f3d652ba" | decode_to_chunk: output: | 8b 23 29 9f de 17 40 53 f3 d6 52 ba | decode_to_chunk: AAD: input "" | decode_to_chunk: output: | | decode_to_chunk: plaintext: input "0x28286a321293253c3e0aa2704a278032" | decode_to_chunk: output: | 28 28 6a 32 12 93 25 3c 3e 0a a2 70 4a 27 80 32 | decode_to_chunk: ciphertext: input "0x5a3c1cf1985dbb8bed818036fdd5ab42" | decode_to_chunk: output: | 5a 3c 1c f1 98 5d bb 8b ed 81 80 36 fd d5 ab 42 | decode_to_chunk: tag: input "0x23c7ab0f952b7091cd324835043b5eb5" | decode_to_chunk: output: | 23 c7 ab 0f 95 2b 70 91 cd 32 48 35 04 3b 5e b5 | test_gcm_vector: decrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=16 tag-size=16 | test_gcm_vector: text+tag on call | 5a 3c 1c f1 98 5d bb 8b ed 81 80 36 fd d5 ab 42 | 23 c7 ab 0f 95 2b 70 91 cd 32 48 35 04 3b 5e b5 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 28 28 6a 32 12 93 25 3c 3e 0a a2 70 4a 27 80 32 | 23 c7 ab 0f 95 2b 70 91 cd 32 48 35 04 3b 5e b5 | test_gcm_vector: encrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=16 tag-size=16 | test_gcm_vector: text+tag on call | 28 28 6a 32 12 93 25 3c 3e 0a a2 70 4a 27 80 32 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 5a 3c 1c f1 98 5d bb 8b ed 81 80 36 fd d5 ab 42 | 23 c7 ab 0f 95 2b 70 91 cd 32 48 35 04 3b 5e b5 | test_gcm_vector: release sym_key-key@0x564021df9ff0 | test_gcm_vector: passed two blocks | decode_to_chunk: raw_key: input "0xbfd414a6212958a607a0f5d3ab48471d" | decode_to_chunk: output: | bf d4 14 a6 21 29 58 a6 07 a0 f5 d3 ab 48 47 1d | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd610 | result: symkey-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_GCM | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5f8 | result: symkey-key@0x564021df9ff0 (16-bytes, AES_GCM) | symkey: release tmp-key@0x564021dfb870 | decode_to_chunk: salted IV: input "0x86d8ea0ab8e40dcc481cd0e2" | decode_to_chunk: output: | 86 d8 ea 0a b8 e4 0d cc 48 1c d0 e2 | decode_to_chunk: AAD: input "" | decode_to_chunk: output: | | decode_to_chunk: plaintext: input "0xa6b76a066e63392c9443e60272ceaeb9d25c991b0f2e55e2804e168c05ea591a" | decode_to_chunk: output: | a6 b7 6a 06 6e 63 39 2c 94 43 e6 02 72 ce ae b9 | d2 5c 99 1b 0f 2e 55 e2 80 4e 16 8c 05 ea 59 1a | decode_to_chunk: ciphertext: input "0x62171db33193292d930bf6647347652c1ef33316d7feca99d54f1db4fcf513f8" | decode_to_chunk: output: | 62 17 1d b3 31 93 29 2d 93 0b f6 64 73 47 65 2c | 1e f3 33 16 d7 fe ca 99 d5 4f 1d b4 fc f5 13 f8 | decode_to_chunk: tag: input "0xc28280aa5c6c7a8bd366f28c1cfd1f6e" | decode_to_chunk: output: | c2 82 80 aa 5c 6c 7a 8b d3 66 f2 8c 1c fd 1f 6e | test_gcm_vector: decrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=32 tag-size=16 | test_gcm_vector: text+tag on call | 62 17 1d b3 31 93 29 2d 93 0b f6 64 73 47 65 2c | 1e f3 33 16 d7 fe ca 99 d5 4f 1d b4 fc f5 13 f8 | c2 82 80 aa 5c 6c 7a 8b d3 66 f2 8c 1c fd 1f 6e | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | a6 b7 6a 06 6e 63 39 2c 94 43 e6 02 72 ce ae b9 | d2 5c 99 1b 0f 2e 55 e2 80 4e 16 8c 05 ea 59 1a | c2 82 80 aa 5c 6c 7a 8b d3 66 f2 8c 1c fd 1f 6e | test_gcm_vector: encrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=32 tag-size=16 | test_gcm_vector: text+tag on call | a6 b7 6a 06 6e 63 39 2c 94 43 e6 02 72 ce ae b9 | d2 5c 99 1b 0f 2e 55 e2 80 4e 16 8c 05 ea 59 1a | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 62 17 1d b3 31 93 29 2d 93 0b f6 64 73 47 65 2c | 1e f3 33 16 d7 fe ca 99 d5 4f 1d b4 fc f5 13 f8 | c2 82 80 aa 5c 6c 7a 8b d3 66 f2 8c 1c fd 1f 6e | test_gcm_vector: release sym_key-key@0x564021df9ff0 | test_gcm_vector: passed two blocks with associated data | decode_to_chunk: raw_key: input "0x006c458100fc5f4d62949d2c833b82d1" | decode_to_chunk: output: | 00 6c 45 81 00 fc 5f 4d 62 94 9d 2c 83 3b 82 d1 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd610 | result: symkey-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_GCM | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5f8 | result: symkey-key@0x564021df9ff0 (16-bytes, AES_GCM) | symkey: release tmp-key@0x564021dfb870 | decode_to_chunk: salted IV: input "0xa4e9c4bc5725a21ff42c82b2" | decode_to_chunk: output: | a4 e9 c4 bc 57 25 a2 1f f4 2c 82 b2 | decode_to_chunk: AAD: input "0x2efb14fb3657cdd6b9a8ff1a5f5a39b9" | decode_to_chunk: output: | 2e fb 14 fb 36 57 cd d6 b9 a8 ff 1a 5f 5a 39 b9 | decode_to_chunk: plaintext: input "0xf381d3bfbee0a879f7a4e17b623278cedd6978053dd313530a18f1a836100950" | decode_to_chunk: output: | f3 81 d3 bf be e0 a8 79 f7 a4 e1 7b 62 32 78 ce | dd 69 78 05 3d d3 13 53 0a 18 f1 a8 36 10 09 50 | decode_to_chunk: ciphertext: input "0xf39b4db3542d8542fb73fd2d66be568f26d7f814b3f87d1eceac3dd09a8d697e" | decode_to_chunk: output: | f3 9b 4d b3 54 2d 85 42 fb 73 fd 2d 66 be 56 8f | 26 d7 f8 14 b3 f8 7d 1e ce ac 3d d0 9a 8d 69 7e | decode_to_chunk: tag: input "0x39f045cb23b698c925db134d56c5" | decode_to_chunk: output: | 39 f0 45 cb 23 b6 98 c9 25 db 13 4d 56 c5 | test_gcm_vector: decrypt: aad-size=16 salt-size=4 wire-IV-size=8 text-size=32 tag-size=14 | test_gcm_vector: text+tag on call | f3 9b 4d b3 54 2d 85 42 fb 73 fd 2d 66 be 56 8f | 26 d7 f8 14 b3 f8 7d 1e ce ac 3d d0 9a 8d 69 7e | 39 f0 45 cb 23 b6 98 c9 25 db 13 4d 56 c5 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | f3 81 d3 bf be e0 a8 79 f7 a4 e1 7b 62 32 78 ce | dd 69 78 05 3d d3 13 53 0a 18 f1 a8 36 10 09 50 | 39 f0 45 cb 23 b6 98 c9 25 db 13 4d 56 c5 | test_gcm_vector: encrypt: aad-size=16 salt-size=4 wire-IV-size=8 text-size=32 tag-size=14 | test_gcm_vector: text+tag on call | f3 81 d3 bf be e0 a8 79 f7 a4 e1 7b 62 32 78 ce | dd 69 78 05 3d d3 13 53 0a 18 f1 a8 36 10 09 50 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | f3 9b 4d b3 54 2d 85 42 fb 73 fd 2d 66 be 56 8f | 26 d7 f8 14 b3 f8 7d 1e ce ac 3d d0 9a 8d 69 7e | 39 f0 45 cb 23 b6 98 c9 25 db 13 4d 56 c5 | test_gcm_vector: release sym_key-key@0x564021df9ff0 | test_gcm_vector: passed testing AES_CTR: Encrypting 16 octets using AES-CTR with 128-bit key | decode_to_chunk: raw_key: input "0x AE 68 52 F8 12 10 67 CC 4B F7 A5 76 55 77 F3 9E" | decode_to_chunk: output: | ae 68 52 f8 12 10 67 cc 4b f7 a5 76 55 77 f3 9e | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd670 | result: symkey-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd658 | result: symkey-key@0x564021df9ff0 (16-bytes, AES_CTR) | symkey: release tmp-key@0x564021dfb870 | decode_to_chunk: input counter-block: : input "0x 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01" | decode_to_chunk: output: | 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: Ciphertext: input "0x E4 09 5D 4F B7 A7 B3 79 2D 61 75 A3 26 13 11 B8" | decode_to_chunk: output: | e4 09 5d 4f b7 a7 b3 79 2d 61 75 a3 26 13 11 b8 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 02" | decode_to_chunk: output: | 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01" | decode_to_chunk: output: | 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x E4 09 5D 4F B7 A7 B3 79 2D 61 75 A3 26 13 11 B8" | decode_to_chunk: output: | e4 09 5d 4f b7 a7 b3 79 2d 61 75 a3 26 13 11 b8 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 02" | decode_to_chunk: output: | 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x564021df9ff0 | test_ctr_vector: Encrypting 16 octets using AES-CTR with 128-bit key passed Encrypting 32 octets using AES-CTR with 128-bit key | decode_to_chunk: raw_key: input "0x 7E 24 06 78 17 FA E0 D7 43 D6 CE 1F 32 53 91 63" | decode_to_chunk: output: | 7e 24 06 78 17 fa e0 d7 43 d6 ce 1f 32 53 91 63 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd670 | result: symkey-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd658 | result: symkey-key@0x564021df9ff0 (16-bytes, AES_CTR) | symkey: release tmp-key@0x564021dfb870 | decode_to_chunk: input counter-block: : input "0x 00 6C B6 DB C0 54 3B 59 DA 48 D9 0B 00 00 00 01" | decode_to_chunk: output: | 00 6c b6 db c0 54 3b 59 da 48 d9 0b 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: Ciphertext: input "0x51 04 A1 06 16 8A 72 D9 79 0D 41 EE 8E DA D3 88EB 2E 1E FC 46 DA 57 C8 FC E6 30 DF 91 41 BE 28" | decode_to_chunk: output: | 51 04 a1 06 16 8a 72 d9 79 0d 41 ee 8e da d3 88 | eb 2e 1e fc 46 da 57 c8 fc e6 30 df 91 41 be 28 | decode_to_chunk: expected counter-block: : input "0x 00 6C B6 DB C0 54 3B 59 DA 48 D9 0B 00 00 00 03" | decode_to_chunk: output: | 00 6c b6 db c0 54 3b 59 da 48 d9 0b 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 6C B6 DB C0 54 3B 59 DA 48 D9 0B 00 00 00 01" | decode_to_chunk: output: | 00 6c b6 db c0 54 3b 59 da 48 d9 0b 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x51 04 A1 06 16 8A 72 D9 79 0D 41 EE 8E DA D3 88EB 2E 1E FC 46 DA 57 C8 FC E6 30 DF 91 41 BE 28" | decode_to_chunk: output: | 51 04 a1 06 16 8a 72 d9 79 0d 41 ee 8e da d3 88 | eb 2e 1e fc 46 da 57 c8 fc e6 30 df 91 41 be 28 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: expected counter-block: : input "0x 00 6C B6 DB C0 54 3B 59 DA 48 D9 0B 00 00 00 03" | decode_to_chunk: output: | 00 6c b6 db c0 54 3b 59 da 48 d9 0b 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x564021df9ff0 | test_ctr_vector: Encrypting 32 octets using AES-CTR with 128-bit key passed Encrypting 36 octets using AES-CTR with 128-bit key | decode_to_chunk: raw_key: input "0x 76 91 BE 03 5E 50 20 A8 AC 6E 61 85 29 F9 A0 DC" | decode_to_chunk: output: | 76 91 be 03 5e 50 20 a8 ac 6e 61 85 29 f9 a0 dc | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd670 | result: symkey-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd658 | result: symkey-key@0x564021df9ff0 (16-bytes, AES_CTR) | symkey: release tmp-key@0x564021dfb870 | decode_to_chunk: input counter-block: : input "0x 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 01" | decode_to_chunk: output: | 00 e0 01 7b 27 77 7f 3f 4a 17 86 f0 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: Ciphertext: input "0xC1 CF 48 A8 9F 2F FD D9 CF 46 52 E9 EF DB 72 D745 40 A4 2B DE 6D 78 36 D5 9A 5C EA AE F3 10 5325 B2 07 2F" | decode_to_chunk: output: | c1 cf 48 a8 9f 2f fd d9 cf 46 52 e9 ef db 72 d7 | 45 40 a4 2b de 6d 78 36 d5 9a 5c ea ae f3 10 53 | 25 b2 07 2f | decode_to_chunk: expected counter-block: : input "0x 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 04" | decode_to_chunk: output: | 00 e0 01 7b 27 77 7f 3f 4a 17 86 f0 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 01" | decode_to_chunk: output: | 00 e0 01 7b 27 77 7f 3f 4a 17 86 f0 00 00 00 01 | decode_to_chunk: Ciphertext: input "0xC1 CF 48 A8 9F 2F FD D9 CF 46 52 E9 EF DB 72 D745 40 A4 2B DE 6D 78 36 D5 9A 5C EA AE F3 10 5325 B2 07 2F" | decode_to_chunk: output: | c1 cf 48 a8 9f 2f fd d9 cf 46 52 e9 ef db 72 d7 | 45 40 a4 2b de 6d 78 36 d5 9a 5c ea ae f3 10 53 | 25 b2 07 2f | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: expected counter-block: : input "0x 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 04" | decode_to_chunk: output: | 00 e0 01 7b 27 77 7f 3f 4a 17 86 f0 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x564021df9ff0 | test_ctr_vector: Encrypting 36 octets using AES-CTR with 128-bit key passed Encrypting 16 octets using AES-CTR with 192-bit key | decode_to_chunk: raw_key: input "0x16 AF 5B 14 5F C9 F5 79 C1 75 F9 3E 3B FB 0E ED86 3D 06 CC FD B7 85 15" | decode_to_chunk: output: | 16 af 5b 14 5f c9 f5 79 c1 75 f9 3e 3b fb 0e ed | 86 3d 06 cc fd b7 85 15 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd670 | result: symkey-key@0x564021dfb870 (40-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x564021dfb870 (40-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd658 | result: symkey-key@0x564021df9ff0 (24-bytes, AES_CTR) | symkey: release tmp-key@0x564021dfb870 | decode_to_chunk: input counter-block: : input "0x 00 00 00 48 36 73 3C 14 7D 6D 93 CB 00 00 00 01" | decode_to_chunk: output: | 00 00 00 48 36 73 3c 14 7d 6d 93 cb 00 00 00 01 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: Ciphertext: input "0x 4B 55 38 4F E2 59 C9 C8 4E 79 35 A0 03 CB E9 28" | decode_to_chunk: output: | 4b 55 38 4f e2 59 c9 c8 4e 79 35 a0 03 cb e9 28 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 48 36 73 3C 14 7D 6D 93 CB 00 00 00 02" | decode_to_chunk: output: | 00 00 00 48 36 73 3c 14 7d 6d 93 cb 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 00 00 48 36 73 3C 14 7D 6D 93 CB 00 00 00 01" | decode_to_chunk: output: | 00 00 00 48 36 73 3c 14 7d 6d 93 cb 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x 4B 55 38 4F E2 59 C9 C8 4E 79 35 A0 03 CB E9 28" | decode_to_chunk: output: | 4b 55 38 4f e2 59 c9 c8 4e 79 35 a0 03 cb e9 28 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 48 36 73 3C 14 7D 6D 93 CB 00 00 00 02" | decode_to_chunk: output: | 00 00 00 48 36 73 3c 14 7d 6d 93 cb 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x564021df9ff0 | test_ctr_vector: Encrypting 16 octets using AES-CTR with 192-bit key passed Encrypting 32 octets using AES-CTR with 192-bit key | decode_to_chunk: raw_key: input "0x7C 5C B2 40 1B 3D C3 3C 19 E7 34 08 19 E0 F6 9C67 8C 3D B8 E6 F6 A9 1A" | decode_to_chunk: output: | 7c 5c b2 40 1b 3d c3 3c 19 e7 34 08 19 e0 f6 9c | 67 8c 3d b8 e6 f6 a9 1a | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd670 | result: symkey-key@0x564021dfb870 (40-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x564021dfb870 (40-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd658 | result: symkey-key@0x564021df9ff0 (24-bytes, AES_CTR) | symkey: release tmp-key@0x564021dfb870 | decode_to_chunk: input counter-block: : input "0x 00 96 B0 3B 02 0C 6E AD C2 CB 50 0D 00 00 00 01" | decode_to_chunk: output: | 00 96 b0 3b 02 0c 6e ad c2 cb 50 0d 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: Ciphertext: input "0x45 32 43 FC 60 9B 23 32 7E DF AA FA 71 31 CD 9F84 90 70 1C 5A D4 A7 9C FC 1F E0 FF 42 F4 FB 00" | decode_to_chunk: output: | 45 32 43 fc 60 9b 23 32 7e df aa fa 71 31 cd 9f | 84 90 70 1c 5a d4 a7 9c fc 1f e0 ff 42 f4 fb 00 | decode_to_chunk: expected counter-block: : input "0x 00 96 B0 3B 02 0C 6E AD C2 CB 50 0D 00 00 00 03" | decode_to_chunk: output: | 00 96 b0 3b 02 0c 6e ad c2 cb 50 0d 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 96 B0 3B 02 0C 6E AD C2 CB 50 0D 00 00 00 01" | decode_to_chunk: output: | 00 96 b0 3b 02 0c 6e ad c2 cb 50 0d 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x45 32 43 FC 60 9B 23 32 7E DF AA FA 71 31 CD 9F84 90 70 1C 5A D4 A7 9C FC 1F E0 FF 42 F4 FB 00" | decode_to_chunk: output: | 45 32 43 fc 60 9b 23 32 7e df aa fa 71 31 cd 9f | 84 90 70 1c 5a d4 a7 9c fc 1f e0 ff 42 f4 fb 00 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: expected counter-block: : input "0x 00 96 B0 3B 02 0C 6E AD C2 CB 50 0D 00 00 00 03" | decode_to_chunk: output: | 00 96 b0 3b 02 0c 6e ad c2 cb 50 0d 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x564021df9ff0 | test_ctr_vector: Encrypting 32 octets using AES-CTR with 192-bit key passed Encrypting 36 octets using AES-CTR with 192-bit key | decode_to_chunk: raw_key: input "0x02 BF 39 1E E8 EC B1 59 B9 59 61 7B 09 65 27 9BF5 9B 60 A7 86 D3 E0 FE" | decode_to_chunk: output: | 02 bf 39 1e e8 ec b1 59 b9 59 61 7b 09 65 27 9b | f5 9b 60 a7 86 d3 e0 fe | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd670 | result: symkey-key@0x564021dfb870 (40-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x564021dfb870 (40-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd658 | result: symkey-key@0x564021df9ff0 (24-bytes, AES_CTR) | symkey: release tmp-key@0x564021dfb870 | decode_to_chunk: input counter-block: : input "0x 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 01" | decode_to_chunk: output: | 00 07 bd fd 5c bd 60 27 8d cc 09 12 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: Ciphertext: input "0x96 89 3F C5 5E 5C 72 2F 54 0B 7D D1 DD F7 E7 58D2 88 BC 95 C6 91 65 88 45 36 C8 11 66 2F 21 88AB EE 09 35" | decode_to_chunk: output: | 96 89 3f c5 5e 5c 72 2f 54 0b 7d d1 dd f7 e7 58 | d2 88 bc 95 c6 91 65 88 45 36 c8 11 66 2f 21 88 | ab ee 09 35 | decode_to_chunk: expected counter-block: : input "0x 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 04" | decode_to_chunk: output: | 00 07 bd fd 5c bd 60 27 8d cc 09 12 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 01" | decode_to_chunk: output: | 00 07 bd fd 5c bd 60 27 8d cc 09 12 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x96 89 3F C5 5E 5C 72 2F 54 0B 7D D1 DD F7 E7 58D2 88 BC 95 C6 91 65 88 45 36 C8 11 66 2F 21 88AB EE 09 35" | decode_to_chunk: output: | 96 89 3f c5 5e 5c 72 2f 54 0b 7d d1 dd f7 e7 58 | d2 88 bc 95 c6 91 65 88 45 36 c8 11 66 2f 21 88 | ab ee 09 35 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: expected counter-block: : input "0x 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 04" | decode_to_chunk: output: | 00 07 bd fd 5c bd 60 27 8d cc 09 12 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x564021df9ff0 | test_ctr_vector: Encrypting 36 octets using AES-CTR with 192-bit key passed Encrypting 16 octets using AES-CTR with 256-bit key | decode_to_chunk: raw_key: input "0x77 6B EF F2 85 1D B0 6F 4C 8A 05 42 C8 69 6F 6C6A 81 AF 1E EC 96 B4 D3 7F C1 D6 89 E6 C1 C1 04" | decode_to_chunk: output: | 77 6b ef f2 85 1d b0 6f 4c 8a 05 42 c8 69 6f 6c | 6a 81 af 1e ec 96 b4 d3 7f c1 d6 89 e6 c1 c1 04 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd670 | result: symkey-key@0x564021dfb870 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x564021dfb870 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd658 | result: symkey-key@0x564021df9ff0 (32-bytes, AES_CTR) | symkey: release tmp-key@0x564021dfb870 | decode_to_chunk: input counter-block: : input "0x 00 00 00 60 DB 56 72 C9 7A A8 F0 B2 00 00 00 01" | decode_to_chunk: output: | 00 00 00 60 db 56 72 c9 7a a8 f0 b2 00 00 00 01 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: Ciphertext: input "0x 14 5A D0 1D BF 82 4E C7 56 08 63 DC 71 E3 E0 C0" | decode_to_chunk: output: | 14 5a d0 1d bf 82 4e c7 56 08 63 dc 71 e3 e0 c0 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 60 DB 56 72 C9 7A A8 F0 B2 00 00 00 02" | decode_to_chunk: output: | 00 00 00 60 db 56 72 c9 7a a8 f0 b2 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 00 00 60 DB 56 72 C9 7A A8 F0 B2 00 00 00 01" | decode_to_chunk: output: | 00 00 00 60 db 56 72 c9 7a a8 f0 b2 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x 14 5A D0 1D BF 82 4E C7 56 08 63 DC 71 E3 E0 C0" | decode_to_chunk: output: | 14 5a d0 1d bf 82 4e c7 56 08 63 dc 71 e3 e0 c0 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 60 DB 56 72 C9 7A A8 F0 B2 00 00 00 02" | decode_to_chunk: output: | 00 00 00 60 db 56 72 c9 7a a8 f0 b2 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x564021df9ff0 | test_ctr_vector: Encrypting 16 octets using AES-CTR with 256-bit key passed Encrypting 32 octets using AES-CTR with 256-bit key | decode_to_chunk: raw_key: input "0xF6 D6 6D 6B D5 2D 59 BB 07 96 36 58 79 EF F8 86C6 6D D5 1A 5B 6A 99 74 4B 50 59 0C 87 A2 38 84" | decode_to_chunk: output: | f6 d6 6d 6b d5 2d 59 bb 07 96 36 58 79 ef f8 86 | c6 6d d5 1a 5b 6a 99 74 4b 50 59 0c 87 a2 38 84 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd670 | result: symkey-key@0x564021dfb870 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x564021dfb870 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd658 | result: symkey-key@0x564021df9ff0 (32-bytes, AES_CTR) | symkey: release tmp-key@0x564021dfb870 | decode_to_chunk: input counter-block: : input "0x 00 FA AC 24 C1 58 5E F1 5A 43 D8 75 00 00 00 01" | decode_to_chunk: output: | 00 fa ac 24 c1 58 5e f1 5a 43 d8 75 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: Ciphertext: input "0xF0 5E 23 1B 38 94 61 2C 49 EE 00 0B 80 4E B2 A9B8 30 6B 50 8F 83 9D 6A 55 30 83 1D 93 44 AF 1C" | decode_to_chunk: output: | f0 5e 23 1b 38 94 61 2c 49 ee 00 0b 80 4e b2 a9 | b8 30 6b 50 8f 83 9d 6a 55 30 83 1d 93 44 af 1c | decode_to_chunk: expected counter-block: : input "0x 00 FA AC 24 C1 58 5E F1 5A 43 D8 75 00 00 00 03" | decode_to_chunk: output: | 00 fa ac 24 c1 58 5e f1 5a 43 d8 75 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 FA AC 24 C1 58 5E F1 5A 43 D8 75 00 00 00 01" | decode_to_chunk: output: | 00 fa ac 24 c1 58 5e f1 5a 43 d8 75 00 00 00 01 | decode_to_chunk: Ciphertext: input "0xF0 5E 23 1B 38 94 61 2C 49 EE 00 0B 80 4E B2 A9B8 30 6B 50 8F 83 9D 6A 55 30 83 1D 93 44 AF 1C" | decode_to_chunk: output: | f0 5e 23 1b 38 94 61 2c 49 ee 00 0b 80 4e b2 a9 | b8 30 6b 50 8f 83 9d 6a 55 30 83 1d 93 44 af 1c | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: expected counter-block: : input "0x 00 FA AC 24 C1 58 5E F1 5A 43 D8 75 00 00 00 03" | decode_to_chunk: output: | 00 fa ac 24 c1 58 5e f1 5a 43 d8 75 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x564021df9ff0 | test_ctr_vector: Encrypting 32 octets using AES-CTR with 256-bit key passed Encrypting 36 octets using AES-CTR with 256-bit key | decode_to_chunk: raw_key: input "0xFF 7A 61 7C E6 91 48 E4 F1 72 6E 2F 43 58 1D E2AA 62 D9 F8 05 53 2E DF F1 EE D6 87 FB 54 15 3D" | decode_to_chunk: output: | ff 7a 61 7c e6 91 48 e4 f1 72 6e 2f 43 58 1d e2 | aa 62 d9 f8 05 53 2e df f1 ee d6 87 fb 54 15 3d | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd670 | result: symkey-key@0x564021dfb870 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x564021dfb870 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd658 | result: symkey-key@0x564021df9ff0 (32-bytes, AES_CTR) | symkey: release tmp-key@0x564021dfb870 | decode_to_chunk: input counter-block: : input "0x 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 01" | decode_to_chunk: output: | 00 1c c5 b7 51 a5 1d 70 a1 c1 11 48 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: Ciphertext: input "0xEB 6C 52 82 1D 0B BB F7 CE 75 94 46 2A CA 4F AAB4 07 DF 86 65 69 FD 07 F4 8C C0 B5 83 D6 07 1F1E C0 E6 B8" | decode_to_chunk: output: | eb 6c 52 82 1d 0b bb f7 ce 75 94 46 2a ca 4f aa | b4 07 df 86 65 69 fd 07 f4 8c c0 b5 83 d6 07 1f | 1e c0 e6 b8 | decode_to_chunk: expected counter-block: : input "0x 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 04" | decode_to_chunk: output: | 00 1c c5 b7 51 a5 1d 70 a1 c1 11 48 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 01" | decode_to_chunk: output: | 00 1c c5 b7 51 a5 1d 70 a1 c1 11 48 00 00 00 01 | decode_to_chunk: Ciphertext: input "0xEB 6C 52 82 1D 0B BB F7 CE 75 94 46 2A CA 4F AAB4 07 DF 86 65 69 FD 07 F4 8C C0 B5 83 D6 07 1F1E C0 E6 B8" | decode_to_chunk: output: | eb 6c 52 82 1d 0b bb f7 ce 75 94 46 2a ca 4f aa | b4 07 df 86 65 69 fd 07 f4 8c c0 b5 83 d6 07 1f | 1e c0 e6 b8 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: expected counter-block: : input "0x 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 04" | decode_to_chunk: output: | 00 1c c5 b7 51 a5 1d 70 a1 c1 11 48 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x564021df9ff0 | test_ctr_vector: Encrypting 36 octets using AES-CTR with 256-bit key passed testing AES_CBC: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key | decode_to_chunk: raw_key: input "0x06a9214036b8a15b512e03d534120006" | decode_to_chunk: output: | 06 a9 21 40 36 b8 a1 5b 51 2e 03 d5 34 12 00 06 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd670 | result: symkey-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd658 | result: symkey-key@0x564021df9ff0 (16-bytes, AES_CBC) | symkey: release tmp-key@0x564021dfb870 | decode_to_chunk: IV: : input "0x3dafba429d9eb430b422da802c9fac41" | decode_to_chunk: output: | 3d af ba 42 9d 9e b4 30 b4 22 da 80 2c 9f ac 41 | decode_to_chunk: new IV: : input "0xe353779c1079aeb82708942dbe77181a" | decode_to_chunk: output: | e3 53 77 9c 10 79 ae b8 27 08 94 2d be 77 18 1a | decode_to_chunk: plaintext: : input "Single block msg" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: ciphertext: : input "0xe353779c1079aeb82708942dbe77181a" | decode_to_chunk: output: | e3 53 77 9c 10 79 ae b8 27 08 94 2d be 77 18 1a | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x3dafba429d9eb430b422da802c9fac41" | decode_to_chunk: output: | 3d af ba 42 9d 9e b4 30 b4 22 da 80 2c 9f ac 41 | decode_to_chunk: new IV: : input "0xe353779c1079aeb82708942dbe77181a" | decode_to_chunk: output: | e3 53 77 9c 10 79 ae b8 27 08 94 2d be 77 18 1a | decode_to_chunk: cipertext: : input "0xe353779c1079aeb82708942dbe77181a" | decode_to_chunk: output: | e3 53 77 9c 10 79 ae b8 27 08 94 2d be 77 18 1a | decode_to_chunk: plaintext: : input "Single block msg" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x564021df9ff0 | test_ctr_vector: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key passed Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key | decode_to_chunk: raw_key: input "0xc286696d887c9aa0611bbb3e2025a45a" | decode_to_chunk: output: | c2 86 69 6d 88 7c 9a a0 61 1b bb 3e 20 25 a4 5a | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd670 | result: symkey-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd658 | result: symkey-key@0x564021df9ff0 (16-bytes, AES_CBC) | symkey: release tmp-key@0x564021dfb870 | decode_to_chunk: IV: : input "0x562e17996d093d28ddb3ba695a2e6f58" | decode_to_chunk: output: | 56 2e 17 99 6d 09 3d 28 dd b3 ba 69 5a 2e 6f 58 | decode_to_chunk: new IV: : input "0xd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1" | decode_to_chunk: output: | d2 96 cd 94 c2 cc cf 8a 3a 86 30 28 b5 e1 dc 0a | 75 86 60 2d 25 3c ff f9 1b 82 66 be a6 d6 1a b1 | decode_to_chunk: plaintext: : input "0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: ciphertext: : input "0xd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1" | decode_to_chunk: output: | d2 96 cd 94 c2 cc cf 8a 3a 86 30 28 b5 e1 dc 0a | 75 86 60 2d 25 3c ff f9 1b 82 66 be a6 d6 1a b1 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x562e17996d093d28ddb3ba695a2e6f58" | decode_to_chunk: output: | 56 2e 17 99 6d 09 3d 28 dd b3 ba 69 5a 2e 6f 58 | decode_to_chunk: new IV: : input "0xd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1" | decode_to_chunk: output: | d2 96 cd 94 c2 cc cf 8a 3a 86 30 28 b5 e1 dc 0a | 75 86 60 2d 25 3c ff f9 1b 82 66 be a6 d6 1a b1 | decode_to_chunk: cipertext: : input "0xd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1" | decode_to_chunk: output: | d2 96 cd 94 c2 cc cf 8a 3a 86 30 28 b5 e1 dc 0a | 75 86 60 2d 25 3c ff f9 1b 82 66 be a6 d6 1a b1 | decode_to_chunk: plaintext: : input "0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x564021df9ff0 | test_ctr_vector: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key passed Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key | decode_to_chunk: raw_key: input "0x6c3ea0477630ce21a2ce334aa746c2cd" | decode_to_chunk: output: | 6c 3e a0 47 76 30 ce 21 a2 ce 33 4a a7 46 c2 cd | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd670 | result: symkey-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd658 | result: symkey-key@0x564021df9ff0 (16-bytes, AES_CBC) | symkey: release tmp-key@0x564021dfb870 | decode_to_chunk: IV: : input "0xc782dc4c098c66cbd9cd27d825682c81" | decode_to_chunk: output: | c7 82 dc 4c 09 8c 66 cb d9 cd 27 d8 25 68 2c 81 | decode_to_chunk: new IV: : input "0xd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684" | decode_to_chunk: output: | d0 a0 2b 38 36 45 17 53 d4 93 66 5d 33 f0 e8 86 | 2d ea 54 cd b2 93 ab c7 50 69 39 27 67 72 f8 d5 | 02 1c 19 21 6b ad 52 5c 85 79 69 5d 83 ba 26 84 | decode_to_chunk: plaintext: : input "This is a 48-byte message (exactly 3 AES blocks)" | decode_to_chunk: output: | 54 68 69 73 20 69 73 20 61 20 34 38 2d 62 79 74 | 65 20 6d 65 73 73 61 67 65 20 28 65 78 61 63 74 | 6c 79 20 33 20 41 45 53 20 62 6c 6f 63 6b 73 29 | decode_to_chunk: ciphertext: : input "0xd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684" | decode_to_chunk: output: | d0 a0 2b 38 36 45 17 53 d4 93 66 5d 33 f0 e8 86 | 2d ea 54 cd b2 93 ab c7 50 69 39 27 67 72 f8 d5 | 02 1c 19 21 6b ad 52 5c 85 79 69 5d 83 ba 26 84 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0xc782dc4c098c66cbd9cd27d825682c81" | decode_to_chunk: output: | c7 82 dc 4c 09 8c 66 cb d9 cd 27 d8 25 68 2c 81 | decode_to_chunk: new IV: : input "0xd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684" | decode_to_chunk: output: | d0 a0 2b 38 36 45 17 53 d4 93 66 5d 33 f0 e8 86 | 2d ea 54 cd b2 93 ab c7 50 69 39 27 67 72 f8 d5 | 02 1c 19 21 6b ad 52 5c 85 79 69 5d 83 ba 26 84 | decode_to_chunk: cipertext: : input "0xd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684" | decode_to_chunk: output: | d0 a0 2b 38 36 45 17 53 d4 93 66 5d 33 f0 e8 86 | 2d ea 54 cd b2 93 ab c7 50 69 39 27 67 72 f8 d5 | 02 1c 19 21 6b ad 52 5c 85 79 69 5d 83 ba 26 84 | decode_to_chunk: plaintext: : input "This is a 48-byte message (exactly 3 AES blocks)" | decode_to_chunk: output: | 54 68 69 73 20 69 73 20 61 20 34 38 2d 62 79 74 | 65 20 6d 65 73 73 61 67 65 20 28 65 78 61 63 74 | 6c 79 20 33 20 41 45 53 20 62 6c 6f 63 6b 73 29 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x564021df9ff0 | test_ctr_vector: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key passed Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key | decode_to_chunk: raw_key: input "0x56e47a38c5598974bc46903dba290349" | decode_to_chunk: output: | 56 e4 7a 38 c5 59 89 74 bc 46 90 3d ba 29 03 49 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd670 | result: symkey-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd658 | result: symkey-key@0x564021df9ff0 (16-bytes, AES_CBC) | symkey: release tmp-key@0x564021dfb870 | decode_to_chunk: IV: : input "0x8ce82eefbea0da3c44699ed7db51b7d9" | decode_to_chunk: output: | 8c e8 2e ef be a0 da 3c 44 69 9e d7 db 51 b7 d9 | decode_to_chunk: new IV: : input "0xc30e32ffedc0774e6aff6af0869f71aa0f3af07a9a31a9c684db207eb0ef8e4e35907aa632c3ffdf868bb7b29d3d46ad83ce9f9a102ee99d49a53e87f4c3da55" | decode_to_chunk: output: | c3 0e 32 ff ed c0 77 4e 6a ff 6a f0 86 9f 71 aa | 0f 3a f0 7a 9a 31 a9 c6 84 db 20 7e b0 ef 8e 4e | 35 90 7a a6 32 c3 ff df 86 8b b7 b2 9d 3d 46 ad | 83 ce 9f 9a 10 2e e9 9d 49 a5 3e 87 f4 c3 da 55 | decode_to_chunk: plaintext: : input "0xa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedf" | decode_to_chunk: output: | a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 aa ab ac ad ae af | b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf | c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf | d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df | decode_to_chunk: ciphertext: : input "0xc30e32ffedc0774e6aff6af0869f71aa0f3af07a9a31a9c684db207eb0ef8e4e35907aa632c3ffdf868bb7b29d3d46ad83ce9f9a102ee99d49a53e87f4c3da55" | decode_to_chunk: output: | c3 0e 32 ff ed c0 77 4e 6a ff 6a f0 86 9f 71 aa | 0f 3a f0 7a 9a 31 a9 c6 84 db 20 7e b0 ef 8e 4e | 35 90 7a a6 32 c3 ff df 86 8b b7 b2 9d 3d 46 ad | 83 ce 9f 9a 10 2e e9 9d 49 a5 3e 87 f4 c3 da 55 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x8ce82eefbea0da3c44699ed7db51b7d9" | decode_to_chunk: output: | 8c e8 2e ef be a0 da 3c 44 69 9e d7 db 51 b7 d9 | decode_to_chunk: new IV: : input "0xc30e32ffedc0774e6aff6af0869f71aa0f3af07a9a31a9c684db207eb0ef8e4e35907aa632c3ffdf868bb7b29d3d46ad83ce9f9a102ee99d49a53e87f4c3da55" | decode_to_chunk: output: | c3 0e 32 ff ed c0 77 4e 6a ff 6a f0 86 9f 71 aa | 0f 3a f0 7a 9a 31 a9 c6 84 db 20 7e b0 ef 8e 4e | 35 90 7a a6 32 c3 ff df 86 8b b7 b2 9d 3d 46 ad | 83 ce 9f 9a 10 2e e9 9d 49 a5 3e 87 f4 c3 da 55 | decode_to_chunk: cipertext: : input "0xc30e32ffedc0774e6aff6af0869f71aa0f3af07a9a31a9c684db207eb0ef8e4e35907aa632c3ffdf868bb7b29d3d46ad83ce9f9a102ee99d49a53e87f4c3da55" | decode_to_chunk: output: | c3 0e 32 ff ed c0 77 4e 6a ff 6a f0 86 9f 71 aa | 0f 3a f0 7a 9a 31 a9 c6 84 db 20 7e b0 ef 8e 4e | 35 90 7a a6 32 c3 ff df 86 8b b7 b2 9d 3d 46 ad | 83 ce 9f 9a 10 2e e9 9d 49 a5 3e 87 f4 c3 da 55 | decode_to_chunk: plaintext: : input "0xa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedf" | decode_to_chunk: output: | a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 aa ab ac ad ae af | b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf | c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf | d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x564021df9ff0 | test_ctr_vector: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key passed testing AES_XCBC: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "" | decode_to_chunk: output: | | decode_to_chunk: test_prf_vector: input "0x75f0251d528ac01c4573dfd584d79f29" | decode_to_chunk: output: | 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | PRF chunk interface PRF aes_xcbc init key-chunk@0x564021dfd310 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd5f0 | result: key-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5d8 | result: key-key@0x564021df9ff0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x564021dfb870 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021df9ff0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5b8 | result: key-key@0x564021dfb870 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x564021df9ff0 | PRF chunk interface PRF aes_xcbc crypt-prf@0x564021dfd110 | PRF chunk interface PRF aes_xcbc update message-bytes@0x564021df87c0 (length 0) | | XCBC: data | K extracting all 16 bytes of key@0x564021dfb870 | K: symkey-key@0x564021dfb870 (16-bytes, AES_ECB) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564021dfdd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)-2041720464: 77 37 ffffffff fffffff9 0e 74 20 ffffffc6 19 ffffffd8 ffffff9a ffffffe9 ffffffdc ffffff97 64 66 | K: release slot-key-key@0x564021dfdd40 | K extracted len 16 bytes at 0x564021dfd3e0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd550 | result: k1-key@0x564021dfdfd0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021dfdfd0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd538 | result: k1-key@0x564021df9ff0 (16-bytes, AES_ECB) | k1: release tmp-key@0x564021dfdfd0 | Computing E[0] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] | XCBC: M[n] | XCBC: M[n]:80...^E[n-1]^K3 | 41 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: MAC 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | xcbc: release k1-key@0x564021df9ff0 | PRF chunk interface: release key-key@0x564021dfb870 | PRF chunk interface PRF aes_xcbc final-chunk@0x564021dfd130 (length 16) | 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | chunk output 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | verify_chunk_data: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: ok | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd660 | result: key symkey-key@0x564021df9ff0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021df9ff0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd648 | result: key symkey-key@0x564021dfb870 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x564021df9ff0 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x564021dfb870 (size 16) | PRF symkey interface: key symkey-key@0x564021dfb870 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021dfb870 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5e8 | result: key symkey-key@0x564021df9ff0 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x564021dfd110 | PRF symkey interface PRF aes_xcbc update symkey message-key@(nil) (size 0) | PRF symkey interface: symkey message-key@NULL | symkey message NULL key has no bytes | XCBC: data | K extracting all 16 bytes of key@0x564021df9ff0 | K: symkey-key@0x564021df9ff0 (16-bytes, AES_ECB) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564021dfdd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1023: 77 37 ffffffff fffffff9 0e 74 20 ffffffc6 19 ffffffd8 ffffff9a ffffffe9 ffffffdc ffffff97 64 66 | K: release slot-key-key@0x564021dfdd40 | K extracted len 16 bytes at 0x564021dfddd0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd570 | result: k1-key@0x564021dff8c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021dff8c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd558 | result: k1-key@0x564021dfdfd0 (16-bytes, AES_ECB) | k1: release tmp-key@0x564021dff8c0 | Computing E[0] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] | XCBC: M[n] | XCBC: M[n]:80...^E[n-1]^K3 | 41 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: MAC 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | xcbc: release k1-key@0x564021dfdfd0 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd600 | result: xcbc-key@0x564021dff8c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021dff8c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5e8 | result: xcbc-key@0x564021dfdfd0 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x564021dff8c0 | PRF symkey interface: release key-key@0x564021df9ff0 | PRF symkey interface PRF aes_xcbc final-key@0x564021dfdfd0 (size 16) | PRF symkey interface: key-key@0x564021dfdfd0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x564021dfdfd0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input extracting all 16 bytes of key@0x564021dfdfd0 | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: symkey-key@0x564021dfdfd0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: new slot-key@0x564021dfdd40 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)541704665: ffffffb9 ffffff9d ffffff8b 1a ffffffd4 ffffffb8 5c 53 ffffffd2 5a 1e fffffff8 62 ffffff88 66 ffffffd6 | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: release slot-key-key@0x564021dfdd40 | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input extracted len 16 bytes at 0x564021dfd330 | unwrapped: 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | verify_chunk_data: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: ok | test_prf_vector: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input passed | test_prf_vector: release symkey-key@0x564021dfdfd0 | test_prf_vector: release message-key@NULL | test_prf_vector: release key-key@0x564021dfb870 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102" | decode_to_chunk: output: | 00 01 02 | decode_to_chunk: test_prf_vector: input "0x5b376580ae2f19afe7219ceef172756f" | decode_to_chunk: output: | 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | PRF chunk interface PRF aes_xcbc init key-chunk@0x564021dfd110 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd5f0 | result: key-key@0x564021dfdfd0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021dfdfd0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5d8 | result: key-key@0x564021dfb870 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x564021dfdfd0 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021dfb870 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5b8 | result: key-key@0x564021dfdfd0 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x564021dfb870 | PRF chunk interface PRF aes_xcbc crypt-prf@0x564021dfd540 | PRF chunk interface PRF aes_xcbc update message-bytes@0x564021dfd330 (length 3) | 00 01 02 | XCBC: data 00 01 02 | K extracting all 16 bytes of key@0x564021dfdfd0 | K: symkey-key@0x564021dfdfd0 (16-bytes, AES_ECB) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564021dfdd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)-2041720464: 77 37 ffffffff fffffff9 0e 74 20 ffffffc6 19 ffffffd8 ffffff9a ffffffe9 ffffffdc ffffff97 64 66 | K: release slot-key-key@0x564021dfdd40 | K extracted len 16 bytes at 0x564021dfd310 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd550 | result: k1-key@0x564021df9ff0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021df9ff0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd538 | result: k1-key@0x564021dfb870 (16-bytes, AES_ECB) | k1: release tmp-key@0x564021df9ff0 | Computing E[1] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 01 02 | XCBC: M[n] 00 01 02 | XCBC: M[n]:80...^E[n-1]^K3 | c1 a6 a9 21 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: MAC 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | xcbc: release k1-key@0x564021dfb870 | PRF chunk interface: release key-key@0x564021dfdfd0 | PRF chunk interface PRF aes_xcbc final-chunk@0x564021dfd0f0 (length 16) | 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | chunk output 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | verify_chunk_data: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: ok | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd660 | result: key symkey-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd648 | result: key symkey-key@0x564021dfdfd0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x564021dfb870 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x564021dfdfd0 (size 16) | PRF symkey interface: key symkey-key@0x564021dfdfd0 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021dfdfd0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5e8 | result: key symkey-key@0x564021dfb870 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x564021dfd3e0 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd660 | result: message symkey-key@0x564021dff8c0 (19-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 3 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 3-bytes | base: base-key@0x564021dff8c0 (19-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd648 | result: message symkey-key@0x564021df9ff0 (3-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x564021dff8c0 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x564021df9ff0 (size 3) | PRF symkey interface: symkey message-key@0x564021df9ff0 (3-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 3 bytes of key@0x564021df9ff0 | symkey message: symkey-key@0x564021df9ff0 (3-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x564021dfdd40 (3-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)-2041720256: ffffffe9 ffffffca 41 7b ffffffd4 ffffff94 ffffffb9 ffffff94 5b 75 fffffffc ffffff8a ffffffe7 ffffff8d ffffffc4 ffffffd4 | symkey message: release slot-key-key@0x564021dfdd40 | symkey message extracted len 16 bytes at 0x564021dfe060 | unwrapped: 00 01 02 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 | K extracting all 16 bytes of key@0x564021dfb870 | K: symkey-key@0x564021dfb870 (16-bytes, AES_ECB) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564021dfdd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 77 37 ffffffff fffffff9 0e 74 20 ffffffc6 19 ffffffd8 ffffff9a ffffffe9 ffffffdc ffffff97 64 66 | K: release slot-key-key@0x564021dfdd40 | K extracted len 16 bytes at 0x564021dfd540 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd570 | result: k1-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd558 | result: k1-key@0x564021dff8c0 (16-bytes, AES_ECB) | k1: release tmp-key@0x564021e01140 | Computing E[1] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 01 02 | XCBC: M[n] 00 01 02 | XCBC: M[n]:80...^E[n-1]^K3 | c1 a6 a9 21 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: MAC 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | xcbc: release k1-key@0x564021dff8c0 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd600 | result: xcbc-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5e8 | result: xcbc-key@0x564021dff8c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x564021e01140 | PRF symkey interface: release key-key@0x564021dfb870 | PRF symkey interface PRF aes_xcbc final-key@0x564021dff8c0 (size 16) | PRF symkey interface: key-key@0x564021dff8c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x564021dff8c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input extracting all 16 bytes of key@0x564021dff8c0 | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: symkey-key@0x564021dff8c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: new slot-key@0x564021dfdd40 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)541704665: 1f fffffff7 ffffffc0 ffffffc9 1d 06 ffffff92 ffffff83 2d 78 29 ffffffc4 37 ffffff82 fffffffe ffffff8e | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: release slot-key-key@0x564021dfdd40 | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input extracted len 16 bytes at 0x564021dfd540 | unwrapped: 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | verify_chunk_data: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: ok | test_prf_vector: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input passed | test_prf_vector: release symkey-key@0x564021dff8c0 | test_prf_vector: release message-key@0x564021df9ff0 | test_prf_vector: release key-key@0x564021dfdfd0 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0xd2a246fa349b68a79998a4394ff7a263" | decode_to_chunk: output: | d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | PRF chunk interface PRF aes_xcbc init key-chunk@0x564021dfe060 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd5f0 | result: key-key@0x564021df9ff0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021df9ff0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5d8 | result: key-key@0x564021dfdfd0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x564021df9ff0 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021dfdfd0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5b8 | result: key-key@0x564021df9ff0 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x564021dfdfd0 | PRF chunk interface PRF aes_xcbc crypt-prf@0x564021dfd310 | PRF chunk interface PRF aes_xcbc update message-bytes@0x564021dfd540 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | K extracting all 16 bytes of key@0x564021df9ff0 | K: symkey-key@0x564021df9ff0 (16-bytes, AES_ECB) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564021dfdd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: 77 37 ffffffff fffffff9 0e 74 20 ffffffc6 19 ffffffd8 ffffff9a ffffffe9 ffffffdc ffffff97 64 66 | K: release slot-key-key@0x564021dfdd40 | K extracted len 16 bytes at 0x564021dfd330 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd550 | result: k1-key@0x564021dff8c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021dff8c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd538 | result: k1-key@0x564021dfdfd0 (16-bytes, AES_ECB) | k1: release tmp-key@0x564021dff8c0 | XCBC: Computing E[1] using K2 | XCBC: K2 bd 86 2f fb 97 ad 2f b8 f8 b8 91 f6 03 2f 36 cb | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: M[n]^E[n-1]^K2 | bd 87 2d f8 93 a8 29 bf f0 b1 9b fd 0f 22 38 c4 | XCBC: MAC d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | xcbc: release k1-key@0x564021dfdfd0 | PRF chunk interface: release key-key@0x564021df9ff0 | PRF chunk interface PRF aes_xcbc final-chunk@0x564021dfd0f0 (length 16) | d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | chunk output d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | verify_chunk_data: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: ok | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd660 | result: key symkey-key@0x564021dfdfd0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021dfdfd0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd648 | result: key symkey-key@0x564021df9ff0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x564021dfdfd0 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x564021df9ff0 (size 16) | PRF symkey interface: key symkey-key@0x564021df9ff0 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021df9ff0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5e8 | result: key symkey-key@0x564021dfdfd0 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x564021dfd130 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd660 | result: message symkey-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd648 | result: message symkey-key@0x564021dff8c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x564021dfb870 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x564021dff8c0 (size 16) | PRF symkey interface: symkey message-key@0x564021dff8c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 16 bytes of key@0x564021dff8c0 | symkey message: symkey-key@0x564021dff8c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x564021dfdd40 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)-2041720256: 77 37 ffffffff fffffff9 0e 74 20 ffffffc6 19 ffffffd8 ffffff9a ffffffe9 ffffffdc ffffff97 64 66 | symkey message: release slot-key-key@0x564021dfdd40 | symkey message extracted len 16 bytes at 0x564021dfd110 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | K extracting all 16 bytes of key@0x564021dfdfd0 | K: symkey-key@0x564021dfdfd0 (16-bytes, AES_ECB) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564021dfdd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 77 37 ffffffff fffffff9 0e 74 20 ffffffc6 19 ffffffd8 ffffff9a ffffffe9 ffffffdc ffffff97 64 66 | K: release slot-key-key@0x564021dfdd40 | K extracted len 16 bytes at 0x564021dfddd0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd570 | result: k1-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd558 | result: k1-key@0x564021dfb870 (16-bytes, AES_ECB) | k1: release tmp-key@0x564021e01140 | XCBC: Computing E[1] using K2 | XCBC: K2 bd 86 2f fb 97 ad 2f b8 f8 b8 91 f6 03 2f 36 cb | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: M[n]^E[n-1]^K2 | bd 87 2d f8 93 a8 29 bf f0 b1 9b fd 0f 22 38 c4 | XCBC: MAC d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | xcbc: release k1-key@0x564021dfb870 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd600 | result: xcbc-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5e8 | result: xcbc-key@0x564021dfb870 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x564021e01140 | PRF symkey interface: release key-key@0x564021dfdfd0 | PRF symkey interface PRF aes_xcbc final-key@0x564021dfb870 (size 16) | PRF symkey interface: key-key@0x564021dfb870 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x564021dfb870 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input extracting all 16 bytes of key@0x564021dfb870 | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: symkey-key@0x564021dfb870 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: new slot-key@0x564021dfdd40 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)541704665: 73 ffffffd0 38 ffffffa7 09 ffffffe1 7e 33 ffffff97 fffffff6 ffffffde ffffff83 1b ffffffcf fffffffa 19 | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: release slot-key-key@0x564021dfdd40 | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input extracted len 16 bytes at 0x564021dfddd0 | unwrapped: d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | verify_chunk_data: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: ok | test_prf_vector: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input passed | test_prf_vector: release symkey-key@0x564021dfb870 | test_prf_vector: release message-key@0x564021dff8c0 | test_prf_vector: release key-key@0x564021df9ff0 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f10111213" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | decode_to_chunk: test_prf_vector: input "0x47f51b4564966215b8985c63055ed308" | decode_to_chunk: output: | 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | PRF chunk interface PRF aes_xcbc init key-chunk@0x564021dfd110 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd5f0 | result: key-key@0x564021dff8c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021dff8c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5d8 | result: key-key@0x564021df9ff0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x564021dff8c0 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021df9ff0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5b8 | result: key-key@0x564021dff8c0 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x564021df9ff0 | PRF chunk interface PRF aes_xcbc crypt-prf@0x564021dfd330 | PRF chunk interface PRF aes_xcbc update message-bytes@0x564021dfddd0 (length 20) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x564021dff8c0 | K: symkey-key@0x564021dff8c0 (16-bytes, AES_ECB) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564021dfdd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: 77 37 ffffffff fffffff9 0e 74 20 ffffffc6 19 ffffffd8 ffffff9a ffffffe9 ffffffdc ffffff97 64 66 | K: release slot-key-key@0x564021dfdd40 | K extracted len 16 bytes at 0x564021dfd540 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd550 | result: k1-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd538 | result: k1-key@0x564021df9ff0 (16-bytes, AES_ECB) | k1: release tmp-key@0x564021dfb870 | Computing E[2] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | cc b2 f1 48 ed 77 08 69 0d be 33 56 c1 6e ed dd | XCBC: MAC 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | xcbc: release k1-key@0x564021df9ff0 | PRF chunk interface: release key-key@0x564021dff8c0 | PRF chunk interface PRF aes_xcbc final-chunk@0x564021dfd3e0 (length 16) | 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | chunk output 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | verify_chunk_data: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: ok | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd660 | result: key symkey-key@0x564021df9ff0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021df9ff0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd648 | result: key symkey-key@0x564021dff8c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x564021df9ff0 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x564021dff8c0 (size 16) | PRF symkey interface: key symkey-key@0x564021dff8c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021dff8c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5e8 | result: key symkey-key@0x564021df9ff0 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x564021dfd310 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd660 | result: message symkey-key@0x564021dfdfd0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021dfdfd0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd648 | result: message symkey-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x564021dfdfd0 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x564021dfb870 (size 20) | PRF symkey interface: symkey message-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 20 bytes of key@0x564021dfb870 | symkey message: symkey-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-2041720256: 77 37 ffffffff fffffff9 0e 74 20 ffffffc6 19 ffffffd8 ffffff9a ffffffe9 ffffffdc ffffff97 64 66 ffffffe5 ffffffd5 ffffff99 ffffff9a 13 ffffffa4 fffffff8 75 52 ffffffb6 2a 3e 67 ffffff8c ffffff8b 27 | symkey message: release slot-key-key@0x564021dfdd40 | symkey message extracted len 32 bytes at 0x564021dfd9a0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x564021df9ff0 | K: symkey-key@0x564021df9ff0 (16-bytes, AES_ECB) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564021dfdd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 77 37 ffffffff fffffff9 0e 74 20 ffffffc6 19 ffffffd8 ffffff9a ffffffe9 ffffffdc ffffff97 64 66 | K: release slot-key-key@0x564021dfdd40 | K extracted len 16 bytes at 0x564021df87c0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd570 | result: k1-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd558 | result: k1-key@0x564021dfdfd0 (16-bytes, AES_ECB) | k1: release tmp-key@0x564021e01140 | Computing E[2] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | cc b2 f1 48 ed 77 08 69 0d be 33 56 c1 6e ed dd | XCBC: MAC 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | xcbc: release k1-key@0x564021dfdfd0 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd600 | result: xcbc-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5e8 | result: xcbc-key@0x564021dfdfd0 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x564021e01140 | PRF symkey interface: release key-key@0x564021df9ff0 | PRF symkey interface PRF aes_xcbc final-key@0x564021dfdfd0 (size 16) | PRF symkey interface: key-key@0x564021dfdfd0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x564021dfdfd0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input extracting all 16 bytes of key@0x564021dfdfd0 | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: symkey-key@0x564021dfdfd0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: new slot-key@0x564021dfdd40 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)541704665: 68 5f 5c 6a ffffff9a ffffffbc 32 50 0a ffffff84 7c 40 0a 4d 0d fffffffd | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: release slot-key-key@0x564021dfdd40 | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input extracted len 16 bytes at 0x564021df87c0 | unwrapped: 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | verify_chunk_data: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: ok | test_prf_vector: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input passed | test_prf_vector: release symkey-key@0x564021dfdfd0 | test_prf_vector: release message-key@0x564021dfb870 | test_prf_vector: release key-key@0x564021dff8c0 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: test_prf_vector: input "0xf54f0ec8d2b9f3d36807734bd5283fd4" | decode_to_chunk: output: | f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | PRF chunk interface PRF aes_xcbc init key-chunk@0x564021dfd540 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd5f0 | result: key-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5d8 | result: key-key@0x564021dff8c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x564021dfb870 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021dff8c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5b8 | result: key-key@0x564021dfb870 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x564021dff8c0 | PRF chunk interface PRF aes_xcbc crypt-prf@0x564021df8980 | PRF chunk interface PRF aes_xcbc update message-bytes@0x564021df8a50 (length 32) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | K extracting all 16 bytes of key@0x564021dfb870 | K: symkey-key@0x564021dfb870 (16-bytes, AES_ECB) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564021dfdd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540619040: 77 37 ffffffff fffffff9 0e 74 20 ffffffc6 19 ffffffd8 ffffff9a ffffffe9 ffffffdc ffffff97 64 66 | K: release slot-key-key@0x564021dfdd40 | K extracted len 16 bytes at 0x564021df88b0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd550 | result: k1-key@0x564021dfdfd0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021dfdfd0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd538 | result: k1-key@0x564021dff8c0 (16-bytes, AES_ECB) | k1: release tmp-key@0x564021dfdfd0 | XCBC: Computing E[2] using K2 | XCBC: K2 bd 86 2f fb 97 ad 2f b8 f8 b8 91 f6 03 2f 36 cb | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: M[n]^E[n-1]^K2 | b0 93 75 12 4c f5 a5 c0 b5 18 18 37 16 b2 15 67 | XCBC: MAC f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | xcbc: release k1-key@0x564021dff8c0 | PRF chunk interface: release key-key@0x564021dfb870 | PRF chunk interface PRF aes_xcbc final-chunk@0x564021dfe060 (length 16) | f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | chunk output f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | verify_chunk_data: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: ok | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd660 | result: key symkey-key@0x564021dff8c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021dff8c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd648 | result: key symkey-key@0x564021dfb870 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x564021dff8c0 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x564021dfb870 (size 16) | PRF symkey interface: key symkey-key@0x564021dfb870 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021dfb870 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5e8 | result: key symkey-key@0x564021dff8c0 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x564021dfd130 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd660 | result: message symkey-key@0x564021df9ff0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x564021df9ff0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd648 | result: message symkey-key@0x564021dfdfd0 (32-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x564021df9ff0 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x564021dfdfd0 (size 32) | PRF symkey interface: symkey message-key@0x564021dfdfd0 (32-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 32 bytes of key@0x564021dfdfd0 | symkey message: symkey-key@0x564021dfdfd0 (32-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x564021dfdd40 (32-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-2041720256: 77 37 ffffffff fffffff9 0e 74 20 ffffffc6 19 ffffffd8 ffffff9a ffffffe9 ffffffdc ffffff97 64 66 fffffffd ffffffb2 ffffffc1 0a 3c 35 08 fffffff6 ffffffba 5f 6c ffffffd2 ffffffc1 35 40 ffffffc7 | symkey message: release slot-key-key@0x564021dfdd40 | symkey message extracted len 32 bytes at 0x564021dfddf0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | K extracting all 16 bytes of key@0x564021dff8c0 | K: symkey-key@0x564021dff8c0 (16-bytes, AES_ECB) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564021dfdd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 77 37 ffffffff fffffff9 0e 74 20 ffffffc6 19 ffffffd8 ffffff9a ffffffe9 ffffffdc ffffff97 64 66 | K: release slot-key-key@0x564021dfdd40 | K extracted len 16 bytes at 0x564021dfddd0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd570 | result: k1-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd558 | result: k1-key@0x564021df9ff0 (16-bytes, AES_ECB) | k1: release tmp-key@0x564021e01140 | XCBC: Computing E[2] using K2 | XCBC: K2 bd 86 2f fb 97 ad 2f b8 f8 b8 91 f6 03 2f 36 cb | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: M[n]^E[n-1]^K2 | b0 93 75 12 4c f5 a5 c0 b5 18 18 37 16 b2 15 67 | XCBC: MAC f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | xcbc: release k1-key@0x564021df9ff0 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd600 | result: xcbc-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5e8 | result: xcbc-key@0x564021df9ff0 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x564021e01140 | PRF symkey interface: release key-key@0x564021dff8c0 | PRF symkey interface PRF aes_xcbc final-key@0x564021df9ff0 (size 16) | PRF symkey interface: key-key@0x564021df9ff0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x564021df9ff0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input extracting all 16 bytes of key@0x564021df9ff0 | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: symkey-key@0x564021df9ff0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: new slot-key@0x564021dfdd40 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)541704665: 67 03 ffffffff ffffffd3 ffffffdb ffffffc9 ffffffd4 1a ffffffaf ffffff88 38 09 ffffff91 12 6b 40 | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: release slot-key-key@0x564021dfdd40 | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input extracted len 16 bytes at 0x564021dfddd0 | unwrapped: f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | verify_chunk_data: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: ok | test_prf_vector: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input passed | test_prf_vector: release symkey-key@0x564021df9ff0 | test_prf_vector: release message-key@0x564021dfdfd0 | test_prf_vector: release key-key@0x564021dfb870 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f2021" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 | decode_to_chunk: test_prf_vector: input "0xbecbb3bccdb518a30677d5481fb6b4d8" | decode_to_chunk: output: | be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | PRF chunk interface PRF aes_xcbc init key-chunk@0x564021dfd130 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd5f0 | result: key-key@0x564021dfdfd0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021dfdfd0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5d8 | result: key-key@0x564021dfb870 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x564021dfdfd0 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021dfb870 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5b8 | result: key-key@0x564021dfdfd0 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x564021dfb870 | PRF chunk interface PRF aes_xcbc crypt-prf@0x564021df88b0 | PRF chunk interface PRF aes_xcbc update message-bytes@0x564021df8a80 (length 34) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: data 20 21 | K extracting all 16 bytes of key@0x564021dfdfd0 | K: symkey-key@0x564021dfdfd0 (16-bytes, AES_ECB) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564021dfdd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540619040: 77 37 ffffffff fffffff9 0e 74 20 ffffffc6 19 ffffffd8 ffffff9a ffffffe9 ffffffdc ffffff97 64 66 | K: release slot-key-key@0x564021dfdd40 | K extracted len 16 bytes at 0x564021df87c0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd550 | result: k1-key@0x564021df9ff0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021df9ff0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd538 | result: k1-key@0x564021dfb870 (16-bytes, AES_ECB) | k1: release tmp-key@0x564021df9ff0 | Computing E[3] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 09 02 5e 5a 67 25 20 72 44 14 5c 6b 80 66 85 79 | XCBC: M[n] 20 21 | XCBC: M[n] 20 21 | XCBC: M[n]:80...^E[n-1]^K3 | e8 84 75 fb c5 1f b4 74 1c 13 fc e7 48 88 55 17 | XCBC: MAC be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | xcbc: release k1-key@0x564021dfb870 | PRF chunk interface: release key-key@0x564021dfdfd0 | PRF chunk interface PRF aes_xcbc final-chunk@0x564021dfd310 (length 16) | be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | chunk output be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | verify_chunk_data: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: ok | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd660 | result: key symkey-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd648 | result: key symkey-key@0x564021dfdfd0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x564021dfb870 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x564021dfdfd0 (size 16) | PRF symkey interface: key symkey-key@0x564021dfdfd0 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021dfdfd0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5e8 | result: key symkey-key@0x564021dfb870 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x564021dfd330 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd660 | result: message symkey-key@0x564021dff8c0 (50-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 34 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 34-bytes | base: base-key@0x564021dff8c0 (50-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd648 | result: message symkey-key@0x564021df9ff0 (34-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x564021dff8c0 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x564021df9ff0 (size 34) | PRF symkey interface: symkey message-key@0x564021df9ff0 (34-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 34 bytes of key@0x564021df9ff0 | symkey message: symkey-key@0x564021df9ff0 (34-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x564021dfdd40 (34-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)-2041720256: 77 37 ffffffff fffffff9 0e 74 20 ffffffc6 19 ffffffd8 ffffff9a ffffffe9 ffffffdc ffffff97 64 66 fffffffd ffffffb2 ffffffc1 0a 3c 35 08 fffffff6 ffffffba 5f 6c ffffffd2 ffffffc1 35 40 ffffffc7 ffffffea ffffff8b 64 ffffff98 ffffffde ffffffd3 ffffff94 18 ffffff99 ffffffed ffffffbf ffffffeb 1c 12 ffffffbb 1b | symkey message: release slot-key-key@0x564021dfdd40 | symkey message extracted len 48 bytes at 0x564021dfd350 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | unwrapped: 20 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: data 20 21 | K extracting all 16 bytes of key@0x564021dfb870 | K: symkey-key@0x564021dfb870 (16-bytes, AES_ECB) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564021dfdd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 77 37 ffffffff fffffff9 0e 74 20 ffffffc6 19 ffffffd8 ffffff9a ffffffe9 ffffffdc ffffff97 64 66 | K: release slot-key-key@0x564021dfdd40 | K extracted len 16 bytes at 0x564021df8980 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd570 | result: k1-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd558 | result: k1-key@0x564021dff8c0 (16-bytes, AES_ECB) | k1: release tmp-key@0x564021e01140 | Computing E[3] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 09 02 5e 5a 67 25 20 72 44 14 5c 6b 80 66 85 79 | XCBC: M[n] 20 21 | XCBC: M[n] 20 21 | XCBC: M[n]:80...^E[n-1]^K3 | e8 84 75 fb c5 1f b4 74 1c 13 fc e7 48 88 55 17 | XCBC: MAC be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | xcbc: release k1-key@0x564021dff8c0 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd600 | result: xcbc-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5e8 | result: xcbc-key@0x564021dff8c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x564021e01140 | PRF symkey interface: release key-key@0x564021dfb870 | PRF symkey interface PRF aes_xcbc final-key@0x564021dff8c0 (size 16) | PRF symkey interface: key-key@0x564021dff8c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x564021dff8c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input extracting all 16 bytes of key@0x564021dff8c0 | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: symkey-key@0x564021dff8c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: new slot-key@0x564021dfdd40 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)541704665: 6c 28 ffffff98 65 69 ffffffa0 76 38 75 58 54 3d 57 48 02 ffffffb4 | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: release slot-key-key@0x564021dfdd40 | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input extracted len 16 bytes at 0x564021df8980 | unwrapped: be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | verify_chunk_data: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: ok | test_prf_vector: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input passed | test_prf_vector: release symkey-key@0x564021dff8c0 | test_prf_vector: release message-key@0x564021df9ff0 | test_prf_vector: release key-key@0x564021dfdfd0 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0xf0dafee895db30253761103b5d84528f" | decode_to_chunk: output: | f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | PRF chunk interface PRF aes_xcbc init key-chunk@0x564021dfd330 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd5f0 | result: key-key@0x564021df9ff0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021df9ff0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5d8 | result: key-key@0x564021dfdfd0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x564021df9ff0 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021dfdfd0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5b8 | result: key-key@0x564021df9ff0 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x564021dfdfd0 | PRF chunk interface PRF aes_xcbc crypt-prf@0x564021df87c0 | PRF chunk interface PRF aes_xcbc update message-bytes@0x564021e029c0 (length 1000) | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 | K extracting all 16 bytes of key@0x564021df9ff0 | K: symkey-key@0x564021df9ff0 (16-bytes, AES_ECB) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564021dfdd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540028960: 77 37 ffffffff fffffff9 0e 74 20 ffffffc6 19 ffffffd8 ffffff9a ffffffe9 ffffffdc ffffff97 64 66 | K: release slot-key-key@0x564021dfdd40 | K extracted len 16 bytes at 0x564021dfddd0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd550 | result: k1-key@0x564021dff8c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021dff8c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd538 | result: k1-key@0x564021dfdfd0 (16-bytes, AES_ECB) | k1: release tmp-key@0x564021dff8c0 | Computing E[63] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 5c 88 af cc 1e 1e 83 fc c4 2c 0c e4 12 12 f5 17 | XCBC: M[n] 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 00 00 00 00 00 00 00 | XCBC: M[n]:80...^E[n-1]^K3 | 9d 2f 04 6d bc 24 17 fa 1c 2b ac 68 da fc 25 79 | XCBC: MAC f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | xcbc: release k1-key@0x564021dfdfd0 | PRF chunk interface: release key-key@0x564021df9ff0 | PRF chunk interface PRF aes_xcbc final-chunk@0x564021dfd3e0 (length 16) | f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | chunk output f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | verify_chunk_data: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: ok | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd660 | result: key symkey-key@0x564021dfdfd0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021dfdfd0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd648 | result: key symkey-key@0x564021df9ff0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x564021dfdfd0 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x564021df9ff0 (size 16) | PRF symkey interface: key symkey-key@0x564021df9ff0 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021df9ff0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5e8 | result: key symkey-key@0x564021dfdfd0 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x564021dfd0f0 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd660 | result: message symkey-key@0x564021dfb870 (1016-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 1000 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 1000-bytes | base: base-key@0x564021dfb870 (1016-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd648 | result: message symkey-key@0x564021dff8c0 (1000-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x564021dfb870 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x564021dff8c0 (size 1000) | PRF symkey interface: symkey message-key@0x564021dff8c0 (1000-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 1000 bytes of key@0x564021dff8c0 | symkey message: symkey-key@0x564021dff8c0 (1000-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x564021dfdd40 (1000-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 1008 | wrapper: (SECItemType)-2041720256: ffffffc5 ffffffb5 ffffffd8 ffffffda ffffffb8 fffffffb ffffffae ffffffb0 40 14 ffffffa6 ffffff8c 06 ffffffed ffffffef ffffff97 ffffffc5 ffffffb5 ffffffd8 ffffffda ffffffb8 fffffffb ffffffae ffffffb0 40 14 ffffffa6 ffffff8c 06 ffffffed ffffffef ffffff97 ffffffc5 ffffffb5 ffffffd8 ffffffda ffffffb8 fffffffb ffffffae ffffffb0 40 14 ffffffa6 ffffff8c 06 ffffffed ffffffef ffffff97 ffffffc5 ffffffb5 ffffffd8 ffffffda ffffffb8 fffffffb ffffffae ffffffb0 40 14 ffffffa6 ffffff8c 06 ffffffed ffffffef ffffff97 ffffffc5 ffffffb5 ffffffd8 ffffffda ffffffb8 fffffffb ffffffae ffffffb0 40 14 ffffffa6 ffffff8c 06 ffffffed ffffffef ffffff97 ffffffc5 ffffffb5 ffffffd8 ffffffda ffffffb8 fffffffb ffffffae ffffffb0 40 14 ffffffa6 ffffff8c 06 ffffffed ffffffef ffffff97 ffffffc5 ffffffb5 ffffffd8 ffffffda ffffffb8 fffffffb ffffffae ffffffb0 40 14 ffffffa6 ffffff8c 06 ffffffed ffffffef ffffff97 ffffffc5 ffffffb5 ffffffd8 ffffffda ffffffb8 fffffffb ffffffae ffffffb0 | symkey message: release slot-key-key@0x564021dfdd40 | symkey message extracted len 1008 bytes at 0x564021e04770 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 | K extracting all 16 bytes of key@0x564021dfdfd0 | K: symkey-key@0x564021dfdfd0 (16-bytes, AES_ECB) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564021dfdd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 77 37 ffffffff fffffff9 0e 74 20 ffffffc6 19 ffffffd8 ffffff9a ffffffe9 ffffffdc ffffff97 64 66 | K: release slot-key-key@0x564021dfdd40 | K extracted len 16 bytes at 0x564021df88b0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd570 | result: k1-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd558 | result: k1-key@0x564021dfb870 (16-bytes, AES_ECB) | k1: release tmp-key@0x564021e01140 | Computing E[63] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 5c 88 af cc 1e 1e 83 fc c4 2c 0c e4 12 12 f5 17 | XCBC: M[n] 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 00 00 00 00 00 00 00 | XCBC: M[n]:80...^E[n-1]^K3 | 9d 2f 04 6d bc 24 17 fa 1c 2b ac 68 da fc 25 79 | XCBC: MAC f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | xcbc: release k1-key@0x564021dfb870 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd600 | result: xcbc-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5e8 | result: xcbc-key@0x564021dfb870 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x564021e01140 | PRF symkey interface: release key-key@0x564021dfdfd0 | PRF symkey interface PRF aes_xcbc final-key@0x564021dfb870 (size 16) | PRF symkey interface: key-key@0x564021dfb870 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x564021dfb870 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input extracting all 16 bytes of key@0x564021dfb870 | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: symkey-key@0x564021dfb870 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: new slot-key@0x564021dfdd40 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)541704665: ffffffc9 ffffffd4 ffffffd4 3a 19 51 ffffffa1 21 ffffffeb ffffffa3 45 ffffff97 ffffffb2 ffffffa0 ffffffc6 56 | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: release slot-key-key@0x564021dfdd40 | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input extracted len 16 bytes at 0x564021df88b0 | unwrapped: f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | verify_chunk_data: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: ok | test_prf_vector: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input passed | test_prf_vector: release symkey-key@0x564021dfb870 | test_prf_vector: release message-key@0x564021dff8c0 | test_prf_vector: release key-key@0x564021df9ff0 | test_prf_vector: release output-key@NULL RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f10111213" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | decode_to_chunk: test_prf_vector: input "0x47f51b4564966215b8985c63055ed308" | decode_to_chunk: output: | 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | PRF chunk interface PRF aes_xcbc init key-chunk@0x564021dfd0f0 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd5f0 | result: key-key@0x564021dff8c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021dff8c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5d8 | result: key-key@0x564021df9ff0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x564021dff8c0 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021df9ff0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5b8 | result: key-key@0x564021dff8c0 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x564021df9ff0 | PRF chunk interface PRF aes_xcbc crypt-prf@0x564021dfd110 | PRF chunk interface PRF aes_xcbc update message-bytes@0x564021df88b0 (length 20) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x564021dff8c0 | K: symkey-key@0x564021dff8c0 (16-bytes, AES_ECB) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564021dfdd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: 77 37 ffffffff fffffff9 0e 74 20 ffffffc6 19 ffffffd8 ffffff9a ffffffe9 ffffffdc ffffff97 64 66 | K: release slot-key-key@0x564021dfdd40 | K extracted len 16 bytes at 0x564021dfd390 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd550 | result: k1-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd538 | result: k1-key@0x564021df9ff0 (16-bytes, AES_ECB) | k1: release tmp-key@0x564021dfb870 | Computing E[2] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | cc b2 f1 48 ed 77 08 69 0d be 33 56 c1 6e ed dd | XCBC: MAC 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | xcbc: release k1-key@0x564021df9ff0 | PRF chunk interface: release key-key@0x564021dff8c0 | PRF chunk interface PRF aes_xcbc final-chunk@0x564021dfd540 (length 16) | 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | chunk output 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): ok | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd660 | result: key symkey-key@0x564021df9ff0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021df9ff0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd648 | result: key symkey-key@0x564021dff8c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x564021df9ff0 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x564021dff8c0 (size 16) | PRF symkey interface: key symkey-key@0x564021dff8c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021dff8c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5e8 | result: key symkey-key@0x564021df9ff0 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x564021dfd310 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd660 | result: message symkey-key@0x564021dfdfd0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021dfdfd0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd648 | result: message symkey-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x564021dfdfd0 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x564021dfb870 (size 20) | PRF symkey interface: symkey message-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 20 bytes of key@0x564021dfb870 | symkey message: symkey-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-2041720256: 77 37 ffffffff fffffff9 0e 74 20 ffffffc6 19 ffffffd8 ffffff9a ffffffe9 ffffffdc ffffff97 64 66 ffffffe5 ffffffd5 ffffff99 ffffff9a 13 ffffffa4 fffffff8 75 52 ffffffb6 2a 3e 67 ffffff8c ffffff8b 27 | symkey message: release slot-key-key@0x564021dfdd40 | symkey message extracted len 32 bytes at 0x564021dfde20 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x564021df9ff0 | K: symkey-key@0x564021df9ff0 (16-bytes, AES_ECB) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564021dfdd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 77 37 ffffffff fffffff9 0e 74 20 ffffffc6 19 ffffffd8 ffffff9a ffffffe9 ffffffdc ffffff97 64 66 | K: release slot-key-key@0x564021dfdd40 | K extracted len 16 bytes at 0x564021dfd3e0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd570 | result: k1-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd558 | result: k1-key@0x564021dfdfd0 (16-bytes, AES_ECB) | k1: release tmp-key@0x564021e01140 | Computing E[2] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | cc b2 f1 48 ed 77 08 69 0d be 33 56 c1 6e ed dd | XCBC: MAC 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | xcbc: release k1-key@0x564021dfdfd0 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd600 | result: xcbc-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5e8 | result: xcbc-key@0x564021dfdfd0 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x564021e01140 | PRF symkey interface: release key-key@0x564021df9ff0 | PRF symkey interface PRF aes_xcbc final-key@0x564021dfdfd0 (size 16) | PRF symkey interface: key-key@0x564021dfdfd0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x564021dfdfd0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) extracting all 16 bytes of key@0x564021dfdfd0 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): symkey-key@0x564021dfdfd0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): new slot-key@0x564021dfdd40 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)541704665: 68 5f 5c 6a ffffff9a ffffffbc 32 50 0a ffffff84 7c 40 0a 4d 0d fffffffd | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): release slot-key-key@0x564021dfdd40 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) extracted len 16 bytes at 0x564021dfd540 | unwrapped: 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): ok | test_prf_vector: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) passed | test_prf_vector: release symkey-key@0x564021dfdfd0 | test_prf_vector: release message-key@0x564021dfb870 | test_prf_vector: release key-key@0x564021dff8c0 | test_prf_vector: release output-key@NULL RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) | decode_to_chunk: test_prf_vector: input "0x00010203040506070809" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f10111213" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | decode_to_chunk: test_prf_vector: input "0x0fa087af7d866e7653434e602fdde835" | decode_to_chunk: output: | 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | PRF chunk interface PRF aes_xcbc init key-chunk@0x564021dfd390 (length 10) | 00 01 02 03 04 05 06 07 08 09 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd5f0 | result: key-key@0x564021dfb870 (26-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 10 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 10-bytes | base: base-key@0x564021dfb870 (26-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5d8 | result: key-key@0x564021dff8c0 (10-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x564021dfb870 | XCBC: Key 10<16 too small, padding with zeros | xcbc: reference tmp-key@0x564021dff8c0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021dff8c0 (10-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff864dd590 | result: tmp+=0-key@0x564021dfb870 (16-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564021dff8c0 | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021dfb870 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5b8 | result: PRF chunk interface-key@0x564021dfdfd0 (16-bytes, AES_ECB) | PRF chunk interface: release tmp-key@0x564021dfb870 | PRF chunk interface: release clone-key@0x564021dff8c0 | PRF chunk interface PRF aes_xcbc crypt-prf@0x564021df87c0 | PRF chunk interface PRF aes_xcbc update message-bytes@0x564021dfd540 (length 20) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x564021dfdfd0 | K: symkey-key@0x564021dfdfd0 (16-bytes, AES_ECB) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564021dfdd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: fffffffb ffffffe1 1f 2b ffffffae ffffffc3 34 5d 58 ffffffe1 4a 0d ffffff9a 4e ffffffac 64 | K: release slot-key-key@0x564021dfdd40 | K extracted len 16 bytes at 0x564021dfd310 | unwrapped: 00 01 02 03 04 05 06 07 08 09 00 00 00 00 00 00 | XCBC: K: 00 01 02 03 04 05 06 07 08 09 00 00 00 00 00 00 | XCBC: K1 50 ca b2 4d 03 34 45 5e 40 7b 25 0f dd 7c f8 d5 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd550 | result: k1-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd538 | result: k1-key@0x564021dff8c0 (16-bytes, AES_ECB) | k1: release tmp-key@0x564021dfb870 | Computing E[2] using K3 | XCBC: K3 8e f7 48 db 56 f1 f7 26 24 72 f2 c5 63 b0 3f 88 | XCBC: E[n-1] fe 1f 63 e9 65 1a 4b bb 3c cc cd 0d cc 83 e4 30 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | 60 f9 39 21 b3 eb bc 9d 18 be 3f c8 af 33 db b8 | XCBC: MAC 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | xcbc: release k1-key@0x564021dff8c0 | PRF chunk interface: release key-key@0x564021dfdfd0 | PRF chunk interface PRF aes_xcbc final-chunk@0x564021dfd130 (length 16) | 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | chunk output 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): ok | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd660 | result: key symkey-key@0x564021dff8c0 (26-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 10 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 10-bytes | base: base-key@0x564021dff8c0 (26-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd648 | result: key symkey-key@0x564021dfdfd0 (10-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x564021dff8c0 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x564021dfdfd0 (size 10) | PRF symkey interface: key symkey-key@0x564021dfdfd0 (10-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 10<16 too small, padding with zeros | xcbc: reference tmp-key@0x564021dfdfd0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021dfdfd0 (10-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff864dd5c0 | result: tmp+=0-key@0x564021dff8c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564021dfdfd0 | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021dff8c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5e8 | result: PRF symkey interface-key@0x564021dfb870 (16-bytes, AES_ECB) | PRF symkey interface: release tmp-key@0x564021dff8c0 | PRF symkey interface PRF aes_xcbc crypt-prf@0x564021dfddd0 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd660 | result: message symkey-key@0x564021df9ff0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021df9ff0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd648 | result: message symkey-key@0x564021dff8c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x564021df9ff0 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x564021dff8c0 (size 20) | PRF symkey interface: symkey message-key@0x564021dff8c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 20 bytes of key@0x564021dff8c0 | symkey message: symkey-key@0x564021dff8c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-2041720256: 77 37 ffffffff fffffff9 0e 74 20 ffffffc6 19 ffffffd8 ffffff9a ffffffe9 ffffffdc ffffff97 64 66 ffffffe5 ffffffd5 ffffff99 ffffff9a 13 ffffffa4 fffffff8 75 52 ffffffb6 2a 3e 67 ffffff8c ffffff8b 27 | symkey message: release slot-key-key@0x564021dfdd40 | symkey message extracted len 32 bytes at 0x564021e04b70 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x564021dfb870 | K: symkey-key@0x564021dfb870 (16-bytes, AES_ECB) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564021dfdd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: fffffffb ffffffe1 1f 2b ffffffae ffffffc3 34 5d 58 ffffffe1 4a 0d ffffff9a 4e ffffffac 64 | K: release slot-key-key@0x564021dfdd40 | K extracted len 16 bytes at 0x564021df8980 | unwrapped: 00 01 02 03 04 05 06 07 08 09 00 00 00 00 00 00 | XCBC: K: 00 01 02 03 04 05 06 07 08 09 00 00 00 00 00 00 | XCBC: K1 50 ca b2 4d 03 34 45 5e 40 7b 25 0f dd 7c f8 d5 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd570 | result: k1-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd558 | result: k1-key@0x564021df9ff0 (16-bytes, AES_ECB) | k1: release tmp-key@0x564021e01140 | Computing E[2] using K3 | XCBC: K3 8e f7 48 db 56 f1 f7 26 24 72 f2 c5 63 b0 3f 88 | XCBC: E[n-1] fe 1f 63 e9 65 1a 4b bb 3c cc cd 0d cc 83 e4 30 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | 60 f9 39 21 b3 eb bc 9d 18 be 3f c8 af 33 db b8 | XCBC: MAC 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | xcbc: release k1-key@0x564021df9ff0 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd600 | result: xcbc-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5e8 | result: xcbc-key@0x564021df9ff0 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x564021e01140 | PRF symkey interface: release key-key@0x564021dfb870 | PRF symkey interface PRF aes_xcbc final-key@0x564021df9ff0 (size 16) | PRF symkey interface: key-key@0x564021df9ff0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x564021df9ff0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) extracting all 16 bytes of key@0x564021df9ff0 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): symkey-key@0x564021df9ff0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): new slot-key@0x564021dfdd40 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)541704665: 1e 05 ffffffa8 ffffff8b ffffffd5 6a 58 00 ffffffd5 fffffff1 74 6c ffffffe7 78 ffffff80 40 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): release slot-key-key@0x564021dfdd40 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) extracted len 16 bytes at 0x564021dfd130 | unwrapped: 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): ok | test_prf_vector: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) passed | test_prf_vector: release symkey-key@0x564021df9ff0 | test_prf_vector: release message-key@0x564021dff8c0 | test_prf_vector: release key-key@0x564021dfdfd0 | test_prf_vector: release output-key@NULL RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0fedcb" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | ed cb | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f10111213" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | decode_to_chunk: test_prf_vector: input "0x8cd3c93ae598a9803006ffb67c40e9e4" | decode_to_chunk: output: | 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | PRF chunk interface PRF aes_xcbc init key-chunk@0x564021dfd310 (length 18) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | ed cb | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd5f0 | result: key-key@0x564021dff8c0 (34-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 18 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 18-bytes | base: base-key@0x564021dff8c0 (34-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5d8 | result: key-key@0x564021dfdfd0 (18-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x564021dff8c0 | XCBC: Key 18>16 too big, rehashing to size | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd590 | result: key-key@0x564021df9ff0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021df9ff0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd578 | result: key-key@0x564021dff8c0 (16-bytes, AES_ECB) | key: release tmp-key@0x564021df9ff0 | key extracting all 18 bytes of key@0x564021dfdfd0 | key: symkey-key@0x564021dfdfd0 (18-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | key: new slot-key@0x564021dfdd40 (18-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1701522796: 77 37 ffffffff fffffff9 0e 74 20 ffffffc6 19 ffffffd8 ffffff9a ffffffe9 ffffffdc ffffff97 64 66 ffffffc4 4c ffffffb4 ffffffb5 36 2a ffffffbb ffffffe0 ffffffd4 7d 7c 53 ffffff9e 20 ffffffef 20 | key: release slot-key-key@0x564021dfdd40 | key extracted len 32 bytes at 0x564021dfd9a0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: ed cb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data ed cb | K extracting all 16 bytes of key@0x564021dff8c0 | K: symkey-key@0x564021dff8c0 (16-bytes, AES_ECB) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564021dfdd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)808460336: ffffffc5 ffffffb5 ffffffd8 ffffffda ffffffb8 fffffffb ffffffae ffffffb0 40 14 ffffffa6 ffffff8c 06 ffffffed ffffffef ffffff97 | K: release slot-key-key@0x564021dfdd40 | K extracted len 16 bytes at 0x564021dfd330 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: K: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: K1 e1 4d 5d 0e e2 77 15 df 08 b4 15 2b a2 3d a8 e0 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd510 | result: k1-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd4f8 | result: k1-key@0x564021df9ff0 (16-bytes, AES_ECB) | k1: release tmp-key@0x564021dfb870 | Computing E[2] using K3 | XCBC: K3 8d 34 ef cb 3b d5 45 ca 06 2a ec df ef 7c 0b fa | XCBC: E[n-1] 0b 72 b2 ae 0a 37 79 81 75 6a d5 9c 79 c0 e6 96 | XCBC: M[n] ed cb | XCBC: M[n] ed cb | XCBC: M[n]:80...^E[n-1]^K3 | 6b 8d dd 65 31 e2 3c 4b 73 40 39 43 96 bc ed 6c | XCBC: MAC 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | xcbc: release k1-key@0x564021df9ff0 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd590 | result: key-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd578 | result: key-key@0x564021df9ff0 (16-bytes, AES_ECB) | key: release tmp-key@0x564021dfb870 | PRF chunk interface: release clone-key@0x564021dfdfd0 | PRF chunk interface PRF aes_xcbc crypt-prf@0x564021df87c0 | PRF chunk interface PRF aes_xcbc update message-bytes@0x564021dfd130 (length 20) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x564021df9ff0 | K: symkey-key@0x564021df9ff0 (16-bytes, AES_ECB) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564021dfdd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: ffffffe7 ffffffc9 ffffffe4 41 fffffff6 ffffffd1 fffffff3 ffffffbc 23 7a 76 2c ffffffd8 6c ffffffe8 3b | K: release slot-key-key@0x564021dfdd40 | K extracted len 16 bytes at 0x564021dfd3e0 | unwrapped: 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | XCBC: K: 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | XCBC: K1 27 f3 88 2f b7 b9 4b a4 16 36 09 d5 d2 39 c5 7f | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd550 | result: k1-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd538 | result: k1-key@0x564021dfdfd0 (16-bytes, AES_ECB) | k1: release tmp-key@0x564021dfb870 | Computing E[2] using K3 | XCBC: K3 50 9e d8 ae 74 5a 75 4c 93 4d 6c 91 98 fe e2 1b | XCBC: E[n-1] ec 26 f6 dd e8 bb 1b d1 ec 76 c4 91 78 37 ca 4b | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | ac a9 3c 60 1c e1 6e 9d 7f 3b a8 00 e0 c9 28 50 | XCBC: MAC 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | xcbc: release k1-key@0x564021dfdfd0 | PRF chunk interface: release key-key@0x564021df9ff0 | PRF chunk interface PRF aes_xcbc final-chunk@0x564021dfddd0 (length 16) | 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | chunk output 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): ok | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd660 | result: key symkey-key@0x564021dfdfd0 (34-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 18 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 18-bytes | base: base-key@0x564021dfdfd0 (34-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd648 | result: key symkey-key@0x564021df9ff0 (18-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x564021dfdfd0 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x564021df9ff0 (size 18) | PRF symkey interface: key symkey-key@0x564021df9ff0 (18-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 18>16 too big, rehashing to size | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd5c0 | result: key symkey-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5a8 | result: key symkey-key@0x564021dfdfd0 (16-bytes, AES_ECB) | key symkey: release tmp-key@0x564021dfb870 | key symkey extracting all 18 bytes of key@0x564021df9ff0 | key symkey: symkey-key@0x564021df9ff0 (18-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | key symkey: new slot-key@0x564021dfdd40 (18-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1701522796: 77 37 ffffffff fffffff9 0e 74 20 ffffffc6 19 ffffffd8 ffffff9a ffffffe9 ffffffdc ffffff97 64 66 ffffffc4 4c ffffffb4 ffffffb5 36 2a ffffffbb ffffffe0 ffffffd4 7d 7c 53 ffffff9e 20 ffffffef 20 | key symkey: release slot-key-key@0x564021dfdd40 | key symkey extracted len 32 bytes at 0x564021dfd9a0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: ed cb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data ed cb | K extracting all 16 bytes of key@0x564021dfdfd0 | K: symkey-key@0x564021dfdfd0 (16-bytes, AES_ECB) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564021dfdd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)808460336: ffffffc5 ffffffb5 ffffffd8 ffffffda ffffffb8 fffffffb ffffffae ffffffb0 40 14 ffffffa6 ffffff8c 06 ffffffed ffffffef ffffff97 | K: release slot-key-key@0x564021dfdd40 | K extracted len 16 bytes at 0x564021df8980 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: K: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: K1 e1 4d 5d 0e e2 77 15 df 08 b4 15 2b a2 3d a8 e0 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd540 | result: k1-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd528 | result: k1-key@0x564021dfb870 (16-bytes, AES_ECB) | k1: release tmp-key@0x564021e01140 | Computing E[2] using K3 | XCBC: K3 8d 34 ef cb 3b d5 45 ca 06 2a ec df ef 7c 0b fa | XCBC: E[n-1] 0b 72 b2 ae 0a 37 79 81 75 6a d5 9c 79 c0 e6 96 | XCBC: M[n] ed cb | XCBC: M[n] ed cb | XCBC: M[n]:80...^E[n-1]^K3 | 6b 8d dd 65 31 e2 3c 4b 73 40 39 43 96 bc ed 6c | XCBC: MAC 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | xcbc: release k1-key@0x564021dfb870 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd5c0 | result: key symkey-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5a8 | result: key symkey-key@0x564021dfb870 (16-bytes, AES_ECB) | key symkey: release tmp-key@0x564021e01140 | PRF symkey interface PRF aes_xcbc crypt-prf@0x564021dfd540 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd660 | result: message symkey-key@0x564021e04570 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e04570 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd648 | result: message symkey-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x564021e04570 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x564021e01140 (size 20) | PRF symkey interface: symkey message-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 20 bytes of key@0x564021e01140 | symkey message: symkey-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-2041720256: 77 37 ffffffff fffffff9 0e 74 20 ffffffc6 19 ffffffd8 ffffff9a ffffffe9 ffffffdc ffffff97 64 66 ffffffe5 ffffffd5 ffffff99 ffffff9a 13 ffffffa4 fffffff8 75 52 ffffffb6 2a 3e 67 ffffff8c ffffff8b 27 | symkey message: release slot-key-key@0x564021dfdd40 | symkey message extracted len 32 bytes at 0x564021dfd9a0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x564021dfb870 | K: symkey-key@0x564021dfb870 (16-bytes, AES_ECB) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x564021dfdd40 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: ffffffe7 ffffffc9 ffffffe4 41 fffffff6 ffffffd1 fffffff3 ffffffbc 23 7a 76 2c ffffffd8 6c ffffffe8 3b | K: release slot-key-key@0x564021dfdd40 | K extracted len 16 bytes at 0x564021df87c0 | unwrapped: 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | XCBC: K: 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | XCBC: K1 27 f3 88 2f b7 b9 4b a4 16 36 09 d5 d2 39 c5 7f | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd570 | result: k1-key@0x564021e06230 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x564021e06230 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd558 | result: k1-key@0x564021e04570 (16-bytes, AES_ECB) | k1: release tmp-key@0x564021e06230 | Computing E[2] using K3 | XCBC: K3 50 9e d8 ae 74 5a 75 4c 93 4d 6c 91 98 fe e2 1b | XCBC: E[n-1] ec 26 f6 dd e8 bb 1b d1 ec 76 c4 91 78 37 ca 4b | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | ac a9 3c 60 1c e1 6e 9d 7f 3b a8 00 e0 c9 28 50 | XCBC: MAC 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | xcbc: release k1-key@0x564021e04570 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd600 | result: xcbc-key@0x564021e06230 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021e06230 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5e8 | result: xcbc-key@0x564021e04570 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x564021e06230 | PRF symkey interface: release key-key@0x564021dfb870 | PRF symkey interface PRF aes_xcbc final-key@0x564021e04570 (size 16) | PRF symkey interface: key-key@0x564021e04570 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x564021e04570 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) extracting all 16 bytes of key@0x564021e04570 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): symkey-key@0x564021e04570 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): new slot-key@0x564021dfdd40 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)541704665: ffffff9f ffffffd0 fffffffa 26 fffffff2 ffffffd4 22 ffffffea fffffffa 58 ffffffba fffffff7 fffffff3 09 ffffff90 ffffffa2 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): release slot-key-key@0x564021dfdd40 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) extracted len 16 bytes at 0x564021dfd330 | unwrapped: 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): ok | test_prf_vector: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) passed | test_prf_vector: release symkey-key@0x564021e04570 | test_prf_vector: release message-key@0x564021e01140 | test_prf_vector: release key-key@0x564021df9ff0 | test_prf_vector: release output-key@NULL testing HMAC_MD5: RFC 2104: MD5_HMAC test 1 | decode_to_chunk: test_prf_vector: input "0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b" | decode_to_chunk: output: | 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b | decode_to_chunk: test_prf_vector: input "Hi There" | decode_to_chunk: output: | 48 69 20 54 68 65 72 65 | decode_to_chunk: test_prf_vector: input "0x9294727a3638bb1c13f48ef8158bfc9d" | decode_to_chunk: output: | 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | PRF chunk interface PRF md5 init key-chunk@0x564021dfd540 (length 16) | 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd5e0 | result: PRF chunk interface-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5c8 | result: PRF chunk interface-key@0x564021df9ff0 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF chunk interface: release tmp-key@0x564021e01140 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021df9ff0 (16-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff864dd520 | result: trimed key-key@0x564021e01140 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564021df9ff0 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564021e01140 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff864dd560 | result: result-key@0x564021df9ff0 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF chunk interface PRF md5 crypt-prf@0x564021dfd390 | PRF chunk interface PRF md5 update message-bytes@0x564021dfd330 (length 8) | 48 69 20 54 68 65 72 65 | CONCATENATE_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564021df9ff0 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 16-bytes@0x7fff864dd650 | result: message-key@0x564021e04570 (72-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_bytes: release lhs-key@0x564021df9ff0 | PRF HMAC inner hash hash md5 inner-key@0x564021e04570 (size 72) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x564021e04570 (size 72) | PRF HMAC inner hash: inner-key@0x564021e04570 (72-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x564021dfe060 (length 16) | 90 1d 23 73 2e dc c0 f1 a1 06 53 2f 6b e5 ec eb | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd4e0 | result: PRF HMAC inner hash-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd4c8 | result: PRF HMAC inner hash-key@0x564021df9ff0 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x564021dfb870 | PRF chunk interface: release inner-key@0x564021e04570 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564021e01140 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff864dd550 | result: result-key@0x564021e04570 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564021e04570 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7fff864dd538 | result: result-key@0x564021dfb870 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x564021e04570 | PRF chunk interface: release hashed-inner-key@0x564021df9ff0 | PRF chunk interface: release key-key@0x564021e01140 | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x564021dfb870 (size 80) | PRF HMAC outer hash: outer-key@0x564021dfb870 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final bytes@0x564021df87c0 (length 16) | 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | PRF chunk interface: release outer-key@0x564021dfb870 | PRF chunk interface PRF md5 final-chunk@0x564021df87c0 (length 16) | 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | chunk output 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | verify_chunk_data: RFC 2104: MD5_HMAC test 1: ok | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd660 | result: key symkey-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd648 | result: key symkey-key@0x564021dfb870 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x564021e01140 | PRF symkey interface PRF md5 init key symkey-key@0x564021dfb870 (size 16) | PRF symkey interface: key symkey-key@0x564021dfb870 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface: reference key-key@0x564021dfb870 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021dfb870 (16-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff864dd520 | result: trimed key-key@0x564021e01140 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564021dfb870 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564021e01140 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff864dd560 | result: result-key@0x564021df9ff0 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF symkey interface PRF md5 crypt-prf@0x564021dfddd0 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd660 | result: message symkey-key@0x564021e06230 (24-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 8 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 8-bytes | base: base-key@0x564021e06230 (24-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd648 | result: message symkey-key@0x564021e04570 (8-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x564021e06230 | PRF symkey interface PRF md5 update symkey message-key@0x564021e04570 (size 8) | PRF symkey interface: symkey message-key@0x564021e04570 (8-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564021df9ff0 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7fff864dd678 | result: result-key@0x564021e06230 (72-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x564021df9ff0 | PRF HMAC inner hash hash md5 inner-key@0x564021e06230 (size 72) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x564021e06230 (size 72) | PRF HMAC inner hash: inner-key@0x564021e06230 (72-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x564021dfd130 (length 16) | 90 1d 23 73 2e dc c0 f1 a1 06 53 2f 6b e5 ec eb | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd500 | result: PRF HMAC inner hash-key@0x564021e07b90 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021e07b90 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd4e8 | result: PRF HMAC inner hash-key@0x564021df9ff0 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x564021e07b90 | PRF symkey interface: release inner-key@0x564021e06230 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564021e01140 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff864dd570 | result: result-key@0x564021e06230 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564021e06230 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7fff864dd558 | result: result-key@0x564021e07b90 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x564021e06230 | PRF symkey interface: release hashed-inner-key@0x564021df9ff0 | PRF symkey interface: release key-key@0x564021e01140 | PRF HMAC outer hash hash md5 outer-key@0x564021e07b90 (size 80) | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x564021e07b90 (size 80) | PRF HMAC outer hash: outer-key@0x564021e07b90 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final chunk@0x564021dfe060 (length 16) | 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd5c0 | result: PRF HMAC outer hash-key@0x564021df9ff0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021df9ff0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5a8 | result: PRF HMAC outer hash-key@0x564021e01140 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC outer hash: release tmp-key@0x564021df9ff0 | PRF symkey interface: release outer-key@0x564021e07b90 | : hashed-outer-key@0x564021e01140 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface PRF md5 final-key@0x564021e01140 (size 16) | PRF symkey interface: key-key@0x564021e01140 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x564021e01140 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 2104: MD5_HMAC test 1 extracting all 16 bytes of key@0x564021e01140 | RFC 2104: MD5_HMAC test 1: symkey-key@0x564021e01140 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | RFC 2104: MD5_HMAC test 1: new slot-key@0x564021dfdd40 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)541704665: 76 ffffff92 ffffffdb ffffff8f 24 0f fffffff6 ffffffd0 ffffffc3 ffffffaf 77 7f fffffffb ffffff9a ffffffb8 7c | RFC 2104: MD5_HMAC test 1: release slot-key-key@0x564021dfdd40 | RFC 2104: MD5_HMAC test 1 extracted len 16 bytes at 0x564021dfd130 | unwrapped: 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | verify_chunk_data: RFC 2104: MD5_HMAC test 1: ok | test_prf_vector: RFC 2104: MD5_HMAC test 1 passed | test_prf_vector: release symkey-key@0x564021e01140 | test_prf_vector: release message-key@0x564021e04570 | test_prf_vector: release key-key@0x564021dfb870 | test_prf_vector: release output-key@NULL RFC 2104: MD5_HMAC test 2 | decode_to_chunk: test_prf_vector: input "Jefe" | decode_to_chunk: output: | 4a 65 66 65 | decode_to_chunk: test_prf_vector: input "what do ya want for nothing?" | decode_to_chunk: output: | 77 68 61 74 20 64 6f 20 79 61 20 77 61 6e 74 20 | 66 6f 72 20 6e 6f 74 68 69 6e 67 3f | decode_to_chunk: test_prf_vector: input "0x750c783e6ab0b503eaa86e310a5db738" | decode_to_chunk: output: | 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | PRF chunk interface PRF md5 init key-chunk@0x564021dfddd0 (length 4) | 4a 65 66 65 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd5e0 | result: PRF chunk interface-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 4 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 4-bytes | base: base-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5c8 | result: PRF chunk interface-key@0x564021dfb870 (4-bytes, EXTRACT_KEY_FROM_KEY) | PRF chunk interface: release tmp-key@0x564021e04570 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021dfb870 (4-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff864dd520 | result: trimed key-key@0x564021e04570 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564021dfb870 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564021e04570 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff864dd560 | result: result-key@0x564021dfb870 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF chunk interface PRF md5 crypt-prf@0x564021dfe060 | PRF chunk interface PRF md5 update message-bytes@0x564021dfd9a0 (length 28) | 77 68 61 74 20 64 6f 20 79 61 20 77 61 6e 74 20 | 66 6f 72 20 6e 6f 74 68 69 6e 67 3f | CONCATENATE_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564021dfb870 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 16-bytes@0x7fff864dd650 | result: message-key@0x564021e01140 (92-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_bytes: release lhs-key@0x564021dfb870 | PRF HMAC inner hash hash md5 inner-key@0x564021e01140 (size 92) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x564021e01140 (size 92) | PRF HMAC inner hash: inner-key@0x564021e01140 (92-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x564021df88b0 (length 16) | c3 db 14 c0 65 f5 52 03 b0 33 c8 1a 69 7b 97 c5 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd4e0 | result: PRF HMAC inner hash-key@0x564021e07b90 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021e07b90 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd4c8 | result: PRF HMAC inner hash-key@0x564021dfb870 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x564021e07b90 | PRF chunk interface: release inner-key@0x564021e01140 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564021e04570 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff864dd550 | result: result-key@0x564021e01140 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564021e01140 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7fff864dd538 | result: result-key@0x564021e07b90 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x564021e01140 | PRF chunk interface: release hashed-inner-key@0x564021dfb870 | PRF chunk interface: release key-key@0x564021e04570 | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x564021e07b90 (size 80) | PRF HMAC outer hash: outer-key@0x564021e07b90 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final bytes@0x564021e06390 (length 16) | 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | PRF chunk interface: release outer-key@0x564021e07b90 | PRF chunk interface PRF md5 final-chunk@0x564021e06390 (length 16) | 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | chunk output 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | verify_chunk_data: RFC 2104: MD5_HMAC test 2: ok | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd660 | result: key symkey-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 4 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 4-bytes | base: base-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd648 | result: key symkey-key@0x564021e07b90 (4-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x564021e04570 | PRF symkey interface PRF md5 init key symkey-key@0x564021e07b90 (size 4) | PRF symkey interface: key symkey-key@0x564021e07b90 (4-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface: reference key-key@0x564021e07b90 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e07b90 (4-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff864dd520 | result: trimed key-key@0x564021e04570 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564021e07b90 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564021e04570 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff864dd560 | result: result-key@0x564021dfb870 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF symkey interface PRF md5 crypt-prf@0x564021dfe060 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd660 | result: message symkey-key@0x564021df9ff0 (44-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 28 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 28-bytes | base: base-key@0x564021df9ff0 (44-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd648 | result: message symkey-key@0x564021e01140 (28-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x564021df9ff0 | PRF symkey interface PRF md5 update symkey message-key@0x564021e01140 (size 28) | PRF symkey interface: symkey message-key@0x564021e01140 (28-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564021dfb870 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7fff864dd678 | result: result-key@0x564021df9ff0 (92-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x564021dfb870 | PRF HMAC inner hash hash md5 inner-key@0x564021df9ff0 (size 92) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x564021df9ff0 (size 92) | PRF HMAC inner hash: inner-key@0x564021df9ff0 (92-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x564021dfd310 (length 16) | c3 db 14 c0 65 f5 52 03 b0 33 c8 1a 69 7b 97 c5 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd500 | result: PRF HMAC inner hash-key@0x564021e06230 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021e06230 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd4e8 | result: PRF HMAC inner hash-key@0x564021dfb870 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x564021e06230 | PRF symkey interface: release inner-key@0x564021df9ff0 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564021e04570 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff864dd570 | result: result-key@0x564021df9ff0 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564021df9ff0 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7fff864dd558 | result: result-key@0x564021e06230 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x564021df9ff0 | PRF symkey interface: release hashed-inner-key@0x564021dfb870 | PRF symkey interface: release key-key@0x564021e04570 | PRF HMAC outer hash hash md5 outer-key@0x564021e06230 (size 80) | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x564021e06230 (size 80) | PRF HMAC outer hash: outer-key@0x564021e06230 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final chunk@0x564021df8980 (length 16) | 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd5c0 | result: PRF HMAC outer hash-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5a8 | result: PRF HMAC outer hash-key@0x564021e04570 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC outer hash: release tmp-key@0x564021dfb870 | PRF symkey interface: release outer-key@0x564021e06230 | : hashed-outer-key@0x564021e04570 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface PRF md5 final-key@0x564021e04570 (size 16) | PRF symkey interface: key-key@0x564021e04570 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x564021e04570 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 2104: MD5_HMAC test 2 extracting all 16 bytes of key@0x564021e04570 | RFC 2104: MD5_HMAC test 2: symkey-key@0x564021e04570 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | RFC 2104: MD5_HMAC test 2: new slot-key@0x564021dfdd40 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)541704665: 12 06 ffffffa4 1d 34 63 24 ffffffd4 3c 71 11 ffffffc9 48 23 ffffffc6 51 | RFC 2104: MD5_HMAC test 2: release slot-key-key@0x564021dfdd40 | RFC 2104: MD5_HMAC test 2 extracted len 16 bytes at 0x564021dfd310 | unwrapped: 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | verify_chunk_data: RFC 2104: MD5_HMAC test 2: ok | test_prf_vector: RFC 2104: MD5_HMAC test 2 passed | test_prf_vector: release symkey-key@0x564021e04570 | test_prf_vector: release message-key@0x564021e01140 | test_prf_vector: release key-key@0x564021e07b90 | test_prf_vector: release output-key@NULL RFC 2104: MD5_HMAC test 3 | decode_to_chunk: test_prf_vector: input "0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" | decode_to_chunk: output: | aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa | decode_to_chunk: test_prf_vector: input "0xDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD" | decode_to_chunk: output: | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd | decode_to_chunk: test_prf_vector: input "0x56be34521d144c88dbb8c733f0e8b3f6" | decode_to_chunk: output: | 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | PRF chunk interface PRF md5 init key-chunk@0x564021dfe060 (length 16) | aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd5e0 | result: PRF chunk interface-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5c8 | result: PRF chunk interface-key@0x564021e07b90 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF chunk interface: release tmp-key@0x564021e01140 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e07b90 (16-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff864dd520 | result: trimed key-key@0x564021e01140 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564021e07b90 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564021e01140 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff864dd560 | result: result-key@0x564021e07b90 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF chunk interface PRF md5 crypt-prf@0x564021df8980 | PRF chunk interface PRF md5 update message-bytes@0x564021dfd350 (length 50) | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd | CONCATENATE_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564021e07b90 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 16-bytes@0x7fff864dd650 | result: message-key@0x564021e04570 (114-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_bytes: release lhs-key@0x564021e07b90 | PRF HMAC inner hash hash md5 inner-key@0x564021e04570 (size 114) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x564021e04570 (size 114) | PRF HMAC inner hash: inner-key@0x564021e04570 (114-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x564021dfd540 (length 16) | 82 0a 6b 33 5d 18 7b 90 dc ba b1 7e f5 b4 26 ff | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd4e0 | result: PRF HMAC inner hash-key@0x564021e06230 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021e06230 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd4c8 | result: PRF HMAC inner hash-key@0x564021e07b90 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x564021e06230 | PRF chunk interface: release inner-key@0x564021e04570 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564021e01140 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff864dd550 | result: result-key@0x564021e04570 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564021e04570 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7fff864dd538 | result: result-key@0x564021e06230 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x564021e04570 | PRF chunk interface: release hashed-inner-key@0x564021e07b90 | PRF chunk interface: release key-key@0x564021e01140 | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x564021e06230 (size 80) | PRF HMAC outer hash: outer-key@0x564021e06230 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final bytes@0x564021df88b0 (length 16) | 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | PRF chunk interface: release outer-key@0x564021e06230 | PRF chunk interface PRF md5 final-chunk@0x564021df88b0 (length 16) | 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | chunk output 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | verify_chunk_data: RFC 2104: MD5_HMAC test 3: ok | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd660 | result: key symkey-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd648 | result: key symkey-key@0x564021e06230 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x564021e01140 | PRF symkey interface PRF md5 init key symkey-key@0x564021e06230 (size 16) | PRF symkey interface: key symkey-key@0x564021e06230 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface: reference key-key@0x564021e06230 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e06230 (16-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff864dd520 | result: trimed key-key@0x564021e01140 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564021e06230 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564021e01140 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff864dd560 | result: result-key@0x564021e07b90 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF symkey interface PRF md5 crypt-prf@0x564021df8980 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd660 | result: message symkey-key@0x564021dfb870 (66-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 50 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 50-bytes | base: base-key@0x564021dfb870 (66-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd648 | result: message symkey-key@0x564021e04570 (50-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x564021dfb870 | PRF symkey interface PRF md5 update symkey message-key@0x564021e04570 (size 50) | PRF symkey interface: symkey message-key@0x564021e04570 (50-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564021e07b90 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7fff864dd678 | result: result-key@0x564021dfb870 (114-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x564021e07b90 | PRF HMAC inner hash hash md5 inner-key@0x564021dfb870 (size 114) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x564021dfb870 (size 114) | PRF HMAC inner hash: inner-key@0x564021dfb870 (114-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x564021dfd3e0 (length 16) | 82 0a 6b 33 5d 18 7b 90 dc ba b1 7e f5 b4 26 ff | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd500 | result: PRF HMAC inner hash-key@0x564021df9ff0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021df9ff0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd4e8 | result: PRF HMAC inner hash-key@0x564021e07b90 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x564021df9ff0 | PRF symkey interface: release inner-key@0x564021dfb870 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564021e01140 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff864dd570 | result: result-key@0x564021dfb870 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x564021dfb870 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7fff864dd558 | result: result-key@0x564021df9ff0 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x564021dfb870 | PRF symkey interface: release hashed-inner-key@0x564021e07b90 | PRF symkey interface: release key-key@0x564021e01140 | PRF HMAC outer hash hash md5 outer-key@0x564021df9ff0 (size 80) | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x564021df9ff0 (size 80) | PRF HMAC outer hash: outer-key@0x564021df9ff0 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final chunk@0x564021dfd330 (length 16) | 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864dd5c0 | result: PRF HMAC outer hash-key@0x564021e07b90 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x564021e07b90 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864dd5a8 | result: PRF HMAC outer hash-key@0x564021e01140 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC outer hash: release tmp-key@0x564021e07b90 | PRF symkey interface: release outer-key@0x564021df9ff0 | : hashed-outer-key@0x564021e01140 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface PRF md5 final-key@0x564021e01140 (size 16) | PRF symkey interface: key-key@0x564021e01140 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x564021e01140 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 2104: MD5_HMAC test 3 extracting all 16 bytes of key@0x564021e01140 | RFC 2104: MD5_HMAC test 3: symkey-key@0x564021e01140 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | RFC 2104: MD5_HMAC test 3: new slot-key@0x564021dfdd40 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)541704665: 4e ffffffe5 fffffffa ffffffd6 ffffff8d ffffffdd 41 ffffffd3 35 ffffffbd ffffffc4 ffffff83 7c ffffff86 3e 5b | RFC 2104: MD5_HMAC test 3: release slot-key-key@0x564021dfdd40 | RFC 2104: MD5_HMAC test 3 extracted len 16 bytes at 0x564021dfd3e0 | unwrapped: 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | verify_chunk_data: RFC 2104: MD5_HMAC test 3: ok | test_prf_vector: RFC 2104: MD5_HMAC test 3 passed | test_prf_vector: release symkey-key@0x564021e01140 | test_prf_vector: release message-key@0x564021e04570 | test_prf_vector: release key-key@0x564021e06230 | test_prf_vector: release output-key@NULL 8 CPU cores online starting up 7 crypto helpers started thread for crypto helper 0 started thread for crypto helper 1 started thread for crypto helper 2 started thread for crypto helper 3 started thread for crypto helper 4 started thread for crypto helper 5 started thread for crypto helper 6 | checking IKEv1 state table | MAIN_R0: category: half-open IKE SA flags: 0: | -> MAIN_R1 EVENT_SO_DISCARD | MAIN_I1: category: half-open IKE SA flags: 0: | -> MAIN_I2 EVENT_RETRANSMIT | MAIN_R1: category: open IKE SA flags: 200: | -> MAIN_R2 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_I2: category: open IKE SA flags: 0: | -> MAIN_I3 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_R2: category: open IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | -> MAIN_R3 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_I3: category: open IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | -> MAIN_I4 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_R3: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | MAIN_I4: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | AGGR_R0: category: half-open IKE SA flags: 0: | -> AGGR_R1 EVENT_SO_DISCARD | AGGR_I1: category: half-open IKE SA flags: 0: | -> AGGR_I2 EVENT_SA_REPLACE | -> AGGR_I2 EVENT_SA_REPLACE | AGGR_R1: category: open IKE SA flags: 200: | -> AGGR_R2 EVENT_SA_REPLACE | -> AGGR_R2 EVENT_SA_REPLACE | AGGR_I2: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | AGGR_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | QUICK_R0: category: established CHILD SA flags: 0: | -> QUICK_R1 EVENT_RETRANSMIT | QUICK_I1: category: established CHILD SA flags: 0: | -> QUICK_I2 EVENT_SA_REPLACE | QUICK_R1: category: established CHILD SA flags: 0: | -> QUICK_R2 EVENT_SA_REPLACE | QUICK_I2: category: established CHILD SA flags: 200: | -> UNDEFINED EVENT_NULL | QUICK_R2: category: established CHILD SA flags: 0: | -> UNDEFINED EVENT_NULL | INFO: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | INFO_PROTECTED: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | XAUTH_R0: category: established IKE SA flags: 0: | -> XAUTH_R1 EVENT_NULL | XAUTH_R1: category: established IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | MODE_CFG_R0: category: informational flags: 0: | -> MODE_CFG_R1 EVENT_SA_REPLACE | MODE_CFG_R1: category: established IKE SA flags: 0: | -> MODE_CFG_R2 EVENT_SA_REPLACE | MODE_CFG_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | MODE_CFG_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | XAUTH_I0: category: established IKE SA flags: 0: | -> XAUTH_I1 EVENT_RETRANSMIT | XAUTH_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_RETRANSMIT | checking IKEv2 state table | PARENT_I0: category: ignore flags: 0: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) | PARENT_I1: category: half-open IKE SA flags: 0: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) | PARENT_I2: category: open IKE SA flags: 0: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) | PARENT_I3: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) | PARENT_R0: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) | PARENT_R1: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) | PARENT_R2: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) | V2_CREATE_I0: category: established IKE SA flags: 0: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) | V2_CREATE_I: category: established IKE SA flags: 0: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) | V2_REKEY_IKE_I: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: | V2_CREATE_R: category: established IKE SA flags: 0: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) | V2_REKEY_IKE_R: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: | V2_IPSEC_I: category: established CHILD SA flags: 0: | V2_IPSEC_R: category: established CHILD SA flags: 0: | IKESA_DEL: category: established IKE SA flags: 0: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) | CHILDSA_DEL: category: informational flags: 0: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ | Hard-wiring algorithms | adding AES_CCM_16 to kernel algorithm db | adding AES_CCM_12 to kernel algorithm db | adding AES_CCM_8 to kernel algorithm db | adding 3DES_CBC to kernel algorithm db | adding CAMELLIA_CBC to kernel algorithm db | adding AES_GCM_16 to kernel algorithm db | adding AES_GCM_12 to kernel algorithm db | adding AES_GCM_8 to kernel algorithm db | adding AES_CTR to kernel algorithm db | adding AES_CBC to kernel algorithm db | adding SERPENT_CBC to kernel algorithm db | adding TWOFISH_CBC to kernel algorithm db | adding NULL_AUTH_AES_GMAC to kernel algorithm db | adding NULL to kernel algorithm db | adding CHACHA20_POLY1305 to kernel algorithm db | adding HMAC_MD5_96 to kernel algorithm db | adding HMAC_SHA1_96 to kernel algorithm db | adding HMAC_SHA2_512_256 to kernel algorithm db | adding HMAC_SHA2_384_192 to kernel algorithm db | adding HMAC_SHA2_256_128 to kernel algorithm db | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db | adding AES_XCBC_96 to kernel algorithm db | adding AES_CMAC_96 to kernel algorithm db | adding NONE to kernel algorithm db | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds | setup kernel fd callback | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x564021dfd350 | libevent_malloc: new ptr-libevent@0x564021e0a060 size 128 | libevent_malloc: new ptr-libevent@0x564021df8980 size 16 | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x564021df8360 | libevent_malloc: new ptr-libevent@0x564021e0a0f0 size 128 | libevent_malloc: new ptr-libevent@0x564021dfd3e0 size 16 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c046b (length 11) | 4b 41 4d 45 2f 72 61 63 6f 6f 6e | vendor id hash md5 final bytes@0x564021dfd130 (length 16) | 70 03 cb c1 09 7d be 9c 26 00 ba 69 83 bc 8b 35 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c1260 (length 46) | 4e 4c 42 53 5f 50 52 45 53 45 4e 54 28 4e 4c 42 | 2f 4d 53 43 53 20 66 61 73 74 20 66 61 69 6c 6f | 76 65 72 20 73 75 70 70 6f 72 74 65 64 29 | vendor id hash md5 final bytes@0x564021dfddd0 (length 16) | ec 22 62 b5 12 32 63 83 67 12 3b ce 3d 37 3c 5e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c1290 (length 32) | 4d 53 2d 4d 61 6d 69 65 45 78 69 73 74 73 28 41 | 75 74 68 49 50 20 73 75 70 70 6f 72 74 65 64 29 | vendor id hash md5 final bytes@0x564021dfd310 (length 16) | 6f fe a4 ae ec 37 f4 9a 02 6f 97 cf b5 53 30 6d | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c05ee (length 17) | 49 4b 45 20 43 47 41 20 76 65 72 73 69 6f 6e 20 | 31 | vendor id hash md5 final bytes@0x564021df88b0 (length 16) | e3 a5 96 6a 76 37 9f e7 07 22 82 31 e5 ce 86 52 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c12b8 (length 32) | 4d 53 2d 4e 65 67 6f 74 69 61 74 69 6f 6e 20 44 | 69 73 63 6f 76 65 72 79 20 43 61 70 61 62 6c 65 | vendor id hash md5 final bytes@0x564021dfe060 (length 16) | fb 1d e3 cd f3 41 b7 ea 16 b7 e5 be 08 55 f1 20 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0600 (length 23) | 4d 69 63 72 6f 73 6f 66 74 20 58 62 6f 78 20 4f | 6e 65 20 32 30 31 33 | vendor id hash md5 final bytes@0x564021e06370 (length 16) | 8a a3 94 cf 8a 55 77 dc 31 10 c1 13 b0 27 a4 f2 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0618 (length 22) | 58 62 6f 78 20 49 4b 45 76 32 20 4e 65 67 6f 74 | 69 61 74 69 6f 6e | vendor id hash md5 final bytes@0x564021dfd390 (length 16) | aa 28 1f cc d6 8c f8 a8 dc b8 5c c0 a7 10 40 2a | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c062f (length 28) | 4d 53 46 54 20 49 50 73 65 63 20 53 65 63 75 72 | 69 74 79 20 52 65 61 6c 6d 20 49 64 | vendor id hash md5 final bytes@0x564021df87c0 (length 16) | 68 6a 8c bd fe 63 4b 40 51 46 fb 2b af 33 e9 e8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c12e0 (length 39) | 41 20 47 53 53 2d 41 50 49 20 41 75 74 68 65 6e | 74 69 63 61 74 69 6f 6e 20 4d 65 74 68 6f 64 20 | 66 6f 72 20 49 4b 45 | vendor id hash md5 final bytes@0x564021e06390 (length 16) | ad 2c 0d d0 b9 c3 20 83 cc ba 25 b8 86 1e c4 55 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c064c (length 6) | 47 53 53 41 50 49 | vendor id hash md5 final bytes@0x564021e0a300 (length 16) | 62 1b 04 bb 09 88 2a c1 e1 59 35 fe fa 24 ae ee | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0653 (length 12) | 53 53 48 20 53 65 6e 74 69 6e 65 6c | vendor id hash md5 final bytes@0x564021e0a320 (length 16) | 05 41 82 a0 7c 7a e2 06 f9 d2 cf 9d 24 32 c4 82 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0660 (length 16) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 31 | vendor id hash md5 final bytes@0x564021e0a340 (length 16) | b9 16 23 e6 93 ca 18 a5 4c 6a 27 78 55 23 05 e8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0671 (length 16) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 32 | vendor id hash md5 final bytes@0x564021e0a360 (length 16) | 54 30 88 8d e0 1a 31 a6 fa 8f 60 22 4e 44 99 58 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0682 (length 16) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 33 | vendor id hash md5 final bytes@0x564021e0a380 (length 16) | 7e e5 cb 85 f7 1c e2 59 c9 4a 5c 73 1e e4 e7 52 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0693 (length 16) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 34 | vendor id hash md5 final bytes@0x564021e0a3a0 (length 16) | 63 d9 a1 a7 00 94 91 b5 a0 a6 fd eb 2a 82 84 f0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c06a4 (length 18) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 34 | 2e 31 | vendor id hash md5 final bytes@0x564021e0a3c0 (length 16) | eb 4b 0d 96 27 6b 4e 22 0a d1 62 21 a7 b2 a5 e6 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c1308 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 31 2e 30 | vendor id hash md5 final bytes@0x564021e0a3e0 (length 16) | fb f4 76 14 98 40 31 fa 8e 3b b6 19 80 89 b2 23 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c1340 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 31 2e 31 | vendor id hash md5 final bytes@0x564021e0a400 (length 16) | 19 52 dc 91 ac 20 f6 46 fb 01 cf 42 a3 3a ee 30 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c1378 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 31 2e 32 | vendor id hash md5 final bytes@0x564021e0a420 (length 16) | e8 bf fa 64 3e 5c 8f 2c d1 0f da 73 70 b6 eb e5 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c13b0 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 32 2e 31 | vendor id hash md5 final bytes@0x564021e0a440 (length 16) | c1 11 1b 2d ee 8c bc 3d 62 05 73 ec 57 aa b9 cb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c13e8 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 32 2e 32 | vendor id hash md5 final bytes@0x564021e0a460 (length 16) | 09 ec 27 bf bc 09 c7 58 23 cf ec bf fe 56 5a 2e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c1420 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 32 2e 30 2e 30 | vendor id hash md5 final bytes@0x564021e0a480 (length 16) | 7f 21 a5 96 e4 e3 18 f0 b2 f4 94 4c 23 84 cb 84 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c1458 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 32 2e 31 2e 30 | vendor id hash md5 final bytes@0x564021e0a4a0 (length 16) | 28 36 d1 fd 28 07 bc 9e 5a e3 07 86 32 04 51 ec | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c1490 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 32 2e 31 2e 31 | vendor id hash md5 final bytes@0x564021e0a4c0 (length 16) | a6 8d e7 56 a9 c5 22 9b ae 66 49 80 40 95 1a d5 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c14c8 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 32 2e 31 2e 32 | vendor id hash md5 final bytes@0x564021e0a4e0 (length 16) | 3f 23 72 86 7e 23 7c 1c d8 25 0a 75 55 9c ae 20 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c1500 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 33 2e 30 2e 30 | vendor id hash md5 final bytes@0x564021e0a500 (length 16) | 0e 58 d5 77 4d f6 02 00 7d 0b 02 44 36 60 f7 eb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c1538 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 33 2e 30 2e 31 | vendor id hash md5 final bytes@0x564021e0a520 (length 16) | f5 ce 31 eb c2 10 f4 43 50 cf 71 26 5b 57 38 0f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c1570 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 34 2e 30 2e 30 | vendor id hash md5 final bytes@0x564021e0a540 (length 16) | f6 42 60 af 2e 27 42 da dd d5 69 87 06 8a 99 a0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c15a8 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 34 2e 30 2e 31 | vendor id hash md5 final bytes@0x564021e0a560 (length 16) | 7a 54 d3 bd b3 b1 e6 d9 23 89 20 64 be 2d 98 1c | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c15e0 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 34 2e 31 2e 30 | vendor id hash md5 final bytes@0x564021e0a580 (length 16) | 9a a1 f3 b4 34 72 a4 5d 5f 50 6a eb 26 0c f2 14 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c1618 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 34 2e 32 2e 30 | vendor id hash md5 final bytes@0x564021e0a5a0 (length 16) | 68 80 c7 d0 26 09 91 14 e4 86 c5 54 30 e7 ab ee | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c1650 (length 41) | 4c 69 6e 75 78 20 46 72 65 65 53 2f 57 41 4e 20 | 32 2e 30 30 20 50 4c 55 54 4f 5f 53 45 4e 44 53 | 5f 56 45 4e 44 4f 52 49 44 | vendor id hash md5 final bytes@0x7fff864dd750 (length 16) | 44 76 1b d7 6b 80 85 41 74 87 ee 8a 51 cf fc f3 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c1680 (length 53) | 4c 69 6e 75 78 20 46 72 65 65 53 2f 57 41 4e 20 | 32 2e 30 30 20 58 2e 35 30 39 2d 31 2e 33 2e 31 | 20 50 4c 55 54 4f 5f 53 45 4e 44 53 5f 56 45 4e | 44 4f 52 49 44 | vendor id hash md5 final bytes@0x7fff864dd750 (length 16) | b7 0e 8a c3 92 b1 6e 05 48 2f c4 dc 36 10 91 68 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c16b8 (length 58) | 4c 69 6e 75 78 20 46 72 65 65 53 2f 57 41 4e 20 | 32 2e 30 30 20 58 2e 35 30 39 2d 31 2e 33 2e 31 | 20 4c 44 41 50 20 50 4c 55 54 4f 5f 53 45 4e 44 | 53 5f 56 45 4e 44 4f 52 49 44 | vendor id hash md5 final bytes@0x7fff864dd750 (length 16) | 97 1d ea 93 c3 c2 06 74 f9 ae 35 40 83 de 3e 2f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0791 (length 14) | 4f 70 65 6e 73 77 61 6e 20 32 2e 32 2e 30 | vendor id hash md5 final bytes@0x7fff864dd750 (length 16) | 08 72 0b ee 9e 28 95 3c e0 8f 0a 18 b6 e2 9d da | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c1720 (length 37) | 64 72 61 66 74 2d 73 74 65 6e 62 65 72 67 2d 69 | 70 73 65 63 2d 6e 61 74 2d 74 72 61 76 65 72 73 | 61 6c 2d 30 31 | vendor id hash md5 final bytes@0x564021e0a7a0 (length 16) | 27 ba b5 dc 01 ea 07 60 ea 4e 31 90 ac 27 c0 d0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c1748 (length 37) | 64 72 61 66 74 2d 73 74 65 6e 62 65 72 67 2d 69 | 70 73 65 63 2d 6e 61 74 2d 74 72 61 76 65 72 73 | 61 6c 2d 30 32 | vendor id hash md5 final bytes@0x564021e0a7c0 (length 16) | 61 05 c4 22 e7 68 47 e4 3f 96 84 80 12 92 ae cd | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c07b9 (length 10) | 45 53 50 54 68 72 75 4e 41 54 | vendor id hash md5 final bytes@0x564021e0a7e0 (length 16) | 50 76 0f 62 4c 63 e5 c5 3e ea 38 6c 68 5c a0 83 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c1770 (length 38) | 64 72 61 66 74 2d 68 75 74 74 75 6e 65 6e 2d 69 | 70 73 65 63 2d 65 73 70 2d 69 6e 2d 75 64 70 2d | 30 30 2e 74 78 74 | vendor id hash md5 final bytes@0x564021e0a800 (length 16) | 6a 74 34 c1 9d 7e 36 34 80 90 a0 23 34 c9 c8 05 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c07c4 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 30 | vendor id hash md5 final bytes@0x564021e0a820 (length 16) | 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c07e2 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 31 | vendor id hash md5 final bytes@0x564021e0a840 (length 16) | 16 f6 ca 16 e4 a4 06 6d 83 82 1a 0f 0a ea a8 62 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0800 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 32 | vendor id hash md5 final bytes@0x564021e0a860 (length 16) | cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c1798 (length 30) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 32 0a | vendor id hash md5 final bytes@0x564021e0a880 (length 16) | 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c081e (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 33 | vendor id hash md5 final bytes@0x564021e0a8a0 (length 16) | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c083c (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 34 | vendor id hash md5 final bytes@0x564021e0a8c0 (length 16) | 99 09 b6 4e ed 93 7c 65 73 de 52 ac e9 52 fa 6b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c085a (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 35 | vendor id hash md5 final bytes@0x564021e0a8e0 (length 16) | 80 d0 bb 3d ef 54 56 5e e8 46 45 d4 c8 5c e3 ee | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0878 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 36 | vendor id hash md5 final bytes@0x564021e0a900 (length 16) | 4d 1e 0e 13 6d ea fa 34 c4 f3 ea 9f 02 ec 72 85 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0896 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 37 | vendor id hash md5 final bytes@0x564021e0a920 (length 16) | 43 9b 59 f8 ba 67 6c 4c 77 37 ae 22 ea b8 f5 82 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c08b4 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 38 | vendor id hash md5 final bytes@0x564021e0a940 (length 16) | 8f 8d 83 82 6d 24 6b 6f c7 a8 a6 a4 28 c1 1d e8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c08d2 (length 26) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 | vendor id hash md5 final bytes@0x564021e0a960 (length 16) | 4d f3 79 28 e9 fc 4f d1 b3 26 21 70 d5 15 c6 62 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c08ed (length 8) | 52 46 43 20 33 39 34 37 | vendor id hash md5 final bytes@0x564021e0a980 (length 16) | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c9707 (length 13) | 46 52 41 47 4d 45 4e 54 41 54 49 4f 4e | vendor id hash md5 final bytes@0x564021e0a600 (length 16) | 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c099d (length 19) | 56 69 64 2d 49 6e 69 74 69 61 6c 2d 43 6f 6e 74 | 61 63 74 | vendor id hash md5 final bytes@0x564021e0a640 (length 16) | 26 24 4d 38 ed db 61 b3 17 2a 36 e3 d0 cf b8 19 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c12b8 (length 32) | 4d 53 2d 4e 65 67 6f 74 69 61 74 69 6f 6e 20 44 | 69 73 63 6f 76 65 72 79 20 43 61 70 61 62 6c 65 | vendor id hash md5 final bytes@0x564021e0a620 (length 16) | fb 1d e3 cd f3 41 b7 ea 16 b7 e5 be 08 55 f1 20 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c05ee (length 17) | 49 4b 45 20 43 47 41 20 76 65 72 73 69 6f 6e 20 | 31 | vendor id hash md5 final bytes@0x564021e0a6d0 (length 16) | e3 a5 96 6a 76 37 9f e7 07 22 82 31 e5 ce 86 52 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c09b1 (length 14) | 4d 53 2d 4d 61 6d 69 65 45 78 69 73 74 73 | vendor id hash md5 final bytes@0x564021e0a6f0 (length 16) | 21 4c a4 fa ff a7 f3 2d 67 48 e5 30 33 95 ae 83 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204afbfd (length 10) | 73 74 72 6f 6e 67 53 77 61 6e | vendor id hash md5 final bytes@0x564021e0a710 (length 16) | 88 2f e5 6d 6f d2 0d bc 22 51 61 3b 2e be 5b eb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c09c0 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 30 | vendor id hash md5 final bytes@0x564021e0a6b0 (length 16) | 2c e9 c9 46 a4 c8 79 bf 11 b5 0b 76 cc 56 92 cb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c09d1 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 31 | vendor id hash md5 final bytes@0x564021e0ab40 (length 16) | 9d bb af cf 1d b0 dd 59 5a e0 65 29 40 03 ad 3e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c09e2 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 32 | vendor id hash md5 final bytes@0x564021e0ab60 (length 16) | 77 e8 ee a6 f5 56 a4 99 de 3f fe 7f 7f 95 66 1c | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c09f3 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 33 | vendor id hash md5 final bytes@0x564021e0ab80 (length 16) | b1 81 b1 8e 11 4f c2 09 b3 c6 e2 6c 3a 80 71 8e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0a04 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 34 | vendor id hash md5 final bytes@0x564021e0aba0 (length 16) | 1e f2 83 f8 35 49 b5 ff 96 08 b6 d6 34 f8 4d 75 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0a15 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 35 | vendor id hash md5 final bytes@0x564021e0abc0 (length 16) | dd 18 0d 21 e5 ce 65 5a 76 8b a3 22 11 dd 8a d9 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0a26 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 36 | vendor id hash md5 final bytes@0x564021e0abe0 (length 16) | 4c 90 13 69 46 57 7b 51 91 9d 8d 9a 6b 8e 4a 9f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0a37 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 37 | vendor id hash md5 final bytes@0x564021e0ac00 (length 16) | ab 07 46 22 1c c8 fd 0d 52 38 f7 3a 9b 3d a5 57 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0a48 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 30 | vendor id hash md5 final bytes@0x564021e0ac20 (length 16) | 47 94 ce f6 84 34 22 98 0d 1a 3d 06 af 41 c5 cd | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0a59 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 31 | vendor id hash md5 final bytes@0x564021e0ac40 (length 16) | d3 f1 c4 88 c3 68 17 5d 5f 40 a8 f5 ca 5f 5e 12 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0a6a (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 32 | vendor id hash md5 final bytes@0x564021e0ac60 (length 16) | 15 a1 ac e7 ee 52 fd df ef 04 f9 28 db 2d d1 34 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0a7b (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 33 | vendor id hash md5 final bytes@0x564021e0ac80 (length 16) | 58 49 ab 6d 8b ea bd 6e 4d 09 e5 a3 b8 8c 08 9a | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0a8c (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 34 | vendor id hash md5 final bytes@0x564021e0aca0 (length 16) | 31 2f 9c b1 a6 b9 0e 19 de 75 28 c9 04 ac 30 87 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0a9d (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 35 | vendor id hash md5 final bytes@0x564021e0acc0 (length 16) | bf 0f bf 73 06 eb b7 82 70 42 d8 93 53 98 86 e2 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0aae (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 36 | vendor id hash md5 final bytes@0x564021e0ace0 (length 16) | d1 96 83 36 8a f4 b0 ed c2 1c cd e9 82 b1 d1 b0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0abf (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 37 | vendor id hash md5 final bytes@0x564021e0ad00 (length 16) | ea 84 0a a4 df c9 71 2d 6c 32 b5 a1 6e b3 29 a3 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0ad0 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 38 | vendor id hash md5 final bytes@0x564021e0ad20 (length 16) | 66 a2 04 55 07 c1 19 da 78 a4 66 62 59 cd ea 48 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0ae1 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 39 | vendor id hash md5 final bytes@0x564021e0ad40 (length 16) | 78 fd d2 87 de f0 1a 3f 07 4b 53 69 ea b4 fd 1c | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0af2 (length 17) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 31 | 30 | vendor id hash md5 final bytes@0x564021e0ad60 (length 16) | bf 3a 89 ae 5b ef 8e 72 d4 4d ac 8b b8 8d 7d 5f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0b04 (length 17) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 31 | 31 | vendor id hash md5 final bytes@0x564021e0ad80 (length 16) | b7 bd 9f 2f 97 8e 32 59 a7 aa 9f 7a 13 96 ad 6c | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0b16 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 32 2e 30 | vendor id hash md5 final bytes@0x564021e0ada0 (length 16) | 9f 68 90 13 25 a9 72 89 43 35 30 2a 95 31 ab 9f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0b27 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 32 2e 31 | vendor id hash md5 final bytes@0x564021e0adc0 (length 16) | ba b2 53 f4 cb 10 a8 10 8a 7c 92 7c 56 c8 78 86 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0b38 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 32 2e 32 | vendor id hash md5 final bytes@0x564021e0ade0 (length 16) | 2a 51 7d 0d 23 c3 7d 08 bc e7 c2 92 a0 21 7b 39 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0b49 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 32 2e 33 | vendor id hash md5 final bytes@0x564021e0ae00 (length 16) | 2d 1f 40 61 18 fb d5 d2 84 74 79 1f fa 00 48 8a | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0b5a (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 38 | vendor id hash md5 final bytes@0x564021e0ae20 (length 16) | 8c 4a 3b cb 72 9b 11 f7 03 d2 2a 5b 39 64 0c a8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0b6b (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 37 | vendor id hash md5 final bytes@0x564021e0ae40 (length 16) | 3a 0d 4e 7c a4 e4 92 ed 4d fe 47 6d 1a c6 01 8b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0b7c (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 36 | vendor id hash md5 final bytes@0x564021e0ae60 (length 16) | fe 3f 49 70 6e 26 a9 fb 36 a8 7b fc e9 ea 36 ce | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0b8d (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 35 | vendor id hash md5 final bytes@0x564021e0ae80 (length 16) | 4c 7e fa 31 b3 9e 51 04 32 a3 17 57 0d 97 bb b9 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0b9e (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 34 | vendor id hash md5 final bytes@0x564021e0aea0 (length 16) | 76 c7 2b fd 39 84 24 dd 00 1b 86 d0 01 2f e0 61 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0baf (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 33 | vendor id hash md5 final bytes@0x564021e0aec0 (length 16) | fb 46 41 ad 0e eb 2a 34 49 1d 15 f4 ef f5 10 63 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0bc0 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 32 | vendor id hash md5 final bytes@0x564021e0aee0 (length 16) | 29 99 32 27 7b 7d fe 38 2c e2 34 65 33 3a 7d 23 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0bd1 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 31 | vendor id hash md5 final bytes@0x564021e0af00 (length 16) | e3 7f 2d 5b a8 9a 62 cd 20 2e e2 7d ac 06 c8 a8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0be2 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 30 | vendor id hash md5 final bytes@0x564021e0af20 (length 16) | 32 f0 e9 b9 c0 6d fe 8c 9a d5 59 9a 63 69 71 a1 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0bf3 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 37 2e 33 | vendor id hash md5 final bytes@0x564021e0af40 (length 16) | 7f 50 cc 4e bf 04 c2 d9 da 73 ab fd 69 b7 7a a2 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0c04 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 37 2e 32 | vendor id hash md5 final bytes@0x564021e0af60 (length 16) | a1 94 e2 aa dd d0 ba fb 95 25 3d d9 6d c7 33 eb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0c15 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 37 2e 31 | vendor id hash md5 final bytes@0x564021e0af80 (length 16) | 81 34 87 85 82 12 17 85 ba 65 ea 34 5d 6b a7 24 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0c26 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 37 2e 30 | vendor id hash md5 final bytes@0x564021e0afa0 (length 16) | 07 fa 12 8e 47 54 f9 44 7b 1d d4 63 74 ee f3 60 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0c37 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 34 | vendor id hash md5 final bytes@0x564021e0afc0 (length 16) | b9 27 f9 52 19 a0 fe 36 00 db a3 c1 18 2a e5 5f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0c48 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 33 | vendor id hash md5 final bytes@0x564021e0afe0 (length 16) | b2 86 0e 78 37 f7 11 be f3 d0 ee b1 06 87 2d ed | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0c59 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 32 | vendor id hash md5 final bytes@0x564021e0b000 (length 16) | 5b 1c d6 fe 7d 05 0e da 6c 93 87 1c 10 7d b3 d2 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0c6a (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 31 | vendor id hash md5 final bytes@0x564021e0b020 (length 16) | 66 af bc 12 bb fe 6c e1 08 b1 f6 9f 4b c9 17 b7 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0c7b (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 30 | vendor id hash md5 final bytes@0x564021e0b040 (length 16) | 3f 32 66 49 9f fd bd 85 95 0e 70 22 98 06 28 44 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0c8c (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 37 | vendor id hash md5 final bytes@0x564021e0b060 (length 16) | 1f 44 42 29 6b 83 d7 e3 3a 8b 45 20 9b a0 e5 90 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0c9d (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 36 | vendor id hash md5 final bytes@0x564021e0b080 (length 16) | 3c 5e ba 3d 85 64 92 8e 32 ae 43 c3 d9 92 4d ee | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0cae (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 35 | vendor id hash md5 final bytes@0x564021e0b0a0 (length 16) | 3f 26 7e d6 21 ad a7 ee 6c 7d 88 93 cc b0 b1 4b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0cbf (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 34 | vendor id hash md5 final bytes@0x564021e0b0c0 (length 16) | 7a 6b f5 b7 df 89 64 2a 75 a7 8e f7 d6 57 c1 c0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0cd0 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 33 | vendor id hash md5 final bytes@0x564021e0b0e0 (length 16) | df 5b 1f 0f 1d 56 79 d9 f8 51 2b 16 c5 5a 60 65 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0ce1 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 32 | vendor id hash md5 final bytes@0x564021e0b100 (length 16) | 86 1c e5 eb 72 16 4b 19 0e 9e 62 9a 31 cf 49 01 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0cf2 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 31 | vendor id hash md5 final bytes@0x564021e0b120 (length 16) | 9a 4a 46 48 f6 0f 8e da 7c fc bf e2 71 ee 5b 7d | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0d03 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 30 | vendor id hash md5 final bytes@0x564021e0b140 (length 16) | 9e b3 d9 07 ed 7a da 4e 3c bc ac b9 17 ab c8 e4 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0d14 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 34 | vendor id hash md5 final bytes@0x564021e0b160 (length 16) | 48 5a 70 36 1b 44 33 b3 1d ea 1c 6b e0 df 24 3e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0d25 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 33 | vendor id hash md5 final bytes@0x564021e0b180 (length 16) | 98 2b 7a 06 3a 33 c1 43 a8 ea dc 88 24 9f 6b cc | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0d36 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 32 | vendor id hash md5 final bytes@0x564021e0b1a0 (length 16) | e7 a3 fd 0c 6d 77 1a 8f 1b 8a 86 a4 16 9c 9e a4 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0d47 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 31 | vendor id hash md5 final bytes@0x564021e0b1c0 (length 16) | 75 b0 65 3c b2 81 eb 26 d3 1e de 38 c8 e1 e2 28 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0d58 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 30 | vendor id hash md5 final bytes@0x564021e0b1e0 (length 16) | e8 29 c8 81 49 ba b3 c0 ce e8 5d a6 0e 18 ae 9b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0d69 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 33 2e 32 | vendor id hash md5 final bytes@0x564021e0b200 (length 16) | 42 a4 83 4c 92 ab 9a 77 77 06 3a fa 25 4b cb 69 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0d7a (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 33 2e 31 | vendor id hash md5 final bytes@0x564021e0b220 (length 16) | f6 97 c1 af cc 2e c8 dd cd f9 9d c7 af 03 a6 7f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0d8b (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 33 2e 30 | vendor id hash md5 final bytes@0x564021e0b240 (length 16) | b8 f9 2b 2f a2 d3 fe 5f e1 58 34 4b da 1c c6 ae | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0d9c (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 32 2e 32 | vendor id hash md5 final bytes@0x564021e0b260 (length 16) | 99 dc 7c c8 23 37 6b 3b 33 d0 43 57 89 6a e0 7b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0dad (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 32 2e 31 | vendor id hash md5 final bytes@0x564021e0b280 (length 16) | d9 11 8b 1e 9d e5 ef ce d9 cc 9d 88 3f 21 68 ff | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c0dbe (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 32 2e 30 | vendor id hash md5 final bytes@0x564021e0b2a0 (length 16) | 85 b6 cb ec 48 0d 5c 8c d9 88 2c 82 5a c2 c2 44 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5640204c9707 (length 13) | 46 52 41 47 4d 45 4e 54 41 54 49 4f 4e | vendor id hash md5 final bytes@0x564021e0b2c0 (length 16) | 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | global one-shot timer EVENT_CHECK_CRLS initialized selinux support is enabled. systemd watchdog not enabled - not sending watchdog keepalives | unbound context created - setting debug level to 5 | /etc/hosts lookups activated | /etc/resolv.conf usage activated | outgoing-port-avoid set 0-65535 | outgoing-port-permit set 32768-60999 | Loading dnssec root key from:/var/lib/unbound/root.key | No additional dnssec trust anchors defined via dnssec-trusted= option | Setting up events, loop start | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x564021dfd260 | libevent_malloc: new ptr-libevent@0x564021e145a0 size 128 | libevent_malloc: new ptr-libevent@0x564021e14630 size 16 | libevent_realloc: new ptr-libevent@0x564021d785b0 size 256 | libevent_malloc: new ptr-libevent@0x564021e14650 size 8 | libevent_realloc: new ptr-libevent@0x564021e09370 size 144 | libevent_malloc: new ptr-libevent@0x564021e14670 size 152 | libevent_malloc: new ptr-libevent@0x564021e14710 size 16 | signal event handler PLUTO_SIGCHLD installed | libevent_malloc: new ptr-libevent@0x564021e14730 size 8 | libevent_malloc: new ptr-libevent@0x564021e14750 size 152 | signal event handler PLUTO_SIGTERM installed | libevent_malloc: new ptr-libevent@0x564021e147f0 size 8 | libevent_malloc: new ptr-libevent@0x564021e14810 size 152 | signal event handler PLUTO_SIGHUP installed | libevent_malloc: new ptr-libevent@0x564021e148b0 size 8 | libevent_realloc: release ptr-libevent@0x564021e09370 | libevent_realloc: new ptr-libevent@0x564021e148d0 size 256 | libevent_malloc: new ptr-libevent@0x564021e09370 size 152 | signal event handler PLUTO_SIGSYS installed | created addconn helper (pid:12858) using fork+execve | forked child 12858 | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | pluto_sd: executing action action: reloading(4), status 0 listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.1.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.45 Kernel supports NIC esp-hw-offload adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.45:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth1/eth1 192.1.2.45:4500 adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.1.254:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth0/eth0 192.0.1.254:4500 adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface lo/lo 127.0.0.1:4500 | no interfaces to sort | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | add_fd_read_event_handler: new ethX-pe@0x564021e14c80 | libevent_malloc: new ptr-libevent@0x564021e14cc0 size 128 | libevent_malloc: new ptr-libevent@0x564021e14d50 size 16 | setup callback for interface lo 127.0.0.1:4500 fd 22 | add_fd_read_event_handler: new ethX-pe@0x564021e14d70 | libevent_malloc: new ptr-libevent@0x564021e14db0 size 128 | libevent_malloc: new ptr-libevent@0x564021e14e40 size 16 | setup callback for interface lo 127.0.0.1:500 fd 21 | add_fd_read_event_handler: new ethX-pe@0x564021e14e60 | libevent_malloc: new ptr-libevent@0x564021e14ea0 size 128 | libevent_malloc: new ptr-libevent@0x564021e14f30 size 16 | setup callback for interface eth0 192.0.1.254:4500 fd 20 | add_fd_read_event_handler: new ethX-pe@0x564021e14f50 | libevent_malloc: new ptr-libevent@0x564021e14f90 size 128 | libevent_malloc: new ptr-libevent@0x564021e15020 size 16 | setup callback for interface eth0 192.0.1.254:500 fd 19 | add_fd_read_event_handler: new ethX-pe@0x564021e15040 | libevent_malloc: new ptr-libevent@0x564021e15080 size 128 | libevent_malloc: new ptr-libevent@0x564021e15110 size 16 | setup callback for interface eth1 192.1.2.45:4500 fd 18 | add_fd_read_event_handler: new ethX-pe@0x564021e15130 | libevent_malloc: new ptr-libevent@0x564021e15170 size 128 | libevent_malloc: new ptr-libevent@0x564021e15200 size 16 | setup callback for interface eth1 192.1.2.45:500 fd 17 | certs and keys locked by 'free_preshared_secrets' | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | id type added to secret(0x564021e0a240) PKK_PSK: @west | id type added to secret(0x564021e0a240) PKK_PSK: @east | Processing PSK at line 1: passed | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | pluto_sd: executing action action: ready(5), status 0 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.506 milliseconds in whack | starting up helper thread 2 | status value returned by setting the priority of this thread (crypto helper 2) 22 | crypto helper 2 waiting (nothing to do) | starting up helper thread 3 | status value returned by setting the priority of this thread (crypto helper 3) 22 | crypto helper 3 waiting (nothing to do) | starting up helper thread 4 | status value returned by setting the priority of this thread (crypto helper 4) 22 | crypto helper 4 waiting (nothing to do) | starting up helper thread 5 | status value returned by setting the priority of this thread (crypto helper 5) 22 | crypto helper 5 waiting (nothing to do) | starting up helper thread 6 | status value returned by setting the priority of this thread (crypto helper 6) 22 | crypto helper 6 waiting (nothing to do) | starting up helper thread 1 | status value returned by setting the priority of this thread (crypto helper 1) 22 | crypto helper 1 waiting (nothing to do) | starting up helper thread 0 | status value returned by setting the priority of this thread (crypto helper 0) 22 | crypto helper 0 waiting (nothing to do) | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | pluto_sd: executing action action: reloading(4), status 0 listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.1.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.45 | no interfaces to sort | libevent_free: release ptr-libevent@0x564021e14cc0 | free_event_entry: release EVENT_NULL-pe@0x564021e14c80 | add_fd_read_event_handler: new ethX-pe@0x564021e14c80 | libevent_malloc: new ptr-libevent@0x564021e14cc0 size 128 | setup callback for interface lo 127.0.0.1:4500 fd 22 | libevent_free: release ptr-libevent@0x564021e14db0 | free_event_entry: release EVENT_NULL-pe@0x564021e14d70 | add_fd_read_event_handler: new ethX-pe@0x564021e14d70 | libevent_malloc: new ptr-libevent@0x564021e14db0 size 128 | setup callback for interface lo 127.0.0.1:500 fd 21 | libevent_free: release ptr-libevent@0x564021e14ea0 | free_event_entry: release EVENT_NULL-pe@0x564021e14e60 | add_fd_read_event_handler: new ethX-pe@0x564021e14e60 | libevent_malloc: new ptr-libevent@0x564021e14ea0 size 128 | setup callback for interface eth0 192.0.1.254:4500 fd 20 | libevent_free: release ptr-libevent@0x564021e14f90 | free_event_entry: release EVENT_NULL-pe@0x564021e14f50 | add_fd_read_event_handler: new ethX-pe@0x564021e14f50 | libevent_malloc: new ptr-libevent@0x564021e14f90 size 128 | setup callback for interface eth0 192.0.1.254:500 fd 19 | libevent_free: release ptr-libevent@0x564021e15080 | free_event_entry: release EVENT_NULL-pe@0x564021e15040 | add_fd_read_event_handler: new ethX-pe@0x564021e15040 | libevent_malloc: new ptr-libevent@0x564021e15080 size 128 | setup callback for interface eth1 192.1.2.45:4500 fd 18 | libevent_free: release ptr-libevent@0x564021e15170 | free_event_entry: release EVENT_NULL-pe@0x564021e15130 | add_fd_read_event_handler: new ethX-pe@0x564021e15130 | libevent_malloc: new ptr-libevent@0x564021e15170 size 128 | setup callback for interface eth1 192.1.2.45:500 fd 17 | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | id type added to secret(0x564021e0a240) PKK_PSK: @west | id type added to secret(0x564021e0a240) PKK_PSK: @east | Processing PSK at line 1: passed | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | pluto_sd: executing action action: ready(5), status 0 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.285 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned pid 12858 (exited with status 0) | reaped addconn helper child (status 0) | waitpid returned ECHILD (no child processes left) | spent 0.0151 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + suppress-retransmits | base impairing = suppress-retransmits | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0482 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection aes128 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x564021de15d0 added connection description "aes128" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.147 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #1 at 0x564021e161e0 | State DB: adding IKEv2 state #1 in UNDEFINED | pstats #1 ikev2.ike started | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #1 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #1 "aes128" "aes128" #1: initiating v2 parent SA | constructing local IKE proposals for aes128 (IKE SA initiator selecting KE) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "aes128": constructed local IKE proposals for aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 1 for state #1 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564021e17f00 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x564021e17f40 size 128 | #1 spent 0.134 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #1 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.194 milliseconds in whack | crypto helper 2 resuming | crypto helper 2 starting work-order 1 for state #1 | crypto helper 2 doing build KE and nonce (ikev2_outI1 KE); request ID 1 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f5cd0000d60: created | NSS: Local DH MODP2048 secret (pointer): 0x7f5cd0000d60 | NSS: Public DH wire value: | 6b 42 64 e0 45 5a 0d 4b c1 ee 98 6c b3 bd 90 aa | 6c 91 7e 1d 29 48 28 f5 0f 71 38 da 6b b6 8b 61 | 25 eb 06 86 77 5a fd f2 57 66 c1 31 92 17 dd 24 | d1 41 81 06 61 03 37 a1 7b 44 e1 14 cc 9a 08 8e | 2b 4f 44 98 be ac 72 3a 04 c0 eb a7 23 74 0d 2d | b8 c5 aa f9 94 da 1e 2d bc 69 69 03 9c 79 bd d2 | c4 34 81 6b b2 7a 05 24 58 f1 ee e8 48 0d 40 4e | 14 30 04 af 00 87 47 bc a2 b1 cf 10 7a 19 1d 47 | 77 b9 10 77 39 e2 7d 98 d4 1a 6f 4b 02 f7 df 9c | 40 ae cc 2a 5b dc a2 bb 6a 8b e4 71 05 b9 33 ea | 07 d4 cb 2b 68 a5 37 b0 b0 85 e1 30 2c 84 82 aa | 20 9e 02 90 e7 a8 3d 1f a5 4e 0b 7e fd 92 15 0b | 52 cc 5f 1c 5d 0b 5e 1b 74 b9 c4 be 9a d2 e8 0c | 58 c3 c6 3f 08 e7 13 3e e1 12 cf c2 34 ec e7 a9 | c7 31 6e f2 9f 68 ba c4 55 0e d5 ae c8 49 9b 9d | 4e 4c ae 43 4c 98 a8 99 71 cc 37 e9 11 c8 de 5a | Generated nonce: 75 16 39 aa a4 f3 92 bd 79 72 27 a7 6e d7 e8 f9 | Generated nonce: 9f 6f e3 6b 68 d9 37 97 08 ac 61 0c 1d f5 26 39 | crypto helper 2 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.001128 seconds | (#1) spent 1.12 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) | crypto helper 2 sending results from work-order 1 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7f5cd0006900 size 128 | crypto helper 2 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 2 replies to request ID 1 | calling continuation function 0x564020443630 | ikev2_parent_outI1_continue for #1 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f5cd0000d60: transferring ownership from helper KE to state #1 | **emit ISAKMP Message: | initiator cookie: | 6f 65 ca 24 c5 3d b3 9a | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 6b 42 64 e0 45 5a 0d 4b c1 ee 98 6c b3 bd 90 aa | ikev2 g^x 6c 91 7e 1d 29 48 28 f5 0f 71 38 da 6b b6 8b 61 | ikev2 g^x 25 eb 06 86 77 5a fd f2 57 66 c1 31 92 17 dd 24 | ikev2 g^x d1 41 81 06 61 03 37 a1 7b 44 e1 14 cc 9a 08 8e | ikev2 g^x 2b 4f 44 98 be ac 72 3a 04 c0 eb a7 23 74 0d 2d | ikev2 g^x b8 c5 aa f9 94 da 1e 2d bc 69 69 03 9c 79 bd d2 | ikev2 g^x c4 34 81 6b b2 7a 05 24 58 f1 ee e8 48 0d 40 4e | ikev2 g^x 14 30 04 af 00 87 47 bc a2 b1 cf 10 7a 19 1d 47 | ikev2 g^x 77 b9 10 77 39 e2 7d 98 d4 1a 6f 4b 02 f7 df 9c | ikev2 g^x 40 ae cc 2a 5b dc a2 bb 6a 8b e4 71 05 b9 33 ea | ikev2 g^x 07 d4 cb 2b 68 a5 37 b0 b0 85 e1 30 2c 84 82 aa | ikev2 g^x 20 9e 02 90 e7 a8 3d 1f a5 4e 0b 7e fd 92 15 0b | ikev2 g^x 52 cc 5f 1c 5d 0b 5e 1b 74 b9 c4 be 9a d2 e8 0c | ikev2 g^x 58 c3 c6 3f 08 e7 13 3e e1 12 cf c2 34 ec e7 a9 | ikev2 g^x c7 31 6e f2 9f 68 ba c4 55 0e d5 ae c8 49 9b 9d | ikev2 g^x 4e 4c ae 43 4c 98 a8 99 71 cc 37 e9 11 c8 de 5a | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 75 16 39 aa a4 f3 92 bd 79 72 27 a7 6e d7 e8 f9 | IKEv2 nonce 9f 6f e3 6b 68 d9 37 97 08 ac 61 0c 1d f5 26 39 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864dbf00 (length 8) | 6f 65 ca 24 c5 3d b3 9a | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864dbf08 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff864dbe34 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff864dbe26 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864dbeb0 (length 20) | fd a7 e7 5b ae 19 23 50 0b 3f cd 6e aa 36 8c 21 | f6 fe 29 4f | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= 6f 65 ca 24 c5 3d b3 9a | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= fd a7 e7 5b ae 19 23 50 0b 3f cd 6e aa 36 8c 21 | natd_hash: hash= f6 fe 29 4f | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data fd a7 e7 5b ae 19 23 50 0b 3f cd 6e aa 36 8c 21 | Notify data f6 fe 29 4f | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864dbf00 (length 8) | 6f 65 ca 24 c5 3d b3 9a | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864dbf08 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff864dbe34 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff864dbe26 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864dbeb0 (length 20) | c3 97 49 86 fd 49 c5 3e 93 b1 e6 93 6f 19 96 b4 | ee 0f ce c8 | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= 6f 65 ca 24 c5 3d b3 9a | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= c3 97 49 86 fd 49 c5 3e 93 b1 e6 93 6f 19 96 b4 | natd_hash: hash= ee 0f ce c8 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data c3 97 49 86 fd 49 c5 3e 93 b1 e6 93 6f 19 96 b4 | Notify data ee 0f ce c8 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #1 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #1 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #1 to 4294967295 after switching state | Message ID: IKE #1 skipping update_recv as MD is fake | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | 6f 65 ca 24 c5 3d b3 9a 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 6b 42 64 e0 45 5a 0d 4b c1 ee 98 6c | b3 bd 90 aa 6c 91 7e 1d 29 48 28 f5 0f 71 38 da | 6b b6 8b 61 25 eb 06 86 77 5a fd f2 57 66 c1 31 | 92 17 dd 24 d1 41 81 06 61 03 37 a1 7b 44 e1 14 | cc 9a 08 8e 2b 4f 44 98 be ac 72 3a 04 c0 eb a7 | 23 74 0d 2d b8 c5 aa f9 94 da 1e 2d bc 69 69 03 | 9c 79 bd d2 c4 34 81 6b b2 7a 05 24 58 f1 ee e8 | 48 0d 40 4e 14 30 04 af 00 87 47 bc a2 b1 cf 10 | 7a 19 1d 47 77 b9 10 77 39 e2 7d 98 d4 1a 6f 4b | 02 f7 df 9c 40 ae cc 2a 5b dc a2 bb 6a 8b e4 71 | 05 b9 33 ea 07 d4 cb 2b 68 a5 37 b0 b0 85 e1 30 | 2c 84 82 aa 20 9e 02 90 e7 a8 3d 1f a5 4e 0b 7e | fd 92 15 0b 52 cc 5f 1c 5d 0b 5e 1b 74 b9 c4 be | 9a d2 e8 0c 58 c3 c6 3f 08 e7 13 3e e1 12 cf c2 | 34 ec e7 a9 c7 31 6e f2 9f 68 ba c4 55 0e d5 ae | c8 49 9b 9d 4e 4c ae 43 4c 98 a8 99 71 cc 37 e9 | 11 c8 de 5a 29 00 00 24 75 16 39 aa a4 f3 92 bd | 79 72 27 a7 6e d7 e8 f9 9f 6f e3 6b 68 d9 37 97 | 08 ac 61 0c 1d f5 26 39 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 fd a7 e7 5b ae 19 23 50 | 0b 3f cd 6e aa 36 8c 21 f6 fe 29 4f 00 00 00 1c | 00 00 40 05 c3 97 49 86 fd 49 c5 3e 93 b1 e6 93 | 6f 19 96 b4 ee 0f ce c8 | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x564021e17f40 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564021e17f00 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "aes128" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x564021e17f00 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x564021e17f40 size 128 | #1 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48951.424887 | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD | #1 spent 0.535 milliseconds in resume sending helper answer | stop processing: state #1 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5cd0006900 | spent 0.0025 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 a9 2c fb ec cc 02 b2 bf 50 53 f9 40 | c7 3c 87 c3 04 65 e4 88 ac 8d bd 1b 54 75 24 61 | b4 6a d1 8a 9b eb 26 a6 33 72 98 30 26 78 23 ac | 96 2d 71 84 98 2e 60 eb e2 0a 92 f2 f9 5d ac 58 | 33 9d eb c7 6b 95 69 d5 37 43 b5 75 d3 d2 be 0d | 26 f5 3d 1e 7f ec c3 1d d8 7f 8d df a9 e8 07 81 | cf ee b5 f3 66 aa 48 29 47 97 ec f6 fe c1 47 65 | 65 4e 61 a9 1f 8c 29 1d 8c d7 42 dd 4b 0c 0e dd | 7d 33 5f 9e 93 f4 cb e4 93 a0 64 62 87 44 17 75 | 0e e4 41 12 28 b8 6e 86 60 96 fe f8 94 1f 0c a3 | d5 5e c0 1a fb 60 78 37 e3 8f 94 33 b0 f8 88 a1 | 34 06 d2 e3 fe 9c 22 a3 f5 6c f9 50 73 67 6e 65 | 6e af 5a 1f 01 e9 ab 02 c5 82 d4 04 43 36 4f d9 | 7b 01 61 19 c7 ac a5 fa dc 2d 8f 4d b3 b9 79 17 | 24 02 89 30 b3 fc 60 a3 66 36 5a 7a da f1 e3 1f | b5 af 89 84 2d d6 32 9f 8c 17 bb e8 a8 57 d8 89 | c7 a6 30 ce 29 00 00 24 c0 59 f6 7e 21 cb 38 aa | 55 5d e6 59 0f bd 8d 04 53 ef 65 c1 30 c8 83 e9 | a3 0c b6 1a dd 78 d6 b8 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 19 22 f3 65 db 24 03 4c | ec 3b db f0 20 a2 58 d0 86 35 68 cf 00 00 00 1c | 00 00 40 05 db c0 81 14 89 1a 6c cd 1c 2e a1 61 | 37 59 1f 34 8d 04 f6 9e | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 6f 65 ca 24 c5 3d b3 9a | responder cookie: | be e6 fc 2c 4c bc e3 0e | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #1 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #1 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #1 is idle | #1 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] | #1 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | DH public value received: | a9 2c fb ec cc 02 b2 bf 50 53 f9 40 c7 3c 87 c3 | 04 65 e4 88 ac 8d bd 1b 54 75 24 61 b4 6a d1 8a | 9b eb 26 a6 33 72 98 30 26 78 23 ac 96 2d 71 84 | 98 2e 60 eb e2 0a 92 f2 f9 5d ac 58 33 9d eb c7 | 6b 95 69 d5 37 43 b5 75 d3 d2 be 0d 26 f5 3d 1e | 7f ec c3 1d d8 7f 8d df a9 e8 07 81 cf ee b5 f3 | 66 aa 48 29 47 97 ec f6 fe c1 47 65 65 4e 61 a9 | 1f 8c 29 1d 8c d7 42 dd 4b 0c 0e dd 7d 33 5f 9e | 93 f4 cb e4 93 a0 64 62 87 44 17 75 0e e4 41 12 | 28 b8 6e 86 60 96 fe f8 94 1f 0c a3 d5 5e c0 1a | fb 60 78 37 e3 8f 94 33 b0 f8 88 a1 34 06 d2 e3 | fe 9c 22 a3 f5 6c f9 50 73 67 6e 65 6e af 5a 1f | 01 e9 ab 02 c5 82 d4 04 43 36 4f d9 7b 01 61 19 | c7 ac a5 fa dc 2d 8f 4d b3 b9 79 17 24 02 89 30 | b3 fc 60 a3 66 36 5a 7a da f1 e3 1f b5 af 89 84 | 2d d6 32 9f 8c 17 bb e8 a8 57 d8 89 c7 a6 30 ce | using existing local IKE proposals for connection aes128 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE initiator (accepting) 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864db9c0 (length 8) | 6f 65 ca 24 c5 3d b3 9a | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864db9c8 (length 8) | be e6 fc 2c 4c bc e3 0e | NATD hash sha digest IP addr-bytes@0x7fff864db954 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff864db946 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864db9d0 (length 20) | db c0 81 14 89 1a 6c cd 1c 2e a1 61 37 59 1f 34 | 8d 04 f6 9e | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= 6f 65 ca 24 c5 3d b3 9a | natd_hash: rcookie= be e6 fc 2c 4c bc e3 0e | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= db c0 81 14 89 1a 6c cd 1c 2e a1 61 37 59 1f 34 | natd_hash: hash= 8d 04 f6 9e | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864db9c0 (length 8) | 6f 65 ca 24 c5 3d b3 9a | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864db9c8 (length 8) | be e6 fc 2c 4c bc e3 0e | NATD hash sha digest IP addr-bytes@0x7fff864db954 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff864db946 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864db9f0 (length 20) | 19 22 f3 65 db 24 03 4c ec 3b db f0 20 a2 58 d0 | 86 35 68 cf | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= 6f 65 ca 24 c5 3d b3 9a | natd_hash: rcookie= be e6 fc 2c 4c bc e3 0e | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 19 22 f3 65 db 24 03 4c ec 3b db f0 20 a2 58 d0 | natd_hash: hash= 86 35 68 cf | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f5cd0000d60: transferring ownership from state #1 to helper IKEv2 DH | adding ikev2_inR1outI2 KE work-order 2 for state #1 | state #1 requesting EVENT_RETRANSMIT to be deleted | #1 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x564021e17f40 | free_event_entry: release EVENT_RETRANSMIT-pe@0x564021e17f00 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564021e17f00 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x564021e17f40 size 128 | #1 spent 0.277 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | [RE]START processing: state #1 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #1 and saving MD | #1 is busy; has a suspended MD | [RE]START processing: state #1 connection "aes128" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) | "aes128" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #1 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #1 spent 0.527 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.538 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 3 resuming | crypto helper 3 starting work-order 2 for state #1 | crypto helper 3 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 | peer's g: a9 2c fb ec cc 02 b2 bf 50 53 f9 40 c7 3c 87 c3 | peer's g: 04 65 e4 88 ac 8d bd 1b 54 75 24 61 b4 6a d1 8a | peer's g: 9b eb 26 a6 33 72 98 30 26 78 23 ac 96 2d 71 84 | peer's g: 98 2e 60 eb e2 0a 92 f2 f9 5d ac 58 33 9d eb c7 | peer's g: 6b 95 69 d5 37 43 b5 75 d3 d2 be 0d 26 f5 3d 1e | peer's g: 7f ec c3 1d d8 7f 8d df a9 e8 07 81 cf ee b5 f3 | peer's g: 66 aa 48 29 47 97 ec f6 fe c1 47 65 65 4e 61 a9 | peer's g: 1f 8c 29 1d 8c d7 42 dd 4b 0c 0e dd 7d 33 5f 9e | peer's g: 93 f4 cb e4 93 a0 64 62 87 44 17 75 0e e4 41 12 | peer's g: 28 b8 6e 86 60 96 fe f8 94 1f 0c a3 d5 5e c0 1a | peer's g: fb 60 78 37 e3 8f 94 33 b0 f8 88 a1 34 06 d2 e3 | peer's g: fe 9c 22 a3 f5 6c f9 50 73 67 6e 65 6e af 5a 1f | peer's g: 01 e9 ab 02 c5 82 d4 04 43 36 4f d9 7b 01 61 19 | peer's g: c7 ac a5 fa dc 2d 8f 4d b3 b9 79 17 24 02 89 30 | peer's g: b3 fc 60 a3 66 36 5a 7a da f1 e3 1f b5 af 89 84 | peer's g: 2d d6 32 9f 8c 17 bb e8 a8 57 d8 89 c7 a6 30 ce | Started DH shared-secret computation in NSS: | new : g_ir-key@0x564021e06230 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f5cd0000d60: computed shared DH secret key@0x564021e06230 | dh-shared : g^ir-key@0x564021e06230 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f5cc8001ef0 (length 64) | 75 16 39 aa a4 f3 92 bd 79 72 27 a7 6e d7 e8 f9 | 9f 6f e3 6b 68 d9 37 97 08 ac 61 0c 1d f5 26 39 | c0 59 f6 7e 21 cb 38 aa 55 5d e6 59 0f bd 8d 04 | 53 ef 65 c1 30 c8 83 e9 a3 0c b6 1a dd 78 d6 b8 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd68e5670 | result: Ni | Nr-key@0x564021e01140 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x564021e01140 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd68e5658 | result: Ni | Nr-key@0x564021e04570 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x564021e01140 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f5cc8002e80 from Ni | Nr-key@0x564021e04570 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f5cc8002e80 from Ni | Nr-key@0x564021e04570 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x564021e04570 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f5cc80016b0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x564021e06230 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x564021e06230 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x564021e06230 | nss hmac digest hack: symkey-key@0x564021e06230 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)-695315760: 5c 46 38 59 ffffffef 0a 47 48 ffffff8d 44 40 28 0c 45 ffffffc0 34 77 48 6e 2e ffffffa4 ffffffa4 15 fffffff1 ffffffa2 ffffffd4 ffffffa1 ffffffd9 37 ffffffac 14 1b 7c 7e ffffffae ffffff95 21 ffffffa2 30 ffffffb7 ffffffe2 ffffffbe 51 ffffffed ffffff94 ffffffb6 ffffffbc 6f ffffffd5 4e 0e ffffffb3 2e ffffffc7 19 ffffff87 ffffff94 50 41 ffffffbd 02 ffffff85 2c 25 ffffff80 54 76 ffffffa1 ffffffb0 ffffffa9 65 ffffffad ffffffb3 ffffffb4 45 78 39 59 3a fffffff4 ffffffba 68 ffffffe3 16 ffffffc3 59 fffffff4 67 7e 10 04 ffffffc7 2e 06 ffffffce ffffff8b fffffff1 31 4f ffffffb3 ffffffd3 ffffff94 62 2a 52 ffffffa4 ffffff9f ffffffd9 2d ffffffc7 ffffffe3 ffffffcb 62 2f ffffffc2 0c ffffffc2 54 6a 61 68 3f ffffffb1 13 ffffff8b 4c ffffffca 73 ffffffa9 ffffffc8 2f ffffffe2 67 ffffffe0 ffffffcc ffffff91 0d ffffff82 4c ffffffad 11 ffffff8f 7f 2d ffffffa2 ffffff8a 35 62 ffffffec 71 01 ffffffb6 6a 41 48 4e 63 5d 72 15 16 35 4b 42 3d 2c 69 ffffffcb 74 ff | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 256 bytes at 0x7f5cc8003dd0 | unwrapped: 47 27 a3 e0 ca f0 12 c0 e1 6e 4c 4c 1e 99 12 4d | unwrapped: 5c a4 b6 b2 44 4c b4 a4 ee 14 4c 73 82 70 c2 8d | unwrapped: b1 b6 40 39 ce 13 87 c8 b7 f4 d2 d0 32 82 bc 64 | unwrapped: cf 77 76 39 2c c2 45 fa 79 65 1c 67 a1 2a f4 a9 | unwrapped: 40 b6 f9 ef 4d 7c 9e 53 33 f0 31 f3 26 1c 0e 4c | unwrapped: 1e 99 1f 2b 49 79 b5 d6 7f 4d 78 07 7e d5 7a de | unwrapped: 93 56 70 e6 9b 1c 64 31 2b df fd a2 ad 50 80 53 | unwrapped: b6 54 9c a7 e4 ed 36 03 de 0d 9d 82 e8 aa 29 39 | unwrapped: 37 83 9c 23 ab d5 9b 08 7c 1e ad c8 12 68 22 b2 | unwrapped: 0a fb f6 06 bc b6 43 c9 f1 6e 14 9c 65 d8 e1 da | unwrapped: 81 f7 24 54 ab 39 a7 95 8c de fd c4 48 7d 4a eb | unwrapped: 52 41 c8 ce 66 3f 74 dd 8f ce 39 f8 7c db aa 60 | unwrapped: 36 b5 39 c3 f7 9e fc 12 d7 1e b5 b5 4b c2 e1 ff | unwrapped: a1 ba 84 99 d7 47 4e 3b 6f 65 ce 1d 56 02 75 67 | unwrapped: 35 78 d5 97 2e c0 b2 45 86 10 e1 b9 77 bd e2 ad | unwrapped: b5 b6 b5 ff 86 e5 ee 26 d2 30 90 23 8a 29 cb 47 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd68e5690 | result: final-key@0x564021e01140 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e01140 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd68e5678 | result: final-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e01140 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x564021e04570 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd68e5600 | result: data=Ni-key@0x564021df9ff0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x564021df9ff0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd68e55e8 | result: data=Ni-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x564021df9ff0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f5cd68e55f0 | result: data+=Nr-key@0x564021df9ff0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564021e01140 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021df9ff0 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f5cd68e55f0 | result: data+=SPIi-key@0x564021e01140 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564021df9ff0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e01140 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f5cd68e55f0 | result: data+=SPIr-key@0x564021df9ff0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564021e01140 | prf+0 PRF sha init key-key@0x564021e04570 (size 20) | prf+0: key-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd68e5518 | result: clone-key@0x564021e01140 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f5cc8002e80 from key-key@0x564021e01140 | prf+0 prf: begin sha with context 0x7f5cc8002e80 from key-key@0x564021e01140 | prf+0: release clone-key@0x564021e01140 | prf+0 PRF sha crypt-prf@0x7f5cc80018a0 | prf+0 PRF sha update seed-key@0x564021df9ff0 (size 80) | prf+0: seed-key@0x564021df9ff0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021df9ff0 | nss hmac digest hack: symkey-key@0x564021df9ff0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-695316128: fffffffa ffffffa2 ffffffe0 ffffffdc 7d 3e fffffff2 ffffffbb 02 ffffffe8 ffffff9d 19 14 ffffffcd 10 68 54 18 ffffffee 56 ffffffc6 ffffffe2 ffffff80 63 ffffffa6 ffffffda 66 03 ffffffdb ffffffca ffffff8a ffffffd5 3e 6a 0e ffffffc0 06 00 ffffff93 ffffffba ffffffcb ffffffc5 36 5e 22 63 4b 0f 7a ffffff94 63 5a 0d ffffffe0 ffffff8c ffffffb3 ffffff99 78 05 42 ffffffcc 35 08 ffffff95 72 ffffffcb ffffffb4 5a fffffff0 ffffff94 ffffffac 62 fffffffc ffffff9a 6e 21 ffffff8e 08 ffffff83 fffffff0 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cc80067f0 | unwrapped: 75 16 39 aa a4 f3 92 bd 79 72 27 a7 6e d7 e8 f9 | unwrapped: 9f 6f e3 6b 68 d9 37 97 08 ac 61 0c 1d f5 26 39 | unwrapped: c0 59 f6 7e 21 cb 38 aa 55 5d e6 59 0f bd 8d 04 | unwrapped: 53 ef 65 c1 30 c8 83 e9 a3 0c b6 1a dd 78 d6 b8 | unwrapped: 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd68e5520 | result: final-key@0x564021e07b90 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e07b90 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd68e5508 | result: final-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e07b90 | prf+0 PRF sha final-key@0x564021e01140 (size 20) | prf+0: key-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x564021e01140 | prf+N PRF sha init key-key@0x564021e04570 (size 20) | prf+N: key-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd68e5518 | result: clone-key@0x564021e07b90 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5cc8002e80 from key-key@0x564021e07b90 | prf+N prf: begin sha with context 0x7f5cc8002e80 from key-key@0x564021e07b90 | prf+N: release clone-key@0x564021e07b90 | prf+N PRF sha crypt-prf@0x7f5cc8001f40 | prf+N PRF sha update old_t-key@0x564021e01140 (size 20) | prf+N: old_t-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021e01140 | nss hmac digest hack: symkey-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-695316128: ffffffbe 00 1f 08 ffffffee 21 22 ffffffe8 ffffff9b ffffffdf 47 1d 10 ffffff85 ffffff9d fffffff6 43 ffffffd3 ffffffb6 54 fffffff8 fffffff1 ffffffc9 ffffffb3 fffffffd 70 02 61 7f 66 fffffff6 ffffffda | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5cc8006850 | unwrapped: ae 59 ed ac de fd 50 f3 d7 37 d2 b1 68 1b b2 11 | unwrapped: ff 40 62 ec 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021df9ff0 (size 80) | prf+N: seed-key@0x564021df9ff0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021df9ff0 | nss hmac digest hack: symkey-key@0x564021df9ff0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-695316128: fffffffa ffffffa2 ffffffe0 ffffffdc 7d 3e fffffff2 ffffffbb 02 ffffffe8 ffffff9d 19 14 ffffffcd 10 68 54 18 ffffffee 56 ffffffc6 ffffffe2 ffffff80 63 ffffffa6 ffffffda 66 03 ffffffdb ffffffca ffffff8a ffffffd5 3e 6a 0e ffffffc0 06 00 ffffff93 ffffffba ffffffcb ffffffc5 36 5e 22 63 4b 0f 7a ffffff94 63 5a 0d ffffffe0 ffffff8c ffffffb3 ffffff99 78 05 42 ffffffcc 35 08 ffffff95 72 ffffffcb ffffffb4 5a fffffff0 ffffff94 ffffffac 62 fffffffc ffffff9a 6e 21 ffffff8e 08 ffffff83 fffffff0 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cc8006790 | unwrapped: 75 16 39 aa a4 f3 92 bd 79 72 27 a7 6e d7 e8 f9 | unwrapped: 9f 6f e3 6b 68 d9 37 97 08 ac 61 0c 1d f5 26 39 | unwrapped: c0 59 f6 7e 21 cb 38 aa 55 5d e6 59 0f bd 8d 04 | unwrapped: 53 ef 65 c1 30 c8 83 e9 a3 0c b6 1a dd 78 d6 b8 | unwrapped: 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd68e5520 | result: final-key@0x564021dfb870 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021dfb870 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd68e5508 | result: final-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021dfb870 | prf+N PRF sha final-key@0x564021e07b90 (size 20) | prf+N: key-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd68e5598 | result: result-key@0x564021dfb870 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021e01140 | prfplus: release old_t[N]-key@0x564021e01140 | prf+N PRF sha init key-key@0x564021e04570 (size 20) | prf+N: key-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd68e5518 | result: clone-key@0x564021e01140 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5cc8002e80 from key-key@0x564021e01140 | prf+N prf: begin sha with context 0x7f5cc8002e80 from key-key@0x564021e01140 | prf+N: release clone-key@0x564021e01140 | prf+N PRF sha crypt-prf@0x7f5cc8001270 | prf+N PRF sha update old_t-key@0x564021e07b90 (size 20) | prf+N: old_t-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021e07b90 | nss hmac digest hack: symkey-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-695316128: 0f fffffff5 30 ffffffc2 74 42 ffffffc1 63 29 ffffffcf ffffffc0 ffffffd9 76 32 ffffff8a ffffffb1 4c 2b ffffffe0 07 ffffffae 15 ffffffa9 1d ffffff87 41 75 ffffffa2 ffffffc8 67 ffffffc4 ffffffc6 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5cc800a0b0 | unwrapped: 9c 7a 4e 92 fc bd 0a 78 40 be 01 df 4c d7 84 17 | unwrapped: e4 c7 d0 3f 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021df9ff0 (size 80) | prf+N: seed-key@0x564021df9ff0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021df9ff0 | nss hmac digest hack: symkey-key@0x564021df9ff0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-695316128: fffffffa ffffffa2 ffffffe0 ffffffdc 7d 3e fffffff2 ffffffbb 02 ffffffe8 ffffff9d 19 14 ffffffcd 10 68 54 18 ffffffee 56 ffffffc6 ffffffe2 ffffff80 63 ffffffa6 ffffffda 66 03 ffffffdb ffffffca ffffff8a ffffffd5 3e 6a 0e ffffffc0 06 00 ffffff93 ffffffba ffffffcb ffffffc5 36 5e 22 63 4b 0f 7a ffffff94 63 5a 0d ffffffe0 ffffff8c ffffffb3 ffffff99 78 05 42 ffffffcc 35 08 ffffff95 72 ffffffcb ffffffb4 5a fffffff0 ffffff94 ffffffac 62 fffffffc ffffff9a 6e 21 ffffff8e 08 ffffff83 fffffff0 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cc8006730 | unwrapped: 75 16 39 aa a4 f3 92 bd 79 72 27 a7 6e d7 e8 f9 | unwrapped: 9f 6f e3 6b 68 d9 37 97 08 ac 61 0c 1d f5 26 39 | unwrapped: c0 59 f6 7e 21 cb 38 aa 55 5d e6 59 0f bd 8d 04 | unwrapped: 53 ef 65 c1 30 c8 83 e9 a3 0c b6 1a dd 78 d6 b8 | unwrapped: 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd68e5520 | result: final-key@0x7f5cc80069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cc80069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd68e5508 | result: final-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f5cc80069f0 | prf+N PRF sha final-key@0x564021e01140 (size 20) | prf+N: key-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021dfb870 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd68e5598 | result: result-key@0x7f5cc80069f0 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021dfb870 | prfplus: release old_t[N]-key@0x564021e07b90 | prf+N PRF sha init key-key@0x564021e04570 (size 20) | prf+N: key-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd68e5518 | result: clone-key@0x564021e07b90 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5cc8002e80 from key-key@0x564021e07b90 | prf+N prf: begin sha with context 0x7f5cc8002e80 from key-key@0x564021e07b90 | prf+N: release clone-key@0x564021e07b90 | prf+N PRF sha crypt-prf@0x7f5cc8002010 | prf+N PRF sha update old_t-key@0x564021e01140 (size 20) | prf+N: old_t-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021e01140 | nss hmac digest hack: symkey-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-695316128: 72 58 25 0e 17 5e 27 ffffffd5 ffffff87 ffffffe7 ffffffa8 ffffffa9 10 ffffffae 30 ffffffbd ffffffd1 ffffffe6 63 3a 39 7d ffffffbd 35 ffffffec ffffff80 76 ffffff97 ffffff94 29 42 2c | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5cc800a400 | unwrapped: e6 bb ee 5c 94 c8 b5 c8 ab 43 4a 6e 9f b6 28 9e | unwrapped: 61 0d 96 1d 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021df9ff0 (size 80) | prf+N: seed-key@0x564021df9ff0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021df9ff0 | nss hmac digest hack: symkey-key@0x564021df9ff0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-695316128: fffffffa ffffffa2 ffffffe0 ffffffdc 7d 3e fffffff2 ffffffbb 02 ffffffe8 ffffff9d 19 14 ffffffcd 10 68 54 18 ffffffee 56 ffffffc6 ffffffe2 ffffff80 63 ffffffa6 ffffffda 66 03 ffffffdb ffffffca ffffff8a ffffffd5 3e 6a 0e ffffffc0 06 00 ffffff93 ffffffba ffffffcb ffffffc5 36 5e 22 63 4b 0f 7a ffffff94 63 5a 0d ffffffe0 ffffff8c ffffffb3 ffffff99 78 05 42 ffffffcc 35 08 ffffff95 72 ffffffcb ffffffb4 5a fffffff0 ffffff94 ffffffac 62 fffffffc ffffff9a 6e 21 ffffff8e 08 ffffff83 fffffff0 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cc8005030 | unwrapped: 75 16 39 aa a4 f3 92 bd 79 72 27 a7 6e d7 e8 f9 | unwrapped: 9f 6f e3 6b 68 d9 37 97 08 ac 61 0c 1d f5 26 39 | unwrapped: c0 59 f6 7e 21 cb 38 aa 55 5d e6 59 0f bd 8d 04 | unwrapped: 53 ef 65 c1 30 c8 83 e9 a3 0c b6 1a dd 78 d6 b8 | unwrapped: 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd68e5520 | result: final-key@0x564021dfb870 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021dfb870 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd68e5508 | result: final-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021dfb870 | prf+N PRF sha final-key@0x564021e07b90 (size 20) | prf+N: key-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f5cc80069f0 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd68e5598 | result: result-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f5cc80069f0 | prfplus: release old_t[N]-key@0x564021e01140 | prf+N PRF sha init key-key@0x564021e04570 (size 20) | prf+N: key-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd68e5518 | result: clone-key@0x564021e01140 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5cc8002e80 from key-key@0x564021e01140 | prf+N prf: begin sha with context 0x7f5cc8002e80 from key-key@0x564021e01140 | prf+N: release clone-key@0x564021e01140 | prf+N PRF sha crypt-prf@0x7f5cc8001270 | prf+N PRF sha update old_t-key@0x564021e07b90 (size 20) | prf+N: old_t-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021e07b90 | nss hmac digest hack: symkey-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-695316128: ffffffa9 61 52 ffffffb2 38 ffffffe3 57 ffffffb7 ffffffc7 ffffff86 23 ffffffac 56 ffffffa4 ffffff95 4c 1e ffffffa3 16 ffffffcd ffffffea ffffffb6 ffffffc1 55 74 34 ffffffb3 ffffffa3 45 7c ffffffc3 ffffff8b | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5cc800a3d0 | unwrapped: f6 85 0d 19 e3 b0 0f 16 2d a6 46 c6 f9 1d 92 59 | unwrapped: 60 61 3c 69 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021df9ff0 (size 80) | prf+N: seed-key@0x564021df9ff0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021df9ff0 | nss hmac digest hack: symkey-key@0x564021df9ff0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-695316128: fffffffa ffffffa2 ffffffe0 ffffffdc 7d 3e fffffff2 ffffffbb 02 ffffffe8 ffffff9d 19 14 ffffffcd 10 68 54 18 ffffffee 56 ffffffc6 ffffffe2 ffffff80 63 ffffffa6 ffffffda 66 03 ffffffdb ffffffca ffffff8a ffffffd5 3e 6a 0e ffffffc0 06 00 ffffff93 ffffffba ffffffcb ffffffc5 36 5e 22 63 4b 0f 7a ffffff94 63 5a 0d ffffffe0 ffffff8c ffffffb3 ffffff99 78 05 42 ffffffcc 35 08 ffffff95 72 ffffffcb ffffffb4 5a fffffff0 ffffff94 ffffffac 62 fffffffc ffffff9a 6e 21 ffffff8e 08 ffffff83 fffffff0 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cc800a430 | unwrapped: 75 16 39 aa a4 f3 92 bd 79 72 27 a7 6e d7 e8 f9 | unwrapped: 9f 6f e3 6b 68 d9 37 97 08 ac 61 0c 1d f5 26 39 | unwrapped: c0 59 f6 7e 21 cb 38 aa 55 5d e6 59 0f bd 8d 04 | unwrapped: 53 ef 65 c1 30 c8 83 e9 a3 0c b6 1a dd 78 d6 b8 | unwrapped: 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd68e5520 | result: final-key@0x7f5cc80069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cc80069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd68e5508 | result: final-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f5cc80069f0 | prf+N PRF sha final-key@0x564021e01140 (size 20) | prf+N: key-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd68e5598 | result: result-key@0x7f5cc80069f0 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021dfb870 | prfplus: release old_t[N]-key@0x564021e07b90 | prf+N PRF sha init key-key@0x564021e04570 (size 20) | prf+N: key-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd68e5518 | result: clone-key@0x564021e07b90 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5cc8009f20 from key-key@0x564021e07b90 | prf+N prf: begin sha with context 0x7f5cc8009f20 from key-key@0x564021e07b90 | prf+N: release clone-key@0x564021e07b90 | prf+N PRF sha crypt-prf@0x7f5cc8002010 | prf+N PRF sha update old_t-key@0x564021e01140 (size 20) | prf+N: old_t-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021e01140 | nss hmac digest hack: symkey-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-695316128: ffffffae ffffffa3 ffffffc2 0f ffffffc0 6c fffffff1 ffffff83 05 1e ffffffce 43 ffffffe3 ffffffc7 ffffff81 ffffff8c 52 ffffffa8 ffffff99 5a ffffff94 fffffff6 23 34 fffffff5 5e ffffff9a 29 ffffff84 77 ffffffef 4d | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5cc800a380 | unwrapped: 35 01 80 72 e2 fc 33 f2 2a 49 07 ba ed 48 8d 7c | unwrapped: a5 7e a7 88 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021df9ff0 (size 80) | prf+N: seed-key@0x564021df9ff0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021df9ff0 | nss hmac digest hack: symkey-key@0x564021df9ff0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-695316128: fffffffa ffffffa2 ffffffe0 ffffffdc 7d 3e fffffff2 ffffffbb 02 ffffffe8 ffffff9d 19 14 ffffffcd 10 68 54 18 ffffffee 56 ffffffc6 ffffffe2 ffffff80 63 ffffffa6 ffffffda 66 03 ffffffdb ffffffca ffffff8a ffffffd5 3e 6a 0e ffffffc0 06 00 ffffff93 ffffffba ffffffcb ffffffc5 36 5e 22 63 4b 0f 7a ffffff94 63 5a 0d ffffffe0 ffffff8c ffffffb3 ffffff99 78 05 42 ffffffcc 35 08 ffffff95 72 ffffffcb ffffffb4 5a fffffff0 ffffff94 ffffffac 62 fffffffc ffffff9a 6e 21 ffffff8e 08 ffffff83 fffffff0 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cc8006790 | unwrapped: 75 16 39 aa a4 f3 92 bd 79 72 27 a7 6e d7 e8 f9 | unwrapped: 9f 6f e3 6b 68 d9 37 97 08 ac 61 0c 1d f5 26 39 | unwrapped: c0 59 f6 7e 21 cb 38 aa 55 5d e6 59 0f bd 8d 04 | unwrapped: 53 ef 65 c1 30 c8 83 e9 a3 0c b6 1a dd 78 d6 b8 | unwrapped: 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd68e5520 | result: final-key@0x564021dfb870 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021dfb870 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd68e5508 | result: final-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021dfb870 | prf+N PRF sha final-key@0x564021e07b90 (size 20) | prf+N: key-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f5cc80069f0 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd68e5598 | result: result-key@0x564021dfb870 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f5cc80069f0 | prfplus: release old_t[N]-key@0x564021e01140 | prf+N PRF sha init key-key@0x564021e04570 (size 20) | prf+N: key-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd68e5518 | result: clone-key@0x564021e01140 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5cc8002e80 from key-key@0x564021e01140 | prf+N prf: begin sha with context 0x7f5cc8002e80 from key-key@0x564021e01140 | prf+N: release clone-key@0x564021e01140 | prf+N PRF sha crypt-prf@0x7f5cc8001270 | prf+N PRF sha update old_t-key@0x564021e07b90 (size 20) | prf+N: old_t-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021e07b90 | nss hmac digest hack: symkey-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-695316128: ffffffdf ffffff9f 1c 40 59 6b 28 ffffffc1 ffffffe4 ffffffb1 ffffffd8 ffffffe9 0b 62 ffffffdb ffffffc9 2e 4b 18 ffffffc1 ffffffbf 3e ffffff87 ffffff8f fffffff6 ffffffa2 ffffffb3 ffffffbd ffffffd2 7d 52 ffffffda | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5cc800a5c0 | unwrapped: 3b e2 92 47 d1 20 61 c1 b7 4a cd be 1c fe b0 39 | unwrapped: 95 a6 fd aa 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021df9ff0 (size 80) | prf+N: seed-key@0x564021df9ff0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021df9ff0 | nss hmac digest hack: symkey-key@0x564021df9ff0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-695316128: fffffffa ffffffa2 ffffffe0 ffffffdc 7d 3e fffffff2 ffffffbb 02 ffffffe8 ffffff9d 19 14 ffffffcd 10 68 54 18 ffffffee 56 ffffffc6 ffffffe2 ffffff80 63 ffffffa6 ffffffda 66 03 ffffffdb ffffffca ffffff8a ffffffd5 3e 6a 0e ffffffc0 06 00 ffffff93 ffffffba ffffffcb ffffffc5 36 5e 22 63 4b 0f 7a ffffff94 63 5a 0d ffffffe0 ffffff8c ffffffb3 ffffff99 78 05 42 ffffffcc 35 08 ffffff95 72 ffffffcb ffffffb4 5a fffffff0 ffffff94 ffffffac 62 fffffffc ffffff9a 6e 21 ffffff8e 08 ffffff83 fffffff0 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cc800a430 | unwrapped: 75 16 39 aa a4 f3 92 bd 79 72 27 a7 6e d7 e8 f9 | unwrapped: 9f 6f e3 6b 68 d9 37 97 08 ac 61 0c 1d f5 26 39 | unwrapped: c0 59 f6 7e 21 cb 38 aa 55 5d e6 59 0f bd 8d 04 | unwrapped: 53 ef 65 c1 30 c8 83 e9 a3 0c b6 1a dd 78 d6 b8 | unwrapped: 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd68e5520 | result: final-key@0x7f5cc80069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cc80069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd68e5508 | result: final-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f5cc80069f0 | prf+N PRF sha final-key@0x564021e01140 (size 20) | prf+N: key-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021dfb870 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd68e5598 | result: result-key@0x7f5cc80069f0 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021dfb870 | prfplus: release old_t[N]-key@0x564021e07b90 | prfplus: release old_t[final]-key@0x564021e01140 | ike_sa_keymat: release data-key@0x564021df9ff0 | calc_skeyseed_v2: release skeyseed_k-key@0x564021e04570 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cc80069f0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd68e5738 | result: result-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cc80069f0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd68e5738 | result: result-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cc80069f0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd68e5738 | result: result-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f5cc80069f0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd68e5748 | result: SK_ei_k-key@0x564021e07b90 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f5cc80069f0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd68e5748 | result: SK_er_k-key@0x564021dfb870 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cc80069f0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd68e5748 | result: result-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x7f5cc800a510 | chunk_SK_pi: symkey-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)540553248: ffffffb5 ffffffe9 65 ffffff85 ffffffef 2b fffffffb 72 ffffffb9 ffffffc7 5b 37 3e ffffff85 ffffffe6 ffffff85 02 ffffffb5 55 ffffff84 ffffffd2 72 50 7b ffffff81 2c ffffff87 52 66 ffffff97 ffffff9a ffffff82 | chunk_SK_pi: release slot-key-key@0x564021dfdd40 | chunk_SK_pi extracted len 32 bytes at 0x7f5cc8002d20 | unwrapped: ed 48 8d 7c a5 7e a7 88 3b e2 92 47 d1 20 61 c1 | unwrapped: b7 4a cd be 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cc80069f0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd68e5748 | result: result-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x7f5cc800d640 | chunk_SK_pr: symkey-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)540553248: ffffffdc ffffffed ffffffac 1c ffffffcc fffffffa ffffffc4 1b 39 14 ffffffd4 10 ffffff86 34 ffffffd7 ffffffbc 2e ffffffd5 69 5a 78 40 1b ffffffac 1e 2d ffffff83 4f 12 ffffffb2 5e fffffff7 | chunk_SK_pr: release slot-key-key@0x564021dfdd40 | chunk_SK_pr extracted len 32 bytes at 0x7f5cc8002d50 | unwrapped: 1c fe b0 39 95 a6 fd aa 2a d9 ce 63 9b eb 83 ba | unwrapped: a8 f3 3c 21 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x7f5cc80069f0 | calc_skeyseed_v2 pointers: shared-key@0x564021e06230, SK_d-key@0x564021e04570, SK_ai-key@0x564021df9ff0, SK_ar-key@0x564021e01140, SK_ei-key@0x564021e07b90, SK_er-key@0x564021dfb870, SK_pi-key@0x7f5cc800a510, SK_pr-key@0x7f5cc800d640 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | ed 48 8d 7c a5 7e a7 88 3b e2 92 47 d1 20 61 c1 | b7 4a cd be | calc_skeyseed_v2 SK_pr | 1c fe b0 39 95 a6 fd aa 2a d9 ce 63 9b eb 83 ba | a8 f3 3c 21 | crypto helper 3 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.00313 seconds | (#1) spent 3.1 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) | crypto helper 3 sending results from work-order 2 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7f5cc800eec0 size 128 | crypto helper 3 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 2 | calling continuation function 0x564020443630 | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 | DH secret MODP2048@0x7f5cd0000d60: transferring ownership from helper IKEv2 DH to state #1 | finish_dh_v2: release st_shared_nss-key@NULL | creating state object #2 at 0x564021e1a360 | State DB: adding IKEv2 state #2 in UNDEFINED | pstats #2 ikev2.child started | duplicating state object #1 "aes128" as #2 for IPSEC SA | #2 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1481) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x564021e04570 | duplicate_state: reference st_skey_ai_nss-key@0x564021df9ff0 | duplicate_state: reference st_skey_ar_nss-key@0x564021e01140 | duplicate_state: reference st_skey_ei_nss-key@0x564021e07b90 | duplicate_state: reference st_skey_er_nss-key@0x564021dfb870 | duplicate_state: reference st_skey_pi_nss-key@0x7f5cc800a510 | duplicate_state: reference st_skey_pr_nss-key@0x7f5cc800d640 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x564021e17f40 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564021e17f00 | event_schedule: new EVENT_SA_REPLACE-pe@0x564021e17f00 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x564021e17f40 size 128 | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | 6f 65 ca 24 c5 3d b3 9a | responder cookie: | be e6 fc 2c 4c bc e3 0e | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | IDr payload will be sent | hmac PRF sha init symkey-key@0x7f5cc800a510 (size 20) | hmac: symkey-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db978 | result: clone-key@0x7f5cc80069f0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564021dfd2a0 from symkey-key@0x7f5cc80069f0 | hmac prf: begin sha with context 0x564021dfd2a0 from symkey-key@0x7f5cc80069f0 | hmac: release clone-key@0x7f5cc80069f0 | hmac PRF sha crypt-prf@0x564021e17db0 | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 77 65 73 74 | emitting length of IKEv2 Identification - Initiator - Payload: 12 | idhash calc I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x564020542974 (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7fff864dbf10 (length 20) | d6 82 8c a2 54 53 36 83 24 58 e1 ab e7 5f 64 2d | 7d b5 b6 44 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload | IDr 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x564021e0a240 (line=1) | concluding with best_match=014 best=0x564021e0a240 (lineno=1) | inputs to hash1 (first packet) | 6f 65 ca 24 c5 3d b3 9a 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 6b 42 64 e0 45 5a 0d 4b c1 ee 98 6c | b3 bd 90 aa 6c 91 7e 1d 29 48 28 f5 0f 71 38 da | 6b b6 8b 61 25 eb 06 86 77 5a fd f2 57 66 c1 31 | 92 17 dd 24 d1 41 81 06 61 03 37 a1 7b 44 e1 14 | cc 9a 08 8e 2b 4f 44 98 be ac 72 3a 04 c0 eb a7 | 23 74 0d 2d b8 c5 aa f9 94 da 1e 2d bc 69 69 03 | 9c 79 bd d2 c4 34 81 6b b2 7a 05 24 58 f1 ee e8 | 48 0d 40 4e 14 30 04 af 00 87 47 bc a2 b1 cf 10 | 7a 19 1d 47 77 b9 10 77 39 e2 7d 98 d4 1a 6f 4b | 02 f7 df 9c 40 ae cc 2a 5b dc a2 bb 6a 8b e4 71 | 05 b9 33 ea 07 d4 cb 2b 68 a5 37 b0 b0 85 e1 30 | 2c 84 82 aa 20 9e 02 90 e7 a8 3d 1f a5 4e 0b 7e | fd 92 15 0b 52 cc 5f 1c 5d 0b 5e 1b 74 b9 c4 be | 9a d2 e8 0c 58 c3 c6 3f 08 e7 13 3e e1 12 cf c2 | 34 ec e7 a9 c7 31 6e f2 9f 68 ba c4 55 0e d5 ae | c8 49 9b 9d 4e 4c ae 43 4c 98 a8 99 71 cc 37 e9 | 11 c8 de 5a 29 00 00 24 75 16 39 aa a4 f3 92 bd | 79 72 27 a7 6e d7 e8 f9 9f 6f e3 6b 68 d9 37 97 | 08 ac 61 0c 1d f5 26 39 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 fd a7 e7 5b ae 19 23 50 | 0b 3f cd 6e aa 36 8c 21 f6 fe 29 4f 00 00 00 1c | 00 00 40 05 c3 97 49 86 fd 49 c5 3e 93 b1 e6 93 | 6f 19 96 b4 ee 0f ce c8 | create: initiator inputs to hash2 (responder nonce) | c0 59 f6 7e 21 cb 38 aa 55 5d e6 59 0f bd 8d 04 | 53 ef 65 c1 30 c8 83 e9 a3 0c b6 1a dd 78 d6 b8 | idhash d6 82 8c a2 54 53 36 83 24 58 e1 ab e7 5f 64 2d | idhash 7d b5 b6 44 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x564021e14a20 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db770 | result: shared secret-key@0x7f5cd0006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7f5cd0006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db758 | result: shared secret-key@0x7f5cc80069f0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7f5cd0006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x564021dfd2a0 from shared secret-key@0x7f5cc80069f0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x564021dfd2a0 from shared secret-key@0x7f5cc80069f0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f5cc80069f0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x564021e17fd0 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x5640204d6bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db790 | result: final-key@0x7f5cd0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cd0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db778 | result: final-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f5cd0006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f5cc80069f0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f5cc80069f0 (size 20) | = prf(, ): -key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db788 | result: clone-key@0x7f5cd0006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x564021dfd2a0 from -key@0x7f5cd0006900 | = prf(, ) prf: begin sha with context 0x564021dfd2a0 from -key@0x7f5cd0006900 | = prf(, ): release clone-key@0x7f5cd0006900 | = prf(, ) PRF sha crypt-prf@0x564021e181a0 | = prf(, ) PRF sha update first-packet-bytes@0x564021da9230 (length 440) | 6f 65 ca 24 c5 3d b3 9a 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 6b 42 64 e0 45 5a 0d 4b c1 ee 98 6c | b3 bd 90 aa 6c 91 7e 1d 29 48 28 f5 0f 71 38 da | 6b b6 8b 61 25 eb 06 86 77 5a fd f2 57 66 c1 31 | 92 17 dd 24 d1 41 81 06 61 03 37 a1 7b 44 e1 14 | cc 9a 08 8e 2b 4f 44 98 be ac 72 3a 04 c0 eb a7 | 23 74 0d 2d b8 c5 aa f9 94 da 1e 2d bc 69 69 03 | 9c 79 bd d2 c4 34 81 6b b2 7a 05 24 58 f1 ee e8 | 48 0d 40 4e 14 30 04 af 00 87 47 bc a2 b1 cf 10 | 7a 19 1d 47 77 b9 10 77 39 e2 7d 98 d4 1a 6f 4b | 02 f7 df 9c 40 ae cc 2a 5b dc a2 bb 6a 8b e4 71 | 05 b9 33 ea 07 d4 cb 2b 68 a5 37 b0 b0 85 e1 30 | 2c 84 82 aa 20 9e 02 90 e7 a8 3d 1f a5 4e 0b 7e | fd 92 15 0b 52 cc 5f 1c 5d 0b 5e 1b 74 b9 c4 be | 9a d2 e8 0c 58 c3 c6 3f 08 e7 13 3e e1 12 cf c2 | 34 ec e7 a9 c7 31 6e f2 9f 68 ba c4 55 0e d5 ae | c8 49 9b 9d 4e 4c ae 43 4c 98 a8 99 71 cc 37 e9 | 11 c8 de 5a 29 00 00 24 75 16 39 aa a4 f3 92 bd | 79 72 27 a7 6e d7 e8 f9 9f 6f e3 6b 68 d9 37 97 | 08 ac 61 0c 1d f5 26 39 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 fd a7 e7 5b ae 19 23 50 | 0b 3f cd 6e aa 36 8c 21 f6 fe 29 4f 00 00 00 1c | 00 00 40 05 c3 97 49 86 fd 49 c5 3e 93 b1 e6 93 | 6f 19 96 b4 ee 0f ce c8 | = prf(, ) PRF sha update nonce-bytes@0x564021e17600 (length 32) | c0 59 f6 7e 21 cb 38 aa 55 5d e6 59 0f bd 8d 04 | 53 ef 65 c1 30 c8 83 e9 a3 0c b6 1a dd 78 d6 b8 | = prf(, ) PRF sha update hash-bytes@0x7fff864dbf10 (length 20) | d6 82 8c a2 54 53 36 83 24 58 e1 ab e7 5f 64 2d | 7d b5 b6 44 | = prf(, ) PRF sha final-chunk@0x564021e17db0 (length 20) | b3 47 4c 4e 75 cf 7e b4 18 24 17 d4 16 01 33 06 | 8c b3 e3 4a | psk_auth: release prf-psk-key@0x7f5cc80069f0 | PSK auth octets b3 47 4c 4e 75 cf 7e b4 18 24 17 d4 16 01 33 06 | PSK auth octets 8c b3 e3 4a | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth b3 47 4c 4e 75 cf 7e b4 18 24 17 d4 16 01 33 06 | PSK auth 8c b3 e3 4a | emitting length of IKEv2 Authentication Payload: 28 | getting first pending from state #1 | netlink_get_spi: allocated 0xfe858be0 for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for aes128 (IKE SA initiator emitting ESP/AH proposals) | converting proposal AES_CBC_128-HMAC_SHA1_96-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED "aes128": constructed local ESP/AH proposals for aes128 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi fe 85 8b e0 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 01 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 02 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 16 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0e repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0f repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 192 | emitting length of ISAKMP Message: 220 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 73 30 2f 00 4f d5 5f 29 0e 70 8b f1 88 d0 be 9c | data before encryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | b3 47 4c 4e 75 cf 7e b4 18 24 17 d4 16 01 33 06 | 8c b3 e3 4a 2c 00 00 2c 00 00 00 28 01 03 04 03 | fe 85 8b e0 03 00 00 0c 01 00 00 0c 80 0e 00 80 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | c5 49 79 d9 df 93 7c 26 fc c1 41 0d 28 7c 49 ce | 70 61 df 9b af 4c ef b6 fb b4 18 44 47 46 f7 95 | 41 81 c7 b7 a3 55 3d 89 65 2a ae dd 7a 69 10 3a | e6 44 42 e0 8d 58 70 49 6c bd 78 a4 e6 87 89 ae | ae e9 84 13 84 52 93 02 6e d7 c3 19 6a 50 46 94 | c2 11 fd 00 ca a9 fb 63 19 5b 0e c0 37 4e 6f d4 | f5 81 ee d5 b1 43 3e e4 78 60 a0 df b1 95 3a d5 | 8e 84 38 9f 55 8c 0b f4 ef fa 66 52 d2 25 97 72 | 1a 24 a8 a1 5f 48 3d d8 3e 3d e3 6c f7 c3 9a bc | 40 46 a0 ee e6 d8 e2 db 3d 01 b9 33 a5 e9 59 7f | hmac PRF sha init symkey-key@0x564021df9ff0 (size 20) | hmac: symkey-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db888 | result: clone-key@0x7f5cc80069f0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564021dfd2a0 from symkey-key@0x7f5cc80069f0 | hmac prf: begin sha with context 0x564021dfd2a0 from symkey-key@0x7f5cc80069f0 | hmac: release clone-key@0x7f5cc80069f0 | hmac PRF sha crypt-prf@0x564021e17fd0 | hmac PRF sha update data-bytes@0x564020542940 (length 208) | 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 73 30 2f 00 4f d5 5f 29 0e 70 8b f1 88 d0 be 9c | c5 49 79 d9 df 93 7c 26 fc c1 41 0d 28 7c 49 ce | 70 61 df 9b af 4c ef b6 fb b4 18 44 47 46 f7 95 | 41 81 c7 b7 a3 55 3d 89 65 2a ae dd 7a 69 10 3a | e6 44 42 e0 8d 58 70 49 6c bd 78 a4 e6 87 89 ae | ae e9 84 13 84 52 93 02 6e d7 c3 19 6a 50 46 94 | c2 11 fd 00 ca a9 fb 63 19 5b 0e c0 37 4e 6f d4 | f5 81 ee d5 b1 43 3e e4 78 60 a0 df b1 95 3a d5 | 8e 84 38 9f 55 8c 0b f4 ef fa 66 52 d2 25 97 72 | 1a 24 a8 a1 5f 48 3d d8 3e 3d e3 6c f7 c3 9a bc | 40 46 a0 ee e6 d8 e2 db 3d 01 b9 33 a5 e9 59 7f | hmac PRF sha final-bytes@0x564020542a10 (length 20) | 0b cd 3d d5 cd 33 fb 48 35 52 68 16 94 c0 62 be | 56 3a 18 f6 | data being hmac: 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | data being hmac: 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | data being hmac: 73 30 2f 00 4f d5 5f 29 0e 70 8b f1 88 d0 be 9c | data being hmac: c5 49 79 d9 df 93 7c 26 fc c1 41 0d 28 7c 49 ce | data being hmac: 70 61 df 9b af 4c ef b6 fb b4 18 44 47 46 f7 95 | data being hmac: 41 81 c7 b7 a3 55 3d 89 65 2a ae dd 7a 69 10 3a | data being hmac: e6 44 42 e0 8d 58 70 49 6c bd 78 a4 e6 87 89 ae | data being hmac: ae e9 84 13 84 52 93 02 6e d7 c3 19 6a 50 46 94 | data being hmac: c2 11 fd 00 ca a9 fb 63 19 5b 0e c0 37 4e 6f d4 | data being hmac: f5 81 ee d5 b1 43 3e e4 78 60 a0 df b1 95 3a d5 | data being hmac: 8e 84 38 9f 55 8c 0b f4 ef fa 66 52 d2 25 97 72 | data being hmac: 1a 24 a8 a1 5f 48 3d d8 3e 3d e3 6c f7 c3 9a bc | data being hmac: 40 46 a0 ee e6 d8 e2 db 3d 01 b9 33 a5 e9 59 7f | out calculated auth: | 0b cd 3d d5 cd 33 fb 48 35 52 68 16 | suspend processing: state #1 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #2 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #2 to 0 after switching state | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "aes128" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 220 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 73 30 2f 00 4f d5 5f 29 0e 70 8b f1 88 d0 be 9c | c5 49 79 d9 df 93 7c 26 fc c1 41 0d 28 7c 49 ce | 70 61 df 9b af 4c ef b6 fb b4 18 44 47 46 f7 95 | 41 81 c7 b7 a3 55 3d 89 65 2a ae dd 7a 69 10 3a | e6 44 42 e0 8d 58 70 49 6c bd 78 a4 e6 87 89 ae | ae e9 84 13 84 52 93 02 6e d7 c3 19 6a 50 46 94 | c2 11 fd 00 ca a9 fb 63 19 5b 0e c0 37 4e 6f d4 | f5 81 ee d5 b1 43 3e e4 78 60 a0 df b1 95 3a d5 | 8e 84 38 9f 55 8c 0b f4 ef fa 66 52 d2 25 97 72 | 1a 24 a8 a1 5f 48 3d d8 3e 3d e3 6c f7 c3 9a bc | 40 46 a0 ee e6 d8 e2 db 3d 01 b9 33 a5 e9 59 7f | 0b cd 3d d5 cd 33 fb 48 35 52 68 16 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "aes128" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x7f5cd0002b20 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x564021e17c00 size 128 | #2 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48951.435476 | resume sending helper answer for #1 suppresed complete_v2_state_transition() | #1 spent 1.54 milliseconds in resume sending helper answer | stop processing: state #2 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5cc800eec0 | spent 0.00263 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 204 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | 87 18 25 60 50 c4 cd b0 6a 9f 44 db 86 5f 4b 12 | 4e 85 cf 40 f2 36 82 a3 30 52 4f 63 62 75 e0 3f | bc b8 33 f5 13 3c ca 14 c8 83 93 d5 ab c8 41 f7 | 42 9e cf 67 c5 5c a0 f7 df 1a e2 64 b6 96 d4 9b | d8 46 26 55 2f ea a6 9d bf 5a 59 ae 43 01 38 d4 | 7c 15 63 0d 2e 98 8e 85 40 6d c4 7e 63 8f e3 fb | 5a f5 76 48 3d 91 90 78 da 1e 8d 6a 51 2a 18 ef | 61 44 dc a7 df 18 1a 81 da ae 25 92 fd e1 44 51 | 39 76 d7 0c 74 25 aa 04 a1 f7 2a 52 93 26 24 2e | 94 f7 49 71 b8 90 b9 fe 24 cf 87 3d 97 d0 f1 04 | 85 66 4b da e9 20 d1 34 02 57 5c fd | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 6f 65 ca 24 c5 3d b3 9a | responder cookie: | be e6 fc 2c 4c bc e3 0e | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 204 (0xcc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) | start processing: state #1 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #1 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | start processing: state #2 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #2 is idle | #2 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 176 (0xb0) | processing payload: ISAKMP_NEXT_v2SK (len=172) | #2 in state PARENT_I2: sent v2I2, expected v2R2 | hmac PRF sha init symkey-key@0x564021e01140 (size 20) | hmac: symkey-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db7a8 | result: clone-key@0x7f5cc80069f0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564021dfd2a0 from symkey-key@0x7f5cc80069f0 | hmac prf: begin sha with context 0x564021dfd2a0 from symkey-key@0x7f5cc80069f0 | hmac: release clone-key@0x7f5cc80069f0 | hmac PRF sha crypt-prf@0x564021e181f0 | hmac PRF sha update data-bytes@0x564021e197b0 (length 192) | 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | 87 18 25 60 50 c4 cd b0 6a 9f 44 db 86 5f 4b 12 | 4e 85 cf 40 f2 36 82 a3 30 52 4f 63 62 75 e0 3f | bc b8 33 f5 13 3c ca 14 c8 83 93 d5 ab c8 41 f7 | 42 9e cf 67 c5 5c a0 f7 df 1a e2 64 b6 96 d4 9b | d8 46 26 55 2f ea a6 9d bf 5a 59 ae 43 01 38 d4 | 7c 15 63 0d 2e 98 8e 85 40 6d c4 7e 63 8f e3 fb | 5a f5 76 48 3d 91 90 78 da 1e 8d 6a 51 2a 18 ef | 61 44 dc a7 df 18 1a 81 da ae 25 92 fd e1 44 51 | 39 76 d7 0c 74 25 aa 04 a1 f7 2a 52 93 26 24 2e | 94 f7 49 71 b8 90 b9 fe 24 cf 87 3d 97 d0 f1 04 | hmac PRF sha final-bytes@0x7fff864db970 (length 20) | 85 66 4b da e9 20 d1 34 02 57 5c fd 9a 03 a2 ac | e6 01 27 2f | data for hmac: 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | data for hmac: 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | data for hmac: 87 18 25 60 50 c4 cd b0 6a 9f 44 db 86 5f 4b 12 | data for hmac: 4e 85 cf 40 f2 36 82 a3 30 52 4f 63 62 75 e0 3f | data for hmac: bc b8 33 f5 13 3c ca 14 c8 83 93 d5 ab c8 41 f7 | data for hmac: 42 9e cf 67 c5 5c a0 f7 df 1a e2 64 b6 96 d4 9b | data for hmac: d8 46 26 55 2f ea a6 9d bf 5a 59 ae 43 01 38 d4 | data for hmac: 7c 15 63 0d 2e 98 8e 85 40 6d c4 7e 63 8f e3 fb | data for hmac: 5a f5 76 48 3d 91 90 78 da 1e 8d 6a 51 2a 18 ef | data for hmac: 61 44 dc a7 df 18 1a 81 da ae 25 92 fd e1 44 51 | data for hmac: 39 76 d7 0c 74 25 aa 04 a1 f7 2a 52 93 26 24 2e | data for hmac: 94 f7 49 71 b8 90 b9 fe 24 cf 87 3d 97 d0 f1 04 | calculated auth: 85 66 4b da e9 20 d1 34 02 57 5c fd | provided auth: 85 66 4b da e9 20 d1 34 02 57 5c fd | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 87 18 25 60 50 c4 cd b0 6a 9f 44 db 86 5f 4b 12 | payload before decryption: | 4e 85 cf 40 f2 36 82 a3 30 52 4f 63 62 75 e0 3f | bc b8 33 f5 13 3c ca 14 c8 83 93 d5 ab c8 41 f7 | 42 9e cf 67 c5 5c a0 f7 df 1a e2 64 b6 96 d4 9b | d8 46 26 55 2f ea a6 9d bf 5a 59 ae 43 01 38 d4 | 7c 15 63 0d 2e 98 8e 85 40 6d c4 7e 63 8f e3 fb | 5a f5 76 48 3d 91 90 78 da 1e 8d 6a 51 2a 18 ef | 61 44 dc a7 df 18 1a 81 da ae 25 92 fd e1 44 51 | 39 76 d7 0c 74 25 aa 04 a1 f7 2a 52 93 26 24 2e | 94 f7 49 71 b8 90 b9 fe 24 cf 87 3d 97 d0 f1 04 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 9d 9a 63 19 1c ff c8 eb 76 39 4d 74 | 96 4c a0 2f 1a 2b 10 05 2c 00 00 2c 00 00 00 28 | 01 03 04 03 ca 49 da c6 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 03 00 00 02 00 00 00 08 | 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 01 00 c0 00 01 ff 00 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 | c0 00 02 ff 00 01 02 03 04 05 06 07 08 09 0a 0b | stripping 12 octets as pad | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Initiator: process IKE_AUTH response | Now let's proceed with state specific processing | calling processor Initiator: process IKE_AUTH response | offered CA: '%none' "aes128" #2: IKEv2 mode peer ID is ID_FQDN: '@east' | hmac PRF sha init symkey-key@0x7f5cc800d640 (size 20) | hmac: symkey-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db8d8 | result: clone-key@0x7f5cc80069f0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564021dfd2a0 from symkey-key@0x7f5cc80069f0 | hmac prf: begin sha with context 0x564021dfd2a0 from symkey-key@0x7f5cc80069f0 | hmac: release clone-key@0x7f5cc80069f0 | hmac PRF sha crypt-prf@0x564021e17ee0 | idhash auth R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x564021e197e4 (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7fff864dba30 (length 20) | a6 0d 7c a2 42 74 2b fd cd 6a ad 19 ff ee 67 19 | c4 2e de 8f | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x564021e0a240 (line=1) | concluding with best_match=014 best=0x564021e0a240 (lineno=1) | inputs to hash1 (first packet) | 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 a9 2c fb ec cc 02 b2 bf 50 53 f9 40 | c7 3c 87 c3 04 65 e4 88 ac 8d bd 1b 54 75 24 61 | b4 6a d1 8a 9b eb 26 a6 33 72 98 30 26 78 23 ac | 96 2d 71 84 98 2e 60 eb e2 0a 92 f2 f9 5d ac 58 | 33 9d eb c7 6b 95 69 d5 37 43 b5 75 d3 d2 be 0d | 26 f5 3d 1e 7f ec c3 1d d8 7f 8d df a9 e8 07 81 | cf ee b5 f3 66 aa 48 29 47 97 ec f6 fe c1 47 65 | 65 4e 61 a9 1f 8c 29 1d 8c d7 42 dd 4b 0c 0e dd | 7d 33 5f 9e 93 f4 cb e4 93 a0 64 62 87 44 17 75 | 0e e4 41 12 28 b8 6e 86 60 96 fe f8 94 1f 0c a3 | d5 5e c0 1a fb 60 78 37 e3 8f 94 33 b0 f8 88 a1 | 34 06 d2 e3 fe 9c 22 a3 f5 6c f9 50 73 67 6e 65 | 6e af 5a 1f 01 e9 ab 02 c5 82 d4 04 43 36 4f d9 | 7b 01 61 19 c7 ac a5 fa dc 2d 8f 4d b3 b9 79 17 | 24 02 89 30 b3 fc 60 a3 66 36 5a 7a da f1 e3 1f | b5 af 89 84 2d d6 32 9f 8c 17 bb e8 a8 57 d8 89 | c7 a6 30 ce 29 00 00 24 c0 59 f6 7e 21 cb 38 aa | 55 5d e6 59 0f bd 8d 04 53 ef 65 c1 30 c8 83 e9 | a3 0c b6 1a dd 78 d6 b8 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 19 22 f3 65 db 24 03 4c | ec 3b db f0 20 a2 58 d0 86 35 68 cf 00 00 00 1c | 00 00 40 05 db c0 81 14 89 1a 6c cd 1c 2e a1 61 | 37 59 1f 34 8d 04 f6 9e | verify: initiator inputs to hash2 (initiator nonce) | 75 16 39 aa a4 f3 92 bd 79 72 27 a7 6e d7 e8 f9 | 9f 6f e3 6b 68 d9 37 97 08 ac 61 0c 1d f5 26 39 | idhash a6 0d 7c a2 42 74 2b fd cd 6a ad 19 ff ee 67 19 | idhash c4 2e de 8f | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x564021e14a20 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db6e0 | result: shared secret-key@0x7f5cd0006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7f5cd0006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6c8 | result: shared secret-key@0x7f5cc80069f0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7f5cd0006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x564021dfd2a0 from shared secret-key@0x7f5cc80069f0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x564021dfd2a0 from shared secret-key@0x7f5cc80069f0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f5cc80069f0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x564021e181f0 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x5640204d6bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db700 | result: final-key@0x7f5cd0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cd0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6e8 | result: final-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f5cd0006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f5cc80069f0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f5cc80069f0 (size 20) | = prf(, ): -key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6f8 | result: clone-key@0x7f5cd0006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x564021dfd2a0 from -key@0x7f5cd0006900 | = prf(, ) prf: begin sha with context 0x564021dfd2a0 from -key@0x7f5cd0006900 | = prf(, ): release clone-key@0x7f5cd0006900 | = prf(, ) PRF sha crypt-prf@0x564021e181a0 | = prf(, ) PRF sha update first-packet-bytes@0x564021e17970 (length 440) | 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 a9 2c fb ec cc 02 b2 bf 50 53 f9 40 | c7 3c 87 c3 04 65 e4 88 ac 8d bd 1b 54 75 24 61 | b4 6a d1 8a 9b eb 26 a6 33 72 98 30 26 78 23 ac | 96 2d 71 84 98 2e 60 eb e2 0a 92 f2 f9 5d ac 58 | 33 9d eb c7 6b 95 69 d5 37 43 b5 75 d3 d2 be 0d | 26 f5 3d 1e 7f ec c3 1d d8 7f 8d df a9 e8 07 81 | cf ee b5 f3 66 aa 48 29 47 97 ec f6 fe c1 47 65 | 65 4e 61 a9 1f 8c 29 1d 8c d7 42 dd 4b 0c 0e dd | 7d 33 5f 9e 93 f4 cb e4 93 a0 64 62 87 44 17 75 | 0e e4 41 12 28 b8 6e 86 60 96 fe f8 94 1f 0c a3 | d5 5e c0 1a fb 60 78 37 e3 8f 94 33 b0 f8 88 a1 | 34 06 d2 e3 fe 9c 22 a3 f5 6c f9 50 73 67 6e 65 | 6e af 5a 1f 01 e9 ab 02 c5 82 d4 04 43 36 4f d9 | 7b 01 61 19 c7 ac a5 fa dc 2d 8f 4d b3 b9 79 17 | 24 02 89 30 b3 fc 60 a3 66 36 5a 7a da f1 e3 1f | b5 af 89 84 2d d6 32 9f 8c 17 bb e8 a8 57 d8 89 | c7 a6 30 ce 29 00 00 24 c0 59 f6 7e 21 cb 38 aa | 55 5d e6 59 0f bd 8d 04 53 ef 65 c1 30 c8 83 e9 | a3 0c b6 1a dd 78 d6 b8 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 19 22 f3 65 db 24 03 4c | ec 3b db f0 20 a2 58 d0 86 35 68 cf 00 00 00 1c | 00 00 40 05 db c0 81 14 89 1a 6c cd 1c 2e a1 61 | 37 59 1f 34 8d 04 f6 9e | = prf(, ) PRF sha update nonce-bytes@0x7f5cd0002af0 (length 32) | 75 16 39 aa a4 f3 92 bd 79 72 27 a7 6e d7 e8 f9 | 9f 6f e3 6b 68 d9 37 97 08 ac 61 0c 1d f5 26 39 | = prf(, ) PRF sha update hash-bytes@0x7fff864dba30 (length 20) | a6 0d 7c a2 42 74 2b fd cd 6a ad 19 ff ee 67 19 | c4 2e de 8f | = prf(, ) PRF sha final-chunk@0x564021e17ee0 (length 20) | 9d 9a 63 19 1c ff c8 eb 76 39 4d 74 96 4c a0 2f | 1a 2b 10 05 | psk_auth: release prf-psk-key@0x7f5cc80069f0 | Received PSK auth octets | 9d 9a 63 19 1c ff c8 eb 76 39 4d 74 96 4c a0 2f | 1a 2b 10 05 | Calculated PSK auth octets | 9d 9a 63 19 1c ff c8 eb 76 39 4d 74 96 4c a0 2f | 1a 2b 10 05 "aes128" #2: Authenticated using authby=secret | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) | state #1 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x564021e17f40 | free_event_entry: release EVENT_SA_REPLACE-pe@0x564021e17f00 | event_schedule: new EVENT_SA_REKEY-pe@0x564021e17f00 | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 | libevent_malloc: new ptr-libevent@0x564021e17f40 size 128 | pstats #1 ikev2.ike established | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | evaluating our conn="aes128" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found an acceptable TSi/TSr Traffic Selector | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | using existing local ESP/AH proposals for aes128 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI ca 49 da c6 | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | *****parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=ca49dac6;ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | integ=sha: .key_size=20 encrypt=aes: .key_size=16 .salt_size=0 keymat_len=36 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db7e0 | result: data=Ni-key@0x7f5cd0006900 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x7f5cd0006900 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db7c8 | result: data=Ni-key@0x7f5cc80069f0 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x7f5cd0006900 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f5cc80069f0 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff864db7d0 | result: data+=Nr-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f5cc80069f0 | prf+0 PRF sha init key-key@0x564021e04570 (size 20) | prf+0: key-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6f8 | result: clone-key@0x7f5cc80069f0 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x564021dfd2a0 from key-key@0x7f5cc80069f0 | prf+0 prf: begin sha with context 0x564021dfd2a0 from key-key@0x7f5cc80069f0 | prf+0: release clone-key@0x7f5cc80069f0 | prf+0 PRF sha crypt-prf@0x564021e17fd0 | prf+0 PRF sha update seed-key@0x7f5cd0006900 (size 64) | prf+0: seed-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f5cd0006900 | nss hmac digest hack: symkey-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-2041728192: fffffffa ffffffa2 ffffffe0 ffffffdc 7d 3e fffffff2 ffffffbb 02 ffffffe8 ffffff9d 19 14 ffffffcd 10 68 54 18 ffffffee 56 ffffffc6 ffffffe2 ffffff80 63 ffffffa6 ffffffda 66 03 ffffffdb ffffffca ffffff8a ffffffd5 3e 6a 0e ffffffc0 06 00 ffffff93 ffffffba ffffffcb ffffffc5 36 5e 22 63 4b 0f 7a ffffff94 63 5a 0d ffffffe0 ffffff8c ffffffb3 ffffff99 78 05 42 ffffffcc 35 08 ffffff95 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 64 bytes at 0x564021e1a190 | unwrapped: 75 16 39 aa a4 f3 92 bd 79 72 27 a7 6e d7 e8 f9 | unwrapped: 9f 6f e3 6b 68 d9 37 97 08 ac 61 0c 1d f5 26 39 | unwrapped: c0 59 f6 7e 21 cb 38 aa 55 5d e6 59 0f bd 8d 04 | unwrapped: 53 ef 65 c1 30 c8 83 e9 a3 0c b6 1a dd 78 d6 b8 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db700 | result: final-key@0x7f5cc800eec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cc800eec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6e8 | result: final-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f5cc800eec0 | prf+0 PRF sha final-key@0x7f5cc80069f0 (size 20) | prf+0: key-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x7f5cc80069f0 | prf+N PRF sha init key-key@0x564021e04570 (size 20) | prf+N: key-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6f8 | result: clone-key@0x7f5cc800eec0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x564021dfd2a0 from key-key@0x7f5cc800eec0 | prf+N prf: begin sha with context 0x564021dfd2a0 from key-key@0x7f5cc800eec0 | prf+N: release clone-key@0x7f5cc800eec0 | prf+N PRF sha crypt-prf@0x564021e181f0 | prf+N PRF sha update old_t-key@0x7f5cc80069f0 (size 20) | prf+N: old_t-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f5cc80069f0 | nss hmac digest hack: symkey-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-2041728192: 5a 4e ffffffee 28 ffffffe4 ffffffd5 ffffffb3 ffffffa5 6e 51 ffffffcc fffffff1 ffffff94 ffffff87 3b ffffffff ffffffcb ffffff97 2f 4f 0b fffffff0 fffffff9 ffffffd6 5d ffffff87 fffffff2 72 37 08 fffffff0 31 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x564021e17eb0 | unwrapped: c1 f6 25 f8 7e ae 4a dc d9 43 2a 64 50 35 49 cb | unwrapped: 32 94 33 fc 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f5cd0006900 (size 64) | prf+N: seed-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f5cd0006900 | nss hmac digest hack: symkey-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-2041728192: fffffffa ffffffa2 ffffffe0 ffffffdc 7d 3e fffffff2 ffffffbb 02 ffffffe8 ffffff9d 19 14 ffffffcd 10 68 54 18 ffffffee 56 ffffffc6 ffffffe2 ffffff80 63 ffffffa6 ffffffda 66 03 ffffffdb ffffffca ffffff8a ffffffd5 3e 6a 0e ffffffc0 06 00 ffffff93 ffffffba ffffffcb ffffffc5 36 5e 22 63 4b 0f 7a ffffff94 63 5a 0d ffffffe0 ffffff8c ffffffb3 ffffff99 78 05 42 ffffffcc 35 08 ffffff95 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 64 bytes at 0x564021e1a140 | unwrapped: 75 16 39 aa a4 f3 92 bd 79 72 27 a7 6e d7 e8 f9 | unwrapped: 9f 6f e3 6b 68 d9 37 97 08 ac 61 0c 1d f5 26 39 | unwrapped: c0 59 f6 7e 21 cb 38 aa 55 5d e6 59 0f bd 8d 04 | unwrapped: 53 ef 65 c1 30 c8 83 e9 a3 0c b6 1a dd 78 d6 b8 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db700 | result: final-key@0x564021e19e70 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e19e70 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6e8 | result: final-key@0x7f5cc800eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e19e70 | prf+N PRF sha final-key@0x7f5cc800eec0 (size 20) | prf+N: key-key@0x7f5cc800eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff864db778 | result: result-key@0x564021e19e70 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f5cc80069f0 | prfplus: release old_t[N]-key@0x7f5cc80069f0 | prf+N PRF sha init key-key@0x564021e04570 (size 20) | prf+N: key-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6f8 | result: clone-key@0x7f5cc80069f0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x564021dfd2a0 from key-key@0x7f5cc80069f0 | prf+N prf: begin sha with context 0x564021dfd2a0 from key-key@0x7f5cc80069f0 | prf+N: release clone-key@0x7f5cc80069f0 | prf+N PRF sha crypt-prf@0x564021e181a0 | prf+N PRF sha update old_t-key@0x7f5cc800eec0 (size 20) | prf+N: old_t-key@0x7f5cc800eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f5cc800eec0 | nss hmac digest hack: symkey-key@0x7f5cc800eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-2041728192: ffffff96 27 ffffffd0 39 32 7d ffffff90 6b ffffffa3 44 58 41 01 6d fffffffe 14 2c ffffffa7 ffffffd2 fffffff4 ffffff95 14 ffffffdd 5b ffffff9e ffffff9b 10 1e 6b fffffff8 02 ffffffd0 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x564021e19f40 | unwrapped: 4b a8 20 8d e0 f5 60 6b 79 be 94 58 5f c4 63 55 | unwrapped: e6 47 85 fa 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f5cd0006900 (size 64) | prf+N: seed-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f5cd0006900 | nss hmac digest hack: symkey-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-2041728192: fffffffa ffffffa2 ffffffe0 ffffffdc 7d 3e fffffff2 ffffffbb 02 ffffffe8 ffffff9d 19 14 ffffffcd 10 68 54 18 ffffffee 56 ffffffc6 ffffffe2 ffffff80 63 ffffffa6 ffffffda 66 03 ffffffdb ffffffca ffffff8a ffffffd5 3e 6a 0e ffffffc0 06 00 ffffff93 ffffffba ffffffcb ffffffc5 36 5e 22 63 4b 0f 7a ffffff94 63 5a 0d ffffffe0 ffffff8c ffffffb3 ffffff99 78 05 42 ffffffcc 35 08 ffffff95 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 64 bytes at 0x564021e1a0f0 | unwrapped: 75 16 39 aa a4 f3 92 bd 79 72 27 a7 6e d7 e8 f9 | unwrapped: 9f 6f e3 6b 68 d9 37 97 08 ac 61 0c 1d f5 26 39 | unwrapped: c0 59 f6 7e 21 cb 38 aa 55 5d e6 59 0f bd 8d 04 | unwrapped: 53 ef 65 c1 30 c8 83 e9 a3 0c b6 1a dd 78 d6 b8 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db700 | result: final-key@0x564021e1e110 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e1e110 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6e8 | result: final-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e1e110 | prf+N PRF sha final-key@0x7f5cc80069f0 (size 20) | prf+N: key-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e19e70 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff864db778 | result: result-key@0x564021e1e110 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021e19e70 | prfplus: release old_t[N]-key@0x7f5cc800eec0 | prf+N PRF sha init key-key@0x564021e04570 (size 20) | prf+N: key-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6f8 | result: clone-key@0x7f5cc800eec0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x564021dfd2a0 from key-key@0x7f5cc800eec0 | prf+N prf: begin sha with context 0x564021dfd2a0 from key-key@0x7f5cc800eec0 | prf+N: release clone-key@0x7f5cc800eec0 | prf+N PRF sha crypt-prf@0x564021e181f0 | prf+N PRF sha update old_t-key@0x7f5cc80069f0 (size 20) | prf+N: old_t-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f5cc80069f0 | nss hmac digest hack: symkey-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-2041728192: ffffff90 fffffff7 5f 00 69 fffffffe ffffffce 7a ffffffda ffffff90 ffffffa0 35 7a 16 6d 0a 73 ffffff97 00 3e ffffffae 58 73 ffffff9e 04 ffffffca ffffff90 6c ffffff9a 43 76 24 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x564021e1e1a0 | unwrapped: 9f b6 22 d2 40 a1 cd db 25 ff fe cf ae f8 a7 33 | unwrapped: 94 05 14 de 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f5cd0006900 (size 64) | prf+N: seed-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f5cd0006900 | nss hmac digest hack: symkey-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-2041728192: fffffffa ffffffa2 ffffffe0 ffffffdc 7d 3e fffffff2 ffffffbb 02 ffffffe8 ffffff9d 19 14 ffffffcd 10 68 54 18 ffffffee 56 ffffffc6 ffffffe2 ffffff80 63 ffffffa6 ffffffda 66 03 ffffffdb ffffffca ffffff8a ffffffd5 3e 6a 0e ffffffc0 06 00 ffffff93 ffffffba ffffffcb ffffffc5 36 5e 22 63 4b 0f 7a ffffff94 63 5a 0d ffffffe0 ffffff8c ffffffb3 ffffff99 78 05 42 ffffffcc 35 08 ffffff95 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 64 bytes at 0x564021e1fbe0 | unwrapped: 75 16 39 aa a4 f3 92 bd 79 72 27 a7 6e d7 e8 f9 | unwrapped: 9f 6f e3 6b 68 d9 37 97 08 ac 61 0c 1d f5 26 39 | unwrapped: c0 59 f6 7e 21 cb 38 aa 55 5d e6 59 0f bd 8d 04 | unwrapped: 53 ef 65 c1 30 c8 83 e9 a3 0c b6 1a dd 78 d6 b8 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db700 | result: final-key@0x564021e19e70 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e19e70 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6e8 | result: final-key@0x7f5cc800eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e19e70 | prf+N PRF sha final-key@0x7f5cc800eec0 (size 20) | prf+N: key-key@0x7f5cc800eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e1e110 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff864db778 | result: result-key@0x564021e19e70 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021e1e110 | prfplus: release old_t[N]-key@0x7f5cc80069f0 | prfplus: release old_t[final]-key@0x7f5cc800eec0 | child_sa_keymat: release data-key@0x7f5cd0006900 | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x564021e19e70 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db858 | result: result-key@0x7f5cd0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 36 bytes of key@0x7f5cd0006900 | initiator to responder keys: symkey-key@0x7f5cd0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x564021dfdd40 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)908091748: 5a 4e ffffffee 28 ffffffe4 ffffffd5 ffffffb3 ffffffa5 6e 51 ffffffcc fffffff1 ffffff94 ffffff87 3b ffffffff 18 7b ffffff8e 3a fffffff2 ffffff8b ffffff9b 55 ffffff81 1d ffffffdd 59 ffffffac 6e 2e ffffffe0 61 20 7d 68 ffffffb2 ffffffe3 76 44 ffffff99 ffffffb6 29 71 41 75 70 1e | initiator to responder keys: release slot-key-key@0x564021dfdd40 | initiator to responder keys extracted len 48 bytes at 0x564021e1fac0 | unwrapped: c1 f6 25 f8 7e ae 4a dc d9 43 2a 64 50 35 49 cb | unwrapped: 32 94 33 fc 4b a8 20 8d e0 f5 60 6b 79 be 94 58 | unwrapped: 5f c4 63 55 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x7f5cd0006900 | key-offset: 36, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x564021e19e70 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db858 | result: result-key@0x7f5cd0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 36 bytes of key@0x7f5cd0006900 | responder to initiator keys:: symkey-key@0x7f5cd0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x564021dfdd40 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)908091748: 7b 27 ffffffdf ffffffc4 ffffffa3 3b ffffff84 ffffffaf ffffffb1 ffffffd1 ffffffe5 ffffffb0 10 ffffffc0 0d ffffffe6 16 ffffffaf ffffffc3 fffffffc ffffff8c ffffffde 13 ffffff94 ffffff92 fffffff6 ffffffa7 50 60 ffffffb5 00 ffffff88 ffffffd3 ffffffe8 ffffffdd ffffffdc 1c ffffff83 2a 7b 7a 6f 55 ffffffc6 ffffffd2 ffffff8c 7d 05 | responder to initiator keys:: release slot-key-key@0x564021dfdd40 | responder to initiator keys: extracted len 48 bytes at 0x564021e1fb00 | unwrapped: e6 47 85 fa 9f b6 22 d2 40 a1 cd db 25 ff fe cf | unwrapped: ae f8 a7 33 94 05 14 de e8 d6 b7 44 30 8f 39 11 | unwrapped: b2 16 44 98 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x7f5cd0006900 | ikev2_derive_child_keys: release keymat-key@0x564021e19e70 | #1 spent 2.08 milliseconds | install_ipsec_sa() for #2: inbound and outbound | could_route called for aes128 (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn aes128 mark 0/00000000, 0/00000000 vs | conn aes128 mark 0/00000000, 0/00000000 | route owner of "aes128" unrouted: NULL; eroute owner: NULL | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'aes128' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.ca49dac6@192.1.2.23 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'aes128' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.fe858be0@192.1.2.45 included non-error error | priority calculation of connection "aes128" is 0xfe7e7 | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #2: unrouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn aes128 mark 0/00000000, 0/00000000 vs | conn aes128 mark 0/00000000, 0/00000000 | route owner of "aes128" unrouted: NULL; eroute owner: NULL | route_and_eroute with c: aes128 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 | priority calculation of connection "aes128" is 0xfe7e7 | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xca49dac6 SPI_OUT= | popen cmd is 1025 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west: | cmd( 160):' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+U: | cmd( 640):P+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' : | cmd( 720):PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_D: | cmd( 800):NS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' P: | cmd( 880):LUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SH: | cmd( 960):ARED='no' SPI_IN=0xca49dac6 SPI_OUT=0xfe858be0 ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | running updown command "ipsec _updown" for verb prepare | command executing prepare-client | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xca49dac | popen cmd is 1030 chars long | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_: | cmd( 80):INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID=': | cmd( 160):@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_C: | cmd( 240):LIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQI: | cmd( 320):D='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUT: | cmd( 400):O_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT: | cmd( 480):_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=: | cmd( 560):'' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+: | cmd( 640):PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMAN: | cmd( 720):ENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_P: | cmd( 800):EER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER=: | cmd( 880):'0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' V: | cmd( 960):TI_SHARED='no' SPI_IN=0xca49dac6 SPI_OUT=0xfe858be0 ipsec _updown 2>&1: | running updown command "ipsec _updown" for verb route | command executing route-client | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xca49dac6 SP | popen cmd is 1028 chars long | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_IN: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@w: | cmd( 160):est' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLI: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: | cmd( 320):'16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_: | cmd( 400):PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_M: | cmd( 480):ASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='': | cmd( 560): PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PF: | cmd( 640):S+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANEN: | cmd( 720):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: | cmd( 800):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: | cmd( 880):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: | cmd( 960):_SHARED='no' SPI_IN=0xca49dac6 SPI_OUT=0xfe858be0 ipsec _updown 2>&1: | route_and_eroute: instance "aes128", setting eroute_owner {spd=0x564021e15b10,sr=0x564021e15b10} to #2 (was #0) (newest_ipsec_sa=#0) | #1 spent 0.771 milliseconds in install_ipsec_sa() | inR2: instance aes128[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 | state #2 requesting EVENT_RETRANSMIT to be deleted | #2 STATE_PARENT_I2: retransmits: cleared | libevent_free: release ptr-libevent@0x564021e17c00 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f5cd0002b20 | #2 spent 2.54 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() | [RE]START processing: state #2 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) | Message ID: updating counters for #2 to 1 after switching state | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 | pstats #2 ikev2.child established "aes128" #2: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] | NAT-T: encaps is 'auto' "aes128" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xca49dac6 <0xfe858be0 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | releasing whack for #2 (sock=fd@25) | close_any(fd@25) (in release_whack() at state.c:654) | releasing whack and unpending for parent #1 | unpending state #1 connection "aes128" | delete from pending Child SA with 192.1.2.23 "aes128" | removing pending policy for no connection {0x564021da3860} | close_any(fd@24) (in release_whack() at state.c:654) | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x7f5cd0002b20 | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 | libevent_malloc: new ptr-libevent@0x564021e17c00 size 128 | stop processing: state #2 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #1 spent 2.99 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 3.01 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00462 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00269 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00271 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | get_sa_info esp.fe858be0@192.1.2.45 | get_sa_info esp.ca49dac6@192.1.2.23 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0804 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | FOR_EACH_STATE_... in shared_phase1_connection | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #2 | suspend processing: connection "aes128" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #2 connection "aes128" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #2 ikev2.child deleted completed | #2 spent 2.54 milliseconds in total | [RE]START processing: state #2 connection "aes128" from 192.1.2.23:500 (in delete_state() at state.c:879) "aes128" #2: deleting state (STATE_V2_IPSEC_I) aged 0.351s and sending notification | child state #2: V2_IPSEC_I(established CHILD SA) => delete | get_sa_info esp.ca49dac6@192.1.2.23 | get_sa_info esp.fe858be0@192.1.2.45 "aes128" #2: ESP traffic information: in=84B out=84B | #2 send IKEv2 delete notification for STATE_V2_IPSEC_I | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | 6f 65 ca 24 c5 3d b3 9a | responder cookie: | be e6 fc 2c 4c bc e3 0e | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting 4 raw bytes of local spis into IKEv2 Delete Payload | local spis fe 85 8b e0 | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 57 55 85 0c 0f 54 cf 66 51 df d5 09 02 43 7b ce | data before encryption: | 00 00 00 0c 03 04 00 01 fe 85 8b e0 00 01 02 03 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 6f d1 b3 46 8c 55 bb b3 dc e9 d8 c2 13 16 30 28 | hmac PRF sha init symkey-key@0x564021df9ff0 (size 20) | hmac: symkey-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864d8698 | result: clone-key@0x564021e19e70 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564021dfd2a0 from symkey-key@0x564021e19e70 | hmac prf: begin sha with context 0x564021dfd2a0 from symkey-key@0x564021e19e70 | hmac: release clone-key@0x564021e19e70 | hmac PRF sha crypt-prf@0x564021e17be0 | hmac PRF sha update data-bytes@0x7fff864d8a70 (length 64) | 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | 57 55 85 0c 0f 54 cf 66 51 df d5 09 02 43 7b ce | 6f d1 b3 46 8c 55 bb b3 dc e9 d8 c2 13 16 30 28 | hmac PRF sha final-bytes@0x7fff864d8ab0 (length 20) | e1 0a e0 c6 93 29 6e 29 ca b4 09 c6 98 93 2c 7b | fa c0 b4 bc | data being hmac: 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | data being hmac: 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | data being hmac: 57 55 85 0c 0f 54 cf 66 51 df d5 09 02 43 7b ce | data being hmac: 6f d1 b3 46 8c 55 bb b3 dc e9 d8 c2 13 16 30 28 | out calculated auth: | e1 0a e0 c6 93 29 6e 29 ca b4 09 c6 | sending 76 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #2) | 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | 57 55 85 0c 0f 54 cf 66 51 df d5 09 02 43 7b ce | 6f d1 b3 46 8c 55 bb b3 dc e9 d8 c2 13 16 30 28 | e1 0a e0 c6 93 29 6e 29 ca b4 09 c6 | Message ID: IKE #1 sender #2 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 | Message ID: IKE #1 sender #2 in send_delete hacking around record ' send | Message ID: sent #1 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->2 wip.responder=-1 | state #2 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x564021e17c00 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f5cd0002b20 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050305' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xca49dac | popen cmd is 1033 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INT: | cmd( 80):ERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@we: | cmd( 160):st' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIE: | cmd( 240):NT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=': | cmd( 320):16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_P: | cmd( 400):EER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MA: | cmd( 480):SK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' : | cmd( 560):PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050305' PLUTO_CONN_POLICY='PSK+ENCRYPT+T: | cmd( 640):UNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PER: | cmd( 720):MANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUT: | cmd( 800):O_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERV: | cmd( 880):ER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no: | cmd( 960):' VTI_SHARED='no' SPI_IN=0xca49dac6 SPI_OUT=0xfe858be0 ipsec _updown 2>&1: | shunt_eroute() called for connection 'aes128' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 | priority calculation of connection "aes128" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.ca49dac6@192.1.2.23 | netlink response for Del SA esp.ca49dac6@192.1.2.23 included non-error error | priority calculation of connection "aes128" is 0xfe7e7 | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | delete esp.fe858be0@192.1.2.45 | netlink response for Del SA esp.fe858be0@192.1.2.45 included non-error error | stop processing: connection "aes128" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #2 in V2_IPSEC_I | child state #2: V2_IPSEC_I(established CHILD SA) => UNDEFINED(ignore) | stop processing: state #2 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x564021e04570 | delete_state: release st->st_skey_ai_nss-key@0x564021df9ff0 | delete_state: release st->st_skey_ar_nss-key@0x564021e01140 | delete_state: release st->st_skey_ei_nss-key@0x564021e07b90 | delete_state: release st->st_skey_er_nss-key@0x564021dfb870 | delete_state: release st->st_skey_pi_nss-key@0x7f5cc800a510 | delete_state: release st->st_skey_pr_nss-key@0x7f5cc800d640 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #1 | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #1 | start processing: state #1 connection "aes128" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #1 ikev2.ike deleted completed | #1 spent 9.96 milliseconds in total | [RE]START processing: state #1 connection "aes128" from 192.1.2.23:500 (in delete_state() at state.c:879) "aes128" #1: deleting state (STATE_PARENT_I3) aged 0.376s and sending notification | parent state #1: PARENT_I3(established IKE SA) => delete | #1 send IKEv2 delete notification for STATE_PARENT_I3 | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | 6f 65 ca 24 c5 3d b3 9a | responder cookie: | be e6 fc 2c 4c bc e3 0e | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting length of IKEv2 Delete Payload: 8 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 0f bb 9b e3 74 30 9a a0 83 2a b0 1e 6e ce 23 a6 | data before encryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 4e f2 ef 95 6d 0b 89 25 31 4b 17 1a 32 37 a9 c4 | hmac PRF sha init symkey-key@0x564021df9ff0 (size 20) | hmac: symkey-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864d8698 | result: clone-key@0x564021e19e70 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564021dfd2a0 from symkey-key@0x564021e19e70 | hmac prf: begin sha with context 0x564021dfd2a0 from symkey-key@0x564021e19e70 | hmac: release clone-key@0x564021e19e70 | hmac PRF sha crypt-prf@0x564021e17ee0 | hmac PRF sha update data-bytes@0x7fff864d8a70 (length 64) | 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | 0f bb 9b e3 74 30 9a a0 83 2a b0 1e 6e ce 23 a6 | 4e f2 ef 95 6d 0b 89 25 31 4b 17 1a 32 37 a9 c4 | hmac PRF sha final-bytes@0x7fff864d8ab0 (length 20) | 5d b0 b8 a5 c7 8e 23 3c e7 87 48 28 7e d0 4f 0d | cd 03 03 43 | data being hmac: 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | data being hmac: 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | data being hmac: 0f bb 9b e3 74 30 9a a0 83 2a b0 1e 6e ce 23 a6 | data being hmac: 4e f2 ef 95 6d 0b 89 25 31 4b 17 1a 32 37 a9 c4 | out calculated auth: | 5d b0 b8 a5 c7 8e 23 3c e7 87 48 28 | sending 76 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | 0f bb 9b e3 74 30 9a a0 83 2a b0 1e 6e ce 23 a6 | 4e f2 ef 95 6d 0b 89 25 31 4b 17 1a 32 37 a9 c4 | 5d b0 b8 a5 c7 8e 23 3c e7 87 48 28 | Message ID: IKE #1 sender #1 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 | Message ID: IKE #1 sender #1 in send_delete hacking around record ' send | Message ID: #1 XXX: expecting sender.wip.initiator 2 == -1 - suspect record'n'send out-of-order?); initiator.sent=3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=3 wip.responder=-1 | Message ID: sent #1 request 3; ike: initiator.sent=2->3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=2->3 wip.responder=-1 | state #1 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x564021e17f40 | free_event_entry: release EVENT_SA_REKEY-pe@0x564021e17f00 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #1 in PARENT_I3 | parent state #1: PARENT_I3(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f5cd0000d60: destroyed | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x564021e06230 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x564021e04570 | delete_state: release st->st_skey_ai_nss-key@0x564021df9ff0 | delete_state: release st->st_skey_ar_nss-key@0x564021e01140 | delete_state: release st->st_skey_ei_nss-key@0x564021e07b90 | delete_state: release st->st_skey_er_nss-key@0x564021dfb870 | delete_state: release st->st_skey_pi_nss-key@0x7f5cc800a510 | delete_state: release st->st_skey_pr_nss-key@0x7f5cc800d640 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.38 milliseconds in whack | spent 0.00175 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | f9 22 43 00 be 08 8d af 92 ea 50 06 6a f1 02 ff | ec 54 25 00 e5 ef 17 88 6b d7 02 c4 ab ca 6a e1 | a4 af 8a 14 2a 3e 13 1c c0 72 ef f4 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 6f 65 ca 24 c5 3d b3 9a | responder cookie: | be e6 fc 2c 4c bc e3 0e | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0726 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00431 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00253 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 6f 65 ca 24 c5 3d b3 9a be e6 fc 2c 4c bc e3 0e | 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | 0c a3 37 e0 08 c8 2a b2 59 b7 50 df fe 74 7b 18 | a5 58 97 5d 29 60 6d f5 1f ed a6 92 80 39 84 fb | 63 47 c0 3e 4f d5 3d bd d7 b5 d1 3e | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 6f 65 ca 24 c5 3d b3 9a | responder cookie: | be e6 fc 2c 4c bc e3 0e | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.064 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | stop processing: connection "aes128" (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | shunt_eroute() called for connection 'aes128' to 'delete' for rt_kind 'unrouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 | priority calculation of connection "aes128" is 0xfe7e7 | priority calculation of connection "aes128" is 0xfe7e7 | FOR_EACH_CONNECTION_... in route_owner | conn aes128 mark 0/00000000, 0/00000000 vs | conn aes128 mark 0/00000000, 0/00000000 | route owner of "aes128" unrouted: NULL | running updown command "ipsec _updown" for verb unroute | command executing unroute-client | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT | popen cmd is 1014 chars long | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_: | cmd( 80):INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID=': | cmd( 160):@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_C: | cmd( 240):LIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQI: | cmd( 320):D='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLU: | cmd( 400):TO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIEN: | cmd( 480):T_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA: | cmd( 560):='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL: | cmd( 640):+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANEN: | cmd( 720):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: | cmd( 800):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: | cmd( 880):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: | cmd( 960):_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. | free hp@0x564021de15d0 | flush revival: connection 'aes128' wasn't on the list | stop processing: connection "aes128" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.57 milliseconds in whack | kernel_process_msg_cb process netlink message | netlink_get: XFRM_MSG_UPDPOLICY message | spent 0.00777 milliseconds in kernel message | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00428 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing suppress-retransmits + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0596 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + delete-on-retransmit | base impairing = delete-on-retransmit | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0444 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | ike-key-length-attribute:0 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0455 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection aes128 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x564021e17b30 added connection description "aes128" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.133 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #3 at 0x564021e1a290 | State DB: adding IKEv2 state #3 in UNDEFINED | pstats #3 ikev2.ike started | Message ID: init #3: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #3: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #3; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #3 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #3 "aes128" "aes128" #3: initiating v2 parent SA | constructing local IKE proposals for aes128 (IKE SA initiator selecting KE) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "aes128": constructed local IKE proposals for aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 3 for state #3 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564021e1fac0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 | libevent_malloc: new ptr-libevent@0x564021e17f40 size 128 | #3 spent 0.113 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #3 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.173 milliseconds in whack | crypto helper 4 resuming | crypto helper 4 starting work-order 3 for state #3 | crypto helper 4 doing build KE and nonce (ikev2_outI1 KE); request ID 3 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f5ccc000d60: created | NSS: Local DH MODP2048 secret (pointer): 0x7f5ccc000d60 | NSS: Public DH wire value: | 56 25 24 48 d5 0c e0 16 82 be b7 c0 a5 b1 f8 77 | c0 92 c2 0d 6c 8f 90 ee b5 22 04 c2 01 76 12 49 | 71 21 91 79 ed 81 00 b4 6c e9 db d2 3b 7d e2 2f | f6 be 55 42 95 ad b4 1a 79 2f 67 2a 2f 64 04 94 | fe 40 2e 94 de ee 9d ca 07 10 40 d4 a9 ca fc b0 | 6e d5 ba 16 7c 4b d8 c4 31 60 6e 2c 8b 62 fc 6e | 81 7b 45 d0 2e 5c 21 f2 35 03 e5 f2 c1 1d 6e 2b | 59 33 35 4e b4 db fd dc 86 38 d9 3e 2c 73 99 1b | 95 2e 10 41 12 c5 55 f4 98 bc a1 32 d7 1d d6 83 | f8 09 0c 68 72 eb 3a a7 23 e6 5b 59 a5 1a 98 00 | 4a d8 45 75 ae 88 dc a0 d7 cb ca c1 c5 d5 f8 7b | 7f 1b 17 74 f6 63 5b 50 9f 66 96 be c0 fb 6d d9 | d8 29 dd 97 e6 1a 33 12 de 50 aa 8d 81 ca ce a9 | 2c 50 24 ed 1d 2f 3f a1 ed 90 56 a7 31 41 ba 11 | d0 aa f6 85 99 32 dd 34 1b 03 eb 87 5d 8b 68 04 | 90 9a 58 0a ab a9 6f 77 eb 12 d6 b9 fa e3 16 da | Generated nonce: 61 9c 37 37 13 aa 34 4b ef 90 ae 46 53 ce f8 c3 | Generated nonce: 5a 38 c1 30 71 f5 1f 03 02 17 f2 8e cb 0a 3d e2 | crypto helper 4 finished build KE and nonce (ikev2_outI1 KE); request ID 3 time elapsed 0.001059 seconds | (#3) spent 1.06 milliseconds in crypto helper computing work-order 3: ikev2_outI1 KE (pcr) | crypto helper 4 sending results from work-order 3 for state #3 to event queue | scheduling resume sending helper answer for #3 | libevent_malloc: new ptr-libevent@0x7f5ccc006900 size 128 | crypto helper 4 waiting (nothing to do) | processing resume sending helper answer for #3 | start processing: state #3 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 4 replies to request ID 3 | calling continuation function 0x564020443630 | ikev2_parent_outI1_continue for #3 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f5ccc000d60: transferring ownership from helper KE to state #3 | **emit ISAKMP Message: | initiator cookie: | 33 37 04 64 9f a1 15 4d | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #3: IMPAIR: emitting fixed-length key-length attribute with 0 key | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 0 (0x0) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 56 25 24 48 d5 0c e0 16 82 be b7 c0 a5 b1 f8 77 | ikev2 g^x c0 92 c2 0d 6c 8f 90 ee b5 22 04 c2 01 76 12 49 | ikev2 g^x 71 21 91 79 ed 81 00 b4 6c e9 db d2 3b 7d e2 2f | ikev2 g^x f6 be 55 42 95 ad b4 1a 79 2f 67 2a 2f 64 04 94 | ikev2 g^x fe 40 2e 94 de ee 9d ca 07 10 40 d4 a9 ca fc b0 | ikev2 g^x 6e d5 ba 16 7c 4b d8 c4 31 60 6e 2c 8b 62 fc 6e | ikev2 g^x 81 7b 45 d0 2e 5c 21 f2 35 03 e5 f2 c1 1d 6e 2b | ikev2 g^x 59 33 35 4e b4 db fd dc 86 38 d9 3e 2c 73 99 1b | ikev2 g^x 95 2e 10 41 12 c5 55 f4 98 bc a1 32 d7 1d d6 83 | ikev2 g^x f8 09 0c 68 72 eb 3a a7 23 e6 5b 59 a5 1a 98 00 | ikev2 g^x 4a d8 45 75 ae 88 dc a0 d7 cb ca c1 c5 d5 f8 7b | ikev2 g^x 7f 1b 17 74 f6 63 5b 50 9f 66 96 be c0 fb 6d d9 | ikev2 g^x d8 29 dd 97 e6 1a 33 12 de 50 aa 8d 81 ca ce a9 | ikev2 g^x 2c 50 24 ed 1d 2f 3f a1 ed 90 56 a7 31 41 ba 11 | ikev2 g^x d0 aa f6 85 99 32 dd 34 1b 03 eb 87 5d 8b 68 04 | ikev2 g^x 90 9a 58 0a ab a9 6f 77 eb 12 d6 b9 fa e3 16 da | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 61 9c 37 37 13 aa 34 4b ef 90 ae 46 53 ce f8 c3 | IKEv2 nonce 5a 38 c1 30 71 f5 1f 03 02 17 f2 8e cb 0a 3d e2 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864dbf00 (length 8) | 33 37 04 64 9f a1 15 4d | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864dbf08 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff864dbe34 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff864dbe26 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864dbeb0 (length 20) | 11 4a 7f 6f 07 12 a6 ac 66 9d 8b 41 f0 5b 27 b1 | 46 19 da 43 | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= 33 37 04 64 9f a1 15 4d | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 11 4a 7f 6f 07 12 a6 ac 66 9d 8b 41 f0 5b 27 b1 | natd_hash: hash= 46 19 da 43 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 11 4a 7f 6f 07 12 a6 ac 66 9d 8b 41 f0 5b 27 b1 | Notify data 46 19 da 43 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864dbf00 (length 8) | 33 37 04 64 9f a1 15 4d | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864dbf08 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff864dbe34 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff864dbe26 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864dbeb0 (length 20) | 47 60 55 83 47 1e 15 ee d6 0a 25 75 af 8d 9b 1f | f8 29 68 0d | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= 33 37 04 64 9f a1 15 4d | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 47 60 55 83 47 1e 15 ee d6 0a 25 75 af 8d 9b 1f | natd_hash: hash= f8 29 68 0d | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 47 60 55 83 47 1e 15 ee d6 0a 25 75 af 8d 9b 1f | Notify data f8 29 68 0d | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #3 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #3 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #3 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #3: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #3 to 4294967295 after switching state | Message ID: IKE #3 skipping update_recv as MD is fake | Message ID: sent #3 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #3: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #3) | 33 37 04 64 9f a1 15 4d 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 56 25 24 48 d5 0c e0 16 82 be b7 c0 | a5 b1 f8 77 c0 92 c2 0d 6c 8f 90 ee b5 22 04 c2 | 01 76 12 49 71 21 91 79 ed 81 00 b4 6c e9 db d2 | 3b 7d e2 2f f6 be 55 42 95 ad b4 1a 79 2f 67 2a | 2f 64 04 94 fe 40 2e 94 de ee 9d ca 07 10 40 d4 | a9 ca fc b0 6e d5 ba 16 7c 4b d8 c4 31 60 6e 2c | 8b 62 fc 6e 81 7b 45 d0 2e 5c 21 f2 35 03 e5 f2 | c1 1d 6e 2b 59 33 35 4e b4 db fd dc 86 38 d9 3e | 2c 73 99 1b 95 2e 10 41 12 c5 55 f4 98 bc a1 32 | d7 1d d6 83 f8 09 0c 68 72 eb 3a a7 23 e6 5b 59 | a5 1a 98 00 4a d8 45 75 ae 88 dc a0 d7 cb ca c1 | c5 d5 f8 7b 7f 1b 17 74 f6 63 5b 50 9f 66 96 be | c0 fb 6d d9 d8 29 dd 97 e6 1a 33 12 de 50 aa 8d | 81 ca ce a9 2c 50 24 ed 1d 2f 3f a1 ed 90 56 a7 | 31 41 ba 11 d0 aa f6 85 99 32 dd 34 1b 03 eb 87 | 5d 8b 68 04 90 9a 58 0a ab a9 6f 77 eb 12 d6 b9 | fa e3 16 da 29 00 00 24 61 9c 37 37 13 aa 34 4b | ef 90 ae 46 53 ce f8 c3 5a 38 c1 30 71 f5 1f 03 | 02 17 f2 8e cb 0a 3d e2 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 11 4a 7f 6f 07 12 a6 ac | 66 9d 8b 41 f0 5b 27 b1 46 19 da 43 00 00 00 1c | 00 00 40 05 47 60 55 83 47 1e 15 ee d6 0a 25 75 | af 8d 9b 1f f8 29 68 0d | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x564021e17f40 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564021e1fac0 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x564021e1fac0 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #3 | libevent_malloc: new ptr-libevent@0x564021e17f40 size 128 | #3 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48952.609228 | resume sending helper answer for #3 suppresed complete_v2_state_transition() and stole MD | #3 spent 0.501 milliseconds in resume sending helper answer | stop processing: state #3 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5ccc006900 | spent 0.00225 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 33 37 04 64 9f a1 15 4d 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 33 37 04 64 9f a1 15 4d | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #3 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #3 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #3 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #3 is idle | #3 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #3 IKE SPIi and SPI[ir] | #3 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "aes128" #3: STATE_PARENT_I1: received unauthenticated v2N_NO_PROPOSAL_CHOSEN - ignored | #3 spent 0.00686 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #3 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #3 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #3 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #3 spent 0.115 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.127 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x564021e1fac0 | handling event EVENT_RETRANSMIT for parent state #3 | start processing: state #3 connection "aes128" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) | IKEv2 retransmit event | [RE]START processing: state #3 connection "aes128" from 192.1.2.23:500 (in retransmit_v2_msg() at retry.c:144) | handling event EVENT_RETRANSMIT for 192.1.2.23 "aes128" #3 attempt 2 of 0 | and parent for 192.1.2.23 "aes128" #3 keying attempt 1 of 0; retransmit 1 "aes128" #3: IMPAIR: retransmit so deleting SA | maximum number of keyingtries reached - deleting state | [RE]START processing: state #3 connection "aes128" from 192.1.2.23:500 (in retransmit_v2_msg() at retry.c:234) | pstats #3 ikev2.ike failed too-many-retransmits | pstats #3 ikev2.ike deleted too-many-retransmits | #3 spent 1.79 milliseconds in total | [RE]START processing: state #3 connection "aes128" from 192.1.2.23:500 (in delete_state() at state.c:879) "aes128" #3: deleting state (STATE_PARENT_I1) aged 0.505s and NOT sending notification | parent state #3: PARENT_I1(half-open IKE SA) => delete | in connection_discard for connection aes128 | close_any(fd@25) (in delete_pending() at pending.c:244) | removing pending policy for "aes128" {0x564021e1e1d0} | State DB: IKEv2 state not found (flush_incomplete_children) | picked newest_isakmp_sa #0 for #3 "aes128" #3: deleting IKE SA for connection 'aes128' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS | add revival: connection 'aes128' added to the list and scheduled for 0 seconds | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #3 in PARENT_I1 | parent state #3: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | close_any(fd@24) (in release_whack() at state.c:654) | DH secret MODP2048@0x7f5ccc000d60: destroyed | stop processing: state #3 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | libevent_free: release ptr-libevent@0x564021e17f40 | free_event_entry: release EVENT_RETRANSMIT-pe@0x564021e1fac0 | in statetime_stop() and could not find #3 | processing: STOP state #0 (in timer_event_cb() at timer.c:557) | processing global timer EVENT_REVIVE_CONNS Initiating connection aes128 which received a Delete/Notify but must remain up per local policy | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #4 at 0x564021e1a290 | State DB: adding IKEv2 state #4 in UNDEFINED | pstats #4 ikev2.ike started | Message ID: init #4: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #4: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #4; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #4 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #4 "aes128" "aes128" #4: initiating v2 parent SA | using existing local IKE proposals for connection aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 4 for state #4 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564021e1fac0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 | libevent_malloc: new ptr-libevent@0x564021e17f40 size 128 | #4 spent 0.0827 milliseconds in ikev2_parent_outI1() | RESET processing: state #4 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | spent 0.101 milliseconds in global timer EVENT_REVIVE_CONNS | crypto helper 5 resuming | crypto helper 5 starting work-order 4 for state #4 | crypto helper 5 doing build KE and nonce (ikev2_outI1 KE); request ID 4 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f5cc0000d60: created | NSS: Local DH MODP2048 secret (pointer): 0x7f5cc0000d60 | NSS: Public DH wire value: | 2f 83 dd 0f fd b4 83 8a f5 82 18 b4 3a 47 02 59 | ef a6 a6 2b 3f 1e 6e 23 3a a1 ab c6 ee 78 4c 39 | 37 92 f4 53 dc fa 14 69 01 a7 d5 29 b3 66 9e 50 | 23 67 d2 ce 3c e0 9a 55 c1 e1 e9 38 4d cb 42 97 | 29 da 69 8d 30 ec 65 98 ca 02 96 7c 7e 11 f0 60 | cd 25 84 f9 c0 d0 48 99 d6 2c 38 76 0c b8 ff 34 | 54 86 19 e0 fc c9 86 ea 3c 97 56 1c 5d ab 6c ce | 85 3a d3 2b a1 c1 de a2 f1 18 40 59 d2 4e 07 bc | c5 c5 d1 2f 55 89 a1 98 50 4b 43 d6 d1 99 c6 04 | d6 56 37 1d e9 89 07 e7 ac cc 64 8e ef e2 b5 0e | fc 82 72 f7 5f e9 55 e7 e2 59 86 8d ba 4f 22 af | ca b4 d6 93 23 04 50 5c 5d ba 78 fe 50 40 d1 e1 | 2f 70 88 f4 ac b4 86 8f 75 bc 55 38 f1 78 c1 0e | 28 d8 b4 78 5e 27 ba 9e a5 03 6b 72 f2 56 77 a7 | 4a 16 23 4c ca 33 1f a2 3f 76 9a 0d c9 60 09 10 | d2 4e 3f 5a c1 9d e3 1b 65 1e 51 99 7d 8e be 25 | Generated nonce: e2 98 68 17 98 87 47 89 b5 d1 cf 9c 18 0d 78 a1 | Generated nonce: 61 d0 8d b3 ad b1 9f 4e ed a5 dd a5 22 51 01 57 | crypto helper 5 finished build KE and nonce (ikev2_outI1 KE); request ID 4 time elapsed 0.002038 seconds | (#4) spent 1.09 milliseconds in crypto helper computing work-order 4: ikev2_outI1 KE (pcr) | crypto helper 5 sending results from work-order 4 for state #4 to event queue | scheduling resume sending helper answer for #4 | libevent_malloc: new ptr-libevent@0x7f5cc0006900 size 128 | crypto helper 5 waiting (nothing to do) | processing resume sending helper answer for #4 | start processing: state #4 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 5 replies to request ID 4 | calling continuation function 0x564020443630 | ikev2_parent_outI1_continue for #4 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f5cc0000d60: transferring ownership from helper KE to state #4 | **emit ISAKMP Message: | initiator cookie: | b5 3b 19 b2 c4 23 ba 4c | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #4: IMPAIR: emitting fixed-length key-length attribute with 0 key | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 0 (0x0) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 2f 83 dd 0f fd b4 83 8a f5 82 18 b4 3a 47 02 59 | ikev2 g^x ef a6 a6 2b 3f 1e 6e 23 3a a1 ab c6 ee 78 4c 39 | ikev2 g^x 37 92 f4 53 dc fa 14 69 01 a7 d5 29 b3 66 9e 50 | ikev2 g^x 23 67 d2 ce 3c e0 9a 55 c1 e1 e9 38 4d cb 42 97 | ikev2 g^x 29 da 69 8d 30 ec 65 98 ca 02 96 7c 7e 11 f0 60 | ikev2 g^x cd 25 84 f9 c0 d0 48 99 d6 2c 38 76 0c b8 ff 34 | ikev2 g^x 54 86 19 e0 fc c9 86 ea 3c 97 56 1c 5d ab 6c ce | ikev2 g^x 85 3a d3 2b a1 c1 de a2 f1 18 40 59 d2 4e 07 bc | ikev2 g^x c5 c5 d1 2f 55 89 a1 98 50 4b 43 d6 d1 99 c6 04 | ikev2 g^x d6 56 37 1d e9 89 07 e7 ac cc 64 8e ef e2 b5 0e | ikev2 g^x fc 82 72 f7 5f e9 55 e7 e2 59 86 8d ba 4f 22 af | ikev2 g^x ca b4 d6 93 23 04 50 5c 5d ba 78 fe 50 40 d1 e1 | ikev2 g^x 2f 70 88 f4 ac b4 86 8f 75 bc 55 38 f1 78 c1 0e | ikev2 g^x 28 d8 b4 78 5e 27 ba 9e a5 03 6b 72 f2 56 77 a7 | ikev2 g^x 4a 16 23 4c ca 33 1f a2 3f 76 9a 0d c9 60 09 10 | ikev2 g^x d2 4e 3f 5a c1 9d e3 1b 65 1e 51 99 7d 8e be 25 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce e2 98 68 17 98 87 47 89 b5 d1 cf 9c 18 0d 78 a1 | IKEv2 nonce 61 d0 8d b3 ad b1 9f 4e ed a5 dd a5 22 51 01 57 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864dbf00 (length 8) | b5 3b 19 b2 c4 23 ba 4c | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864dbf08 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff864dbe34 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff864dbe26 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864dbeb0 (length 20) | 2f da 60 f0 6e 30 2d 63 e3 de 14 fb a7 1a 3b cb | a9 f0 58 ea | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= b5 3b 19 b2 c4 23 ba 4c | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 2f da 60 f0 6e 30 2d 63 e3 de 14 fb a7 1a 3b cb | natd_hash: hash= a9 f0 58 ea | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 2f da 60 f0 6e 30 2d 63 e3 de 14 fb a7 1a 3b cb | Notify data a9 f0 58 ea | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864dbf00 (length 8) | b5 3b 19 b2 c4 23 ba 4c | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864dbf08 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff864dbe34 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff864dbe26 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864dbeb0 (length 20) | 53 38 67 3f b3 48 7c 5e d0 53 c7 a9 fc 91 c1 ff | bf 85 2c b9 | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= b5 3b 19 b2 c4 23 ba 4c | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 53 38 67 3f b3 48 7c 5e d0 53 c7 a9 fc 91 c1 ff | natd_hash: hash= bf 85 2c b9 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 53 38 67 3f b3 48 7c 5e d0 53 c7 a9 fc 91 c1 ff | Notify data bf 85 2c b9 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #4 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #4 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #4 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #4: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #4 to 4294967295 after switching state | Message ID: IKE #4 skipping update_recv as MD is fake | Message ID: sent #4 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #4: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #4) | b5 3b 19 b2 c4 23 ba 4c 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 2f 83 dd 0f fd b4 83 8a f5 82 18 b4 | 3a 47 02 59 ef a6 a6 2b 3f 1e 6e 23 3a a1 ab c6 | ee 78 4c 39 37 92 f4 53 dc fa 14 69 01 a7 d5 29 | b3 66 9e 50 23 67 d2 ce 3c e0 9a 55 c1 e1 e9 38 | 4d cb 42 97 29 da 69 8d 30 ec 65 98 ca 02 96 7c | 7e 11 f0 60 cd 25 84 f9 c0 d0 48 99 d6 2c 38 76 | 0c b8 ff 34 54 86 19 e0 fc c9 86 ea 3c 97 56 1c | 5d ab 6c ce 85 3a d3 2b a1 c1 de a2 f1 18 40 59 | d2 4e 07 bc c5 c5 d1 2f 55 89 a1 98 50 4b 43 d6 | d1 99 c6 04 d6 56 37 1d e9 89 07 e7 ac cc 64 8e | ef e2 b5 0e fc 82 72 f7 5f e9 55 e7 e2 59 86 8d | ba 4f 22 af ca b4 d6 93 23 04 50 5c 5d ba 78 fe | 50 40 d1 e1 2f 70 88 f4 ac b4 86 8f 75 bc 55 38 | f1 78 c1 0e 28 d8 b4 78 5e 27 ba 9e a5 03 6b 72 | f2 56 77 a7 4a 16 23 4c ca 33 1f a2 3f 76 9a 0d | c9 60 09 10 d2 4e 3f 5a c1 9d e3 1b 65 1e 51 99 | 7d 8e be 25 29 00 00 24 e2 98 68 17 98 87 47 89 | b5 d1 cf 9c 18 0d 78 a1 61 d0 8d b3 ad b1 9f 4e | ed a5 dd a5 22 51 01 57 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 2f da 60 f0 6e 30 2d 63 | e3 de 14 fb a7 1a 3b cb a9 f0 58 ea 00 00 00 1c | 00 00 40 05 53 38 67 3f b3 48 7c 5e d0 53 c7 a9 | fc 91 c1 ff bf 85 2c b9 | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x564021e17f40 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564021e1fac0 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x564021e1fac0 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #4 | libevent_malloc: new ptr-libevent@0x564021e17f40 size 128 | #4 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48953.11544 | resume sending helper answer for #4 suppresed complete_v2_state_transition() and stole MD | #4 spent 0.496 milliseconds in resume sending helper answer | stop processing: state #4 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5cc0006900 | spent 0.002 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | b5 3b 19 b2 c4 23 ba 4c 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | b5 3b 19 b2 c4 23 ba 4c | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #4 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #4 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #4 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #4 is idle | #4 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #4 IKE SPIi and SPI[ir] | #4 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "aes128" #4: STATE_PARENT_I1: received unauthenticated v2N_NO_PROPOSAL_CHOSEN - ignored | #4 spent 0.0039 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #4 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #4 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #4 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #4 spent 0.106 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.117 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0467 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | removing pending policy for no connection {0x564021e1e1d0} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #4 | suspend processing: connection "aes128" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #4 connection "aes128" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #4 ikev2.ike deleted other | #4 spent 1.78 milliseconds in total | [RE]START processing: state #4 connection "aes128" from 192.1.2.23:500 (in delete_state() at state.c:879) "aes128" #4: deleting state (STATE_PARENT_I1) aged 0.065s and NOT sending notification | parent state #4: PARENT_I1(half-open IKE SA) => delete | state #4 requesting EVENT_RETRANSMIT to be deleted | #4 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x564021e17f40 | free_event_entry: release EVENT_RETRANSMIT-pe@0x564021e1fac0 | State DB: IKEv2 state not found (flush_incomplete_children) | stop processing: connection "aes128" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #4 in PARENT_I1 | parent state #4: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f5cc0000d60: destroyed | stop processing: state #4 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x564021e17b30 | flush revival: connection 'aes128' wasn't on the list | stop processing: connection "aes128" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.195 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | ike-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0597 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + delete-on-retransmit | base impairing = delete-on-retransmit | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0592 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | child-key-length-attribute:0 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0561 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection aes128 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x564021de15d0 added connection description "aes128" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.139 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #5 at 0x564021e1a290 | State DB: adding IKEv2 state #5 in UNDEFINED | pstats #5 ikev2.ike started | Message ID: init #5: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #5: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #5; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #5 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #5 "aes128" "aes128" #5: initiating v2 parent SA | constructing local IKE proposals for aes128 (IKE SA initiator selecting KE) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "aes128": constructed local IKE proposals for aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 5 for state #5 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f5ccc002b20 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 | libevent_malloc: new ptr-libevent@0x564021e17f40 size 128 | #5 spent 0.121 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #5 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.184 milliseconds in whack | crypto helper 6 resuming | crypto helper 6 starting work-order 5 for state #5 | crypto helper 6 doing build KE and nonce (ikev2_outI1 KE); request ID 5 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f5cc4000d60: created | NSS: Local DH MODP2048 secret (pointer): 0x7f5cc4000d60 | NSS: Public DH wire value: | 09 c7 d8 8a b4 62 98 cc 8f 08 ef cb 87 1d 10 d1 | 77 a2 b0 b8 be 29 34 3a 9c 37 e5 fc f0 2f 62 1a | fd 64 25 cd 36 59 ae dc d7 58 6c b1 96 af 41 2a | 81 40 27 99 d9 75 c6 2b a9 d4 bf fe 57 e5 51 b6 | 4c d6 06 2b 53 b9 05 d9 9f 91 47 e9 85 6c 06 7f | df e3 9c df 4b 6d b9 8e 07 97 23 84 2b a9 98 39 | 32 66 6c bd c4 52 b5 39 a4 f1 67 2c 3e d5 db 11 | 51 7c ce 75 13 77 26 d3 49 eb 9d 61 9c 64 45 d0 | a0 1a 26 8d 16 86 40 f9 5e c7 9b e6 bc a9 fd 5e | 1e c1 cc 96 fe b9 f6 9e 4a bc 02 be 7b bc 8a 80 | bd 96 25 5f 6d 74 a4 95 c3 a8 df b6 91 8f c4 91 | 68 82 9e d9 c2 87 56 7d 74 27 86 10 a5 0a ae 5a | 2d 3c 58 97 43 a5 ef 4b 0e 11 7d 54 44 eb eb 62 | 97 3f 68 a7 fb 02 e3 68 96 76 34 3e aa c8 a8 9f | 83 22 10 c3 c3 14 d8 76 25 d2 65 1c 4f 23 66 c7 | d1 d3 8e 15 4b ae 80 06 6a f0 1b fb a5 88 2b a6 | Generated nonce: 24 0f 74 e7 9a b3 06 d9 8a 59 a3 4a 6f ed 7b 85 | Generated nonce: 3c ea 05 58 47 51 27 24 65 01 f2 4c 1c 52 3e 99 | crypto helper 6 finished build KE and nonce (ikev2_outI1 KE); request ID 5 time elapsed 0.001105 seconds | (#5) spent 1.1 milliseconds in crypto helper computing work-order 5: ikev2_outI1 KE (pcr) | crypto helper 6 sending results from work-order 5 for state #5 to event queue | scheduling resume sending helper answer for #5 | libevent_malloc: new ptr-libevent@0x7f5cc4006900 size 128 | crypto helper 6 waiting (nothing to do) | processing resume sending helper answer for #5 | start processing: state #5 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 6 replies to request ID 5 | calling continuation function 0x564020443630 | ikev2_parent_outI1_continue for #5 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f5cc4000d60: transferring ownership from helper KE to state #5 | **emit ISAKMP Message: | initiator cookie: | 82 4c a5 cc c5 8a 82 5d | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 09 c7 d8 8a b4 62 98 cc 8f 08 ef cb 87 1d 10 d1 | ikev2 g^x 77 a2 b0 b8 be 29 34 3a 9c 37 e5 fc f0 2f 62 1a | ikev2 g^x fd 64 25 cd 36 59 ae dc d7 58 6c b1 96 af 41 2a | ikev2 g^x 81 40 27 99 d9 75 c6 2b a9 d4 bf fe 57 e5 51 b6 | ikev2 g^x 4c d6 06 2b 53 b9 05 d9 9f 91 47 e9 85 6c 06 7f | ikev2 g^x df e3 9c df 4b 6d b9 8e 07 97 23 84 2b a9 98 39 | ikev2 g^x 32 66 6c bd c4 52 b5 39 a4 f1 67 2c 3e d5 db 11 | ikev2 g^x 51 7c ce 75 13 77 26 d3 49 eb 9d 61 9c 64 45 d0 | ikev2 g^x a0 1a 26 8d 16 86 40 f9 5e c7 9b e6 bc a9 fd 5e | ikev2 g^x 1e c1 cc 96 fe b9 f6 9e 4a bc 02 be 7b bc 8a 80 | ikev2 g^x bd 96 25 5f 6d 74 a4 95 c3 a8 df b6 91 8f c4 91 | ikev2 g^x 68 82 9e d9 c2 87 56 7d 74 27 86 10 a5 0a ae 5a | ikev2 g^x 2d 3c 58 97 43 a5 ef 4b 0e 11 7d 54 44 eb eb 62 | ikev2 g^x 97 3f 68 a7 fb 02 e3 68 96 76 34 3e aa c8 a8 9f | ikev2 g^x 83 22 10 c3 c3 14 d8 76 25 d2 65 1c 4f 23 66 c7 | ikev2 g^x d1 d3 8e 15 4b ae 80 06 6a f0 1b fb a5 88 2b a6 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 24 0f 74 e7 9a b3 06 d9 8a 59 a3 4a 6f ed 7b 85 | IKEv2 nonce 3c ea 05 58 47 51 27 24 65 01 f2 4c 1c 52 3e 99 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864dbf00 (length 8) | 82 4c a5 cc c5 8a 82 5d | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864dbf08 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff864dbe34 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff864dbe26 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864dbeb0 (length 20) | 9b 5c de 7c 09 c2 d8 70 be b5 ff 2d 00 69 a0 6f | 32 11 5c ef | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= 82 4c a5 cc c5 8a 82 5d | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 9b 5c de 7c 09 c2 d8 70 be b5 ff 2d 00 69 a0 6f | natd_hash: hash= 32 11 5c ef | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 9b 5c de 7c 09 c2 d8 70 be b5 ff 2d 00 69 a0 6f | Notify data 32 11 5c ef | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864dbf00 (length 8) | 82 4c a5 cc c5 8a 82 5d | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864dbf08 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff864dbe34 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff864dbe26 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864dbeb0 (length 20) | fc a4 14 e1 6d 31 46 f2 b5 bc 73 9c 40 04 7b 68 | 08 f0 79 72 | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= 82 4c a5 cc c5 8a 82 5d | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= fc a4 14 e1 6d 31 46 f2 b5 bc 73 9c 40 04 7b 68 | natd_hash: hash= 08 f0 79 72 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data fc a4 14 e1 6d 31 46 f2 b5 bc 73 9c 40 04 7b 68 | Notify data 08 f0 79 72 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #5 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #5 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #5 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #5: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #5 to 4294967295 after switching state | Message ID: IKE #5 skipping update_recv as MD is fake | Message ID: sent #5 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #5: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #5) | 82 4c a5 cc c5 8a 82 5d 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 09 c7 d8 8a b4 62 98 cc 8f 08 ef cb | 87 1d 10 d1 77 a2 b0 b8 be 29 34 3a 9c 37 e5 fc | f0 2f 62 1a fd 64 25 cd 36 59 ae dc d7 58 6c b1 | 96 af 41 2a 81 40 27 99 d9 75 c6 2b a9 d4 bf fe | 57 e5 51 b6 4c d6 06 2b 53 b9 05 d9 9f 91 47 e9 | 85 6c 06 7f df e3 9c df 4b 6d b9 8e 07 97 23 84 | 2b a9 98 39 32 66 6c bd c4 52 b5 39 a4 f1 67 2c | 3e d5 db 11 51 7c ce 75 13 77 26 d3 49 eb 9d 61 | 9c 64 45 d0 a0 1a 26 8d 16 86 40 f9 5e c7 9b e6 | bc a9 fd 5e 1e c1 cc 96 fe b9 f6 9e 4a bc 02 be | 7b bc 8a 80 bd 96 25 5f 6d 74 a4 95 c3 a8 df b6 | 91 8f c4 91 68 82 9e d9 c2 87 56 7d 74 27 86 10 | a5 0a ae 5a 2d 3c 58 97 43 a5 ef 4b 0e 11 7d 54 | 44 eb eb 62 97 3f 68 a7 fb 02 e3 68 96 76 34 3e | aa c8 a8 9f 83 22 10 c3 c3 14 d8 76 25 d2 65 1c | 4f 23 66 c7 d1 d3 8e 15 4b ae 80 06 6a f0 1b fb | a5 88 2b a6 29 00 00 24 24 0f 74 e7 9a b3 06 d9 | 8a 59 a3 4a 6f ed 7b 85 3c ea 05 58 47 51 27 24 | 65 01 f2 4c 1c 52 3e 99 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 9b 5c de 7c 09 c2 d8 70 | be b5 ff 2d 00 69 a0 6f 32 11 5c ef 00 00 00 1c | 00 00 40 05 fc a4 14 e1 6d 31 46 f2 b5 bc 73 9c | 40 04 7b 68 08 f0 79 72 | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x564021e17f40 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f5ccc002b20 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x7f5ccc002b20 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #5 | libevent_malloc: new ptr-libevent@0x564021e17f40 size 128 | #5 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48953.732625 | resume sending helper answer for #5 suppresed complete_v2_state_transition() and stole MD | #5 spent 0.503 milliseconds in resume sending helper answer | stop processing: state #5 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5cc4006900 | spent 0.00259 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 82 4c a5 cc c5 8a 82 5d f8 1a 3c da 95 9b 7d 53 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 13 0d 91 a4 d8 1d 15 72 a7 57 0a 7e | 30 85 6b ac 7f 55 6c f9 47 b1 2b d7 9a 10 dd ee | ad ea 6e 35 80 4f df cf 28 91 73 cb 2a 71 b6 99 | d6 8e 03 9f f1 19 dc ba 0e bf 74 15 f2 90 d0 e0 | 56 30 b1 97 d8 1d cd f2 4e 0e 5d 8b 58 7a 80 fa | 8a 4c 61 68 1d c5 9c 05 19 2f 0a c1 19 95 0b 3e | 37 af 2f 4d 11 9e 28 98 6e 9d 0d f4 bb 82 cb 72 | 10 e2 c5 41 83 54 b9 e0 86 63 b2 0f 38 7d 55 69 | bd 34 5b 51 fb 85 87 81 5a 0d 24 7e 7a 04 77 39 | 6f f5 89 98 41 fc df 00 d4 2d 66 ff 7b 6f 20 aa | 3f 96 ba cc 0c 8e bc 0f 6f 9a fb f6 32 a0 97 82 | 8d 46 a1 4a 71 4c 76 ec 82 b0 21 ae 52 57 11 d6 | 02 31 b6 61 26 6e f8 3e e5 0f 77 ad c8 6b bc e1 | 55 e0 cb cd 1a 6c 10 65 52 3a 19 38 bb 62 f7 91 | ca 17 13 d8 54 cc b9 ca 7e 90 07 8c bb a9 30 16 | 1e 52 32 03 d9 a6 6f 12 ff cf f9 e1 d8 49 61 c3 | 2c 2b d3 cb 29 00 00 24 ad 15 30 60 3b ed 71 70 | 14 ea 2b 2b 1f 2f 95 0b 01 f4 d4 7b 76 bb 02 31 | 93 cb 20 db cb ca 4f b6 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 8d 9f 87 91 ef 65 0a 86 | 39 7d 9b 91 13 64 3b 37 67 b3 89 13 00 00 00 1c | 00 00 40 05 83 b0 f8 b7 74 aa 1b 4f 49 46 1e 4e | 2a 2c 6d 49 bd 23 ac 60 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 82 4c a5 cc c5 8a 82 5d | responder cookie: | f8 1a 3c da 95 9b 7d 53 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #5 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #5 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #5 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #5 is idle | #5 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | State DB: re-hashing IKEv2 state #5 IKE SPIi and SPI[ir] | #5 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | DH public value received: | 13 0d 91 a4 d8 1d 15 72 a7 57 0a 7e 30 85 6b ac | 7f 55 6c f9 47 b1 2b d7 9a 10 dd ee ad ea 6e 35 | 80 4f df cf 28 91 73 cb 2a 71 b6 99 d6 8e 03 9f | f1 19 dc ba 0e bf 74 15 f2 90 d0 e0 56 30 b1 97 | d8 1d cd f2 4e 0e 5d 8b 58 7a 80 fa 8a 4c 61 68 | 1d c5 9c 05 19 2f 0a c1 19 95 0b 3e 37 af 2f 4d | 11 9e 28 98 6e 9d 0d f4 bb 82 cb 72 10 e2 c5 41 | 83 54 b9 e0 86 63 b2 0f 38 7d 55 69 bd 34 5b 51 | fb 85 87 81 5a 0d 24 7e 7a 04 77 39 6f f5 89 98 | 41 fc df 00 d4 2d 66 ff 7b 6f 20 aa 3f 96 ba cc | 0c 8e bc 0f 6f 9a fb f6 32 a0 97 82 8d 46 a1 4a | 71 4c 76 ec 82 b0 21 ae 52 57 11 d6 02 31 b6 61 | 26 6e f8 3e e5 0f 77 ad c8 6b bc e1 55 e0 cb cd | 1a 6c 10 65 52 3a 19 38 bb 62 f7 91 ca 17 13 d8 | 54 cc b9 ca 7e 90 07 8c bb a9 30 16 1e 52 32 03 | d9 a6 6f 12 ff cf f9 e1 d8 49 61 c3 2c 2b d3 cb | using existing local IKE proposals for connection aes128 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE initiator (accepting) 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864db9c0 (length 8) | 82 4c a5 cc c5 8a 82 5d | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864db9c8 (length 8) | f8 1a 3c da 95 9b 7d 53 | NATD hash sha digest IP addr-bytes@0x7fff864db954 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff864db946 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864db9d0 (length 20) | 83 b0 f8 b7 74 aa 1b 4f 49 46 1e 4e 2a 2c 6d 49 | bd 23 ac 60 | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= 82 4c a5 cc c5 8a 82 5d | natd_hash: rcookie= f8 1a 3c da 95 9b 7d 53 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 83 b0 f8 b7 74 aa 1b 4f 49 46 1e 4e 2a 2c 6d 49 | natd_hash: hash= bd 23 ac 60 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864db9c0 (length 8) | 82 4c a5 cc c5 8a 82 5d | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864db9c8 (length 8) | f8 1a 3c da 95 9b 7d 53 | NATD hash sha digest IP addr-bytes@0x7fff864db954 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff864db946 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864db9f0 (length 20) | 8d 9f 87 91 ef 65 0a 86 39 7d 9b 91 13 64 3b 37 | 67 b3 89 13 | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= 82 4c a5 cc c5 8a 82 5d | natd_hash: rcookie= f8 1a 3c da 95 9b 7d 53 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 8d 9f 87 91 ef 65 0a 86 39 7d 9b 91 13 64 3b 37 | natd_hash: hash= 67 b3 89 13 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f5cc4000d60: transferring ownership from state #5 to helper IKEv2 DH | adding ikev2_inR1outI2 KE work-order 6 for state #5 | state #5 requesting EVENT_RETRANSMIT to be deleted | #5 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x564021e17f40 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f5ccc002b20 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f5ccc002b20 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 | libevent_malloc: new ptr-libevent@0x564021e17f40 size 128 | #5 spent 0.27 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | crypto helper 1 resuming | [RE]START processing: state #5 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | crypto helper 1 starting work-order 6 for state #5 | crypto helper 1 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 6 | #5 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #5 and saving MD | #5 is busy; has a suspended MD | peer's g: 13 0d 91 a4 d8 1d 15 72 a7 57 0a 7e 30 85 6b ac | peer's g: 7f 55 6c f9 47 b1 2b d7 9a 10 dd ee ad ea 6e 35 | peer's g: 80 4f df cf 28 91 73 cb 2a 71 b6 99 d6 8e 03 9f | peer's g: f1 19 dc ba 0e bf 74 15 f2 90 d0 e0 56 30 b1 97 | peer's g: d8 1d cd f2 4e 0e 5d 8b 58 7a 80 fa 8a 4c 61 68 | peer's g: 1d c5 9c 05 19 2f 0a c1 19 95 0b 3e 37 af 2f 4d | peer's g: 11 9e 28 98 6e 9d 0d f4 bb 82 cb 72 10 e2 c5 41 | peer's g: 83 54 b9 e0 86 63 b2 0f 38 7d 55 69 bd 34 5b 51 | peer's g: fb 85 87 81 5a 0d 24 7e 7a 04 77 39 6f f5 89 98 | peer's g: 41 fc df 00 d4 2d 66 ff 7b 6f 20 aa 3f 96 ba cc | peer's g: 0c 8e bc 0f 6f 9a fb f6 32 a0 97 82 8d 46 a1 4a | [RE]START processing: state #5 connection "aes128" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) | peer's g: 71 4c 76 ec 82 b0 21 ae 52 57 11 d6 02 31 b6 61 | peer's g: 26 6e f8 3e e5 0f 77 ad c8 6b bc e1 55 e0 cb cd | peer's g: 1a 6c 10 65 52 3a 19 38 bb 62 f7 91 ca 17 13 d8 | peer's g: 54 cc b9 ca 7e 90 07 8c bb a9 30 16 1e 52 32 03 | peer's g: d9 a6 6f 12 ff cf f9 e1 d8 49 61 c3 2c 2b d3 cb | Started DH shared-secret computation in NSS: | new : g_ir-key@0x7f5cc800d640 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f5cc4000d60: computed shared DH secret key@0x7f5cc800d640 | dh-shared : g^ir-key@0x7f5cc800d640 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f5cb8001ef0 (length 64) | 24 0f 74 e7 9a b3 06 d9 8a 59 a3 4a 6f ed 7b 85 | 3c ea 05 58 47 51 27 24 65 01 f2 4c 1c 52 3e 99 | ad 15 30 60 3b ed 71 70 14 ea 2b 2b 1f 2f 95 0b | 01 f4 d4 7b 76 bb 02 31 93 cb 20 db cb ca 4f b6 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd78e7670 | result: Ni | Nr-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7658 | result: Ni | Nr-key@0x7f5cc800a510 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x564021dfb870 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f5cb8002e80 from Ni | Nr-key@0x7f5cc800a510 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f5cb8002e80 from Ni | Nr-key@0x7f5cc800a510 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x7f5cc800a510 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f5cb80016b0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x7f5cc800d640 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x7f5cc800d640 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x7f5cc800d640 | nss hmac digest hack: symkey-key@0x7f5cc800d640 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)-678530352: ffffffa7 1f ffffffa9 ffffffad 1a ffffffe6 ffffffab 36 ffffffcd ffffffd9 5c ffffffb4 4c fffffffc 15 12 ffffffa1 58 16 ffffffed 53 ffffffee 2f 12 ffffff90 08 ffffff90 4d ffffff94 ffffff83 6b ffffffe7 26 42 05 ffffffae 1d ffffff87 ffffffc7 ffffffe7 75 ffffff82 ffffffce 44 ffffffa4 06 70 65 45 fffffff0 0b ffffffba 32 39 20 2b ffffff9a ffffffb1 57 ffffffa4 ffffffa5 05 6b ffffffb7 ffffff91 ffffff8b 2c ffffffd0 ffffffa0 ffffffa5 5f fffffff5 36 07 1d fffffff0 57 ffffff9c 3d 77 ffffff82 ffffffcc fffffff9 ffffff8f ffffff90 ffffffb9 ffffff81 5e ffffffcd ffffffb5 17 70 ffffffe3 67 78 ffffff86 34 ffffffc8 ffffffc4 29 ffffffe1 5a ffffff93 1d 27 ffffffa8 ffffffb3 3a ffffff81 ffffffa6 ffffffcf fffffffb ffffffae ffffffcc fffffffa 35 14 31 73 33 fffffff8 ffffff90 6e 78 ffffff85 3d ffffffc4 09 16 ffffffaf fffffffa 78 7f 36 ffffffce 53 7e ffffffc6 68 ffffffa0 00 47 ffffff8e 38 73 21 ffffffcd ffffff85 2b 0a 63 66 3f ffffff92 ffffffd6 01 ffffffa3 fffff | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 256 bytes at 0x7f5cb8003dd0 | unwrapped: d4 6b 9c 17 dd be c7 4c 86 b1 68 7a de a8 5e 43 | unwrapped: 5f fb c0 b4 f9 ce 9c 2d a0 52 91 92 a6 99 9f ad | unwrapped: d6 5d 08 71 ad 6a 7a 46 8b 3f 5e 3a 61 f5 8d 0a | unwrapped: 32 f7 a8 55 81 bd 4f 4c ec 07 b8 be 2f a6 cc d6 | unwrapped: 62 5d f0 f8 68 10 38 18 ba dc 4e c9 19 cd 2c 30 | unwrapped: f6 e1 98 2c 88 24 7d dd 60 17 95 2c a2 06 a0 7d | unwrapped: a6 c3 6a 3d e3 98 80 3e 19 ec fd f6 56 48 e7 55 | unwrapped: 24 9f da 49 f0 7f 33 85 82 44 6f 11 1e 3e c8 75 | unwrapped: 75 bc e9 41 e3 24 77 39 ff 9c 95 a5 e4 c7 dc a2 | unwrapped: ca ad 48 d9 4d 75 f5 68 4e 9f 61 51 51 67 6d 7f | unwrapped: c0 c3 77 e9 9c d0 28 0c fd 6e 33 77 09 11 41 35 | unwrapped: 7b 7a d2 30 9b 9c 9b d6 ae 0e af b0 58 ce 31 c1 | unwrapped: 20 01 85 f3 3d 44 7c f2 07 85 8f 3b 7a dd 88 6b | unwrapped: bb c1 19 cc 15 4e 32 16 e3 ca 63 10 75 89 2f d8 | unwrapped: ff d3 10 ed c7 ed 4e ce e0 68 91 4f b2 83 2b b7 | unwrapped: e4 12 cb 02 00 1d 83 d5 a8 90 00 4c 29 df d4 ad | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd78e7690 | result: final-key@0x564021dfb870 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021dfb870 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7678 | result: final-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021dfb870 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x7f5cc800a510 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd78e7600 | result: data=Ni-key@0x564021e07b90 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x564021e07b90 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e75e8 | result: data=Ni-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x564021e07b90 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f5cd78e75f0 | result: data+=Nr-key@0x564021e07b90 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564021dfb870 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e07b90 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f5cd78e75f0 | result: data+=SPIi-key@0x564021dfb870 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564021e07b90 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021dfb870 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f5cd78e75f0 | result: data+=SPIr-key@0x564021e07b90 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564021dfb870 | prf+0 PRF sha init key-key@0x7f5cc800a510 (size 20) | prf+0: key-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7518 | result: clone-key@0x564021dfb870 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f5cb8002e80 from key-key@0x564021dfb870 | prf+0 prf: begin sha with context 0x7f5cb8002e80 from key-key@0x564021dfb870 | prf+0: release clone-key@0x564021dfb870 | prf+0 PRF sha crypt-prf@0x7f5cb80018a0 | prf+0 PRF sha update seed-key@0x564021e07b90 (size 80) | prf+0: seed-key@0x564021e07b90 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021e07b90 | nss hmac digest hack: symkey-key@0x564021e07b90 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-678530720: ffffffc4 ffffffe5 ffffffdf fffffff5 12 ffffffc5 36 20 1f ffffffd3 ffffffaa ffffff99 52 ffffffca ffffffe4 3b 0a 4a ffffff80 22 29 fffffff2 ffffffc1 1f ffffffda ffffffae ffffffb2 fffffff7 5c ffffff86 fffffffa ffffffa3 ffffff89 ffffffc4 2b 6e 3b 1f 3d 4f 15 ffffffd8 45 12 ffffffd6 16 ffffffd1 ffffff8e 4b 15 ffffffcc 28 fffffff4 ffffffb5 0d 22 ffffffe2 23 09 ffffffe2 78 2f 15 10 29 ffffffb7 ffffffc2 7b 6e 62 6a ffffff8e 32 4c ffffffbb 21 ffffffea ffffffd5 18 52 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cb8005150 | unwrapped: 24 0f 74 e7 9a b3 06 d9 8a 59 a3 4a 6f ed 7b 85 | unwrapped: 3c ea 05 58 47 51 27 24 65 01 f2 4c 1c 52 3e 99 | unwrapped: ad 15 30 60 3b ed 71 70 14 ea 2b 2b 1f 2f 95 0b | unwrapped: 01 f4 d4 7b 76 bb 02 31 93 cb 20 db cb ca 4f b6 | unwrapped: 82 4c a5 cc c5 8a 82 5d f8 1a 3c da 95 9b 7d 53 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd78e7520 | result: final-key@0x564021e01140 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e01140 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7508 | result: final-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e01140 | prf+0 PRF sha final-key@0x564021dfb870 (size 20) | prf+0: key-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x564021dfb870 | prf+N PRF sha init key-key@0x7f5cc800a510 (size 20) | prf+N: key-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7518 | result: clone-key@0x564021e01140 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5cb8002e80 from key-key@0x564021e01140 | prf+N prf: begin sha with context 0x7f5cb8002e80 from key-key@0x564021e01140 | prf+N: release clone-key@0x564021e01140 | prf+N PRF sha crypt-prf@0x7f5cb8001f40 | prf+N PRF sha update old_t-key@0x564021dfb870 (size 20) | prf+N: old_t-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021dfb870 | nss hmac digest hack: symkey-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-678530720: ffffff9d fffffff6 22 18 ffffffa1 65 3b 73 3a ffffffad 59 ffffffa8 25 42 ffffffb9 74 ffffffba ffffffd0 74 ffffffeb ffffffb3 77 ffffffb2 ffffffc2 ffffffb4 4e 1d 75 5e ffffffa8 ffffffbc 00 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5cb80051b0 | unwrapped: cd a1 6e 9b 57 ff d5 f2 74 b9 1b 0e 99 56 b8 90 | unwrapped: b1 a5 61 73 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021e07b90 (size 80) | prf+N: seed-key@0x564021e07b90 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021e07b90 | nss hmac digest hack: symkey-key@0x564021e07b90 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-678530720: ffffffc4 ffffffe5 ffffffdf fffffff5 12 ffffffc5 36 20 1f ffffffd3 ffffffaa ffffff99 52 ffffffca ffffffe4 3b 0a 4a ffffff80 22 29 fffffff2 ffffffc1 1f ffffffda ffffffae ffffffb2 fffffff7 5c ffffff86 fffffffa ffffffa3 ffffff89 ffffffc4 2b 6e 3b 1f 3d 4f 15 ffffffd8 45 12 ffffffd6 16 ffffffd1 ffffff8e 4b 15 ffffffcc 28 fffffff4 ffffffb5 0d 22 ffffffe2 23 09 ffffffe2 78 2f 15 10 29 ffffffb7 ffffffc2 7b 6e 62 6a ffffff8e 32 4c ffffffbb 21 ffffffea ffffffd5 18 52 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cb80050f0 | unwrapped: 24 0f 74 e7 9a b3 06 d9 8a 59 a3 4a 6f ed 7b 85 | unwrapped: 3c ea 05 58 47 51 27 24 65 01 f2 4c 1c 52 3e 99 | unwrapped: ad 15 30 60 3b ed 71 70 14 ea 2b 2b 1f 2f 95 0b | unwrapped: 01 f4 d4 7b 76 bb 02 31 93 cb 20 db cb ca 4f b6 | unwrapped: 82 4c a5 cc c5 8a 82 5d f8 1a 3c da 95 9b 7d 53 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd78e7520 | result: final-key@0x564021df9ff0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021df9ff0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7508 | result: final-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021df9ff0 | prf+N PRF sha final-key@0x564021e01140 (size 20) | prf+N: key-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd78e7598 | result: result-key@0x564021df9ff0 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021dfb870 | prfplus: release old_t[N]-key@0x564021dfb870 | prf+N PRF sha init key-key@0x7f5cc800a510 (size 20) | prf+N: key-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7518 | result: clone-key@0x564021dfb870 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5cb8002e80 from key-key@0x564021dfb870 | prf+N prf: begin sha with context 0x7f5cb8002e80 from key-key@0x564021dfb870 | prf+N: release clone-key@0x564021dfb870 | prf+N PRF sha crypt-prf@0x7f5cb8001270 | prf+N PRF sha update old_t-key@0x564021e01140 (size 20) | prf+N: old_t-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021e01140 | nss hmac digest hack: symkey-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-678530720: 4f ffffffab 00 ffffffb2 31 76 2a ffffff8e ffffffc9 ffffffbc 3f ffffffdb 03 ffffffbf fffffff8 ffffff9c 5c 73 01 25 ffffffa5 30 30 ffffffe5 3f 7e 76 ffffffe5 ffffff83 ffffff85 62 fffffff2 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5cb8005cd0 | unwrapped: 84 3b 61 e4 ff d3 c6 e5 93 af 6f 7a 47 ec fa 95 | unwrapped: bd 2e 54 1d 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021e07b90 (size 80) | prf+N: seed-key@0x564021e07b90 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021e07b90 | nss hmac digest hack: symkey-key@0x564021e07b90 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-678530720: ffffffc4 ffffffe5 ffffffdf fffffff5 12 ffffffc5 36 20 1f ffffffd3 ffffffaa ffffff99 52 ffffffca ffffffe4 3b 0a 4a ffffff80 22 29 fffffff2 ffffffc1 1f ffffffda ffffffae ffffffb2 fffffff7 5c ffffff86 fffffffa ffffffa3 ffffff89 ffffffc4 2b 6e 3b 1f 3d 4f 15 ffffffd8 45 12 ffffffd6 16 ffffffd1 ffffff8e 4b 15 ffffffcc 28 fffffff4 ffffffb5 0d 22 ffffffe2 23 09 ffffffe2 78 2f 15 10 29 ffffffb7 ffffffc2 7b 6e 62 6a ffffff8e 32 4c ffffffbb 21 ffffffea ffffffd5 18 52 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cb8005090 | unwrapped: 24 0f 74 e7 9a b3 06 d9 8a 59 a3 4a 6f ed 7b 85 | unwrapped: 3c ea 05 58 47 51 27 24 65 01 f2 4c 1c 52 3e 99 | unwrapped: ad 15 30 60 3b ed 71 70 14 ea 2b 2b 1f 2f 95 0b | unwrapped: 01 f4 d4 7b 76 bb 02 31 93 cb 20 db cb ca 4f b6 | unwrapped: 82 4c a5 cc c5 8a 82 5d f8 1a 3c da 95 9b 7d 53 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd78e7520 | result: final-key@0x564021e04570 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e04570 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7508 | result: final-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e04570 | prf+N PRF sha final-key@0x564021dfb870 (size 20) | prf+N: key-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021df9ff0 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd78e7598 | result: result-key@0x564021e04570 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021df9ff0 | prfplus: release old_t[N]-key@0x564021e01140 | prf+N PRF sha init key-key@0x7f5cc800a510 (size 20) | prf+N: key-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7518 | result: clone-key@0x564021e01140 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5cb8002e80 from key-key@0x564021e01140 | prf+N prf: begin sha with context 0x7f5cb8002e80 from key-key@0x564021e01140 | prf+N: release clone-key@0x564021e01140 | prf+N PRF sha crypt-prf@0x7f5cb8002010 | prf+N PRF sha update old_t-key@0x564021dfb870 (size 20) | prf+N: old_t-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021dfb870 | nss hmac digest hack: symkey-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-678530720: ffffffd8 36 fffffffe ffffffbb ffffffeb 59 ffffff90 5f ffffff98 ffffffcf ffffffaa ffffffe6 78 ffffffa0 15 77 57 ffffffa8 ffffff98 7b ffffffca 4d 23 ffffffe8 60 77 0e ffffffa0 ffffffe2 4d ffffffb8 01 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5cb8005cd0 | unwrapped: 34 ba ba bb c1 a0 4c 3f de 35 68 25 da ed 1f 5b | unwrapped: 45 b3 ed 9d 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021e07b90 (size 80) | prf+N: seed-key@0x564021e07b90 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021e07b90 | nss hmac digest hack: symkey-key@0x564021e07b90 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-678530720: ffffffc4 ffffffe5 ffffffdf fffffff5 12 ffffffc5 36 20 1f ffffffd3 ffffffaa ffffff99 52 ffffffca ffffffe4 3b 0a 4a ffffff80 22 29 fffffff2 ffffffc1 1f ffffffda ffffffae ffffffb2 fffffff7 5c ffffff86 fffffffa ffffffa3 ffffff89 ffffffc4 2b 6e 3b 1f 3d 4f 15 ffffffd8 45 12 ffffffd6 16 ffffffd1 ffffff8e 4b 15 ffffffcc 28 fffffff4 ffffffb5 0d 22 ffffffe2 23 09 ffffffe2 78 2f 15 10 29 ffffffb7 ffffffc2 7b 6e 62 6a ffffff8e 32 4c ffffffbb 21 ffffffea ffffffd5 18 52 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cb8005030 | unwrapped: 24 0f 74 e7 9a b3 06 d9 8a 59 a3 4a 6f ed 7b 85 | unwrapped: 3c ea 05 58 47 51 27 24 65 01 f2 4c 1c 52 3e 99 | unwrapped: ad 15 30 60 3b ed 71 70 14 ea 2b 2b 1f 2f 95 0b | unwrapped: 01 f4 d4 7b 76 bb 02 31 93 cb 20 db cb ca 4f b6 | unwrapped: 82 4c a5 cc c5 8a 82 5d f8 1a 3c da 95 9b 7d 53 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd78e7520 | result: final-key@0x564021df9ff0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021df9ff0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7508 | result: final-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021df9ff0 | prf+N PRF sha final-key@0x564021e01140 (size 20) | prf+N: key-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e04570 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd78e7598 | result: result-key@0x564021df9ff0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021e04570 | prfplus: release old_t[N]-key@0x564021dfb870 | prf+N PRF sha init key-key@0x7f5cc800a510 (size 20) | prf+N: key-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7518 | result: clone-key@0x564021dfb870 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5cb8002e80 from key-key@0x564021dfb870 | prf+N prf: begin sha with context 0x7f5cb8002e80 from key-key@0x564021dfb870 | prf+N: release clone-key@0x564021dfb870 | prf+N PRF sha crypt-prf@0x7f5cb8001270 | prf+N PRF sha update old_t-key@0x564021e01140 (size 20) | prf+N: old_t-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021e01140 | nss hmac digest hack: symkey-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-678530720: 3a ffffffd1 ffffffd9 ffffff92 ffffffa1 3b ffffffeb ffffffc7 ffffff8f 0a 69 75 4e 47 5c ffffffce 5b 61 55 13 44 ffffffa6 fffffffd ffffffcd ffffffea ffffffa3 73 7f ffffffaf 44 12 fffffff7 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5cb8005c30 | unwrapped: 1f e2 b3 58 0e 4f 84 47 40 9b c7 28 41 cf 32 76 | unwrapped: 3c 0e 6e ee 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021e07b90 (size 80) | prf+N: seed-key@0x564021e07b90 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021e07b90 | nss hmac digest hack: symkey-key@0x564021e07b90 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-678530720: ffffffc4 ffffffe5 ffffffdf fffffff5 12 ffffffc5 36 20 1f ffffffd3 ffffffaa ffffff99 52 ffffffca ffffffe4 3b 0a 4a ffffff80 22 29 fffffff2 ffffffc1 1f ffffffda ffffffae ffffffb2 fffffff7 5c ffffff86 fffffffa ffffffa3 ffffff89 ffffffc4 2b 6e 3b 1f 3d 4f 15 ffffffd8 45 12 ffffffd6 16 ffffffd1 ffffff8e 4b 15 ffffffcc 28 fffffff4 ffffffb5 0d 22 ffffffe2 23 09 ffffffe2 78 2f 15 10 29 ffffffb7 ffffffc2 7b 6e 62 6a ffffff8e 32 4c ffffffbb 21 ffffffea ffffffd5 18 52 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cb8005e20 | unwrapped: 24 0f 74 e7 9a b3 06 d9 8a 59 a3 4a 6f ed 7b 85 | unwrapped: 3c ea 05 58 47 51 27 24 65 01 f2 4c 1c 52 3e 99 | unwrapped: ad 15 30 60 3b ed 71 70 14 ea 2b 2b 1f 2f 95 0b | unwrapped: 01 f4 d4 7b 76 bb 02 31 93 cb 20 db cb ca 4f b6 | unwrapped: 82 4c a5 cc c5 8a 82 5d f8 1a 3c da 95 9b 7d 53 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd78e7520 | result: final-key@0x564021e04570 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e04570 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7508 | result: final-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e04570 | prf+N PRF sha final-key@0x564021dfb870 (size 20) | prf+N: key-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021df9ff0 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd78e7598 | result: result-key@0x564021e04570 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021df9ff0 | prfplus: release old_t[N]-key@0x564021e01140 | prf+N PRF sha init key-key@0x7f5cc800a510 (size 20) | prf+N: key-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7518 | result: clone-key@0x564021e01140 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5cb8005b80 from key-key@0x564021e01140 | prf+N prf: begin sha with context 0x7f5cb8005b80 from key-key@0x564021e01140 | prf+N: release clone-key@0x564021e01140 | prf+N PRF sha crypt-prf@0x7f5cb8002010 | prf+N PRF sha update old_t-key@0x564021dfb870 (size 20) | prf+N: old_t-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021dfb870 | nss hmac digest hack: symkey-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-678530720: 26 ffffffd9 58 28 7f ffffffd6 ffffffec ffffffc9 67 ffffffaf ffffffeb 1e ffffff99 1f 3d ffffff90 53 ffffffc3 40 62 04 63 ffffffda 34 7b 11 79 ffffffdf 1d ffffffdc 37 21 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5cb8005cd0 | unwrapped: 7c f3 11 6e 29 5d 15 fa 06 8e b6 df 54 21 ce 76 | unwrapped: 69 4c 37 56 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021e07b90 (size 80) | prf+N: seed-key@0x564021e07b90 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021e07b90 | nss hmac digest hack: symkey-key@0x564021e07b90 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-678530720: ffffffc4 ffffffe5 ffffffdf fffffff5 12 ffffffc5 36 20 1f ffffffd3 ffffffaa ffffff99 52 ffffffca ffffffe4 3b 0a 4a ffffff80 22 29 fffffff2 ffffffc1 1f ffffffda ffffffae ffffffb2 fffffff7 5c ffffff86 fffffffa ffffffa3 ffffff89 ffffffc4 2b 6e 3b 1f 3d 4f 15 ffffffd8 45 12 ffffffd6 16 ffffffd1 ffffff8e 4b 15 ffffffcc 28 fffffff4 ffffffb5 0d 22 ffffffe2 23 09 ffffffe2 78 2f 15 10 29 ffffffb7 ffffffc2 7b 6e 62 6a ffffff8e 32 4c ffffffbb 21 ffffffea ffffffd5 18 52 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cb80050f0 | unwrapped: 24 0f 74 e7 9a b3 06 d9 8a 59 a3 4a 6f ed 7b 85 | unwrapped: 3c ea 05 58 47 51 27 24 65 01 f2 4c 1c 52 3e 99 | unwrapped: ad 15 30 60 3b ed 71 70 14 ea 2b 2b 1f 2f 95 0b | unwrapped: 01 f4 d4 7b 76 bb 02 31 93 cb 20 db cb ca 4f b6 | unwrapped: 82 4c a5 cc c5 8a 82 5d f8 1a 3c da 95 9b 7d 53 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd78e7520 | result: final-key@0x564021df9ff0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021df9ff0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7508 | result: final-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021df9ff0 | prf+N PRF sha final-key@0x564021e01140 (size 20) | prf+N: key-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e04570 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd78e7598 | result: result-key@0x564021df9ff0 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021e04570 | prfplus: release old_t[N]-key@0x564021dfb870 | prf+N PRF sha init key-key@0x7f5cc800a510 (size 20) | prf+N: key-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7518 | result: clone-key@0x564021dfb870 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5cb8002e80 from key-key@0x564021dfb870 | prf+N prf: begin sha with context 0x7f5cb8002e80 from key-key@0x564021dfb870 | prf+N: release clone-key@0x564021dfb870 | prf+N PRF sha crypt-prf@0x7f5cb8001270 | prf+N PRF sha update old_t-key@0x564021e01140 (size 20) | prf+N: old_t-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021e01140 | nss hmac digest hack: symkey-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-678530720: 1d ffffff8f 3c ffffff8a fffffff7 77 ffffff84 3f 06 72 ffffffe0 1a 7d 1d ffffffff fffffffe ffffff86 ffffffc3 47 52 7a ffffffbf ffffffb1 4a fffffff3 ffffffd0 07 ffffffd7 55 29 5b 7f | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5cb8005f00 | unwrapped: 6f 57 b4 37 5c db 57 c6 94 d5 e5 09 bd 92 07 3a | unwrapped: 12 07 e7 f9 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021e07b90 (size 80) | prf+N: seed-key@0x564021e07b90 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021e07b90 | nss hmac digest hack: symkey-key@0x564021e07b90 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-678530720: ffffffc4 ffffffe5 ffffffdf fffffff5 12 ffffffc5 36 20 1f ffffffd3 ffffffaa ffffff99 52 ffffffca ffffffe4 3b 0a 4a ffffff80 22 29 fffffff2 ffffffc1 1f ffffffda ffffffae ffffffb2 fffffff7 5c ffffff86 fffffffa ffffffa3 ffffff89 ffffffc4 2b 6e 3b 1f 3d 4f 15 ffffffd8 45 12 ffffffd6 16 ffffffd1 ffffff8e 4b 15 ffffffcc 28 fffffff4 ffffffb5 0d 22 ffffffe2 23 09 ffffffe2 78 2f 15 10 29 ffffffb7 ffffffc2 7b 6e 62 6a ffffff8e 32 4c ffffffbb 21 ffffffea ffffffd5 18 52 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cb8005e20 | unwrapped: 24 0f 74 e7 9a b3 06 d9 8a 59 a3 4a 6f ed 7b 85 | unwrapped: 3c ea 05 58 47 51 27 24 65 01 f2 4c 1c 52 3e 99 | unwrapped: ad 15 30 60 3b ed 71 70 14 ea 2b 2b 1f 2f 95 0b | unwrapped: 01 f4 d4 7b 76 bb 02 31 93 cb 20 db cb ca 4f b6 | unwrapped: 82 4c a5 cc c5 8a 82 5d f8 1a 3c da 95 9b 7d 53 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd78e7520 | result: final-key@0x564021e04570 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e04570 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7508 | result: final-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e04570 | prf+N PRF sha final-key@0x564021dfb870 (size 20) | prf+N: key-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021df9ff0 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd78e7598 | result: result-key@0x564021e04570 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021df9ff0 | prfplus: release old_t[N]-key@0x564021e01140 | prfplus: release old_t[final]-key@0x564021dfb870 | ike_sa_keymat: release data-key@0x564021e07b90 | calc_skeyseed_v2: release skeyseed_k-key@0x7f5cc800a510 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e04570 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7738 | result: result-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e04570 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7738 | result: result-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e04570 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7738 | result: result-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x564021e04570 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7748 | result: SK_ei_k-key@0x564021e01140 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x564021e04570 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7748 | result: SK_er_k-key@0x564021df9ff0 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e04570 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7748 | result: result-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x564021e06230 | chunk_SK_pi: symkey-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)540555040: ffffff9e 45 ffffffba ffffffb7 ffffff83 07 ffffff9d 52 ffffffe0 ffffffdf 1e ffffffd4 7a 70 3e 1a ffffffd4 59 ffffffb8 ffffff93 ffffff92 ffffffca fffffff5 ffffffbe 32 3a ffffffd0 0e 74 0d ffffffa2 ffffffd9 | chunk_SK_pi: release slot-key-key@0x564021dfdd40 | chunk_SK_pi extracted len 32 bytes at 0x7f5cb80062f0 | unwrapped: 54 21 ce 76 69 4c 37 56 6f 57 b4 37 5c db 57 c6 | unwrapped: 94 d5 e5 09 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e04570 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7748 | result: result-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x564021e19e70 | chunk_SK_pr: symkey-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)540555040: 27 ffffffe5 ffffffd9 18 ffffffd0 ffffff9f fffffffe ffffffea ffffff88 0b 1c 36 6c fffffff8 41 78 fffffff9 ffffffb9 66 ffffff91 ffffffe8 ffffff8c ffffffa2 5c ffffff88 fffffffe 14 63 ffffffda fffffff8 ffffffd1 fffffffd | chunk_SK_pr: release slot-key-key@0x564021dfdd40 | chunk_SK_pr extracted len 32 bytes at 0x7f5cb8006320 | unwrapped: bd 92 07 3a 12 07 e7 f9 1b 93 91 44 e8 1c 5a c6 | unwrapped: 75 ab 8f 0f 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x564021e04570 | calc_skeyseed_v2 pointers: shared-key@0x7f5cc800d640, SK_d-key@0x7f5cc800a510, SK_ai-key@0x564021e07b90, SK_ar-key@0x564021dfb870, SK_ei-key@0x564021e01140, SK_er-key@0x564021df9ff0, SK_pi-key@0x564021e06230, SK_pr-key@0x564021e19e70 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | 54 21 ce 76 69 4c 37 56 6f 57 b4 37 5c db 57 c6 | 94 d5 e5 09 | calc_skeyseed_v2 SK_pr | bd 92 07 3a 12 07 e7 f9 1b 93 91 44 e8 1c 5a c6 | 75 ab 8f 0f | crypto helper 1 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 6 time elapsed 0.003096 seconds | (#5) spent 3.08 milliseconds in crypto helper computing work-order 6: ikev2_inR1outI2 KE (pcr) | crypto helper 1 sending results from work-order 6 for state #5 to event queue | scheduling resume sending helper answer for #5 | libevent_malloc: new ptr-libevent@0x7f5cb80060f0 size 128 | crypto helper 1 waiting (nothing to do) | "aes128" #5 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #5 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #5 spent 0.551 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.564 milliseconds in comm_handle_cb() reading and processing packet | processing resume sending helper answer for #5 | start processing: state #5 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 6 | calling continuation function 0x564020443630 | ikev2_parent_inR1outI2_continue for #5: calculating g^{xy}, sending I2 | DH secret MODP2048@0x7f5cc4000d60: transferring ownership from helper IKEv2 DH to state #5 | finish_dh_v2: release st_shared_nss-key@NULL | creating state object #6 at 0x564021e1fd40 | State DB: adding IKEv2 state #6 in UNDEFINED | pstats #6 ikev2.child started | duplicating state object #5 "aes128" as #6 for IPSEC SA | #6 setting local endpoint to 192.1.2.45:500 from #5.st_localport (in duplicate_state() at state.c:1481) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x7f5cc800a510 | duplicate_state: reference st_skey_ai_nss-key@0x564021e07b90 | duplicate_state: reference st_skey_ar_nss-key@0x564021dfb870 | duplicate_state: reference st_skey_ei_nss-key@0x564021e01140 | duplicate_state: reference st_skey_er_nss-key@0x564021df9ff0 | duplicate_state: reference st_skey_pi_nss-key@0x564021e06230 | duplicate_state: reference st_skey_pr_nss-key@0x564021e19e70 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #5.#6; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #5 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #5.#6 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x564021e17f40 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f5ccc002b20 | event_schedule: new EVENT_SA_REPLACE-pe@0x7f5ccc002b20 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #5 | libevent_malloc: new ptr-libevent@0x564021e17f40 size 128 | parent state #5: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | 82 4c a5 cc c5 8a 82 5d | responder cookie: | f8 1a 3c da 95 9b 7d 53 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | IDr payload will be sent | hmac PRF sha init symkey-key@0x564021e06230 (size 20) | hmac: symkey-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db978 | result: clone-key@0x564021e04570 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564021dfd2a0 from symkey-key@0x564021e04570 | hmac prf: begin sha with context 0x564021dfd2a0 from symkey-key@0x564021e04570 | hmac: release clone-key@0x564021e04570 | hmac PRF sha crypt-prf@0x564021e17be0 | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 77 65 73 74 | emitting length of IKEv2 Identification - Initiator - Payload: 12 | idhash calc I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x564020542974 (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7fff864dbf10 (length 20) | 73 67 57 9c 6e 28 6f c6 01 04 e1 d2 e2 a4 15 66 | 1f 72 b7 33 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload | IDr 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x564021e0a240 (line=1) | concluding with best_match=014 best=0x564021e0a240 (lineno=1) | inputs to hash1 (first packet) | 82 4c a5 cc c5 8a 82 5d 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 09 c7 d8 8a b4 62 98 cc 8f 08 ef cb | 87 1d 10 d1 77 a2 b0 b8 be 29 34 3a 9c 37 e5 fc | f0 2f 62 1a fd 64 25 cd 36 59 ae dc d7 58 6c b1 | 96 af 41 2a 81 40 27 99 d9 75 c6 2b a9 d4 bf fe | 57 e5 51 b6 4c d6 06 2b 53 b9 05 d9 9f 91 47 e9 | 85 6c 06 7f df e3 9c df 4b 6d b9 8e 07 97 23 84 | 2b a9 98 39 32 66 6c bd c4 52 b5 39 a4 f1 67 2c | 3e d5 db 11 51 7c ce 75 13 77 26 d3 49 eb 9d 61 | 9c 64 45 d0 a0 1a 26 8d 16 86 40 f9 5e c7 9b e6 | bc a9 fd 5e 1e c1 cc 96 fe b9 f6 9e 4a bc 02 be | 7b bc 8a 80 bd 96 25 5f 6d 74 a4 95 c3 a8 df b6 | 91 8f c4 91 68 82 9e d9 c2 87 56 7d 74 27 86 10 | a5 0a ae 5a 2d 3c 58 97 43 a5 ef 4b 0e 11 7d 54 | 44 eb eb 62 97 3f 68 a7 fb 02 e3 68 96 76 34 3e | aa c8 a8 9f 83 22 10 c3 c3 14 d8 76 25 d2 65 1c | 4f 23 66 c7 d1 d3 8e 15 4b ae 80 06 6a f0 1b fb | a5 88 2b a6 29 00 00 24 24 0f 74 e7 9a b3 06 d9 | 8a 59 a3 4a 6f ed 7b 85 3c ea 05 58 47 51 27 24 | 65 01 f2 4c 1c 52 3e 99 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 9b 5c de 7c 09 c2 d8 70 | be b5 ff 2d 00 69 a0 6f 32 11 5c ef 00 00 00 1c | 00 00 40 05 fc a4 14 e1 6d 31 46 f2 b5 bc 73 9c | 40 04 7b 68 08 f0 79 72 | create: initiator inputs to hash2 (responder nonce) | ad 15 30 60 3b ed 71 70 14 ea 2b 2b 1f 2f 95 0b | 01 f4 d4 7b 76 bb 02 31 93 cb 20 db cb ca 4f b6 | idhash 73 67 57 9c 6e 28 6f c6 01 04 e1 d2 e2 a4 15 66 | idhash 1f 72 b7 33 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x564021e14a20 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db770 | result: shared secret-key@0x7f5cd0006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7f5cd0006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db758 | result: shared secret-key@0x564021e04570 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7f5cd0006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x564021dfd2a0 from shared secret-key@0x564021e04570 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x564021dfd2a0 from shared secret-key@0x564021e04570 | = prf(,"Key Pad for IKEv2"): release clone-key@0x564021e04570 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x564021e17f00 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x5640204d6bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db790 | result: final-key@0x7f5cd0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cd0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db778 | result: final-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f5cd0006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x564021e04570 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x564021e04570 (size 20) | = prf(, ): -key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db788 | result: clone-key@0x7f5cd0006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x564021dfd2a0 from -key@0x7f5cd0006900 | = prf(, ) prf: begin sha with context 0x564021dfd2a0 from -key@0x7f5cd0006900 | = prf(, ): release clone-key@0x7f5cd0006900 | = prf(, ) PRF sha crypt-prf@0x564021e16d30 | = prf(, ) PRF sha update first-packet-bytes@0x564021e17970 (length 440) | 82 4c a5 cc c5 8a 82 5d 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 09 c7 d8 8a b4 62 98 cc 8f 08 ef cb | 87 1d 10 d1 77 a2 b0 b8 be 29 34 3a 9c 37 e5 fc | f0 2f 62 1a fd 64 25 cd 36 59 ae dc d7 58 6c b1 | 96 af 41 2a 81 40 27 99 d9 75 c6 2b a9 d4 bf fe | 57 e5 51 b6 4c d6 06 2b 53 b9 05 d9 9f 91 47 e9 | 85 6c 06 7f df e3 9c df 4b 6d b9 8e 07 97 23 84 | 2b a9 98 39 32 66 6c bd c4 52 b5 39 a4 f1 67 2c | 3e d5 db 11 51 7c ce 75 13 77 26 d3 49 eb 9d 61 | 9c 64 45 d0 a0 1a 26 8d 16 86 40 f9 5e c7 9b e6 | bc a9 fd 5e 1e c1 cc 96 fe b9 f6 9e 4a bc 02 be | 7b bc 8a 80 bd 96 25 5f 6d 74 a4 95 c3 a8 df b6 | 91 8f c4 91 68 82 9e d9 c2 87 56 7d 74 27 86 10 | a5 0a ae 5a 2d 3c 58 97 43 a5 ef 4b 0e 11 7d 54 | 44 eb eb 62 97 3f 68 a7 fb 02 e3 68 96 76 34 3e | aa c8 a8 9f 83 22 10 c3 c3 14 d8 76 25 d2 65 1c | 4f 23 66 c7 d1 d3 8e 15 4b ae 80 06 6a f0 1b fb | a5 88 2b a6 29 00 00 24 24 0f 74 e7 9a b3 06 d9 | 8a 59 a3 4a 6f ed 7b 85 3c ea 05 58 47 51 27 24 | 65 01 f2 4c 1c 52 3e 99 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 9b 5c de 7c 09 c2 d8 70 | be b5 ff 2d 00 69 a0 6f 32 11 5c ef 00 00 00 1c | 00 00 40 05 fc a4 14 e1 6d 31 46 f2 b5 bc 73 9c | 40 04 7b 68 08 f0 79 72 | = prf(, ) PRF sha update nonce-bytes@0x564021e18140 (length 32) | ad 15 30 60 3b ed 71 70 14 ea 2b 2b 1f 2f 95 0b | 01 f4 d4 7b 76 bb 02 31 93 cb 20 db cb ca 4f b6 | = prf(, ) PRF sha update hash-bytes@0x7fff864dbf10 (length 20) | 73 67 57 9c 6e 28 6f c6 01 04 e1 d2 e2 a4 15 66 | 1f 72 b7 33 | = prf(, ) PRF sha final-chunk@0x564021e17be0 (length 20) | d3 7b 25 5c be 79 e1 90 9d 77 41 8e ba 54 2a 24 | cd 76 b7 9c | psk_auth: release prf-psk-key@0x564021e04570 | PSK auth octets d3 7b 25 5c be 79 e1 90 9d 77 41 8e ba 54 2a 24 | PSK auth octets cd 76 b7 9c | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth d3 7b 25 5c be 79 e1 90 9d 77 41 8e ba 54 2a 24 | PSK auth cd 76 b7 9c | emitting length of IKEv2 Authentication Payload: 28 | getting first pending from state #5 | netlink_get_spi: allocated 0xf8b7f28a for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for aes128 (IKE SA initiator emitting ESP/AH proposals) | converting proposal AES_CBC_128-HMAC_SHA1_96-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED "aes128": constructed local ESP/AH proposals for aes128 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi f8 b7 f2 8a | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #5: IMPAIR: emitting fixed-length key-length attribute with 0 key | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 0 (0x0) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 01 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 02 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 16 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0e repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0f repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 192 | emitting length of ISAKMP Message: 220 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 83 1f 33 56 1a da 0b 7c a3 4d b0 9e bf ed 93 c6 | data before encryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | d3 7b 25 5c be 79 e1 90 9d 77 41 8e ba 54 2a 24 | cd 76 b7 9c 2c 00 00 2c 00 00 00 28 01 03 04 03 | f8 b7 f2 8a 03 00 00 0c 01 00 00 0c 80 0e 00 00 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | b6 ce 11 fa 06 f2 db ac 87 67 2b 90 a0 23 1b e3 | ed fb 87 ac b0 6d 5e 27 9d 54 a4 dc 37 4c e8 43 | c1 4c a5 28 39 b1 cc 36 58 10 3f ec 8f e3 6e 89 | 2c 96 76 d7 21 24 0b d7 18 5b 17 61 3f 4b 3e 71 | 01 1a be 6e 85 9f 3d a8 1d de 48 a7 6a 9c a3 29 | 3b b1 91 59 56 be 00 8d 9d fd e6 c5 68 58 d8 b7 | 63 5c 7e 93 d9 9b 67 a6 98 e7 34 32 f5 75 c9 e0 | d9 b9 c7 5b 84 b3 61 68 e9 cd 7e cb 5d 82 21 65 | e6 c6 d1 e4 fd 87 13 60 3b 9a af 17 c8 38 dc 05 | d9 00 88 5a a2 9b 20 8d 1c 8f b2 73 95 7a 31 18 | hmac PRF sha init symkey-key@0x564021e07b90 (size 20) | hmac: symkey-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db888 | result: clone-key@0x564021e04570 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564021dfd2a0 from symkey-key@0x564021e04570 | hmac prf: begin sha with context 0x564021dfd2a0 from symkey-key@0x564021e04570 | hmac: release clone-key@0x564021e04570 | hmac PRF sha crypt-prf@0x564021e17f00 | hmac PRF sha update data-bytes@0x564020542940 (length 208) | 82 4c a5 cc c5 8a 82 5d f8 1a 3c da 95 9b 7d 53 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 83 1f 33 56 1a da 0b 7c a3 4d b0 9e bf ed 93 c6 | b6 ce 11 fa 06 f2 db ac 87 67 2b 90 a0 23 1b e3 | ed fb 87 ac b0 6d 5e 27 9d 54 a4 dc 37 4c e8 43 | c1 4c a5 28 39 b1 cc 36 58 10 3f ec 8f e3 6e 89 | 2c 96 76 d7 21 24 0b d7 18 5b 17 61 3f 4b 3e 71 | 01 1a be 6e 85 9f 3d a8 1d de 48 a7 6a 9c a3 29 | 3b b1 91 59 56 be 00 8d 9d fd e6 c5 68 58 d8 b7 | 63 5c 7e 93 d9 9b 67 a6 98 e7 34 32 f5 75 c9 e0 | d9 b9 c7 5b 84 b3 61 68 e9 cd 7e cb 5d 82 21 65 | e6 c6 d1 e4 fd 87 13 60 3b 9a af 17 c8 38 dc 05 | d9 00 88 5a a2 9b 20 8d 1c 8f b2 73 95 7a 31 18 | hmac PRF sha final-bytes@0x564020542a10 (length 20) | 28 8c 95 da fb e9 e2 68 b5 dc a7 a0 0b 15 ed 9d | 6a c9 d8 56 | data being hmac: 82 4c a5 cc c5 8a 82 5d f8 1a 3c da 95 9b 7d 53 | data being hmac: 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | data being hmac: 83 1f 33 56 1a da 0b 7c a3 4d b0 9e bf ed 93 c6 | data being hmac: b6 ce 11 fa 06 f2 db ac 87 67 2b 90 a0 23 1b e3 | data being hmac: ed fb 87 ac b0 6d 5e 27 9d 54 a4 dc 37 4c e8 43 | data being hmac: c1 4c a5 28 39 b1 cc 36 58 10 3f ec 8f e3 6e 89 | data being hmac: 2c 96 76 d7 21 24 0b d7 18 5b 17 61 3f 4b 3e 71 | data being hmac: 01 1a be 6e 85 9f 3d a8 1d de 48 a7 6a 9c a3 29 | data being hmac: 3b b1 91 59 56 be 00 8d 9d fd e6 c5 68 58 d8 b7 | data being hmac: 63 5c 7e 93 d9 9b 67 a6 98 e7 34 32 f5 75 c9 e0 | data being hmac: d9 b9 c7 5b 84 b3 61 68 e9 cd 7e cb 5d 82 21 65 | data being hmac: e6 c6 d1 e4 fd 87 13 60 3b 9a af 17 c8 38 dc 05 | data being hmac: d9 00 88 5a a2 9b 20 8d 1c 8f b2 73 95 7a 31 18 | out calculated auth: | 28 8c 95 da fb e9 e2 68 b5 dc a7 a0 | suspend processing: state #5 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #6 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #6 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #6: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #6 to 0 after switching state | Message ID: recv #5.#6 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #5.#6 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "aes128" #6: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 220 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #5) | 82 4c a5 cc c5 8a 82 5d f8 1a 3c da 95 9b 7d 53 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 83 1f 33 56 1a da 0b 7c a3 4d b0 9e bf ed 93 c6 | b6 ce 11 fa 06 f2 db ac 87 67 2b 90 a0 23 1b e3 | ed fb 87 ac b0 6d 5e 27 9d 54 a4 dc 37 4c e8 43 | c1 4c a5 28 39 b1 cc 36 58 10 3f ec 8f e3 6e 89 | 2c 96 76 d7 21 24 0b d7 18 5b 17 61 3f 4b 3e 71 | 01 1a be 6e 85 9f 3d a8 1d de 48 a7 6a 9c a3 29 | 3b b1 91 59 56 be 00 8d 9d fd e6 c5 68 58 d8 b7 | 63 5c 7e 93 d9 9b 67 a6 98 e7 34 32 f5 75 c9 e0 | d9 b9 c7 5b 84 b3 61 68 e9 cd 7e cb 5d 82 21 65 | e6 c6 d1 e4 fd 87 13 60 3b 9a af 17 c8 38 dc 05 | d9 00 88 5a a2 9b 20 8d 1c 8f b2 73 95 7a 31 18 | 28 8c 95 da fb e9 e2 68 b5 dc a7 a0 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x7f5cc4002b20 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #6 | libevent_malloc: new ptr-libevent@0x7f5cc4006900 size 128 | #6 STATE_PARENT_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48953.739901 | resume sending helper answer for #5 suppresed complete_v2_state_transition() | #5 spent 1.07 milliseconds in resume sending helper answer | stop processing: state #6 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5cb80060f0 | spent 0.00251 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 82 4c a5 cc c5 8a 82 5d f8 1a 3c da 95 9b 7d 53 | 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | 26 13 3a 2c b7 50 aa 0e 54 e5 cd 8d 36 2b 43 69 | 3a 2a 5c 95 0c 8f ec d8 f6 6a 5e e6 28 cc ac 9d | 93 1f 16 5e dd aa 9d 60 9b 69 d1 32 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 82 4c a5 cc c5 8a 82 5d | responder cookie: | f8 1a 3c da 95 9b 7d 53 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #5 in PARENT_I2 (find_v2_ike_sa) | start processing: state #5 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #6 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #5 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | start processing: state #6 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #6 is idle | #6 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SK (len=44) | #6 in state PARENT_I2: sent v2I2, expected v2R2 | hmac PRF sha init symkey-key@0x564021dfb870 (size 20) | hmac: symkey-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db7a8 | result: clone-key@0x564021e04570 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564021dfd2a0 from symkey-key@0x564021e04570 | hmac prf: begin sha with context 0x564021dfd2a0 from symkey-key@0x564021e04570 | hmac: release clone-key@0x564021e04570 | hmac PRF sha crypt-prf@0x564021e17f20 | hmac PRF sha update data-bytes@0x564021d74460 (length 64) | 82 4c a5 cc c5 8a 82 5d f8 1a 3c da 95 9b 7d 53 | 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | 26 13 3a 2c b7 50 aa 0e 54 e5 cd 8d 36 2b 43 69 | 3a 2a 5c 95 0c 8f ec d8 f6 6a 5e e6 28 cc ac 9d | hmac PRF sha final-bytes@0x7fff864db970 (length 20) | 93 1f 16 5e dd aa 9d 60 9b 69 d1 32 91 31 5f 0b | a1 28 7c 18 | data for hmac: 82 4c a5 cc c5 8a 82 5d f8 1a 3c da 95 9b 7d 53 | data for hmac: 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | data for hmac: 26 13 3a 2c b7 50 aa 0e 54 e5 cd 8d 36 2b 43 69 | data for hmac: 3a 2a 5c 95 0c 8f ec d8 f6 6a 5e e6 28 cc ac 9d | calculated auth: 93 1f 16 5e dd aa 9d 60 9b 69 d1 32 | provided auth: 93 1f 16 5e dd aa 9d 60 9b 69 d1 32 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 26 13 3a 2c b7 50 aa 0e 54 e5 cd 8d 36 2b 43 69 | payload before decryption: | 3a 2a 5c 95 0c 8f ec d8 f6 6a 5e e6 28 cc ac 9d | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 00 00 00 08 00 00 00 0e 00 01 02 03 04 05 06 07 | stripping 8 octets as pad | #6 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2N) | **parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | processing payload: ISAKMP_NEXT_v2N (len=0) | selected state microcode IKE SA: process IKE_AUTH response containing unknown notification | Now let's proceed with state specific processing | calling processor IKE SA: process IKE_AUTH response containing unknown notification "aes128" #6: IKE_AUTH response contained the error notification NO_PROPOSAL_CHOSEN "aes128" #6: scheduling retry attempt 1 of an unlimited number, but releasing whack | release_pending_whacks: state #6 fd@25 .st_dev=9 .st_ino=1561666 | close_any(fd@25) (in release_whack() at state.c:654) | close_any(fd@24) (in release_whack() at state.c:654) | release_pending_whacks: IKE SA #5 fd@-1 has pending CHILD SA with socket fd@25 | libevent_free: release ptr-libevent@0x7f5cc4006900 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f5cc4002b20 | event_schedule: new EVENT_RETRANSMIT-pe@0x7f5cc4002b20 | inserting event EVENT_RETRANSMIT, timeout in 59.994358 seconds for #6 | libevent_malloc: new ptr-libevent@0x7f5cc4006900 size 128 "aes128" #6: STATE_PARENT_I2: suppressing retransmits; will wait 59.994358 seconds for retry | #6 spent 0.102 milliseconds in processing: IKE SA: process IKE_AUTH response containing unknown notification in ikev2_process_state_packet() | [RE]START processing: state #6 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #6 complete_v2_state_transition() PARENT_I2->PARENT_I2 with status STF_IGNORE | stop processing: state #6 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #5 spent 0.339 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.35 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0477 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | close_any(fd@25) Errno 9: Bad file descriptor (in delete_pending() at pending.c:244) | removing pending policy for no connection {0x564021e1e1d0} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #6 | suspend processing: connection "aes128" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #6 connection "aes128" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #6 ikev2.child deleted other | #6 spent 0.102 milliseconds in total | [RE]START processing: state #6 connection "aes128" from 192.1.2.23:500 (in delete_state() at state.c:879) "aes128" #6: deleting state (STATE_PARENT_I2) aged 0.070s and NOT sending notification | child state #6: PARENT_I2(open IKE SA) => delete | child state #6: PARENT_I2(open IKE SA) => CHILDSA_DEL(informational) | state #6 requesting EVENT_RETRANSMIT to be deleted | #6 STATE_CHILDSA_DEL: retransmits: cleared | libevent_free: release ptr-libevent@0x7f5cc4006900 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f5cc4002b20 | priority calculation of connection "aes128" is 0xfe7e7 | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | stop processing: connection "aes128" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #6 in CHILDSA_DEL | child state #6: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #6 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f5cc800a510 | delete_state: release st->st_skey_ai_nss-key@0x564021e07b90 | delete_state: release st->st_skey_ar_nss-key@0x564021dfb870 | delete_state: release st->st_skey_ei_nss-key@0x564021e01140 | delete_state: release st->st_skey_er_nss-key@0x564021df9ff0 | delete_state: release st->st_skey_pi_nss-key@0x564021e06230 | delete_state: release st->st_skey_pr_nss-key@0x564021e19e70 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #5 | start processing: state #5 connection "aes128" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #5 ikev2.ike deleted other | #5 spent 6.76 milliseconds in total | [RE]START processing: state #5 connection "aes128" from 192.1.2.23:500 (in delete_state() at state.c:879) "aes128" #5: deleting state (STATE_PARENT_I2) aged 0.079s and NOT sending notification | parent state #5: PARENT_I2(open IKE SA) => delete | state #5 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x564021e17f40 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f5ccc002b20 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #5 in PARENT_I2 | parent state #5: PARENT_I2(open IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f5cc4000d60: destroyed | stop processing: state #5 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x7f5cc800d640 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f5cc800a510 | delete_state: release st->st_skey_ai_nss-key@0x564021e07b90 | delete_state: release st->st_skey_ar_nss-key@0x564021dfb870 | delete_state: release st->st_skey_ei_nss-key@0x564021e01140 | delete_state: release st->st_skey_er_nss-key@0x564021df9ff0 | delete_state: release st->st_skey_pi_nss-key@0x564021e06230 | delete_state: release st->st_skey_pr_nss-key@0x564021e19e70 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x564021de15d0 | flush revival: connection 'aes128' wasn't on the list | stop processing: connection "aes128" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.317 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | child-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0636 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + suppress-retransmits | base impairing = suppress-retransmits | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0493 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing suppress-retransmits + none | base impairing = suppress-retransmits | ike-key-length-attribute:DUPLICATE | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0427 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection aes128 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x564021e16c10 added connection description "aes128" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.133 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #7 at 0x564021e16060 | State DB: adding IKEv2 state #7 in UNDEFINED | pstats #7 ikev2.ike started | Message ID: init #7: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #7: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #7; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #7 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #7 "aes128" "aes128" #7: initiating v2 parent SA | constructing local IKE proposals for aes128 (IKE SA initiator selecting KE) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "aes128": constructed local IKE proposals for aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 7 for state #7 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f5cc4002b20 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #7 | libevent_malloc: new ptr-libevent@0x564021e17f40 size 128 | #7 spent 0.12 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #7 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.188 milliseconds in whack | crypto helper 0 resuming | crypto helper 0 starting work-order 7 for state #7 | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 7 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f5cbc000d60: created | NSS: Local DH MODP2048 secret (pointer): 0x7f5cbc000d60 | NSS: Public DH wire value: | a6 8a 15 c2 38 40 e8 c7 83 ed 53 1b 4e 0a d1 7c | 7b 6b 8d fe 81 2d 18 bc d6 09 ad 8f 84 51 42 40 | 45 96 2c 26 58 ed ae 32 fc 9c 11 9e 33 6a 28 51 | 62 2e 45 e7 18 f1 3e 4a 5d 50 05 c5 3a 49 c2 e4 | 94 62 19 e3 63 02 3b 97 c4 05 6f 9e 18 07 86 21 | 00 ae 3b 97 ae 18 c3 71 75 bf 9a b2 b6 58 62 90 | 53 34 40 c1 b5 6a b3 3b 10 f0 f7 23 3f f9 5f eb | e7 b7 64 46 5d 0f 0e ca fc c2 79 cf be a5 ad ef | b4 08 81 79 99 c9 df 6d f8 c0 e0 5e ea 12 74 8a | 18 e1 d5 e1 8e 7a bc ee 7b 29 08 8d 00 c7 bf bb | 74 64 ba a2 41 23 46 4c c2 27 89 48 87 31 84 f8 | b2 ff 20 46 c9 89 59 e0 91 1b 1e a5 f9 de 77 b5 | 70 cf a4 10 bd af b8 2f 6c d8 91 ab 1a fc 27 d4 | 89 94 38 33 40 50 a2 97 51 3e 05 fc bf a9 e6 a4 | ff b3 65 8d 2d 73 6a 32 c2 7b 0f 30 11 1d df 02 | 27 e6 05 55 78 01 74 e2 65 b1 da b1 7e 8c 89 a8 | Generated nonce: d3 6a e3 b0 e8 f6 eb f5 1e fd 29 be 22 19 43 db | Generated nonce: e2 8e ca 2e 80 9a af 02 20 9f 4b 5a 32 cf 64 d2 | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 7 time elapsed 0.00176 seconds | (#7) spent 1.01 milliseconds in crypto helper computing work-order 7: ikev2_outI1 KE (pcr) | crypto helper 0 sending results from work-order 7 for state #7 to event queue | scheduling resume sending helper answer for #7 | libevent_malloc: new ptr-libevent@0x7f5cbc006900 size 128 | crypto helper 0 waiting (nothing to do) | processing resume sending helper answer for #7 | start processing: state #7 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 7 | calling continuation function 0x564020443630 | ikev2_parent_outI1_continue for #7 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f5cbc000d60: transferring ownership from helper KE to state #7 | **emit ISAKMP Message: | initiator cookie: | c4 6c 37 92 fa 84 6c d3 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #7: IMPAIR: duplicating key-length attribute | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 16 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 52 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x a6 8a 15 c2 38 40 e8 c7 83 ed 53 1b 4e 0a d1 7c | ikev2 g^x 7b 6b 8d fe 81 2d 18 bc d6 09 ad 8f 84 51 42 40 | ikev2 g^x 45 96 2c 26 58 ed ae 32 fc 9c 11 9e 33 6a 28 51 | ikev2 g^x 62 2e 45 e7 18 f1 3e 4a 5d 50 05 c5 3a 49 c2 e4 | ikev2 g^x 94 62 19 e3 63 02 3b 97 c4 05 6f 9e 18 07 86 21 | ikev2 g^x 00 ae 3b 97 ae 18 c3 71 75 bf 9a b2 b6 58 62 90 | ikev2 g^x 53 34 40 c1 b5 6a b3 3b 10 f0 f7 23 3f f9 5f eb | ikev2 g^x e7 b7 64 46 5d 0f 0e ca fc c2 79 cf be a5 ad ef | ikev2 g^x b4 08 81 79 99 c9 df 6d f8 c0 e0 5e ea 12 74 8a | ikev2 g^x 18 e1 d5 e1 8e 7a bc ee 7b 29 08 8d 00 c7 bf bb | ikev2 g^x 74 64 ba a2 41 23 46 4c c2 27 89 48 87 31 84 f8 | ikev2 g^x b2 ff 20 46 c9 89 59 e0 91 1b 1e a5 f9 de 77 b5 | ikev2 g^x 70 cf a4 10 bd af b8 2f 6c d8 91 ab 1a fc 27 d4 | ikev2 g^x 89 94 38 33 40 50 a2 97 51 3e 05 fc bf a9 e6 a4 | ikev2 g^x ff b3 65 8d 2d 73 6a 32 c2 7b 0f 30 11 1d df 02 | ikev2 g^x 27 e6 05 55 78 01 74 e2 65 b1 da b1 7e 8c 89 a8 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce d3 6a e3 b0 e8 f6 eb f5 1e fd 29 be 22 19 43 db | IKEv2 nonce e2 8e ca 2e 80 9a af 02 20 9f 4b 5a 32 cf 64 d2 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864dbf00 (length 8) | c4 6c 37 92 fa 84 6c d3 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864dbf08 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff864dbe34 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff864dbe26 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864dbeb0 (length 20) | 5b ef d7 2f 04 2c 87 06 bf e5 e4 a8 c7 03 d8 b1 | 51 ba 83 33 | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= c4 6c 37 92 fa 84 6c d3 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 5b ef d7 2f 04 2c 87 06 bf e5 e4 a8 c7 03 d8 b1 | natd_hash: hash= 51 ba 83 33 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 5b ef d7 2f 04 2c 87 06 bf e5 e4 a8 c7 03 d8 b1 | Notify data 51 ba 83 33 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864dbf00 (length 8) | c4 6c 37 92 fa 84 6c d3 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864dbf08 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff864dbe34 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff864dbe26 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864dbeb0 (length 20) | 11 f6 88 df 67 58 af 8c d8 2e b6 07 25 f1 16 6c | 4a 01 f9 c3 | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= c4 6c 37 92 fa 84 6c d3 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 11 f6 88 df 67 58 af 8c d8 2e b6 07 25 f1 16 6c | natd_hash: hash= 4a 01 f9 c3 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 11 f6 88 df 67 58 af 8c d8 2e b6 07 25 f1 16 6c | Notify data 4a 01 f9 c3 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 444 | stop processing: state #7 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #7 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #7 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #7: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #7 to 4294967295 after switching state | Message ID: IKE #7 skipping update_recv as MD is fake | Message ID: sent #7 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #7: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 444 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #7) | c4 6c 37 92 fa 84 6c d3 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 bc 22 00 00 34 | 00 00 00 30 01 01 00 04 03 00 00 10 01 00 00 0c | 80 0e 00 80 80 0e 00 80 03 00 00 08 02 00 00 02 | 03 00 00 08 03 00 00 02 00 00 00 08 04 00 00 0e | 28 00 01 08 00 0e 00 00 a6 8a 15 c2 38 40 e8 c7 | 83 ed 53 1b 4e 0a d1 7c 7b 6b 8d fe 81 2d 18 bc | d6 09 ad 8f 84 51 42 40 45 96 2c 26 58 ed ae 32 | fc 9c 11 9e 33 6a 28 51 62 2e 45 e7 18 f1 3e 4a | 5d 50 05 c5 3a 49 c2 e4 94 62 19 e3 63 02 3b 97 | c4 05 6f 9e 18 07 86 21 00 ae 3b 97 ae 18 c3 71 | 75 bf 9a b2 b6 58 62 90 53 34 40 c1 b5 6a b3 3b | 10 f0 f7 23 3f f9 5f eb e7 b7 64 46 5d 0f 0e ca | fc c2 79 cf be a5 ad ef b4 08 81 79 99 c9 df 6d | f8 c0 e0 5e ea 12 74 8a 18 e1 d5 e1 8e 7a bc ee | 7b 29 08 8d 00 c7 bf bb 74 64 ba a2 41 23 46 4c | c2 27 89 48 87 31 84 f8 b2 ff 20 46 c9 89 59 e0 | 91 1b 1e a5 f9 de 77 b5 70 cf a4 10 bd af b8 2f | 6c d8 91 ab 1a fc 27 d4 89 94 38 33 40 50 a2 97 | 51 3e 05 fc bf a9 e6 a4 ff b3 65 8d 2d 73 6a 32 | c2 7b 0f 30 11 1d df 02 27 e6 05 55 78 01 74 e2 | 65 b1 da b1 7e 8c 89 a8 29 00 00 24 d3 6a e3 b0 | e8 f6 eb f5 1e fd 29 be 22 19 43 db e2 8e ca 2e | 80 9a af 02 20 9f 4b 5a 32 cf 64 d2 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 5b ef d7 2f | 04 2c 87 06 bf e5 e4 a8 c7 03 d8 b1 51 ba 83 33 | 00 00 00 1c 00 00 40 05 11 f6 88 df 67 58 af 8c | d8 2e b6 07 25 f1 16 6c 4a 01 f9 c3 | state #7 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x564021e17f40 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f5cc4002b20 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "aes128" #7: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x7f5cc4002b20 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #7 | libevent_malloc: new ptr-libevent@0x564021e17f40 size 128 | #7 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48954.640653 | resume sending helper answer for #7 suppresed complete_v2_state_transition() and stole MD | #7 spent 0.523 milliseconds in resume sending helper answer | stop processing: state #7 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5cbc006900 | spent 0.002 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 ec 25 38 75 f8 d2 7f da 3f 5b 17 e4 | 04 91 89 ac 42 9f 2c 19 6f e5 bd 0a 68 ee 5b 17 | 95 6a a2 70 69 87 af cd e0 44 e0 77 20 14 8f f2 | c7 6d e7 2b 9f b9 3f 82 40 c0 32 2d bd 7e 19 55 | a0 77 c7 ab 4f 8a 2b 4c b1 c7 5f e4 0a 15 f3 75 | b4 8e 64 50 00 f8 12 e2 9b 03 58 12 9d f2 93 53 | be d5 01 97 e3 0e 48 9d 04 78 3b 83 2b b5 b2 9c | 4d d4 93 19 71 79 78 f5 cf 17 1e ed ea 2f d2 fb | 87 7c 32 4f b4 2a 3d bd 7b 64 c5 ab 92 da 26 d5 | f0 59 f2 59 ad 93 b1 1e e6 ee 65 59 25 c3 c5 b1 | 09 36 2b f6 87 ea 3c dd aa 99 d9 3e 73 69 57 6f | e7 b1 be 5e 0e 8c 2e 40 b6 8b 90 fd ab 0b 37 33 | 42 5f 8c 6a fb a7 7e ee 24 ec 5b a8 23 73 f2 46 | 75 30 86 3f f1 01 78 dd d4 85 5d c5 0e 2f 5c fd | 86 9f 4a 6a db 69 0b 8c e3 1a 55 e1 69 8c 04 b6 | ed ed 55 c8 12 5d 01 80 01 df ac dd 0c c9 c9 27 | 8a 33 f5 e8 29 00 00 24 e5 0d 92 73 03 1e d2 74 | 65 0b a1 30 1e fd e5 f0 c9 00 37 76 61 91 30 c0 | cd fe 7d 5d 8f 99 ed d4 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 7d 64 93 f6 90 71 5b 5f | cc ca f4 aa b5 b2 60 45 f3 92 f5 10 00 00 00 1c | 00 00 40 05 70 c7 36 b0 3d b1 89 aa e3 da 3b b2 | dd 2b 17 ef e3 9a f4 ca | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | c4 6c 37 92 fa 84 6c d3 | responder cookie: | 0e 4d 17 a5 79 8d d7 c5 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #7 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #7 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #7 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #7 is idle | #7 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | State DB: re-hashing IKEv2 state #7 IKE SPIi and SPI[ir] | #7 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | DH public value received: | ec 25 38 75 f8 d2 7f da 3f 5b 17 e4 04 91 89 ac | 42 9f 2c 19 6f e5 bd 0a 68 ee 5b 17 95 6a a2 70 | 69 87 af cd e0 44 e0 77 20 14 8f f2 c7 6d e7 2b | 9f b9 3f 82 40 c0 32 2d bd 7e 19 55 a0 77 c7 ab | 4f 8a 2b 4c b1 c7 5f e4 0a 15 f3 75 b4 8e 64 50 | 00 f8 12 e2 9b 03 58 12 9d f2 93 53 be d5 01 97 | e3 0e 48 9d 04 78 3b 83 2b b5 b2 9c 4d d4 93 19 | 71 79 78 f5 cf 17 1e ed ea 2f d2 fb 87 7c 32 4f | b4 2a 3d bd 7b 64 c5 ab 92 da 26 d5 f0 59 f2 59 | ad 93 b1 1e e6 ee 65 59 25 c3 c5 b1 09 36 2b f6 | 87 ea 3c dd aa 99 d9 3e 73 69 57 6f e7 b1 be 5e | 0e 8c 2e 40 b6 8b 90 fd ab 0b 37 33 42 5f 8c 6a | fb a7 7e ee 24 ec 5b a8 23 73 f2 46 75 30 86 3f | f1 01 78 dd d4 85 5d c5 0e 2f 5c fd 86 9f 4a 6a | db 69 0b 8c e3 1a 55 e1 69 8c 04 b6 ed ed 55 c8 | 12 5d 01 80 01 df ac dd 0c c9 c9 27 8a 33 f5 e8 | using existing local IKE proposals for connection aes128 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE initiator (accepting) 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864db9c0 (length 8) | c4 6c 37 92 fa 84 6c d3 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864db9c8 (length 8) | 0e 4d 17 a5 79 8d d7 c5 | NATD hash sha digest IP addr-bytes@0x7fff864db954 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff864db946 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864db9d0 (length 20) | 70 c7 36 b0 3d b1 89 aa e3 da 3b b2 dd 2b 17 ef | e3 9a f4 ca | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= c4 6c 37 92 fa 84 6c d3 | natd_hash: rcookie= 0e 4d 17 a5 79 8d d7 c5 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 70 c7 36 b0 3d b1 89 aa e3 da 3b b2 dd 2b 17 ef | natd_hash: hash= e3 9a f4 ca | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864db9c0 (length 8) | c4 6c 37 92 fa 84 6c d3 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864db9c8 (length 8) | 0e 4d 17 a5 79 8d d7 c5 | NATD hash sha digest IP addr-bytes@0x7fff864db954 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff864db946 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864db9f0 (length 20) | 7d 64 93 f6 90 71 5b 5f cc ca f4 aa b5 b2 60 45 | f3 92 f5 10 | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= c4 6c 37 92 fa 84 6c d3 | natd_hash: rcookie= 0e 4d 17 a5 79 8d d7 c5 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 7d 64 93 f6 90 71 5b 5f cc ca f4 aa b5 b2 60 45 | natd_hash: hash= f3 92 f5 10 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f5cbc000d60: transferring ownership from state #7 to helper IKEv2 DH | adding ikev2_inR1outI2 KE work-order 8 for state #7 | state #7 requesting EVENT_RETRANSMIT to be deleted | #7 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x564021e17f40 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f5cc4002b20 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f5cc4002b20 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #7 | libevent_malloc: new ptr-libevent@0x564021e17f40 size 128 | #7 spent 0.269 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | crypto helper 2 resuming | [RE]START processing: state #7 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | crypto helper 2 starting work-order 8 for state #7 | crypto helper 2 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 8 | #7 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #7 and saving MD | #7 is busy; has a suspended MD | peer's g: ec 25 38 75 f8 d2 7f da 3f 5b 17 e4 04 91 89 ac | [RE]START processing: state #7 connection "aes128" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) | peer's g: 42 9f 2c 19 6f e5 bd 0a 68 ee 5b 17 95 6a a2 70 | peer's g: 69 87 af cd e0 44 e0 77 20 14 8f f2 c7 6d e7 2b | peer's g: 9f b9 3f 82 40 c0 32 2d bd 7e 19 55 a0 77 c7 ab | peer's g: 4f 8a 2b 4c b1 c7 5f e4 0a 15 f3 75 b4 8e 64 50 | peer's g: 00 f8 12 e2 9b 03 58 12 9d f2 93 53 be d5 01 97 | peer's g: e3 0e 48 9d 04 78 3b 83 2b b5 b2 9c 4d d4 93 19 | "aes128" #7 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | peer's g: 71 79 78 f5 cf 17 1e ed ea 2f d2 fb 87 7c 32 4f | stop processing: state #7 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | peer's g: b4 2a 3d bd 7b 64 c5 ab 92 da 26 d5 f0 59 f2 59 | #7 spent 0.534 milliseconds in ikev2_process_packet() | peer's g: ad 93 b1 1e e6 ee 65 59 25 c3 c5 b1 09 36 2b f6 | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | peer's g: 87 ea 3c dd aa 99 d9 3e 73 69 57 6f e7 b1 be 5e | spent 0.552 milliseconds in comm_handle_cb() reading and processing packet | peer's g: 0e 8c 2e 40 b6 8b 90 fd ab 0b 37 33 42 5f 8c 6a | peer's g: fb a7 7e ee 24 ec 5b a8 23 73 f2 46 75 30 86 3f | peer's g: f1 01 78 dd d4 85 5d c5 0e 2f 5c fd 86 9f 4a 6a | peer's g: db 69 0b 8c e3 1a 55 e1 69 8c 04 b6 ed ed 55 c8 | peer's g: 12 5d 01 80 01 df ac dd 0c c9 c9 27 8a 33 f5 e8 | Started DH shared-secret computation in NSS: | new : g_ir-key@0x564021e19e70 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f5cbc000d60: computed shared DH secret key@0x564021e19e70 | dh-shared : g^ir-key@0x564021e19e70 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f5cd00039a0 (length 64) | d3 6a e3 b0 e8 f6 eb f5 1e fd 29 be 22 19 43 db | e2 8e ca 2e 80 9a af 02 20 9f 4b 5a 32 cf 64 d2 | e5 0d 92 73 03 1e d2 74 65 0b a1 30 1e fd e5 f0 | c9 00 37 76 61 91 30 c0 cd fe 7d 5d 8f 99 ed d4 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd70e6670 | result: Ni | Nr-key@0x564021df9ff0 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x564021df9ff0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6658 | result: Ni | Nr-key@0x564021e06230 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x564021df9ff0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f5cd0003aa0 from Ni | Nr-key@0x564021e06230 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f5cd0003aa0 from Ni | Nr-key@0x564021e06230 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x564021e06230 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f5cd0000d60 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x564021e19e70 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x564021e19e70 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x564021e19e70 | nss hmac digest hack: symkey-key@0x564021e19e70 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)-686923056: ffffffa0 3a ffffff9f fffffff4 fffffff0 76 ffffffe6 fffffff8 03 69 16 2b ffffff98 3b 12 ffffffd3 ffffffcd 2d ffffffdd fffffff6 ffffffe6 12 70 5a 69 ffffffd2 74 ffffffbf ffffff92 ffffffb3 43 34 3b fffffff6 7a 1b ffffff8b 2c 78 42 19 4b ffffffc6 7d fffffff8 27 ffffffd7 ffffffb5 ffffffe5 ffffff8e ffffffc2 58 ffffffc8 67 41 ffffffa3 ffffffd8 36 0f ffffffae 32 ffffffbb ffffffbe 27 ffffff90 ffffffbf ffffffdd ffffffad 17 ffffffc2 7a ffffffc0 ffffff96 ffffff9e 74 ffffff92 ffffffff 5a 02 39 23 ffffffda ffffffab 6b ffffff96 41 ffffffbe 1b 2c 6d 00 ffffff89 ffffff8e 34 ffffff83 ffffffba ffffffe5 39 ffffffa4 2d ffffffa2 74 ffffffdd ffffffb5 42 ffffffc1 ffffff8a 76 7c fffffff2 fffffff3 fffffff2 4c ffffff8d ffffff90 4f 71 ffffffa2 77 00 ffffff8b 42 02 ffffffcc fffffff9 36 ffffffaf 6b 50 1a 7a ffffffb4 16 1c ffffffca ffffffd9 ffffff92 04 1f 14 09 ffffffca ffffffda 4e ffffff8a 67 53 75 60 fffffff3 23 ffffffc6 ffffffc5 6f 74 7f ffffffba 35 3e 63 2 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 256 bytes at 0x7f5cd0001440 | unwrapped: 1a 9b c6 2c 05 d9 16 82 6d 20 4a 57 a1 52 7c 55 | unwrapped: 2d c7 91 32 ee a5 25 5c 20 65 83 6f ad 41 57 59 | unwrapped: 7f 3b 6b 82 f8 78 2f b2 7c 7f 7d 1f 66 c3 5a b6 | unwrapped: 15 6b 82 88 ab 4a 89 8a 1a fa c5 59 9d c3 11 da | unwrapped: b2 95 2e f2 2d 0e 03 c3 2a bb af f7 1b 20 9f 14 | unwrapped: d4 92 73 47 47 74 6f fc 90 17 aa 0f f2 e2 83 af | unwrapped: 54 64 d0 aa f2 2e 6f 73 24 c3 33 b5 fe d0 82 3e | unwrapped: 00 b1 b8 10 43 7a e0 3e a9 63 6b 8e 47 d4 7d 98 | unwrapped: 4d a6 03 96 7e 34 5a 34 ae e8 f5 22 50 d0 a3 b4 | unwrapped: 6f d1 62 20 56 b3 d7 bf ae a2 75 18 15 36 df b0 | unwrapped: ec 21 c3 25 09 bb 4d e5 76 9c d2 cb b7 c6 9f 17 | unwrapped: 10 e6 45 ae 7b 3c 72 3b 52 c6 7e 4a a2 39 f7 b9 | unwrapped: cc 06 f5 4e c6 1b 1c d9 e2 9d b4 41 87 68 39 64 | unwrapped: 2d 76 98 e1 59 49 b3 6d 1a bb 4d b0 39 55 4a b1 | unwrapped: a5 ae 91 e7 a3 6f 15 e0 1f 93 72 36 d1 89 6f e1 | unwrapped: ca 79 29 ed 31 19 70 be 41 66 c4 33 3b 5a 77 08 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd70e6690 | result: final-key@0x564021df9ff0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021df9ff0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6678 | result: final-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021df9ff0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x564021e06230 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd70e6600 | result: data=Ni-key@0x564021e01140 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x564021e01140 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e65e8 | result: data=Ni-key@0x564021df9ff0 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x564021e01140 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021df9ff0 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f5cd70e65f0 | result: data+=Nr-key@0x564021e01140 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564021df9ff0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e01140 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f5cd70e65f0 | result: data+=SPIi-key@0x564021df9ff0 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564021e01140 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021df9ff0 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f5cd70e65f0 | result: data+=SPIr-key@0x564021e01140 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564021df9ff0 | prf+0 PRF sha init key-key@0x564021e06230 (size 20) | prf+0: key-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6518 | result: clone-key@0x564021df9ff0 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f5cd0003aa0 from key-key@0x564021df9ff0 | prf+0 prf: begin sha with context 0x7f5cd0003aa0 from key-key@0x564021df9ff0 | prf+0: release clone-key@0x564021df9ff0 | prf+0 PRF sha crypt-prf@0x7f5cd0001ae0 | prf+0 PRF sha update seed-key@0x564021e01140 (size 80) | prf+0: seed-key@0x564021e01140 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021e01140 | nss hmac digest hack: symkey-key@0x564021e01140 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-686923424: 33 fffffffd 7b 23 1c fffffffa ffffffbe ffffff8a ffffffdd ffffffe8 35 36 ffffffa3 ffffff9e ffffffc0 ffffff96 ffffffc1 5c 6d 18 ffffff88 5d fffffffd ffffffe5 ffffff86 ffffff87 ffffffee ffffff84 7c 30 2d 18 59 fffffffa fffffff9 69 ffffff8a 15 40 ffffff8d 24 52 5f 45 ffffffce ffffffa0 23 ffffffb3 5d 17 65 40 ffffff9c ffffff9f 79 76 ffffff8b 3c ffffffe6 6b ffffff8a 31 ffffffe1 37 34 6d 11 fffffff0 ffffffb6 08 ffffff98 1d ffffff9e ffffffaa ffffffb9 fffffff4 ffffffc8 7a 21 64 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cd00048a0 | unwrapped: d3 6a e3 b0 e8 f6 eb f5 1e fd 29 be 22 19 43 db | unwrapped: e2 8e ca 2e 80 9a af 02 20 9f 4b 5a 32 cf 64 d2 | unwrapped: e5 0d 92 73 03 1e d2 74 65 0b a1 30 1e fd e5 f0 | unwrapped: c9 00 37 76 61 91 30 c0 cd fe 7d 5d 8f 99 ed d4 | unwrapped: c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd70e6520 | result: final-key@0x564021dfb870 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021dfb870 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6508 | result: final-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021dfb870 | prf+0 PRF sha final-key@0x564021df9ff0 (size 20) | prf+0: key-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x564021df9ff0 | prf+N PRF sha init key-key@0x564021e06230 (size 20) | prf+N: key-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6518 | result: clone-key@0x564021dfb870 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5cd0003aa0 from key-key@0x564021dfb870 | prf+N prf: begin sha with context 0x7f5cd0003aa0 from key-key@0x564021dfb870 | prf+N: release clone-key@0x564021dfb870 | prf+N PRF sha crypt-prf@0x7f5cd00010c0 | prf+N PRF sha update old_t-key@0x564021df9ff0 (size 20) | prf+N: old_t-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021df9ff0 | nss hmac digest hack: symkey-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-686923424: 2c 50 ffffff86 ffffff9a ffffffa3 68 07 2e 16 ffffff90 ffffff9e 63 28 65 ffffffc8 68 ffffff82 fffffff5 4e 14 4f 09 ffffff97 35 61 ffffffac ffffff96 62 1d ffffffc8 76 fffffff2 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5cd0005d80 | unwrapped: 4b ef ee 11 fc f8 b5 0d 88 4b 91 51 fe 3a f0 c8 | unwrapped: 54 de cb f1 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021e01140 (size 80) | prf+N: seed-key@0x564021e01140 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021e01140 | nss hmac digest hack: symkey-key@0x564021e01140 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-686923424: 33 fffffffd 7b 23 1c fffffffa ffffffbe ffffff8a ffffffdd ffffffe8 35 36 ffffffa3 ffffff9e ffffffc0 ffffff96 ffffffc1 5c 6d 18 ffffff88 5d fffffffd ffffffe5 ffffff86 ffffff87 ffffffee ffffff84 7c 30 2d 18 59 fffffffa fffffff9 69 ffffff8a 15 40 ffffff8d 24 52 5f 45 ffffffce ffffffa0 23 ffffffb3 5d 17 65 40 ffffff9c ffffff9f 79 76 ffffff8b 3c ffffffe6 6b ffffff8a 31 ffffffe1 37 34 6d 11 fffffff0 ffffffb6 08 ffffff98 1d ffffff9e ffffffaa ffffffb9 fffffff4 ffffffc8 7a 21 64 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cd0005b80 | unwrapped: d3 6a e3 b0 e8 f6 eb f5 1e fd 29 be 22 19 43 db | unwrapped: e2 8e ca 2e 80 9a af 02 20 9f 4b 5a 32 cf 64 d2 | unwrapped: e5 0d 92 73 03 1e d2 74 65 0b a1 30 1e fd e5 f0 | unwrapped: c9 00 37 76 61 91 30 c0 cd fe 7d 5d 8f 99 ed d4 | unwrapped: c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd70e6520 | result: final-key@0x564021e07b90 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e07b90 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6508 | result: final-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e07b90 | prf+N PRF sha final-key@0x564021dfb870 (size 20) | prf+N: key-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd70e6598 | result: result-key@0x564021e07b90 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021df9ff0 | prfplus: release old_t[N]-key@0x564021df9ff0 | prf+N PRF sha init key-key@0x564021e06230 (size 20) | prf+N: key-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6518 | result: clone-key@0x564021df9ff0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5cd0003aa0 from key-key@0x564021df9ff0 | prf+N prf: begin sha with context 0x7f5cd0003aa0 from key-key@0x564021df9ff0 | prf+N: release clone-key@0x564021df9ff0 | prf+N PRF sha crypt-prf@0x7f5cd00049e0 | prf+N PRF sha update old_t-key@0x564021dfb870 (size 20) | prf+N: old_t-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021dfb870 | nss hmac digest hack: symkey-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-686923424: ffffff82 51 5a ffffffea ffffffe9 03 fffffff3 ffffff99 ffffffe3 4d ffffffe4 6a ffffffe1 7a 5c ffffff96 66 ffffffb7 0f 04 20 23 78 ffffffba ffffff86 23 45 ffffffaa 51 ffffffcd ffffff97 0d | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5cd0006370 | unwrapped: 3c 0a 54 3f 87 51 84 1b 69 80 d0 02 43 11 a9 3d | unwrapped: 2f 8a 84 d3 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021e01140 (size 80) | prf+N: seed-key@0x564021e01140 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021e01140 | nss hmac digest hack: symkey-key@0x564021e01140 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-686923424: 33 fffffffd 7b 23 1c fffffffa ffffffbe ffffff8a ffffffdd ffffffe8 35 36 ffffffa3 ffffff9e ffffffc0 ffffff96 ffffffc1 5c 6d 18 ffffff88 5d fffffffd ffffffe5 ffffff86 ffffff87 ffffffee ffffff84 7c 30 2d 18 59 fffffffa fffffff9 69 ffffff8a 15 40 ffffff8d 24 52 5f 45 ffffffce ffffffa0 23 ffffffb3 5d 17 65 40 ffffff9c ffffff9f 79 76 ffffff8b 3c ffffffe6 6b ffffff8a 31 ffffffe1 37 34 6d 11 fffffff0 ffffffb6 08 ffffff98 1d ffffff9e ffffffaa ffffffb9 fffffff4 ffffffc8 7a 21 64 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cd0001880 | unwrapped: d3 6a e3 b0 e8 f6 eb f5 1e fd 29 be 22 19 43 db | unwrapped: e2 8e ca 2e 80 9a af 02 20 9f 4b 5a 32 cf 64 d2 | unwrapped: e5 0d 92 73 03 1e d2 74 65 0b a1 30 1e fd e5 f0 | unwrapped: c9 00 37 76 61 91 30 c0 cd fe 7d 5d 8f 99 ed d4 | unwrapped: c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd70e6520 | result: final-key@0x7f5cc800a510 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cc800a510 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6508 | result: final-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f5cc800a510 | prf+N PRF sha final-key@0x564021df9ff0 (size 20) | prf+N: key-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e07b90 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd70e6598 | result: result-key@0x7f5cc800a510 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021e07b90 | prfplus: release old_t[N]-key@0x564021dfb870 | prf+N PRF sha init key-key@0x564021e06230 (size 20) | prf+N: key-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6518 | result: clone-key@0x564021dfb870 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5cd0003aa0 from key-key@0x564021dfb870 | prf+N prf: begin sha with context 0x7f5cd0003aa0 from key-key@0x564021dfb870 | prf+N: release clone-key@0x564021dfb870 | prf+N PRF sha crypt-prf@0x7f5cd0002a80 | prf+N PRF sha update old_t-key@0x564021df9ff0 (size 20) | prf+N: old_t-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021df9ff0 | nss hmac digest hack: symkey-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-686923424: 73 75 46 0e 4b 29 65 ffffffac 41 ffffffef 50 ffffff99 ffffffa9 53 47 71 ffffffb2 10 ffffffc4 ffffffaa ffffff96 ffffffb6 30 ffffffe1 34 ffffffed ffffff99 ffffffc2 ffffffa2 ffffffa8 ffffffe7 4a | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5cd0006340 | unwrapped: 96 8d bb cd e8 fa d5 4f e1 a7 7b 04 84 f4 3e 3a | unwrapped: 5d ee 70 90 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021e01140 (size 80) | prf+N: seed-key@0x564021e01140 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021e01140 | nss hmac digest hack: symkey-key@0x564021e01140 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-686923424: 33 fffffffd 7b 23 1c fffffffa ffffffbe ffffff8a ffffffdd ffffffe8 35 36 ffffffa3 ffffff9e ffffffc0 ffffff96 ffffffc1 5c 6d 18 ffffff88 5d fffffffd ffffffe5 ffffff86 ffffff87 ffffffee ffffff84 7c 30 2d 18 59 fffffffa fffffff9 69 ffffff8a 15 40 ffffff8d 24 52 5f 45 ffffffce ffffffa0 23 ffffffb3 5d 17 65 40 ffffff9c ffffff9f 79 76 ffffff8b 3c ffffffe6 6b ffffff8a 31 ffffffe1 37 34 6d 11 fffffff0 ffffffb6 08 ffffff98 1d ffffff9e ffffffaa ffffffb9 fffffff4 ffffffc8 7a 21 64 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cd0001820 | unwrapped: d3 6a e3 b0 e8 f6 eb f5 1e fd 29 be 22 19 43 db | unwrapped: e2 8e ca 2e 80 9a af 02 20 9f 4b 5a 32 cf 64 d2 | unwrapped: e5 0d 92 73 03 1e d2 74 65 0b a1 30 1e fd e5 f0 | unwrapped: c9 00 37 76 61 91 30 c0 cd fe 7d 5d 8f 99 ed d4 | unwrapped: c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd70e6520 | result: final-key@0x564021e07b90 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e07b90 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6508 | result: final-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e07b90 | prf+N PRF sha final-key@0x564021dfb870 (size 20) | prf+N: key-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f5cc800a510 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd70e6598 | result: result-key@0x564021e07b90 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f5cc800a510 | prfplus: release old_t[N]-key@0x564021df9ff0 | prf+N PRF sha init key-key@0x564021e06230 (size 20) | prf+N: key-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6518 | result: clone-key@0x564021df9ff0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5cd0003aa0 from key-key@0x564021df9ff0 | prf+N prf: begin sha with context 0x7f5cd0003aa0 from key-key@0x564021df9ff0 | prf+N: release clone-key@0x564021df9ff0 | prf+N PRF sha crypt-prf@0x7f5cd00049e0 | prf+N PRF sha update old_t-key@0x564021dfb870 (size 20) | prf+N: old_t-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021dfb870 | nss hmac digest hack: symkey-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-686923424: ffffffe9 47 ffffffde ffffff8a ffffffa4 6e ffffffaf 0f 4c ffffffe7 17 ffffffa9 ffffffec 38 17 24 3a 76 18 ffffffc9 ffffffec ffffff93 57 58 ffffff83 fffffff6 4e ffffffec 79 ffffff8b 65 ffffff8f | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5cd0006610 | unwrapped: c0 00 04 3f 2a 93 30 d2 3e 60 eb 35 ac be ba ce | unwrapped: 42 15 56 0f 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021e01140 (size 80) | prf+N: seed-key@0x564021e01140 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021e01140 | nss hmac digest hack: symkey-key@0x564021e01140 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-686923424: 33 fffffffd 7b 23 1c fffffffa ffffffbe ffffff8a ffffffdd ffffffe8 35 36 ffffffa3 ffffff9e ffffffc0 ffffff96 ffffffc1 5c 6d 18 ffffff88 5d fffffffd ffffffe5 ffffff86 ffffff87 ffffffee ffffff84 7c 30 2d 18 59 fffffffa fffffff9 69 ffffff8a 15 40 ffffff8d 24 52 5f 45 ffffffce ffffffa0 23 ffffffb3 5d 17 65 40 ffffff9c ffffff9f 79 76 ffffff8b 3c ffffffe6 6b ffffff8a 31 ffffffe1 37 34 6d 11 fffffff0 ffffffb6 08 ffffff98 1d ffffff9e ffffffaa ffffffb9 fffffff4 ffffffc8 7a 21 64 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cd00064c0 | unwrapped: d3 6a e3 b0 e8 f6 eb f5 1e fd 29 be 22 19 43 db | unwrapped: e2 8e ca 2e 80 9a af 02 20 9f 4b 5a 32 cf 64 d2 | unwrapped: e5 0d 92 73 03 1e d2 74 65 0b a1 30 1e fd e5 f0 | unwrapped: c9 00 37 76 61 91 30 c0 cd fe 7d 5d 8f 99 ed d4 | unwrapped: c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd70e6520 | result: final-key@0x7f5cc800a510 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cc800a510 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6508 | result: final-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f5cc800a510 | prf+N PRF sha final-key@0x564021df9ff0 (size 20) | prf+N: key-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e07b90 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd70e6598 | result: result-key@0x7f5cc800a510 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021e07b90 | prfplus: release old_t[N]-key@0x564021dfb870 | prf+N PRF sha init key-key@0x564021e06230 (size 20) | prf+N: key-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6518 | result: clone-key@0x564021dfb870 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5cd00043d0 from key-key@0x564021dfb870 | prf+N prf: begin sha with context 0x7f5cd00043d0 from key-key@0x564021dfb870 | prf+N: release clone-key@0x564021dfb870 | prf+N PRF sha crypt-prf@0x7f5cd0002a80 | prf+N PRF sha update old_t-key@0x564021df9ff0 (size 20) | prf+N: old_t-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021df9ff0 | nss hmac digest hack: symkey-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-686923424: ffffffcc 56 ffffffe1 58 09 62 ffffffd2 ffffffed 7f 33 2c ffffff91 13 5a 6a ffffffa8 ffffffc5 58 ffffff93 5a ffffffc5 ffffffb9 66 ffffff9c ffffffc1 ffffffd8 ffffff8f fffffff8 0c ffffff8f ffffff9b 59 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5cd0006340 | unwrapped: 92 22 10 2a 52 ba 3d 21 05 45 80 f0 67 05 99 9c | unwrapped: a5 1b 6f 44 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021e01140 (size 80) | prf+N: seed-key@0x564021e01140 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021e01140 | nss hmac digest hack: symkey-key@0x564021e01140 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-686923424: 33 fffffffd 7b 23 1c fffffffa ffffffbe ffffff8a ffffffdd ffffffe8 35 36 ffffffa3 ffffff9e ffffffc0 ffffff96 ffffffc1 5c 6d 18 ffffff88 5d fffffffd ffffffe5 ffffff86 ffffff87 ffffffee ffffff84 7c 30 2d 18 59 fffffffa fffffff9 69 ffffff8a 15 40 ffffff8d 24 52 5f 45 ffffffce ffffffa0 23 ffffffb3 5d 17 65 40 ffffff9c ffffff9f 79 76 ffffff8b 3c ffffffe6 6b ffffff8a 31 ffffffe1 37 34 6d 11 fffffff0 ffffffb6 08 ffffff98 1d ffffff9e ffffffaa ffffffb9 fffffff4 ffffffc8 7a 21 64 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cd0005b80 | unwrapped: d3 6a e3 b0 e8 f6 eb f5 1e fd 29 be 22 19 43 db | unwrapped: e2 8e ca 2e 80 9a af 02 20 9f 4b 5a 32 cf 64 d2 | unwrapped: e5 0d 92 73 03 1e d2 74 65 0b a1 30 1e fd e5 f0 | unwrapped: c9 00 37 76 61 91 30 c0 cd fe 7d 5d 8f 99 ed d4 | unwrapped: c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd70e6520 | result: final-key@0x564021e07b90 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e07b90 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6508 | result: final-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e07b90 | prf+N PRF sha final-key@0x564021dfb870 (size 20) | prf+N: key-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f5cc800a510 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd70e6598 | result: result-key@0x564021e07b90 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f5cc800a510 | prfplus: release old_t[N]-key@0x564021df9ff0 | prf+N PRF sha init key-key@0x564021e06230 (size 20) | prf+N: key-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6518 | result: clone-key@0x564021df9ff0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5cd0003aa0 from key-key@0x564021df9ff0 | prf+N prf: begin sha with context 0x7f5cd0003aa0 from key-key@0x564021df9ff0 | prf+N: release clone-key@0x564021df9ff0 | prf+N PRF sha crypt-prf@0x7f5cd00049e0 | prf+N PRF sha update old_t-key@0x564021dfb870 (size 20) | prf+N: old_t-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021dfb870 | nss hmac digest hack: symkey-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-686923424: 72 ffffffa9 ffffffab 3d 24 74 ffffff97 6c fffffff5 3a ffffffeb ffffff83 43 fffffffa 6c ffffff81 ffffffbc ffffffbe ffffffb1 01 5a ffffff92 12 30 2b 51 ffffff8d 37 50 27 5d ffffffe3 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5cd00058b0 | unwrapped: 38 11 8a ee 05 3b 46 5a 25 6e 01 25 0f c2 00 51 | unwrapped: 18 0a 32 d3 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021e01140 (size 80) | prf+N: seed-key@0x564021e01140 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021e01140 | nss hmac digest hack: symkey-key@0x564021e01140 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-686923424: 33 fffffffd 7b 23 1c fffffffa ffffffbe ffffff8a ffffffdd ffffffe8 35 36 ffffffa3 ffffff9e ffffffc0 ffffff96 ffffffc1 5c 6d 18 ffffff88 5d fffffffd ffffffe5 ffffff86 ffffff87 ffffffee ffffff84 7c 30 2d 18 59 fffffffa fffffff9 69 ffffff8a 15 40 ffffff8d 24 52 5f 45 ffffffce ffffffa0 23 ffffffb3 5d 17 65 40 ffffff9c ffffff9f 79 76 ffffff8b 3c ffffffe6 6b ffffff8a 31 ffffffe1 37 34 6d 11 fffffff0 ffffffb6 08 ffffff98 1d ffffff9e ffffffaa ffffffb9 fffffff4 ffffffc8 7a 21 64 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cd00064c0 | unwrapped: d3 6a e3 b0 e8 f6 eb f5 1e fd 29 be 22 19 43 db | unwrapped: e2 8e ca 2e 80 9a af 02 20 9f 4b 5a 32 cf 64 d2 | unwrapped: e5 0d 92 73 03 1e d2 74 65 0b a1 30 1e fd e5 f0 | unwrapped: c9 00 37 76 61 91 30 c0 cd fe 7d 5d 8f 99 ed d4 | unwrapped: c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd70e6520 | result: final-key@0x7f5cc800a510 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cc800a510 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6508 | result: final-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f5cc800a510 | prf+N PRF sha final-key@0x564021df9ff0 (size 20) | prf+N: key-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e07b90 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd70e6598 | result: result-key@0x7f5cc800a510 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021e07b90 | prfplus: release old_t[N]-key@0x564021dfb870 | prfplus: release old_t[final]-key@0x564021df9ff0 | ike_sa_keymat: release data-key@0x564021e01140 | calc_skeyseed_v2: release skeyseed_k-key@0x564021e06230 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cc800a510 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6738 | result: result-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cc800a510 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6738 | result: result-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cc800a510 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6738 | result: result-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f5cc800a510 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6748 | result: SK_ei_k-key@0x564021dfb870 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f5cc800a510 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6748 | result: SK_er_k-key@0x564021e07b90 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cc800a510 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6748 | result: result-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x7f5cc800d640 | chunk_SK_pi: symkey-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1717986848: 72 1f 2d ffffffa8 7a ffffffa4 ffffff8b 22 ffffffab ffffff91 ffffffa5 ffffffc2 ffffff83 ffffffb6 ffffff95 49 0f 36 5a ffffffa3 07 ffffffcd 09 74 ffffff80 7f 40 58 30 ffffffbf ffffffb3 73 | chunk_SK_pi: release slot-key-key@0x564021dfdd40 | chunk_SK_pi extracted len 32 bytes at 0x7f5cd0005be0 | unwrapped: 67 05 99 9c a5 1b 6f 44 38 11 8a ee 05 3b 46 5a | unwrapped: 25 6e 01 25 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cc800a510 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6748 | result: result-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x564021e04570 | chunk_SK_pr: symkey-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1717986848: ffffffb9 fffffff7 ffffffd5 ffffffac 43 ffffffe7 72 ffffff9b ffffffff 0b 42 6e 69 40 03 fffffffe ffffffe7 ffffffd1 ffffffa8 ffffffbc ffffffce 2f ffffff8d ffffff90 20 2d ffffff8a 17 ffffffbc ffffffbd 28 69 | chunk_SK_pr: release slot-key-key@0x564021dfdd40 | chunk_SK_pr extracted len 32 bytes at 0x7f5cd00062f0 | unwrapped: 0f c2 00 51 18 0a 32 d3 64 18 7c 7c ec 8f de e4 | unwrapped: 8a 56 ff 66 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x7f5cc800a510 | calc_skeyseed_v2 pointers: shared-key@0x564021e19e70, SK_d-key@0x564021e06230, SK_ai-key@0x564021e01140, SK_ar-key@0x564021df9ff0, SK_ei-key@0x564021dfb870, SK_er-key@0x564021e07b90, SK_pi-key@0x7f5cc800d640, SK_pr-key@0x564021e04570 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | 67 05 99 9c a5 1b 6f 44 38 11 8a ee 05 3b 46 5a | 25 6e 01 25 | calc_skeyseed_v2 SK_pr | 0f c2 00 51 18 0a 32 d3 64 18 7c 7c ec 8f de e4 | 8a 56 ff 66 | crypto helper 2 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 8 time elapsed 0.002956 seconds | (#7) spent 2.94 milliseconds in crypto helper computing work-order 8: ikev2_inR1outI2 KE (pcr) | crypto helper 2 sending results from work-order 8 for state #7 to event queue | scheduling resume sending helper answer for #7 | libevent_malloc: new ptr-libevent@0x7f5cd0006800 size 128 | crypto helper 2 waiting (nothing to do) | processing resume sending helper answer for #7 | start processing: state #7 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 2 replies to request ID 8 | calling continuation function 0x564020443630 | ikev2_parent_inR1outI2_continue for #7: calculating g^{xy}, sending I2 | DH secret MODP2048@0x7f5cbc000d60: transferring ownership from helper IKEv2 DH to state #7 | finish_dh_v2: release st_shared_nss-key@NULL | creating state object #8 at 0x564021e1a900 | State DB: adding IKEv2 state #8 in UNDEFINED | pstats #8 ikev2.child started | duplicating state object #7 "aes128" as #8 for IPSEC SA | #8 setting local endpoint to 192.1.2.45:500 from #7.st_localport (in duplicate_state() at state.c:1481) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x564021e06230 | duplicate_state: reference st_skey_ai_nss-key@0x564021e01140 | duplicate_state: reference st_skey_ar_nss-key@0x564021df9ff0 | duplicate_state: reference st_skey_ei_nss-key@0x564021dfb870 | duplicate_state: reference st_skey_er_nss-key@0x564021e07b90 | duplicate_state: reference st_skey_pi_nss-key@0x7f5cc800d640 | duplicate_state: reference st_skey_pr_nss-key@0x564021e04570 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #7.#8; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #7 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #7.#8 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #7 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x564021e17f40 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f5cc4002b20 | event_schedule: new EVENT_SA_REPLACE-pe@0x7f5cc4002b20 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #7 | libevent_malloc: new ptr-libevent@0x564021e17f40 size 128 | parent state #7: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | c4 6c 37 92 fa 84 6c d3 | responder cookie: | 0e 4d 17 a5 79 8d d7 c5 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | IDr payload will be sent | hmac PRF sha init symkey-key@0x7f5cc800d640 (size 20) | hmac: symkey-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db978 | result: clone-key@0x7f5cc800a510 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564021dfd2a0 from symkey-key@0x7f5cc800a510 | hmac prf: begin sha with context 0x564021dfd2a0 from symkey-key@0x7f5cc800a510 | hmac: release clone-key@0x7f5cc800a510 | hmac PRF sha crypt-prf@0x564021e1b470 | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 77 65 73 74 | emitting length of IKEv2 Identification - Initiator - Payload: 12 | idhash calc I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x564020542974 (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7fff864dbf10 (length 20) | 2e 5c 34 4b 50 52 f7 fc 37 9d 01 9b e0 07 fd d7 | 28 c1 9d 56 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload | IDr 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x564021e0a240 (line=1) | concluding with best_match=014 best=0x564021e0a240 (lineno=1) | inputs to hash1 (first packet) | c4 6c 37 92 fa 84 6c d3 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 bc 22 00 00 34 | 00 00 00 30 01 01 00 04 03 00 00 10 01 00 00 0c | 80 0e 00 80 80 0e 00 80 03 00 00 08 02 00 00 02 | 03 00 00 08 03 00 00 02 00 00 00 08 04 00 00 0e | 28 00 01 08 00 0e 00 00 a6 8a 15 c2 38 40 e8 c7 | 83 ed 53 1b 4e 0a d1 7c 7b 6b 8d fe 81 2d 18 bc | d6 09 ad 8f 84 51 42 40 45 96 2c 26 58 ed ae 32 | fc 9c 11 9e 33 6a 28 51 62 2e 45 e7 18 f1 3e 4a | 5d 50 05 c5 3a 49 c2 e4 94 62 19 e3 63 02 3b 97 | c4 05 6f 9e 18 07 86 21 00 ae 3b 97 ae 18 c3 71 | 75 bf 9a b2 b6 58 62 90 53 34 40 c1 b5 6a b3 3b | 10 f0 f7 23 3f f9 5f eb e7 b7 64 46 5d 0f 0e ca | fc c2 79 cf be a5 ad ef b4 08 81 79 99 c9 df 6d | f8 c0 e0 5e ea 12 74 8a 18 e1 d5 e1 8e 7a bc ee | 7b 29 08 8d 00 c7 bf bb 74 64 ba a2 41 23 46 4c | c2 27 89 48 87 31 84 f8 b2 ff 20 46 c9 89 59 e0 | 91 1b 1e a5 f9 de 77 b5 70 cf a4 10 bd af b8 2f | 6c d8 91 ab 1a fc 27 d4 89 94 38 33 40 50 a2 97 | 51 3e 05 fc bf a9 e6 a4 ff b3 65 8d 2d 73 6a 32 | c2 7b 0f 30 11 1d df 02 27 e6 05 55 78 01 74 e2 | 65 b1 da b1 7e 8c 89 a8 29 00 00 24 d3 6a e3 b0 | e8 f6 eb f5 1e fd 29 be 22 19 43 db e2 8e ca 2e | 80 9a af 02 20 9f 4b 5a 32 cf 64 d2 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 5b ef d7 2f | 04 2c 87 06 bf e5 e4 a8 c7 03 d8 b1 51 ba 83 33 | 00 00 00 1c 00 00 40 05 11 f6 88 df 67 58 af 8c | d8 2e b6 07 25 f1 16 6c 4a 01 f9 c3 | create: initiator inputs to hash2 (responder nonce) | e5 0d 92 73 03 1e d2 74 65 0b a1 30 1e fd e5 f0 | c9 00 37 76 61 91 30 c0 cd fe 7d 5d 8f 99 ed d4 | idhash 2e 5c 34 4b 50 52 f7 fc 37 9d 01 9b e0 07 fd d7 | idhash 28 c1 9d 56 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x564021e14a20 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db770 | result: shared secret-key@0x7f5cd0006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7f5cd0006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db758 | result: shared secret-key@0x7f5cc800a510 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7f5cd0006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x564021dfd2a0 from shared secret-key@0x7f5cc800a510 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x564021dfd2a0 from shared secret-key@0x7f5cc800a510 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f5cc800a510 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x564021e19f20 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x5640204d6bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db790 | result: final-key@0x7f5cd0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cd0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db778 | result: final-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f5cd0006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f5cc800a510 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f5cc800a510 (size 20) | = prf(, ): -key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db788 | result: clone-key@0x7f5cd0006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x564021dfd2a0 from -key@0x7f5cd0006900 | = prf(, ) prf: begin sha with context 0x564021dfd2a0 from -key@0x7f5cd0006900 | = prf(, ): release clone-key@0x7f5cd0006900 | = prf(, ) PRF sha crypt-prf@0x564021e17610 | = prf(, ) PRF sha update first-packet-bytes@0x564021e16d50 (length 444) | c4 6c 37 92 fa 84 6c d3 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 bc 22 00 00 34 | 00 00 00 30 01 01 00 04 03 00 00 10 01 00 00 0c | 80 0e 00 80 80 0e 00 80 03 00 00 08 02 00 00 02 | 03 00 00 08 03 00 00 02 00 00 00 08 04 00 00 0e | 28 00 01 08 00 0e 00 00 a6 8a 15 c2 38 40 e8 c7 | 83 ed 53 1b 4e 0a d1 7c 7b 6b 8d fe 81 2d 18 bc | d6 09 ad 8f 84 51 42 40 45 96 2c 26 58 ed ae 32 | fc 9c 11 9e 33 6a 28 51 62 2e 45 e7 18 f1 3e 4a | 5d 50 05 c5 3a 49 c2 e4 94 62 19 e3 63 02 3b 97 | c4 05 6f 9e 18 07 86 21 00 ae 3b 97 ae 18 c3 71 | 75 bf 9a b2 b6 58 62 90 53 34 40 c1 b5 6a b3 3b | 10 f0 f7 23 3f f9 5f eb e7 b7 64 46 5d 0f 0e ca | fc c2 79 cf be a5 ad ef b4 08 81 79 99 c9 df 6d | f8 c0 e0 5e ea 12 74 8a 18 e1 d5 e1 8e 7a bc ee | 7b 29 08 8d 00 c7 bf bb 74 64 ba a2 41 23 46 4c | c2 27 89 48 87 31 84 f8 b2 ff 20 46 c9 89 59 e0 | 91 1b 1e a5 f9 de 77 b5 70 cf a4 10 bd af b8 2f | 6c d8 91 ab 1a fc 27 d4 89 94 38 33 40 50 a2 97 | 51 3e 05 fc bf a9 e6 a4 ff b3 65 8d 2d 73 6a 32 | c2 7b 0f 30 11 1d df 02 27 e6 05 55 78 01 74 e2 | 65 b1 da b1 7e 8c 89 a8 29 00 00 24 d3 6a e3 b0 | e8 f6 eb f5 1e fd 29 be 22 19 43 db e2 8e ca 2e | 80 9a af 02 20 9f 4b 5a 32 cf 64 d2 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 5b ef d7 2f | 04 2c 87 06 bf e5 e4 a8 c7 03 d8 b1 51 ba 83 33 | 00 00 00 1c 00 00 40 05 11 f6 88 df 67 58 af 8c | d8 2e b6 07 25 f1 16 6c 4a 01 f9 c3 | = prf(, ) PRF sha update nonce-bytes@0x564021e17eb0 (length 32) | e5 0d 92 73 03 1e d2 74 65 0b a1 30 1e fd e5 f0 | c9 00 37 76 61 91 30 c0 cd fe 7d 5d 8f 99 ed d4 | = prf(, ) PRF sha update hash-bytes@0x7fff864dbf10 (length 20) | 2e 5c 34 4b 50 52 f7 fc 37 9d 01 9b e0 07 fd d7 | 28 c1 9d 56 | = prf(, ) PRF sha final-chunk@0x564021e1b470 (length 20) | 79 c1 06 68 f5 5e d5 a5 8f 57 81 e8 74 76 19 ca | 2f 53 d3 e8 | psk_auth: release prf-psk-key@0x7f5cc800a510 | PSK auth octets 79 c1 06 68 f5 5e d5 a5 8f 57 81 e8 74 76 19 ca | PSK auth octets 2f 53 d3 e8 | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth 79 c1 06 68 f5 5e d5 a5 8f 57 81 e8 74 76 19 ca | PSK auth 2f 53 d3 e8 | emitting length of IKEv2 Authentication Payload: 28 | getting first pending from state #7 | netlink_get_spi: allocated 0x8392167c for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for aes128 (IKE SA initiator emitting ESP/AH proposals) | converting proposal AES_CBC_128-HMAC_SHA1_96-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED "aes128": constructed local ESP/AH proposals for aes128 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 83 92 16 7c | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 01 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 02 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 16 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0e repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0f repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 192 | emitting length of ISAKMP Message: 220 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | ec 25 e8 3f 4a e2 4f b4 a3 69 18 d3 fe 7b e8 99 | data before encryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | 79 c1 06 68 f5 5e d5 a5 8f 57 81 e8 74 76 19 ca | 2f 53 d3 e8 2c 00 00 2c 00 00 00 28 01 03 04 03 | 83 92 16 7c 03 00 00 0c 01 00 00 0c 80 0e 00 80 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 67 53 80 2e 57 be b7 24 3e 1b 05 5f a8 3f e8 c3 | ae 8d 71 e2 3b 50 f1 db d4 d0 fa dd 57 87 e8 a0 | cd e2 53 66 d8 e6 4b db eb 15 0f af 23 bb 48 e4 | c7 1d 38 20 22 41 bf ca bc c0 d0 68 c5 dd ae 38 | 58 bc 5b 75 82 58 18 53 ca 54 58 b1 a7 22 3a ef | 1a f0 2d c0 29 80 4e f7 31 09 b3 4c 8f 96 af ae | ae 8c 0c 1f 70 78 8f 64 65 40 a6 87 f6 e6 ab fa | 12 0f eb b0 d9 02 54 17 99 d2 70 46 3b dc a1 cd | 43 fd 27 34 a9 fc 7b bd ab af 22 d2 89 d4 b6 dc | 71 a3 51 6d 51 ee 21 76 87 26 45 10 5b 20 72 8c | hmac PRF sha init symkey-key@0x564021e01140 (size 20) | hmac: symkey-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db888 | result: clone-key@0x7f5cc800a510 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564021dfd2a0 from symkey-key@0x7f5cc800a510 | hmac prf: begin sha with context 0x564021dfd2a0 from symkey-key@0x7f5cc800a510 | hmac: release clone-key@0x7f5cc800a510 | hmac PRF sha crypt-prf@0x564021e19f20 | hmac PRF sha update data-bytes@0x564020542940 (length 208) | c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | ec 25 e8 3f 4a e2 4f b4 a3 69 18 d3 fe 7b e8 99 | 67 53 80 2e 57 be b7 24 3e 1b 05 5f a8 3f e8 c3 | ae 8d 71 e2 3b 50 f1 db d4 d0 fa dd 57 87 e8 a0 | cd e2 53 66 d8 e6 4b db eb 15 0f af 23 bb 48 e4 | c7 1d 38 20 22 41 bf ca bc c0 d0 68 c5 dd ae 38 | 58 bc 5b 75 82 58 18 53 ca 54 58 b1 a7 22 3a ef | 1a f0 2d c0 29 80 4e f7 31 09 b3 4c 8f 96 af ae | ae 8c 0c 1f 70 78 8f 64 65 40 a6 87 f6 e6 ab fa | 12 0f eb b0 d9 02 54 17 99 d2 70 46 3b dc a1 cd | 43 fd 27 34 a9 fc 7b bd ab af 22 d2 89 d4 b6 dc | 71 a3 51 6d 51 ee 21 76 87 26 45 10 5b 20 72 8c | hmac PRF sha final-bytes@0x564020542a10 (length 20) | 15 9e 6d 13 82 c8 fa 2a 45 b1 0e fc 33 5c 40 ee | 59 7f 96 51 | data being hmac: c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | data being hmac: 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | data being hmac: ec 25 e8 3f 4a e2 4f b4 a3 69 18 d3 fe 7b e8 99 | data being hmac: 67 53 80 2e 57 be b7 24 3e 1b 05 5f a8 3f e8 c3 | data being hmac: ae 8d 71 e2 3b 50 f1 db d4 d0 fa dd 57 87 e8 a0 | data being hmac: cd e2 53 66 d8 e6 4b db eb 15 0f af 23 bb 48 e4 | data being hmac: c7 1d 38 20 22 41 bf ca bc c0 d0 68 c5 dd ae 38 | data being hmac: 58 bc 5b 75 82 58 18 53 ca 54 58 b1 a7 22 3a ef | data being hmac: 1a f0 2d c0 29 80 4e f7 31 09 b3 4c 8f 96 af ae | data being hmac: ae 8c 0c 1f 70 78 8f 64 65 40 a6 87 f6 e6 ab fa | data being hmac: 12 0f eb b0 d9 02 54 17 99 d2 70 46 3b dc a1 cd | data being hmac: 43 fd 27 34 a9 fc 7b bd ab af 22 d2 89 d4 b6 dc | data being hmac: 71 a3 51 6d 51 ee 21 76 87 26 45 10 5b 20 72 8c | out calculated auth: | 15 9e 6d 13 82 c8 fa 2a 45 b1 0e fc | suspend processing: state #7 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #8 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #8 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #8: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #8 to 0 after switching state | Message ID: recv #7.#8 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #7.#8 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "aes128" #8: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 220 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #7) | c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | ec 25 e8 3f 4a e2 4f b4 a3 69 18 d3 fe 7b e8 99 | 67 53 80 2e 57 be b7 24 3e 1b 05 5f a8 3f e8 c3 | ae 8d 71 e2 3b 50 f1 db d4 d0 fa dd 57 87 e8 a0 | cd e2 53 66 d8 e6 4b db eb 15 0f af 23 bb 48 e4 | c7 1d 38 20 22 41 bf ca bc c0 d0 68 c5 dd ae 38 | 58 bc 5b 75 82 58 18 53 ca 54 58 b1 a7 22 3a ef | 1a f0 2d c0 29 80 4e f7 31 09 b3 4c 8f 96 af ae | ae 8c 0c 1f 70 78 8f 64 65 40 a6 87 f6 e6 ab fa | 12 0f eb b0 d9 02 54 17 99 d2 70 46 3b dc a1 cd | 43 fd 27 34 a9 fc 7b bd ab af 22 d2 89 d4 b6 dc | 71 a3 51 6d 51 ee 21 76 87 26 45 10 5b 20 72 8c | 15 9e 6d 13 82 c8 fa 2a 45 b1 0e fc | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "aes128" #8: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x7f5cbc002b20 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #8 | libevent_malloc: new ptr-libevent@0x7f5cbc006900 size 128 | #8 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48954.647812 | resume sending helper answer for #7 suppresed complete_v2_state_transition() | #7 spent 1.13 milliseconds in resume sending helper answer | stop processing: state #8 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5cd0006800 | spent 0.00266 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 204 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | 48 bf 34 6c e4 75 c3 ef 78 f2 16 c2 f4 8f 5b 5a | 02 07 f5 df a9 7a 28 d4 62 f7 bf 25 46 3b 3e 64 | 3c 1f 0c 12 39 d5 86 26 9e cd 77 27 b2 81 7f 1b | fc 4e fe 31 13 ae 84 d7 ec 6b 11 dc c8 de 92 13 | f5 39 e7 b6 87 32 00 4d b8 3f eb 7b 92 20 76 16 | 13 27 9e eb 1a 5a 2e 65 6c 50 db 31 9d 14 97 c3 | 61 5e 5f fa 60 57 77 17 0b f9 0d fe ba f7 7c f8 | cf 8e f6 55 13 ff ed 33 d5 69 bf a4 ef 15 d9 d5 | c0 74 d6 f5 93 40 d9 c9 77 e8 aa fc 06 dc 72 01 | c0 4c 99 6d 27 7c 94 2f d1 b9 b8 4d 11 47 06 89 | e1 86 16 12 66 9c 26 b1 3d 33 10 d9 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | c4 6c 37 92 fa 84 6c d3 | responder cookie: | 0e 4d 17 a5 79 8d d7 c5 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 204 (0xcc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #7 in PARENT_I2 (find_v2_ike_sa) | start processing: state #7 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #8 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #7 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | start processing: state #8 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #8 is idle | #8 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 176 (0xb0) | processing payload: ISAKMP_NEXT_v2SK (len=172) | #8 in state PARENT_I2: sent v2I2, expected v2R2 | hmac PRF sha init symkey-key@0x564021df9ff0 (size 20) | hmac: symkey-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db7a8 | result: clone-key@0x7f5cc800a510 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564021dfd2a0 from symkey-key@0x7f5cc800a510 | hmac prf: begin sha with context 0x564021dfd2a0 from symkey-key@0x7f5cc800a510 | hmac: release clone-key@0x7f5cc800a510 | hmac PRF sha crypt-prf@0x564021e17be0 | hmac PRF sha update data-bytes@0x564021e197b0 (length 192) | c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | 48 bf 34 6c e4 75 c3 ef 78 f2 16 c2 f4 8f 5b 5a | 02 07 f5 df a9 7a 28 d4 62 f7 bf 25 46 3b 3e 64 | 3c 1f 0c 12 39 d5 86 26 9e cd 77 27 b2 81 7f 1b | fc 4e fe 31 13 ae 84 d7 ec 6b 11 dc c8 de 92 13 | f5 39 e7 b6 87 32 00 4d b8 3f eb 7b 92 20 76 16 | 13 27 9e eb 1a 5a 2e 65 6c 50 db 31 9d 14 97 c3 | 61 5e 5f fa 60 57 77 17 0b f9 0d fe ba f7 7c f8 | cf 8e f6 55 13 ff ed 33 d5 69 bf a4 ef 15 d9 d5 | c0 74 d6 f5 93 40 d9 c9 77 e8 aa fc 06 dc 72 01 | c0 4c 99 6d 27 7c 94 2f d1 b9 b8 4d 11 47 06 89 | hmac PRF sha final-bytes@0x7fff864db970 (length 20) | e1 86 16 12 66 9c 26 b1 3d 33 10 d9 ff 43 73 a5 | 93 0b b2 df | data for hmac: c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | data for hmac: 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | data for hmac: 48 bf 34 6c e4 75 c3 ef 78 f2 16 c2 f4 8f 5b 5a | data for hmac: 02 07 f5 df a9 7a 28 d4 62 f7 bf 25 46 3b 3e 64 | data for hmac: 3c 1f 0c 12 39 d5 86 26 9e cd 77 27 b2 81 7f 1b | data for hmac: fc 4e fe 31 13 ae 84 d7 ec 6b 11 dc c8 de 92 13 | data for hmac: f5 39 e7 b6 87 32 00 4d b8 3f eb 7b 92 20 76 16 | data for hmac: 13 27 9e eb 1a 5a 2e 65 6c 50 db 31 9d 14 97 c3 | data for hmac: 61 5e 5f fa 60 57 77 17 0b f9 0d fe ba f7 7c f8 | data for hmac: cf 8e f6 55 13 ff ed 33 d5 69 bf a4 ef 15 d9 d5 | data for hmac: c0 74 d6 f5 93 40 d9 c9 77 e8 aa fc 06 dc 72 01 | data for hmac: c0 4c 99 6d 27 7c 94 2f d1 b9 b8 4d 11 47 06 89 | calculated auth: e1 86 16 12 66 9c 26 b1 3d 33 10 d9 | provided auth: e1 86 16 12 66 9c 26 b1 3d 33 10 d9 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 48 bf 34 6c e4 75 c3 ef 78 f2 16 c2 f4 8f 5b 5a | payload before decryption: | 02 07 f5 df a9 7a 28 d4 62 f7 bf 25 46 3b 3e 64 | 3c 1f 0c 12 39 d5 86 26 9e cd 77 27 b2 81 7f 1b | fc 4e fe 31 13 ae 84 d7 ec 6b 11 dc c8 de 92 13 | f5 39 e7 b6 87 32 00 4d b8 3f eb 7b 92 20 76 16 | 13 27 9e eb 1a 5a 2e 65 6c 50 db 31 9d 14 97 c3 | 61 5e 5f fa 60 57 77 17 0b f9 0d fe ba f7 7c f8 | cf 8e f6 55 13 ff ed 33 d5 69 bf a4 ef 15 d9 d5 | c0 74 d6 f5 93 40 d9 c9 77 e8 aa fc 06 dc 72 01 | c0 4c 99 6d 27 7c 94 2f d1 b9 b8 4d 11 47 06 89 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 23 74 e6 88 45 90 2b 16 28 62 f8 12 | 6f 92 54 e3 dc 39 a3 2b 2c 00 00 2c 00 00 00 28 | 01 03 04 03 43 3f 6f 0b 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 03 00 00 02 00 00 00 08 | 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 01 00 c0 00 01 ff 00 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 | c0 00 02 ff 00 01 02 03 04 05 06 07 08 09 0a 0b | stripping 12 octets as pad | #8 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Initiator: process IKE_AUTH response | Now let's proceed with state specific processing | calling processor Initiator: process IKE_AUTH response | offered CA: '%none' "aes128" #8: IKEv2 mode peer ID is ID_FQDN: '@east' | hmac PRF sha init symkey-key@0x564021e04570 (size 20) | hmac: symkey-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db8d8 | result: clone-key@0x7f5cc800a510 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564021dfd2a0 from symkey-key@0x7f5cc800a510 | hmac prf: begin sha with context 0x564021dfd2a0 from symkey-key@0x7f5cc800a510 | hmac: release clone-key@0x7f5cc800a510 | hmac PRF sha crypt-prf@0x564021e19f00 | idhash auth R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x564021e197e4 (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7fff864dba30 (length 20) | e6 01 f5 b9 d0 45 13 34 c7 00 72 a8 a9 20 f0 31 | fa 74 06 36 | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x564021e0a240 (line=1) | concluding with best_match=014 best=0x564021e0a240 (lineno=1) | inputs to hash1 (first packet) | c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 ec 25 38 75 f8 d2 7f da 3f 5b 17 e4 | 04 91 89 ac 42 9f 2c 19 6f e5 bd 0a 68 ee 5b 17 | 95 6a a2 70 69 87 af cd e0 44 e0 77 20 14 8f f2 | c7 6d e7 2b 9f b9 3f 82 40 c0 32 2d bd 7e 19 55 | a0 77 c7 ab 4f 8a 2b 4c b1 c7 5f e4 0a 15 f3 75 | b4 8e 64 50 00 f8 12 e2 9b 03 58 12 9d f2 93 53 | be d5 01 97 e3 0e 48 9d 04 78 3b 83 2b b5 b2 9c | 4d d4 93 19 71 79 78 f5 cf 17 1e ed ea 2f d2 fb | 87 7c 32 4f b4 2a 3d bd 7b 64 c5 ab 92 da 26 d5 | f0 59 f2 59 ad 93 b1 1e e6 ee 65 59 25 c3 c5 b1 | 09 36 2b f6 87 ea 3c dd aa 99 d9 3e 73 69 57 6f | e7 b1 be 5e 0e 8c 2e 40 b6 8b 90 fd ab 0b 37 33 | 42 5f 8c 6a fb a7 7e ee 24 ec 5b a8 23 73 f2 46 | 75 30 86 3f f1 01 78 dd d4 85 5d c5 0e 2f 5c fd | 86 9f 4a 6a db 69 0b 8c e3 1a 55 e1 69 8c 04 b6 | ed ed 55 c8 12 5d 01 80 01 df ac dd 0c c9 c9 27 | 8a 33 f5 e8 29 00 00 24 e5 0d 92 73 03 1e d2 74 | 65 0b a1 30 1e fd e5 f0 c9 00 37 76 61 91 30 c0 | cd fe 7d 5d 8f 99 ed d4 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 7d 64 93 f6 90 71 5b 5f | cc ca f4 aa b5 b2 60 45 f3 92 f5 10 00 00 00 1c | 00 00 40 05 70 c7 36 b0 3d b1 89 aa e3 da 3b b2 | dd 2b 17 ef e3 9a f4 ca | verify: initiator inputs to hash2 (initiator nonce) | d3 6a e3 b0 e8 f6 eb f5 1e fd 29 be 22 19 43 db | e2 8e ca 2e 80 9a af 02 20 9f 4b 5a 32 cf 64 d2 | idhash e6 01 f5 b9 d0 45 13 34 c7 00 72 a8 a9 20 f0 31 | idhash fa 74 06 36 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x564021e14a20 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db6e0 | result: shared secret-key@0x7f5cd0006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7f5cd0006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6c8 | result: shared secret-key@0x7f5cc800a510 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7f5cd0006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x564021dfd2a0 from shared secret-key@0x7f5cc800a510 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x564021dfd2a0 from shared secret-key@0x7f5cc800a510 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f5cc800a510 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x564021e17be0 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x5640204d6bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db700 | result: final-key@0x7f5cd0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cd0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6e8 | result: final-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f5cd0006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f5cc800a510 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f5cc800a510 (size 20) | = prf(, ): -key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6f8 | result: clone-key@0x7f5cd0006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x564021dfd2a0 from -key@0x7f5cd0006900 | = prf(, ) prf: begin sha with context 0x564021dfd2a0 from -key@0x7f5cd0006900 | = prf(, ): release clone-key@0x7f5cd0006900 | = prf(, ) PRF sha crypt-prf@0x564021e17610 | = prf(, ) PRF sha update first-packet-bytes@0x564021e17970 (length 440) | c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 ec 25 38 75 f8 d2 7f da 3f 5b 17 e4 | 04 91 89 ac 42 9f 2c 19 6f e5 bd 0a 68 ee 5b 17 | 95 6a a2 70 69 87 af cd e0 44 e0 77 20 14 8f f2 | c7 6d e7 2b 9f b9 3f 82 40 c0 32 2d bd 7e 19 55 | a0 77 c7 ab 4f 8a 2b 4c b1 c7 5f e4 0a 15 f3 75 | b4 8e 64 50 00 f8 12 e2 9b 03 58 12 9d f2 93 53 | be d5 01 97 e3 0e 48 9d 04 78 3b 83 2b b5 b2 9c | 4d d4 93 19 71 79 78 f5 cf 17 1e ed ea 2f d2 fb | 87 7c 32 4f b4 2a 3d bd 7b 64 c5 ab 92 da 26 d5 | f0 59 f2 59 ad 93 b1 1e e6 ee 65 59 25 c3 c5 b1 | 09 36 2b f6 87 ea 3c dd aa 99 d9 3e 73 69 57 6f | e7 b1 be 5e 0e 8c 2e 40 b6 8b 90 fd ab 0b 37 33 | 42 5f 8c 6a fb a7 7e ee 24 ec 5b a8 23 73 f2 46 | 75 30 86 3f f1 01 78 dd d4 85 5d c5 0e 2f 5c fd | 86 9f 4a 6a db 69 0b 8c e3 1a 55 e1 69 8c 04 b6 | ed ed 55 c8 12 5d 01 80 01 df ac dd 0c c9 c9 27 | 8a 33 f5 e8 29 00 00 24 e5 0d 92 73 03 1e d2 74 | 65 0b a1 30 1e fd e5 f0 c9 00 37 76 61 91 30 c0 | cd fe 7d 5d 8f 99 ed d4 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 7d 64 93 f6 90 71 5b 5f | cc ca f4 aa b5 b2 60 45 f3 92 f5 10 00 00 00 1c | 00 00 40 05 70 c7 36 b0 3d b1 89 aa e3 da 3b b2 | dd 2b 17 ef e3 9a f4 ca | = prf(, ) PRF sha update nonce-bytes@0x7f5cbc002af0 (length 32) | d3 6a e3 b0 e8 f6 eb f5 1e fd 29 be 22 19 43 db | e2 8e ca 2e 80 9a af 02 20 9f 4b 5a 32 cf 64 d2 | = prf(, ) PRF sha update hash-bytes@0x7fff864dba30 (length 20) | e6 01 f5 b9 d0 45 13 34 c7 00 72 a8 a9 20 f0 31 | fa 74 06 36 | = prf(, ) PRF sha final-chunk@0x564021e19f00 (length 20) | 23 74 e6 88 45 90 2b 16 28 62 f8 12 6f 92 54 e3 | dc 39 a3 2b | psk_auth: release prf-psk-key@0x7f5cc800a510 | Received PSK auth octets | 23 74 e6 88 45 90 2b 16 28 62 f8 12 6f 92 54 e3 | dc 39 a3 2b | Calculated PSK auth octets | 23 74 e6 88 45 90 2b 16 28 62 f8 12 6f 92 54 e3 | dc 39 a3 2b "aes128" #8: Authenticated using authby=secret | parent state #7: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) | #7 will start re-keying in 2638 seconds with margin of 962 seconds (attempting re-key) | state #7 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x564021e17f40 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f5cc4002b20 | event_schedule: new EVENT_SA_REKEY-pe@0x7f5cc4002b20 | inserting event EVENT_SA_REKEY, timeout in 2638 seconds for #7 | libevent_malloc: new ptr-libevent@0x564021e17f40 size 128 | pstats #7 ikev2.ike established | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | evaluating our conn="aes128" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found an acceptable TSi/TSr Traffic Selector | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | using existing local ESP/AH proposals for aes128 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI 43 3f 6f 0b | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | *****parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=433f6f0b;ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | integ=sha: .key_size=20 encrypt=aes: .key_size=16 .salt_size=0 keymat_len=36 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db7e0 | result: data=Ni-key@0x7f5cd0006900 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x7f5cd0006900 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db7c8 | result: data=Ni-key@0x7f5cc800a510 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x7f5cd0006900 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f5cc800a510 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff864db7d0 | result: data+=Nr-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f5cc800a510 | prf+0 PRF sha init key-key@0x564021e06230 (size 20) | prf+0: key-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6f8 | result: clone-key@0x7f5cc800a510 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x564021dfd2a0 from key-key@0x7f5cc800a510 | prf+0 prf: begin sha with context 0x564021dfd2a0 from key-key@0x7f5cc800a510 | prf+0: release clone-key@0x7f5cc800a510 | prf+0 PRF sha crypt-prf@0x564021e19f20 | prf+0 PRF sha update seed-key@0x7f5cd0006900 (size 64) | prf+0: seed-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f5cd0006900 | nss hmac digest hack: symkey-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-2041728192: 33 fffffffd 7b 23 1c fffffffa ffffffbe ffffff8a ffffffdd ffffffe8 35 36 ffffffa3 ffffff9e ffffffc0 ffffff96 ffffffc1 5c 6d 18 ffffff88 5d fffffffd ffffffe5 ffffff86 ffffff87 ffffffee ffffff84 7c 30 2d 18 59 fffffffa fffffff9 69 ffffff8a 15 40 ffffff8d 24 52 5f 45 ffffffce ffffffa0 23 ffffffb3 5d 17 65 40 ffffff9c ffffff9f 79 76 ffffff8b 3c ffffffe6 6b ffffff8a 31 ffffffe1 37 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 64 bytes at 0x564021e1a190 | unwrapped: d3 6a e3 b0 e8 f6 eb f5 1e fd 29 be 22 19 43 db | unwrapped: e2 8e ca 2e 80 9a af 02 20 9f 4b 5a 32 cf 64 d2 | unwrapped: e5 0d 92 73 03 1e d2 74 65 0b a1 30 1e fd e5 f0 | unwrapped: c9 00 37 76 61 91 30 c0 cd fe 7d 5d 8f 99 ed d4 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db700 | result: final-key@0x7f5cc800eec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cc800eec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6e8 | result: final-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f5cc800eec0 | prf+0 PRF sha final-key@0x7f5cc800a510 (size 20) | prf+0: key-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x7f5cc800a510 | prf+N PRF sha init key-key@0x564021e06230 (size 20) | prf+N: key-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6f8 | result: clone-key@0x7f5cc800eec0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x564021dfd2a0 from key-key@0x7f5cc800eec0 | prf+N prf: begin sha with context 0x564021dfd2a0 from key-key@0x7f5cc800eec0 | prf+N: release clone-key@0x7f5cc800eec0 | prf+N PRF sha crypt-prf@0x564021e17be0 | prf+N PRF sha update old_t-key@0x7f5cc800a510 (size 20) | prf+N: old_t-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f5cc800a510 | nss hmac digest hack: symkey-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-2041728192: ffffff93 23 7f ffffffb0 ffffffef 01 ffffffdf ffffffdd ffffffb4 7f 5e 2d 3e ffffffdb ffffff90 fffffffd fffffff4 02 42 ffffffd8 7c 72 67 3d ffffff8f 13 ffffffc6 ffffffb7 ffffffef ffffffbd 71 ffffffc6 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x564021e17240 | unwrapped: f1 cb 77 b1 12 cc 55 f8 9e 25 41 3e b7 ab f9 d1 | unwrapped: 39 49 3e 5d 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f5cd0006900 (size 64) | prf+N: seed-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f5cd0006900 | nss hmac digest hack: symkey-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-2041728192: 33 fffffffd 7b 23 1c fffffffa ffffffbe ffffff8a ffffffdd ffffffe8 35 36 ffffffa3 ffffff9e ffffffc0 ffffff96 ffffffc1 5c 6d 18 ffffff88 5d fffffffd ffffffe5 ffffff86 ffffff87 ffffffee ffffff84 7c 30 2d 18 59 fffffffa fffffff9 69 ffffff8a 15 40 ffffff8d 24 52 5f 45 ffffffce ffffffa0 23 ffffffb3 5d 17 65 40 ffffff9c ffffff9f 79 76 ffffff8b 3c ffffffe6 6b ffffff8a 31 ffffffe1 37 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 64 bytes at 0x564021e1fbe0 | unwrapped: d3 6a e3 b0 e8 f6 eb f5 1e fd 29 be 22 19 43 db | unwrapped: e2 8e ca 2e 80 9a af 02 20 9f 4b 5a 32 cf 64 d2 | unwrapped: e5 0d 92 73 03 1e d2 74 65 0b a1 30 1e fd e5 f0 | unwrapped: c9 00 37 76 61 91 30 c0 cd fe 7d 5d 8f 99 ed d4 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db700 | result: final-key@0x7f5cc80069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cc80069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6e8 | result: final-key@0x7f5cc800eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f5cc80069f0 | prf+N PRF sha final-key@0x7f5cc800eec0 (size 20) | prf+N: key-key@0x7f5cc800eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff864db778 | result: result-key@0x7f5cc80069f0 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f5cc800a510 | prfplus: release old_t[N]-key@0x7f5cc800a510 | prf+N PRF sha init key-key@0x564021e06230 (size 20) | prf+N: key-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6f8 | result: clone-key@0x7f5cc800a510 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x564021dfd2a0 from key-key@0x7f5cc800a510 | prf+N prf: begin sha with context 0x564021dfd2a0 from key-key@0x7f5cc800a510 | prf+N: release clone-key@0x7f5cc800a510 | prf+N PRF sha crypt-prf@0x564021e17610 | prf+N PRF sha update old_t-key@0x7f5cc800eec0 (size 20) | prf+N: old_t-key@0x7f5cc800eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f5cc800eec0 | nss hmac digest hack: symkey-key@0x7f5cc800eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-2041728192: 56 2e 3f ffffffd8 24 ffffffff ffffffb1 53 ffffffe4 ffffffb0 ffffff92 ffffffed 17 fffffffe 49 4b 26 41 ffffffa2 7e ffffff9c 19 ffffffcf 06 ffffffef 43 46 2a ffffff9d 6f 67 ffffffd5 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x564021e19f40 | unwrapped: 42 9f 3b a6 f8 fd 12 a9 fc 35 97 0e b7 e8 6e 02 | unwrapped: 41 be 10 8a 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f5cd0006900 (size 64) | prf+N: seed-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f5cd0006900 | nss hmac digest hack: symkey-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-2041728192: 33 fffffffd 7b 23 1c fffffffa ffffffbe ffffff8a ffffffdd ffffffe8 35 36 ffffffa3 ffffff9e ffffffc0 ffffff96 ffffffc1 5c 6d 18 ffffff88 5d fffffffd ffffffe5 ffffff86 ffffff87 ffffffee ffffff84 7c 30 2d 18 59 fffffffa fffffff9 69 ffffff8a 15 40 ffffff8d 24 52 5f 45 ffffffce ffffffa0 23 ffffffb3 5d 17 65 40 ffffff9c ffffff9f 79 76 ffffff8b 3c ffffffe6 6b ffffff8a 31 ffffffe1 37 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 64 bytes at 0x564021e1a140 | unwrapped: d3 6a e3 b0 e8 f6 eb f5 1e fd 29 be 22 19 43 db | unwrapped: e2 8e ca 2e 80 9a af 02 20 9f 4b 5a 32 cf 64 d2 | unwrapped: e5 0d 92 73 03 1e d2 74 65 0b a1 30 1e fd e5 f0 | unwrapped: c9 00 37 76 61 91 30 c0 cd fe 7d 5d 8f 99 ed d4 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db700 | result: final-key@0x564021e1e110 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e1e110 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6e8 | result: final-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e1e110 | prf+N PRF sha final-key@0x7f5cc800a510 (size 20) | prf+N: key-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f5cc80069f0 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff864db778 | result: result-key@0x564021e1e110 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f5cc80069f0 | prfplus: release old_t[N]-key@0x7f5cc800eec0 | prf+N PRF sha init key-key@0x564021e06230 (size 20) | prf+N: key-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6f8 | result: clone-key@0x7f5cc800eec0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x564021dfd2a0 from key-key@0x7f5cc800eec0 | prf+N prf: begin sha with context 0x564021dfd2a0 from key-key@0x7f5cc800eec0 | prf+N: release clone-key@0x7f5cc800eec0 | prf+N PRF sha crypt-prf@0x564021e17be0 | prf+N PRF sha update old_t-key@0x7f5cc800a510 (size 20) | prf+N: old_t-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f5cc800a510 | nss hmac digest hack: symkey-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-2041728192: 50 ffffffaa ffffffee ffffffc3 17 ffffffd7 37 ffffff90 3e ffffffe7 ffffffd0 fffffffc ffffffd1 59 ffffffa4 30 ffffffc8 1b ffffffc7 71 fffffff0 74 45 62 ffffffa1 ffffffa5 ffffffbf 51 51 fffffffc 45 7e | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x564021e16b20 | unwrapped: 60 cc 1a 14 85 6a ca a0 0e 54 41 48 79 22 56 ef | unwrapped: de d0 5e 9e 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f5cd0006900 (size 64) | prf+N: seed-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f5cd0006900 | nss hmac digest hack: symkey-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-2041728192: 33 fffffffd 7b 23 1c fffffffa ffffffbe ffffff8a ffffffdd ffffffe8 35 36 ffffffa3 ffffff9e ffffffc0 ffffff96 ffffffc1 5c 6d 18 ffffff88 5d fffffffd ffffffe5 ffffff86 ffffff87 ffffffee ffffff84 7c 30 2d 18 59 fffffffa fffffff9 69 ffffff8a 15 40 ffffff8d 24 52 5f 45 ffffffce ffffffa0 23 ffffffb3 5d 17 65 40 ffffff9c ffffff9f 79 76 ffffff8b 3c ffffffe6 6b ffffff8a 31 ffffffe1 37 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 64 bytes at 0x564021e15300 | unwrapped: d3 6a e3 b0 e8 f6 eb f5 1e fd 29 be 22 19 43 db | unwrapped: e2 8e ca 2e 80 9a af 02 20 9f 4b 5a 32 cf 64 d2 | unwrapped: e5 0d 92 73 03 1e d2 74 65 0b a1 30 1e fd e5 f0 | unwrapped: c9 00 37 76 61 91 30 c0 cd fe 7d 5d 8f 99 ed d4 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db700 | result: final-key@0x7f5cc80069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cc80069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6e8 | result: final-key@0x7f5cc800eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f5cc80069f0 | prf+N PRF sha final-key@0x7f5cc800eec0 (size 20) | prf+N: key-key@0x7f5cc800eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e1e110 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff864db778 | result: result-key@0x7f5cc80069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021e1e110 | prfplus: release old_t[N]-key@0x7f5cc800a510 | prfplus: release old_t[final]-key@0x7f5cc800eec0 | child_sa_keymat: release data-key@0x7f5cd0006900 | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x7f5cc80069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db858 | result: result-key@0x7f5cd0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 36 bytes of key@0x7f5cd0006900 | initiator to responder keys: symkey-key@0x7f5cd0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x564021dfdd40 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1717986918: ffffff93 23 7f ffffffb0 ffffffef 01 ffffffdf ffffffdd ffffffb4 7f 5e 2d 3e ffffffdb ffffff90 fffffffd 54 ffffffef 6d 44 78 32 57 ffffffef 40 ffffff8b 5f 2e ffffff9c 3d fffffff8 ffffff81 ffffffe8 ffffffc7 36 ffffff84 ffffffb2 ffffffb2 fffffff0 ffffffad ffffffbb 55 22 ffffffd9 54 65 ffffff9b ffffffe4 | initiator to responder keys: release slot-key-key@0x564021dfdd40 | initiator to responder keys extracted len 48 bytes at 0x564021e15350 | unwrapped: f1 cb 77 b1 12 cc 55 f8 9e 25 41 3e b7 ab f9 d1 | unwrapped: 39 49 3e 5d 42 9f 3b a6 f8 fd 12 a9 fc 35 97 0e | unwrapped: b7 e8 6e 02 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x7f5cd0006900 | key-offset: 36, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x7f5cc80069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db858 | result: result-key@0x7f5cd0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 36 bytes of key@0x7f5cd0006900 | responder to initiator keys:: symkey-key@0x7f5cd0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x564021dfdd40 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1717986918: ffffffe4 7c 2d ffffffc0 5a 12 ffffff9a ffffffb9 ffffffc2 54 4b 3d 7a 77 ffffffa4 ffffffcf ffffffe9 fffffff1 ffffff9f fffffff7 4d 29 ffffff90 16 6e 6b ffffff90 02 ffffffe9 ffffff86 fffffff7 52 52 ffffffaf 6e 67 10 41 ffffffc4 15 26 44 79 2d ffffffb2 ffffffc9 62 4a | responder to initiator keys:: release slot-key-key@0x564021dfdd40 | responder to initiator keys: extracted len 48 bytes at 0x564021e1b3c0 | unwrapped: 41 be 10 8a 60 cc 1a 14 85 6a ca a0 0e 54 41 48 | unwrapped: 79 22 56 ef de d0 5e 9e 86 02 03 9c 34 64 46 1f | unwrapped: 6f d9 a1 df 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x7f5cd0006900 | ikev2_derive_child_keys: release keymat-key@0x7f5cc80069f0 | #7 spent 2.13 milliseconds | install_ipsec_sa() for #8: inbound and outbound | could_route called for aes128 (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn aes128 mark 0/00000000, 0/00000000 vs | conn aes128 mark 0/00000000, 0/00000000 | route owner of "aes128" unrouted: NULL; eroute owner: NULL | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'aes128' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.433f6f0b@192.1.2.23 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'aes128' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.8392167c@192.1.2.45 included non-error error | priority calculation of connection "aes128" is 0xfe7e7 | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #8: unrouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn aes128 mark 0/00000000, 0/00000000 vs | conn aes128 mark 0/00000000, 0/00000000 | route owner of "aes128" unrouted: NULL; eroute owner: NULL | route_and_eroute with c: aes128 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #8 | priority calculation of connection "aes128" is 0xfe7e7 | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x433f6f0b SPI_OUT= | popen cmd is 1025 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west: | cmd( 160):' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+U: | cmd( 640):P+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' : | cmd( 720):PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_D: | cmd( 800):NS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' P: | cmd( 880):LUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SH: | cmd( 960):ARED='no' SPI_IN=0x433f6f0b SPI_OUT=0x8392167c ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | running updown command "ipsec _updown" for verb prepare | command executing prepare-client | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x433f6f0 | popen cmd is 1030 chars long | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_: | cmd( 80):INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID=': | cmd( 160):@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_C: | cmd( 240):LIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQI: | cmd( 320):D='16400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUT: | cmd( 400):O_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT: | cmd( 480):_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=: | cmd( 560):'' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+: | cmd( 640):PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMAN: | cmd( 720):ENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_P: | cmd( 800):EER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER=: | cmd( 880):'0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' V: | cmd( 960):TI_SHARED='no' SPI_IN=0x433f6f0b SPI_OUT=0x8392167c ipsec _updown 2>&1: | running updown command "ipsec _updown" for verb route | command executing route-client | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x433f6f0b SP | popen cmd is 1028 chars long | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_IN: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@w: | cmd( 160):est' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLI: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: | cmd( 320):'16400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_: | cmd( 400):PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_M: | cmd( 480):ASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='': | cmd( 560): PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PF: | cmd( 640):S+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANEN: | cmd( 720):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: | cmd( 800):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: | cmd( 880):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: | cmd( 960):_SHARED='no' SPI_IN=0x433f6f0b SPI_OUT=0x8392167c ipsec _updown 2>&1: | route_and_eroute: instance "aes128", setting eroute_owner {spd=0x564021e15b10,sr=0x564021e15b10} to #8 (was #0) (newest_ipsec_sa=#0) | #7 spent 0.861 milliseconds in install_ipsec_sa() | inR2: instance aes128[0], setting IKEv2 newest_ipsec_sa to #8 (was #0) (spd.eroute=#8) cloned from #7 | state #8 requesting EVENT_RETRANSMIT to be deleted | #8 STATE_PARENT_I2: retransmits: cleared | libevent_free: release ptr-libevent@0x7f5cbc006900 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f5cbc002b20 | #8 spent 2.69 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() | [RE]START processing: state #8 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #8 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I | child state #8: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) | Message ID: updating counters for #8 to 1 after switching state | Message ID: recv #7.#8 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 | Message ID: #7.#8 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 | pstats #8 ikev2.child established "aes128" #8: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] | NAT-T: encaps is 'auto' "aes128" #8: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x433f6f0b <0x8392167c xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | releasing whack for #8 (sock=fd@25) | close_any(fd@25) (in release_whack() at state.c:654) | releasing whack and unpending for parent #7 | unpending state #7 connection "aes128" | delete from pending Child SA with 192.1.2.23 "aes128" | removing pending policy for no connection {0x564021e1e1d0} | close_any(fd@24) (in release_whack() at state.c:654) | #8 will start re-keying in 27829 seconds with margin of 971 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x7f5cbc002b20 | inserting event EVENT_SA_REKEY, timeout in 27829 seconds for #8 | libevent_malloc: new ptr-libevent@0x7f5cbc006900 size 128 | stop processing: state #8 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #7 spent 3.13 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 3.14 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00442 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00269 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00264 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | get_sa_info esp.8392167c@192.1.2.45 | get_sa_info esp.433f6f0b@192.1.2.23 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.072 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | FOR_EACH_STATE_... in shared_phase1_connection | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #8 | suspend processing: connection "aes128" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #8 connection "aes128" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #8 ikev2.child deleted completed | #8 spent 2.69 milliseconds in total | [RE]START processing: state #8 connection "aes128" from 192.1.2.23:500 (in delete_state() at state.c:879) "aes128" #8: deleting state (STATE_V2_IPSEC_I) aged 0.253s and sending notification | child state #8: V2_IPSEC_I(established CHILD SA) => delete | get_sa_info esp.433f6f0b@192.1.2.23 | get_sa_info esp.8392167c@192.1.2.45 "aes128" #8: ESP traffic information: in=84B out=84B | #8 send IKEv2 delete notification for STATE_V2_IPSEC_I | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | c4 6c 37 92 fa 84 6c d3 | responder cookie: | 0e 4d 17 a5 79 8d d7 c5 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting 4 raw bytes of local spis into IKEv2 Delete Payload | local spis 83 92 16 7c | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | bd 8f 6b c6 dd 6e 67 7b 4d 05 f8 81 64 c4 74 41 | data before encryption: | 00 00 00 0c 03 04 00 01 83 92 16 7c 00 01 02 03 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | a9 66 36 ec e0 1f 08 9e 2a 97 7f ba ea c1 26 bb | hmac PRF sha init symkey-key@0x564021e01140 (size 20) | hmac: symkey-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864d8698 | result: clone-key@0x7f5cc80069f0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564021dfd2a0 from symkey-key@0x7f5cc80069f0 | hmac prf: begin sha with context 0x564021dfd2a0 from symkey-key@0x7f5cc80069f0 | hmac: release clone-key@0x7f5cc80069f0 | hmac PRF sha crypt-prf@0x564021e16ce0 | hmac PRF sha update data-bytes@0x7fff864d8a70 (length 64) | c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | bd 8f 6b c6 dd 6e 67 7b 4d 05 f8 81 64 c4 74 41 | a9 66 36 ec e0 1f 08 9e 2a 97 7f ba ea c1 26 bb | hmac PRF sha final-bytes@0x7fff864d8ab0 (length 20) | 4d 74 62 fc 8d 6d 66 bd 23 3a 0d f5 16 c6 c2 a0 | d8 ef 64 75 | data being hmac: c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | data being hmac: 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | data being hmac: bd 8f 6b c6 dd 6e 67 7b 4d 05 f8 81 64 c4 74 41 | data being hmac: a9 66 36 ec e0 1f 08 9e 2a 97 7f ba ea c1 26 bb | out calculated auth: | 4d 74 62 fc 8d 6d 66 bd 23 3a 0d f5 | sending 76 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #8) | c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | bd 8f 6b c6 dd 6e 67 7b 4d 05 f8 81 64 c4 74 41 | a9 66 36 ec e0 1f 08 9e 2a 97 7f ba ea c1 26 bb | 4d 74 62 fc 8d 6d 66 bd 23 3a 0d f5 | Message ID: IKE #7 sender #8 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 | Message ID: IKE #7 sender #8 in send_delete hacking around record ' send | Message ID: sent #7 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->2 wip.responder=-1 | state #8 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7f5cbc006900 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f5cbc002b20 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050308' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x433f6f0 | popen cmd is 1033 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INT: | cmd( 80):ERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@we: | cmd( 160):st' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIE: | cmd( 240):NT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=': | cmd( 320):16400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_P: | cmd( 400):EER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MA: | cmd( 480):SK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' : | cmd( 560):PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050308' PLUTO_CONN_POLICY='PSK+ENCRYPT+T: | cmd( 640):UNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PER: | cmd( 720):MANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUT: | cmd( 800):O_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERV: | cmd( 880):ER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no: | cmd( 960):' VTI_SHARED='no' SPI_IN=0x433f6f0b SPI_OUT=0x8392167c ipsec _updown 2>&1: | shunt_eroute() called for connection 'aes128' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 | priority calculation of connection "aes128" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.433f6f0b@192.1.2.23 | netlink response for Del SA esp.433f6f0b@192.1.2.23 included non-error error | priority calculation of connection "aes128" is 0xfe7e7 | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | delete esp.8392167c@192.1.2.45 | netlink response for Del SA esp.8392167c@192.1.2.45 included non-error error | stop processing: connection "aes128" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #8 in V2_IPSEC_I | child state #8: V2_IPSEC_I(established CHILD SA) => UNDEFINED(ignore) | stop processing: state #8 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x564021e06230 | delete_state: release st->st_skey_ai_nss-key@0x564021e01140 | delete_state: release st->st_skey_ar_nss-key@0x564021df9ff0 | delete_state: release st->st_skey_ei_nss-key@0x564021dfb870 | delete_state: release st->st_skey_er_nss-key@0x564021e07b90 | delete_state: release st->st_skey_pi_nss-key@0x7f5cc800d640 | delete_state: release st->st_skey_pr_nss-key@0x564021e04570 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #7 | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #7 | start processing: state #7 connection "aes128" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #7 ikev2.ike deleted completed | #7 spent 9.39 milliseconds in total | [RE]START processing: state #7 connection "aes128" from 192.1.2.23:500 (in delete_state() at state.c:879) "aes128" #7: deleting state (STATE_PARENT_I3) aged 0.279s and sending notification | parent state #7: PARENT_I3(established IKE SA) => delete | #7 send IKEv2 delete notification for STATE_PARENT_I3 | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | c4 6c 37 92 fa 84 6c d3 | responder cookie: | 0e 4d 17 a5 79 8d d7 c5 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting length of IKEv2 Delete Payload: 8 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 75 a3 89 7f c6 c0 4e 92 a1 34 18 f3 f0 9d 84 1a | data before encryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 74 30 3d ed 8a 36 00 92 8c 5e c1 03 2e 76 e5 47 | hmac PRF sha init symkey-key@0x564021e01140 (size 20) | hmac: symkey-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864d8698 | result: clone-key@0x7f5cc80069f0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564021dfd2a0 from symkey-key@0x7f5cc80069f0 | hmac prf: begin sha with context 0x564021dfd2a0 from symkey-key@0x7f5cc80069f0 | hmac: release clone-key@0x7f5cc80069f0 | hmac PRF sha crypt-prf@0x564021e19f00 | hmac PRF sha update data-bytes@0x7fff864d8a70 (length 64) | c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | 75 a3 89 7f c6 c0 4e 92 a1 34 18 f3 f0 9d 84 1a | 74 30 3d ed 8a 36 00 92 8c 5e c1 03 2e 76 e5 47 | hmac PRF sha final-bytes@0x7fff864d8ab0 (length 20) | 94 74 8e e4 5c 90 dd 3c 7a 07 72 f5 6f d7 a7 d1 | 7a 7e 08 e6 | data being hmac: c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | data being hmac: 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | data being hmac: 75 a3 89 7f c6 c0 4e 92 a1 34 18 f3 f0 9d 84 1a | data being hmac: 74 30 3d ed 8a 36 00 92 8c 5e c1 03 2e 76 e5 47 | out calculated auth: | 94 74 8e e4 5c 90 dd 3c 7a 07 72 f5 | sending 76 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #7) | c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | 75 a3 89 7f c6 c0 4e 92 a1 34 18 f3 f0 9d 84 1a | 74 30 3d ed 8a 36 00 92 8c 5e c1 03 2e 76 e5 47 | 94 74 8e e4 5c 90 dd 3c 7a 07 72 f5 | Message ID: IKE #7 sender #7 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 | Message ID: IKE #7 sender #7 in send_delete hacking around record ' send | Message ID: #7 XXX: expecting sender.wip.initiator 2 == -1 - suspect record'n'send out-of-order?); initiator.sent=3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=3 wip.responder=-1 | Message ID: sent #7 request 3; ike: initiator.sent=2->3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=2->3 wip.responder=-1 | state #7 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x564021e17f40 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f5cc4002b20 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #7 in PARENT_I3 | parent state #7: PARENT_I3(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f5cbc000d60: destroyed | stop processing: state #7 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x564021e19e70 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x564021e06230 | delete_state: release st->st_skey_ai_nss-key@0x564021e01140 | delete_state: release st->st_skey_ar_nss-key@0x564021df9ff0 | delete_state: release st->st_skey_ei_nss-key@0x564021dfb870 | delete_state: release st->st_skey_er_nss-key@0x564021e07b90 | delete_state: release st->st_skey_pi_nss-key@0x7f5cc800d640 | delete_state: release st->st_skey_pr_nss-key@0x564021e04570 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.32 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00414 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00328 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | 4f 84 ec e7 25 43 f0 6a a0 97 0c c9 5a 7a c4 31 | 94 5b 2e 24 d5 12 58 4a c4 b5 6c 4e 26 08 f6 0a | 5a 04 c8 3d 34 77 f3 f4 19 96 79 03 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | c4 6c 37 92 fa 84 6c d3 | responder cookie: | 0e 4d 17 a5 79 8d d7 c5 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0669 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00253 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | c4 6c 37 92 fa 84 6c d3 0e 4d 17 a5 79 8d d7 c5 | 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | 6e 1e 0b 59 e1 75 d6 2b 91 87 c3 9a d6 0c 0e 3b | 81 2a da e7 67 1b 66 bf d9 d6 20 98 86 28 3f c2 | 2b d2 40 1e 9f e2 13 a9 fa 14 9d b7 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | c4 6c 37 92 fa 84 6c d3 | responder cookie: | 0e 4d 17 a5 79 8d d7 c5 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0652 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | stop processing: connection "aes128" (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | shunt_eroute() called for connection 'aes128' to 'delete' for rt_kind 'unrouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 | priority calculation of connection "aes128" is 0xfe7e7 | priority calculation of connection "aes128" is 0xfe7e7 | FOR_EACH_CONNECTION_... in route_owner | conn aes128 mark 0/00000000, 0/00000000 vs | conn aes128 mark 0/00000000, 0/00000000 | route owner of "aes128" unrouted: NULL | running updown command "ipsec _updown" for verb unroute | command executing unroute-client | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16400' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT | popen cmd is 1014 chars long | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_: | cmd( 80):INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID=': | cmd( 160):@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_C: | cmd( 240):LIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQI: | cmd( 320):D='16400' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLU: | cmd( 400):TO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIEN: | cmd( 480):T_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA: | cmd( 560):='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL: | cmd( 640):+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANEN: | cmd( 720):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: | cmd( 800):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: | cmd( 880):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: | cmd( 960):_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. | free hp@0x564021e16c10 | flush revival: connection 'aes128' wasn't on the list | stop processing: connection "aes128" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.449 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00527 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing suppress-retransmits + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | ike-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0608 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + suppress-retransmits | base impairing = suppress-retransmits | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0764 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing suppress-retransmits + none | base impairing = suppress-retransmits | child-key-length-attribute:DUPLICATE | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0474 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection aes128 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x564021e17b30 added connection description "aes128" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.133 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #9 at 0x564021e16060 | State DB: adding IKEv2 state #9 in UNDEFINED | pstats #9 ikev2.ike started | Message ID: init #9: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #9: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #9; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #9 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #9 "aes128" "aes128" #9: initiating v2 parent SA | constructing local IKE proposals for aes128 (IKE SA initiator selecting KE) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "aes128": constructed local IKE proposals for aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 9 for state #9 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564021e153b0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #9 | libevent_malloc: new ptr-libevent@0x7f5cbc006900 size 128 | #9 spent 0.121 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #9 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.183 milliseconds in whack | crypto helper 3 resuming | crypto helper 3 starting work-order 9 for state #9 | crypto helper 3 doing build KE and nonce (ikev2_outI1 KE); request ID 9 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f5cc8002010: created | NSS: Local DH MODP2048 secret (pointer): 0x7f5cc8002010 | NSS: Public DH wire value: | e2 16 37 a1 9c 50 93 9a f8 35 38 f0 8a 8e b5 e6 | e2 f5 2f 76 0a 60 7d 7c 7d db 09 c0 62 dd fe a0 | c0 75 84 ba 05 1d eb 95 5b 65 9c e8 4e 0d b3 e0 | 32 60 ba 14 23 9a 7a 54 26 fc 1b 9d f7 7a b5 0c | d9 47 6a 65 64 18 9d 9f 37 3f 0a 52 51 33 3d 69 | b2 32 46 f8 cf bd 89 b9 e8 cd 9b 5c 49 7e d3 8a | d7 b8 24 63 30 1b 59 ef 54 d5 75 2e 75 cd b9 c5 | 2a 80 75 15 06 9f 61 5c 7b 93 e7 47 34 19 f2 4d | b8 23 a8 f0 44 ad b5 21 af 27 22 f1 27 49 f2 a4 | e6 0b 26 b7 1b e6 41 95 31 e0 f9 3e 23 f4 6c 0d | 4b 00 dc 89 8e 39 b2 f0 af 4a d2 a9 8e 22 69 1d | 22 6b 4d 1a 40 dc 4a 28 b6 2a f1 fb e9 83 fe 1d | 72 4d 66 48 40 dc b0 af 08 b5 1c df d3 c5 6a ec | d0 be 94 c3 4a 9e f9 88 e2 66 a4 30 76 e6 13 91 | 1f 44 7f fc d9 e2 07 9a 9e 28 4d 33 1a 55 e5 98 | 61 8e 5e ef 46 5c 3e 65 63 19 4a a4 2c 08 1a 63 | Generated nonce: 70 d6 aa 5c 81 5d a9 b0 1c 5f 80 0c a0 b9 20 86 | Generated nonce: f8 1a bc 3c 1a ba 84 24 9b ab 67 e2 a2 34 4a 53 | crypto helper 3 finished build KE and nonce (ikev2_outI1 KE); request ID 9 time elapsed 0.000993 seconds | (#9) spent 0.994 milliseconds in crypto helper computing work-order 9: ikev2_outI1 KE (pcr) | crypto helper 3 sending results from work-order 9 for state #9 to event queue | scheduling resume sending helper answer for #9 | libevent_malloc: new ptr-libevent@0x7f5cc8011520 size 128 | crypto helper 3 waiting (nothing to do) | processing resume sending helper answer for #9 | start processing: state #9 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 9 | calling continuation function 0x564020443630 | ikev2_parent_outI1_continue for #9 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f5cc8002010: transferring ownership from helper KE to state #9 | **emit ISAKMP Message: | initiator cookie: | 65 12 22 b9 cd 6a 2c 4d | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x e2 16 37 a1 9c 50 93 9a f8 35 38 f0 8a 8e b5 e6 | ikev2 g^x e2 f5 2f 76 0a 60 7d 7c 7d db 09 c0 62 dd fe a0 | ikev2 g^x c0 75 84 ba 05 1d eb 95 5b 65 9c e8 4e 0d b3 e0 | ikev2 g^x 32 60 ba 14 23 9a 7a 54 26 fc 1b 9d f7 7a b5 0c | ikev2 g^x d9 47 6a 65 64 18 9d 9f 37 3f 0a 52 51 33 3d 69 | ikev2 g^x b2 32 46 f8 cf bd 89 b9 e8 cd 9b 5c 49 7e d3 8a | ikev2 g^x d7 b8 24 63 30 1b 59 ef 54 d5 75 2e 75 cd b9 c5 | ikev2 g^x 2a 80 75 15 06 9f 61 5c 7b 93 e7 47 34 19 f2 4d | ikev2 g^x b8 23 a8 f0 44 ad b5 21 af 27 22 f1 27 49 f2 a4 | ikev2 g^x e6 0b 26 b7 1b e6 41 95 31 e0 f9 3e 23 f4 6c 0d | ikev2 g^x 4b 00 dc 89 8e 39 b2 f0 af 4a d2 a9 8e 22 69 1d | ikev2 g^x 22 6b 4d 1a 40 dc 4a 28 b6 2a f1 fb e9 83 fe 1d | ikev2 g^x 72 4d 66 48 40 dc b0 af 08 b5 1c df d3 c5 6a ec | ikev2 g^x d0 be 94 c3 4a 9e f9 88 e2 66 a4 30 76 e6 13 91 | ikev2 g^x 1f 44 7f fc d9 e2 07 9a 9e 28 4d 33 1a 55 e5 98 | ikev2 g^x 61 8e 5e ef 46 5c 3e 65 63 19 4a a4 2c 08 1a 63 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 70 d6 aa 5c 81 5d a9 b0 1c 5f 80 0c a0 b9 20 86 | IKEv2 nonce f8 1a bc 3c 1a ba 84 24 9b ab 67 e2 a2 34 4a 53 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864dbf00 (length 8) | 65 12 22 b9 cd 6a 2c 4d | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864dbf08 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff864dbe34 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff864dbe26 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864dbeb0 (length 20) | d7 cb cb 44 18 a8 1f c2 ac fd c9 a4 8e e2 8f 12 | f8 98 c5 12 | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= 65 12 22 b9 cd 6a 2c 4d | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= d7 cb cb 44 18 a8 1f c2 ac fd c9 a4 8e e2 8f 12 | natd_hash: hash= f8 98 c5 12 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data d7 cb cb 44 18 a8 1f c2 ac fd c9 a4 8e e2 8f 12 | Notify data f8 98 c5 12 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864dbf00 (length 8) | 65 12 22 b9 cd 6a 2c 4d | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864dbf08 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff864dbe34 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff864dbe26 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864dbeb0 (length 20) | c9 6c 1b 03 7e 87 74 e7 f7 96 19 2c ee 9d 7b 99 | 79 54 58 be | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= 65 12 22 b9 cd 6a 2c 4d | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= c9 6c 1b 03 7e 87 74 e7 f7 96 19 2c ee 9d 7b 99 | natd_hash: hash= 79 54 58 be | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data c9 6c 1b 03 7e 87 74 e7 f7 96 19 2c ee 9d 7b 99 | Notify data 79 54 58 be | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #9 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #9 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #9 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #9: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #9 to 4294967295 after switching state | Message ID: IKE #9 skipping update_recv as MD is fake | Message ID: sent #9 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #9: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #9) | 65 12 22 b9 cd 6a 2c 4d 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 e2 16 37 a1 9c 50 93 9a f8 35 38 f0 | 8a 8e b5 e6 e2 f5 2f 76 0a 60 7d 7c 7d db 09 c0 | 62 dd fe a0 c0 75 84 ba 05 1d eb 95 5b 65 9c e8 | 4e 0d b3 e0 32 60 ba 14 23 9a 7a 54 26 fc 1b 9d | f7 7a b5 0c d9 47 6a 65 64 18 9d 9f 37 3f 0a 52 | 51 33 3d 69 b2 32 46 f8 cf bd 89 b9 e8 cd 9b 5c | 49 7e d3 8a d7 b8 24 63 30 1b 59 ef 54 d5 75 2e | 75 cd b9 c5 2a 80 75 15 06 9f 61 5c 7b 93 e7 47 | 34 19 f2 4d b8 23 a8 f0 44 ad b5 21 af 27 22 f1 | 27 49 f2 a4 e6 0b 26 b7 1b e6 41 95 31 e0 f9 3e | 23 f4 6c 0d 4b 00 dc 89 8e 39 b2 f0 af 4a d2 a9 | 8e 22 69 1d 22 6b 4d 1a 40 dc 4a 28 b6 2a f1 fb | e9 83 fe 1d 72 4d 66 48 40 dc b0 af 08 b5 1c df | d3 c5 6a ec d0 be 94 c3 4a 9e f9 88 e2 66 a4 30 | 76 e6 13 91 1f 44 7f fc d9 e2 07 9a 9e 28 4d 33 | 1a 55 e5 98 61 8e 5e ef 46 5c 3e 65 63 19 4a a4 | 2c 08 1a 63 29 00 00 24 70 d6 aa 5c 81 5d a9 b0 | 1c 5f 80 0c a0 b9 20 86 f8 1a bc 3c 1a ba 84 24 | 9b ab 67 e2 a2 34 4a 53 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 d7 cb cb 44 18 a8 1f c2 | ac fd c9 a4 8e e2 8f 12 f8 98 c5 12 00 00 00 1c | 00 00 40 05 c9 6c 1b 03 7e 87 74 e7 f7 96 19 2c | ee 9d 7b 99 79 54 58 be | state #9 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f5cbc006900 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564021e153b0 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "aes128" #9: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x564021e153b0 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #9 | libevent_malloc: new ptr-libevent@0x7f5cbc006900 size 128 | #9 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48955.53838 | resume sending helper answer for #9 suppresed complete_v2_state_transition() and stole MD | #9 spent 0.509 milliseconds in resume sending helper answer | stop processing: state #9 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5cc8011520 | spent 0.00266 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 f5 5b 6c 89 fc 3a 2b 29 4f b3 64 aa | 61 48 91 ef 69 2d 57 cc f2 19 d1 2d 8a cd c7 16 | e0 26 a9 03 22 b3 f5 c6 5e 9d 56 d6 d0 a4 27 55 | 50 d8 96 45 f1 42 d5 fe 10 a1 cd 5d 81 ee ad 80 | 01 90 47 68 1d 8a aa af 80 f8 c3 31 0b 8b 0a 0a | cf 47 78 45 b3 20 f5 d1 42 1e ff d1 a1 08 7b 49 | fa 0d bf 35 a4 fb 30 be 41 bf d0 d5 0f 7d 9c d4 | 6d c3 59 ff 6d f6 b7 bb 7e 47 7e 0c ff 60 67 60 | 2a 09 01 21 df 41 76 e9 13 83 31 82 ae 8c ad 20 | 13 3d aa 18 1b fd 9a ce f0 f9 3c 36 8e 3a 25 38 | aa da 30 9f ce 49 b9 1c 11 52 6c f8 b8 15 35 f0 | 9f 71 4b 0c 7b 06 68 cf 83 a8 81 47 90 82 2f 38 | 20 fe 49 66 7c 40 f3 55 66 aa 9d a2 4d 9f 80 dc | 9e 06 5b a0 01 66 64 d5 b3 1b 5d 43 60 49 73 1d | 0a 5b 36 89 70 4b 68 49 72 9d 13 78 d9 d7 8f 12 | 49 f5 e1 fd 8a 9e 17 fc 4b 5f e7 37 36 db f6 7a | 1f e6 b0 83 29 00 00 24 7f 9a 44 bf d6 07 9e 5a | 97 6a 89 84 84 1d 0b 69 54 64 68 25 54 5f 5b f1 | d9 2a 7d 82 a8 df dd 15 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 f3 a7 da b5 2f 0e 0e 77 | 89 b4 bc 13 75 b4 7e 6d bc 95 bc 1e 00 00 00 1c | 00 00 40 05 28 f3 3a e4 a7 27 99 d1 02 6a 6e a0 | f3 4c 7a a0 1d c5 98 7f | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 65 12 22 b9 cd 6a 2c 4d | responder cookie: | f2 c8 2c 02 54 24 8b 03 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #9 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #9 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #9 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #9 is idle | #9 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | State DB: re-hashing IKEv2 state #9 IKE SPIi and SPI[ir] | #9 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | DH public value received: | f5 5b 6c 89 fc 3a 2b 29 4f b3 64 aa 61 48 91 ef | 69 2d 57 cc f2 19 d1 2d 8a cd c7 16 e0 26 a9 03 | 22 b3 f5 c6 5e 9d 56 d6 d0 a4 27 55 50 d8 96 45 | f1 42 d5 fe 10 a1 cd 5d 81 ee ad 80 01 90 47 68 | 1d 8a aa af 80 f8 c3 31 0b 8b 0a 0a cf 47 78 45 | b3 20 f5 d1 42 1e ff d1 a1 08 7b 49 fa 0d bf 35 | a4 fb 30 be 41 bf d0 d5 0f 7d 9c d4 6d c3 59 ff | 6d f6 b7 bb 7e 47 7e 0c ff 60 67 60 2a 09 01 21 | df 41 76 e9 13 83 31 82 ae 8c ad 20 13 3d aa 18 | 1b fd 9a ce f0 f9 3c 36 8e 3a 25 38 aa da 30 9f | ce 49 b9 1c 11 52 6c f8 b8 15 35 f0 9f 71 4b 0c | 7b 06 68 cf 83 a8 81 47 90 82 2f 38 20 fe 49 66 | 7c 40 f3 55 66 aa 9d a2 4d 9f 80 dc 9e 06 5b a0 | 01 66 64 d5 b3 1b 5d 43 60 49 73 1d 0a 5b 36 89 | 70 4b 68 49 72 9d 13 78 d9 d7 8f 12 49 f5 e1 fd | 8a 9e 17 fc 4b 5f e7 37 36 db f6 7a 1f e6 b0 83 | using existing local IKE proposals for connection aes128 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE initiator (accepting) 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864db9c0 (length 8) | 65 12 22 b9 cd 6a 2c 4d | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864db9c8 (length 8) | f2 c8 2c 02 54 24 8b 03 | NATD hash sha digest IP addr-bytes@0x7fff864db954 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff864db946 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864db9d0 (length 20) | 28 f3 3a e4 a7 27 99 d1 02 6a 6e a0 f3 4c 7a a0 | 1d c5 98 7f | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= 65 12 22 b9 cd 6a 2c 4d | natd_hash: rcookie= f2 c8 2c 02 54 24 8b 03 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 28 f3 3a e4 a7 27 99 d1 02 6a 6e a0 f3 4c 7a a0 | natd_hash: hash= 1d c5 98 7f | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864db9c0 (length 8) | 65 12 22 b9 cd 6a 2c 4d | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864db9c8 (length 8) | f2 c8 2c 02 54 24 8b 03 | NATD hash sha digest IP addr-bytes@0x7fff864db954 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff864db946 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864db9f0 (length 20) | f3 a7 da b5 2f 0e 0e 77 89 b4 bc 13 75 b4 7e 6d | bc 95 bc 1e | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= 65 12 22 b9 cd 6a 2c 4d | natd_hash: rcookie= f2 c8 2c 02 54 24 8b 03 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= f3 a7 da b5 2f 0e 0e 77 89 b4 bc 13 75 b4 7e 6d | natd_hash: hash= bc 95 bc 1e | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f5cc8002010: transferring ownership from state #9 to helper IKEv2 DH | adding ikev2_inR1outI2 KE work-order 10 for state #9 | state #9 requesting EVENT_RETRANSMIT to be deleted | #9 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x7f5cbc006900 | free_event_entry: release EVENT_RETRANSMIT-pe@0x564021e153b0 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564021e153b0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #9 | libevent_malloc: new ptr-libevent@0x7f5cc8011520 size 128 | #9 spent 0.273 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | [RE]START processing: state #9 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #9 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #9 and saving MD | #9 is busy; has a suspended MD | [RE]START processing: state #9 connection "aes128" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) | "aes128" #9 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #9 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #9 spent 0.503 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.514 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 4 resuming | crypto helper 4 starting work-order 10 for state #9 | crypto helper 4 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 10 | peer's g: f5 5b 6c 89 fc 3a 2b 29 4f b3 64 aa 61 48 91 ef | peer's g: 69 2d 57 cc f2 19 d1 2d 8a cd c7 16 e0 26 a9 03 | peer's g: 22 b3 f5 c6 5e 9d 56 d6 d0 a4 27 55 50 d8 96 45 | peer's g: f1 42 d5 fe 10 a1 cd 5d 81 ee ad 80 01 90 47 68 | peer's g: 1d 8a aa af 80 f8 c3 31 0b 8b 0a 0a cf 47 78 45 | peer's g: b3 20 f5 d1 42 1e ff d1 a1 08 7b 49 fa 0d bf 35 | peer's g: a4 fb 30 be 41 bf d0 d5 0f 7d 9c d4 6d c3 59 ff | peer's g: 6d f6 b7 bb 7e 47 7e 0c ff 60 67 60 2a 09 01 21 | peer's g: df 41 76 e9 13 83 31 82 ae 8c ad 20 13 3d aa 18 | peer's g: 1b fd 9a ce f0 f9 3c 36 8e 3a 25 38 aa da 30 9f | peer's g: ce 49 b9 1c 11 52 6c f8 b8 15 35 f0 9f 71 4b 0c | peer's g: 7b 06 68 cf 83 a8 81 47 90 82 2f 38 20 fe 49 66 | peer's g: 7c 40 f3 55 66 aa 9d a2 4d 9f 80 dc 9e 06 5b a0 | peer's g: 01 66 64 d5 b3 1b 5d 43 60 49 73 1d 0a 5b 36 89 | peer's g: 70 4b 68 49 72 9d 13 78 d9 d7 8f 12 49 f5 e1 fd | peer's g: 8a 9e 17 fc 4b 5f e7 37 36 db f6 7a 1f e6 b0 83 | Started DH shared-secret computation in NSS: | new : g_ir-key@0x564021e04570 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f5cc8002010: computed shared DH secret key@0x564021e04570 | dh-shared : g^ir-key@0x564021e04570 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f5ccc0039a0 (length 64) | 70 d6 aa 5c 81 5d a9 b0 1c 5f 80 0c a0 b9 20 86 | f8 1a bc 3c 1a ba 84 24 9b ab 67 e2 a2 34 4a 53 | 7f 9a 44 bf d6 07 9e 5a 97 6a 89 84 84 1d 0b 69 | 54 64 68 25 54 5f 5b f1 d9 2a 7d 82 a8 df dd 15 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd60e4670 | result: Ni | Nr-key@0x564021e07b90 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x564021e07b90 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd60e4658 | result: Ni | Nr-key@0x7f5cc800d640 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x564021e07b90 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f5ccc003aa0 from Ni | Nr-key@0x7f5cc800d640 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f5ccc003aa0 from Ni | Nr-key@0x7f5cc800d640 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x7f5cc800d640 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f5ccc000d60 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x564021e04570 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x564021e04570 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x564021e04570 | nss hmac digest hack: symkey-key@0x564021e04570 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)-703708464: ffffffb4 fffffffb ffffffd4 2c ffffffef ffffffc9 fffffff1 ffffffb3 20 ffffffe2 0b ffffffe7 52 5c ffffff91 ffffffb7 ffffff8d 1d ffffffbb 7f ffffffa7 fffffff7 ffffff8b 56 50 ffffff87 ffffffd9 ffffffee 24 ffffffa3 65 ffffffbd 2d 1e 14 3e 37 03 33 5b 75 27 ffffff89 ffffffcf ffffffc3 ffffff9e 38 ffffffa3 ffffffe8 ffffffac ffffff87 5a 6f ffffff81 ffffffe1 22 ffffffe7 42 4e 60 7d 52 05 5a ffffffd5 6e 6e ffffffb9 ffffffa5 4a 1c ffffffab 7c 71 2a 3f ffffffec ffffffb7 fffffffb ffffffc4 ffffff8c fffffff0 ffffffa3 6a 39 ffffffe6 08 7d 12 47 fffffff0 ffffff9e 60 fffffff9 52 62 4a 0e ffffffde 4b 2b ffffffbc 6a 7e 58 ffffff99 1a 56 3d ffffffe0 ffffffe1 fffffff2 ffffffed ffffff83 ffffff99 11 47 fffffff7 49 fffffff2 fffffffe 21 ffffffaa 69 ffffff8e 49 ffffffd9 2a 5e 62 1c 47 ffffff95 17 ffffffa7 ffffffac 2b 7d 7c ffffffe1 ffffffc9 ffffffca ffffffde 55 25 ffffffe2 ffffffa5 ffffffe4 ffffffc7 ffffffd2 ffffffd0 ffffff87 fffffffb ffffffad ffffffbd ffffff | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 256 bytes at 0x7f5ccc004520 | unwrapped: ac 2c fb 33 42 84 2d d4 a8 99 d9 af c9 a3 27 dc | unwrapped: d2 c5 9b 12 ca 38 9b db d8 2b 8f 39 2e 2f ab b1 | unwrapped: 90 46 32 3a 49 45 42 8f 4c e2 0d 2e d8 75 dc 9a | unwrapped: eb b1 94 2a a0 ae da db d3 9b f1 72 74 ae f4 6f | unwrapped: c8 2d d9 e0 7e 8b 24 5c 86 87 68 38 0e 0a e0 48 | unwrapped: a6 40 9d 82 60 94 33 6c 3b 90 5d 3a 6d 4e 74 b8 | unwrapped: db 57 1c d1 95 89 e4 8e ef 16 e2 b6 04 7b ba b9 | unwrapped: 2c 31 ef 88 cd fb 97 2d 51 a7 ea 13 43 12 10 85 | unwrapped: 87 58 8c 40 0e 61 d7 06 f3 08 46 8e d3 72 89 06 | unwrapped: 9c 5f 47 4d 88 55 bc 36 0d ea 51 b6 cd 84 a8 b9 | unwrapped: c6 1a 53 2b ec a1 64 d9 99 05 7c 5c 8e 51 53 bd | unwrapped: d0 54 9c e7 22 c7 de e1 12 37 f5 8a c6 94 07 b0 | unwrapped: 1d e8 df 5e 99 48 b8 c0 70 b5 4e 66 78 58 c2 32 | unwrapped: 88 9d 09 d6 ce 92 d9 cc 24 0b 89 25 95 ec 7e 90 | unwrapped: f3 e1 db 76 d1 01 a5 8d 34 c1 57 34 d2 6c 68 5b | unwrapped: ae c5 81 8d 5f 11 e4 03 9b 4c d1 87 29 c1 bf 65 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd60e4690 | result: final-key@0x564021e07b90 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e07b90 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd60e4678 | result: final-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e07b90 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x7f5cc800d640 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd60e4600 | result: data=Ni-key@0x564021dfb870 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x564021dfb870 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd60e45e8 | result: data=Ni-key@0x564021e07b90 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x564021dfb870 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e07b90 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f5cd60e45f0 | result: data+=Nr-key@0x564021dfb870 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564021e07b90 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021dfb870 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f5cd60e45f0 | result: data+=SPIi-key@0x564021e07b90 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564021dfb870 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e07b90 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f5cd60e45f0 | result: data+=SPIr-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564021e07b90 | prf+0 PRF sha init key-key@0x7f5cc800d640 (size 20) | prf+0: key-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd60e4518 | result: clone-key@0x564021e07b90 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f5ccc003aa0 from key-key@0x564021e07b90 | prf+0 prf: begin sha with context 0x7f5ccc003aa0 from key-key@0x564021e07b90 | prf+0: release clone-key@0x564021e07b90 | prf+0 PRF sha crypt-prf@0x7f5ccc0017f0 | prf+0 PRF sha update seed-key@0x564021dfb870 (size 80) | prf+0: seed-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021dfb870 | nss hmac digest hack: symkey-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-703708832: 6f 01 ffffffb2 3a ffffff97 ffffffa1 61 ffffffcc ffffffba 4c ffffff82 00 63 ffffffdf ffffff91 ffffff9a ffffff98 fffffff6 4c 56 ffffffc4 ffffffcf ffffff96 ffffffc6 11 ffffffae ffffff88 18 63 ffffffd7 ffffff91 ffffffd7 46 ffffffb3 28 61 ffffff81 fffffff8 5b ffffff89 ffffffbb 6d ffffffbe 72 ffffffdd ffffffb1 7f 43 ffffffd4 18 ffffffd3 50 ffffffa5 5f ffffff95 5f 6b 78 ffffffb6 ffffff83 03 ffffff93 ffffffbc 00 46 ffffffa7 47 ffffff92 ffffff8b ffffffbc 63 3a ffffff9c ffffffd7 ffffff94 ffffff8e 5e ffffffe8 0b fffffff8 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5ccc0048a0 | unwrapped: 70 d6 aa 5c 81 5d a9 b0 1c 5f 80 0c a0 b9 20 86 | unwrapped: f8 1a bc 3c 1a ba 84 24 9b ab 67 e2 a2 34 4a 53 | unwrapped: 7f 9a 44 bf d6 07 9e 5a 97 6a 89 84 84 1d 0b 69 | unwrapped: 54 64 68 25 54 5f 5b f1 d9 2a 7d 82 a8 df dd 15 | unwrapped: 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd60e4520 | result: final-key@0x564021df9ff0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021df9ff0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd60e4508 | result: final-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021df9ff0 | prf+0 PRF sha final-key@0x564021e07b90 (size 20) | prf+0: key-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x564021e07b90 | prf+N PRF sha init key-key@0x7f5cc800d640 (size 20) | prf+N: key-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd60e4518 | result: clone-key@0x564021df9ff0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5ccc003aa0 from key-key@0x564021df9ff0 | prf+N prf: begin sha with context 0x7f5ccc003aa0 from key-key@0x564021df9ff0 | prf+N: release clone-key@0x564021df9ff0 | prf+N PRF sha crypt-prf@0x7f5ccc0010c0 | prf+N PRF sha update old_t-key@0x564021e07b90 (size 20) | prf+N: old_t-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021e07b90 | nss hmac digest hack: symkey-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-703708832: 49 ffffffc7 ffffff83 5b ffffffcd 3b ffffff8c ffffffd0 58 fffffff4 fffffff9 ffffffaa ffffff90 ffffffda ffffffd4 41 fffffff3 ffffffb1 3b ffffffd5 1e 61 20 ffffff97 13 20 20 ffffffef ffffffad ffffffdd ffffffd9 49 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5ccc004bc0 | unwrapped: 10 7f 53 14 33 a5 2a 0e 0c fd 46 b9 3a 70 20 ec | unwrapped: 0d f7 3b 6c 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021dfb870 (size 80) | prf+N: seed-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021dfb870 | nss hmac digest hack: symkey-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-703708832: 6f 01 ffffffb2 3a ffffff97 ffffffa1 61 ffffffcc ffffffba 4c ffffff82 00 63 ffffffdf ffffff91 ffffff9a ffffff98 fffffff6 4c 56 ffffffc4 ffffffcf ffffff96 ffffffc6 11 ffffffae ffffff88 18 63 ffffffd7 ffffff91 ffffffd7 46 ffffffb3 28 61 ffffff81 fffffff8 5b ffffff89 ffffffbb 6d ffffffbe 72 ffffffdd ffffffb1 7f 43 ffffffd4 18 ffffffd3 50 ffffffa5 5f ffffff95 5f 6b 78 ffffffb6 ffffff83 03 ffffff93 ffffffbc 00 46 ffffffa7 47 ffffff92 ffffff8b ffffffbc 63 3a ffffff9c ffffffd7 ffffff94 ffffff8e 5e ffffffe8 0b fffffff8 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5ccc004840 | unwrapped: 70 d6 aa 5c 81 5d a9 b0 1c 5f 80 0c a0 b9 20 86 | unwrapped: f8 1a bc 3c 1a ba 84 24 9b ab 67 e2 a2 34 4a 53 | unwrapped: 7f 9a 44 bf d6 07 9e 5a 97 6a 89 84 84 1d 0b 69 | unwrapped: 54 64 68 25 54 5f 5b f1 d9 2a 7d 82 a8 df dd 15 | unwrapped: 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd60e4520 | result: final-key@0x564021e01140 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e01140 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd60e4508 | result: final-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e01140 | prf+N PRF sha final-key@0x564021df9ff0 (size 20) | prf+N: key-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd60e4598 | result: result-key@0x564021e01140 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021e07b90 | prfplus: release old_t[N]-key@0x564021e07b90 | prf+N PRF sha init key-key@0x7f5cc800d640 (size 20) | prf+N: key-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd60e4518 | result: clone-key@0x564021e07b90 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5ccc003aa0 from key-key@0x564021e07b90 | prf+N prf: begin sha with context 0x7f5ccc003aa0 from key-key@0x564021e07b90 | prf+N: release clone-key@0x564021e07b90 | prf+N PRF sha crypt-prf@0x7f5ccc002a80 | prf+N PRF sha update old_t-key@0x564021df9ff0 (size 20) | prf+N: old_t-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021df9ff0 | nss hmac digest hack: symkey-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-703708832: ffffffb9 fffffff8 12 fffffff4 fffffff7 ffffffab ffffffed ffffffbe 61 ffffff89 ffffffce 42 ffffff81 30 48 5b ffffffdb 70 25 08 ffffff9b ffffff82 ffffffcf ffffffcd 6a 4f fffffff0 ffffffe3 ffffffe8 0b ffffff87 ffffffb8 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5ccc006140 | unwrapped: b5 43 c2 02 af 7a 10 11 dd 4d 22 8e b0 84 a6 c4 | unwrapped: 67 4d 75 b8 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021dfb870 (size 80) | prf+N: seed-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021dfb870 | nss hmac digest hack: symkey-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-703708832: 6f 01 ffffffb2 3a ffffff97 ffffffa1 61 ffffffcc ffffffba 4c ffffff82 00 63 ffffffdf ffffff91 ffffff9a ffffff98 fffffff6 4c 56 ffffffc4 ffffffcf ffffff96 ffffffc6 11 ffffffae ffffff88 18 63 ffffffd7 ffffff91 ffffffd7 46 ffffffb3 28 61 ffffff81 fffffff8 5b ffffff89 ffffffbb 6d ffffffbe 72 ffffffdd ffffffb1 7f 43 ffffffd4 18 ffffffd3 50 ffffffa5 5f ffffff95 5f 6b 78 ffffffb6 ffffff83 03 ffffff93 ffffffbc 00 46 ffffffa7 47 ffffff92 ffffff8b ffffffbc 63 3a ffffff9c ffffffd7 ffffff94 ffffff8e 5e ffffffe8 0b fffffff8 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5ccc0047e0 | unwrapped: 70 d6 aa 5c 81 5d a9 b0 1c 5f 80 0c a0 b9 20 86 | unwrapped: f8 1a bc 3c 1a ba 84 24 9b ab 67 e2 a2 34 4a 53 | unwrapped: 7f 9a 44 bf d6 07 9e 5a 97 6a 89 84 84 1d 0b 69 | unwrapped: 54 64 68 25 54 5f 5b f1 d9 2a 7d 82 a8 df dd 15 | unwrapped: 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd60e4520 | result: final-key@0x564021e06230 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e06230 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd60e4508 | result: final-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e06230 | prf+N PRF sha final-key@0x564021e07b90 (size 20) | prf+N: key-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e01140 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd60e4598 | result: result-key@0x564021e06230 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021e01140 | prfplus: release old_t[N]-key@0x564021df9ff0 | prf+N PRF sha init key-key@0x7f5cc800d640 (size 20) | prf+N: key-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd60e4518 | result: clone-key@0x564021df9ff0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5ccc003aa0 from key-key@0x564021df9ff0 | prf+N prf: begin sha with context 0x7f5ccc003aa0 from key-key@0x564021df9ff0 | prf+N: release clone-key@0x564021df9ff0 | prf+N PRF sha crypt-prf@0x7f5ccc0010c0 | prf+N PRF sha update old_t-key@0x564021e07b90 (size 20) | prf+N: old_t-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021e07b90 | nss hmac digest hack: symkey-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-703708832: 50 64 ffffffaf 6c 6a ffffffba ffffff94 ffffffb8 ffffff91 ffffff8f ffffffe0 08 1d 29 ffffffb5 16 52 ffffffc2 25 ffffffaa ffffffad 77 ffffffb8 0d 16 22 44 74 75 0b ffffffb4 2a | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5ccc006110 | unwrapped: da 34 55 47 51 2d 29 b8 44 e2 cd 9b 2c 93 9e 73 | unwrapped: 7b 81 c2 7a 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021dfb870 (size 80) | prf+N: seed-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021dfb870 | nss hmac digest hack: symkey-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-703708832: 6f 01 ffffffb2 3a ffffff97 ffffffa1 61 ffffffcc ffffffba 4c ffffff82 00 63 ffffffdf ffffff91 ffffff9a ffffff98 fffffff6 4c 56 ffffffc4 ffffffcf ffffff96 ffffffc6 11 ffffffae ffffff88 18 63 ffffffd7 ffffff91 ffffffd7 46 ffffffb3 28 61 ffffff81 fffffff8 5b ffffff89 ffffffbb 6d ffffffbe 72 ffffffdd ffffffb1 7f 43 ffffffd4 18 ffffffd3 50 ffffffa5 5f ffffff95 5f 6b 78 ffffffb6 ffffff83 03 ffffff93 ffffffbc 00 46 ffffffa7 47 ffffff92 ffffff8b ffffffbc 63 3a ffffff9c ffffffd7 ffffff94 ffffff8e 5e ffffffe8 0b fffffff8 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5ccc004780 | unwrapped: 70 d6 aa 5c 81 5d a9 b0 1c 5f 80 0c a0 b9 20 86 | unwrapped: f8 1a bc 3c 1a ba 84 24 9b ab 67 e2 a2 34 4a 53 | unwrapped: 7f 9a 44 bf d6 07 9e 5a 97 6a 89 84 84 1d 0b 69 | unwrapped: 54 64 68 25 54 5f 5b f1 d9 2a 7d 82 a8 df dd 15 | unwrapped: 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd60e4520 | result: final-key@0x564021e01140 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e01140 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd60e4508 | result: final-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e01140 | prf+N PRF sha final-key@0x564021df9ff0 (size 20) | prf+N: key-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e06230 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd60e4598 | result: result-key@0x564021e01140 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021e06230 | prfplus: release old_t[N]-key@0x564021e07b90 | prf+N PRF sha init key-key@0x7f5cc800d640 (size 20) | prf+N: key-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd60e4518 | result: clone-key@0x564021e07b90 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5ccc003aa0 from key-key@0x564021e07b90 | prf+N prf: begin sha with context 0x7f5ccc003aa0 from key-key@0x564021e07b90 | prf+N: release clone-key@0x564021e07b90 | prf+N PRF sha crypt-prf@0x7f5ccc002a80 | prf+N PRF sha update old_t-key@0x564021df9ff0 (size 20) | prf+N: old_t-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021df9ff0 | nss hmac digest hack: symkey-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-703708832: 4f 4e ffffffc8 ffffffa9 ffffff89 ffffffce 3c 23 ffffffa2 ffffffd8 51 ffffffdb ffffffaa 10 ffffffbb ffffff97 ffffffe7 20 ffffffe1 4d ffffff9e 23 ffffff92 65 ffffff9d fffffff5 79 5b 2d 37 05 ffffffec | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5ccc0063e0 | unwrapped: fb 2d 9c 60 42 91 19 14 24 c7 31 1d af c9 8b 18 | unwrapped: f5 40 f0 74 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021dfb870 (size 80) | prf+N: seed-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021dfb870 | nss hmac digest hack: symkey-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-703708832: 6f 01 ffffffb2 3a ffffff97 ffffffa1 61 ffffffcc ffffffba 4c ffffff82 00 63 ffffffdf ffffff91 ffffff9a ffffff98 fffffff6 4c 56 ffffffc4 ffffffcf ffffff96 ffffffc6 11 ffffffae ffffff88 18 63 ffffffd7 ffffff91 ffffffd7 46 ffffffb3 28 61 ffffff81 fffffff8 5b ffffff89 ffffffbb 6d ffffffbe 72 ffffffdd ffffffb1 7f 43 ffffffd4 18 ffffffd3 50 ffffffa5 5f ffffff95 5f 6b 78 ffffffb6 ffffff83 03 ffffff93 ffffffbc 00 46 ffffffa7 47 ffffff92 ffffff8b ffffffbc 63 3a ffffff9c ffffffd7 ffffff94 ffffff8e 5e ffffffe8 0b fffffff8 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5ccc001a30 | unwrapped: 70 d6 aa 5c 81 5d a9 b0 1c 5f 80 0c a0 b9 20 86 | unwrapped: f8 1a bc 3c 1a ba 84 24 9b ab 67 e2 a2 34 4a 53 | unwrapped: 7f 9a 44 bf d6 07 9e 5a 97 6a 89 84 84 1d 0b 69 | unwrapped: 54 64 68 25 54 5f 5b f1 d9 2a 7d 82 a8 df dd 15 | unwrapped: 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd60e4520 | result: final-key@0x564021e06230 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e06230 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd60e4508 | result: final-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e06230 | prf+N PRF sha final-key@0x564021e07b90 (size 20) | prf+N: key-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e01140 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd60e4598 | result: result-key@0x564021e06230 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021e01140 | prfplus: release old_t[N]-key@0x564021df9ff0 | prf+N PRF sha init key-key@0x7f5cc800d640 (size 20) | prf+N: key-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd60e4518 | result: clone-key@0x564021df9ff0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5ccc005980 from key-key@0x564021df9ff0 | prf+N prf: begin sha with context 0x7f5ccc005980 from key-key@0x564021df9ff0 | prf+N: release clone-key@0x564021df9ff0 | prf+N PRF sha crypt-prf@0x7f5ccc0010c0 | prf+N PRF sha update old_t-key@0x564021e07b90 (size 20) | prf+N: old_t-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021e07b90 | nss hmac digest hack: symkey-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-703708832: ffffffae ffffff8d ffffffe0 ffffff99 21 22 ffffffd1 ffffff88 ffffff9c 5d 66 77 fffffff1 ffffff98 78 31 40 ffffffb5 fffffffb 6c ffffffef 6f ffffff9c ffffffc1 ffffffc9 ffffffe4 56 2b fffffffa ffffffb4 79 56 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5ccc006730 | unwrapped: 6d 42 e2 bb 51 9d ef 20 2e 0b 1c 33 47 b7 44 9a | unwrapped: 4b c1 28 0c 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021dfb870 (size 80) | prf+N: seed-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021dfb870 | nss hmac digest hack: symkey-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-703708832: 6f 01 ffffffb2 3a ffffff97 ffffffa1 61 ffffffcc ffffffba 4c ffffff82 00 63 ffffffdf ffffff91 ffffff9a ffffff98 fffffff6 4c 56 ffffffc4 ffffffcf ffffff96 ffffffc6 11 ffffffae ffffff88 18 63 ffffffd7 ffffff91 ffffffd7 46 ffffffb3 28 61 ffffff81 fffffff8 5b ffffff89 ffffffbb 6d ffffffbe 72 ffffffdd ffffffb1 7f 43 ffffffd4 18 ffffffd3 50 ffffffa5 5f ffffff95 5f 6b 78 ffffffb6 ffffff83 03 ffffff93 ffffffbc 00 46 ffffffa7 47 ffffff92 ffffff8b ffffffbc 63 3a ffffff9c ffffffd7 ffffff94 ffffff8e 5e ffffffe8 0b fffffff8 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5ccc004840 | unwrapped: 70 d6 aa 5c 81 5d a9 b0 1c 5f 80 0c a0 b9 20 86 | unwrapped: f8 1a bc 3c 1a ba 84 24 9b ab 67 e2 a2 34 4a 53 | unwrapped: 7f 9a 44 bf d6 07 9e 5a 97 6a 89 84 84 1d 0b 69 | unwrapped: 54 64 68 25 54 5f 5b f1 d9 2a 7d 82 a8 df dd 15 | unwrapped: 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd60e4520 | result: final-key@0x564021e01140 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e01140 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd60e4508 | result: final-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e01140 | prf+N PRF sha final-key@0x564021df9ff0 (size 20) | prf+N: key-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e06230 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd60e4598 | result: result-key@0x564021e01140 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021e06230 | prfplus: release old_t[N]-key@0x564021e07b90 | prf+N PRF sha init key-key@0x7f5cc800d640 (size 20) | prf+N: key-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd60e4518 | result: clone-key@0x564021e07b90 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5ccc003aa0 from key-key@0x564021e07b90 | prf+N prf: begin sha with context 0x7f5ccc003aa0 from key-key@0x564021e07b90 | prf+N: release clone-key@0x564021e07b90 | prf+N PRF sha crypt-prf@0x7f5ccc002a80 | prf+N PRF sha update old_t-key@0x564021df9ff0 (size 20) | prf+N: old_t-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021df9ff0 | nss hmac digest hack: symkey-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-703708832: 72 0a 01 ffffffd2 ffffffce 18 5d 35 33 16 fffffffb 77 1f ffffffbc ffffffd0 ffffffa9 ffffffc1 ffffffac 64 ffffffd7 12 ffffff84 5f ffffffab 63 6b 51 ffffffc4 07 ffffff82 7f ffffffb1 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5ccc001930 | unwrapped: 95 5d 1f f8 32 33 25 fb e0 19 20 71 c0 c7 44 1a | unwrapped: 76 9f 79 f3 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021dfb870 (size 80) | prf+N: seed-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021dfb870 | nss hmac digest hack: symkey-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-703708832: 6f 01 ffffffb2 3a ffffff97 ffffffa1 61 ffffffcc ffffffba 4c ffffff82 00 63 ffffffdf ffffff91 ffffff9a ffffff98 fffffff6 4c 56 ffffffc4 ffffffcf ffffff96 ffffffc6 11 ffffffae ffffff88 18 63 ffffffd7 ffffff91 ffffffd7 46 ffffffb3 28 61 ffffff81 fffffff8 5b ffffff89 ffffffbb 6d ffffffbe 72 ffffffdd ffffffb1 7f 43 ffffffd4 18 ffffffd3 50 ffffffa5 5f ffffff95 5f 6b 78 ffffffb6 ffffff83 03 ffffff93 ffffffbc 00 46 ffffffa7 47 ffffff92 ffffff8b ffffffbc 63 3a ffffff9c ffffffd7 ffffff94 ffffff8e 5e ffffffe8 0b fffffff8 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5ccc001a30 | unwrapped: 70 d6 aa 5c 81 5d a9 b0 1c 5f 80 0c a0 b9 20 86 | unwrapped: f8 1a bc 3c 1a ba 84 24 9b ab 67 e2 a2 34 4a 53 | unwrapped: 7f 9a 44 bf d6 07 9e 5a 97 6a 89 84 84 1d 0b 69 | unwrapped: 54 64 68 25 54 5f 5b f1 d9 2a 7d 82 a8 df dd 15 | unwrapped: 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd60e4520 | result: final-key@0x564021e06230 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e06230 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd60e4508 | result: final-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e06230 | prf+N PRF sha final-key@0x564021e07b90 (size 20) | prf+N: key-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e01140 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd60e4598 | result: result-key@0x564021e06230 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021e01140 | prfplus: release old_t[N]-key@0x564021df9ff0 | prfplus: release old_t[final]-key@0x564021e07b90 | ike_sa_keymat: release data-key@0x564021dfb870 | calc_skeyseed_v2: release skeyseed_k-key@0x7f5cc800d640 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e06230 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd60e4738 | result: result-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e06230 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd60e4738 | result: result-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e06230 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd60e4738 | result: result-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x564021e06230 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd60e4748 | result: SK_ei_k-key@0x564021df9ff0 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x564021e06230 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd60e4748 | result: SK_er_k-key@0x564021e01140 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e06230 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd60e4748 | result: result-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x564021e19e70 | chunk_SK_pi: symkey-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1717986918: 7e ffffffd8 06 ffffffd3 40 ffffffb3 54 ffffffb4 fffffffe 58 ffffff88 ffffffd1 ffffffee 01 76 70 04 64 ffffffd6 55 22 40 75 ffffffbd ffffffe7 19 6a 53 ffffff85 2e ffffff92 62 | chunk_SK_pi: release slot-key-key@0x564021dfdd40 | chunk_SK_pi extracted len 32 bytes at 0x7f5ccc0063b0 | unwrapped: 47 b7 44 9a 4b c1 28 0c 95 5d 1f f8 32 33 25 fb | unwrapped: e0 19 20 71 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e06230 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd60e4748 | result: result-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x7f5cc80069f0 | chunk_SK_pr: symkey-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1717986918: 70 ffffff8e 4b 0c 05 16 2a ffffff86 41 ffffffca ffffffe6 ffffff8b ffffff8f 4c ffffffdc 4d ffffffed ffffffae ffffffc2 1f 32 72 47 7a 0e ffffff8e ffffffef ffffff88 ffffffef ffffff81 6d ffffffff | chunk_SK_pr: release slot-key-key@0x564021dfdd40 | chunk_SK_pr extracted len 32 bytes at 0x7f5ccc001930 | unwrapped: c0 c7 44 1a 76 9f 79 f3 96 09 b9 a8 26 9a 83 f2 | unwrapped: de 0a 89 4c 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x564021e06230 | calc_skeyseed_v2 pointers: shared-key@0x564021e04570, SK_d-key@0x7f5cc800d640, SK_ai-key@0x564021dfb870, SK_ar-key@0x564021e07b90, SK_ei-key@0x564021df9ff0, SK_er-key@0x564021e01140, SK_pi-key@0x564021e19e70, SK_pr-key@0x7f5cc80069f0 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | 47 b7 44 9a 4b c1 28 0c 95 5d 1f f8 32 33 25 fb | e0 19 20 71 | calc_skeyseed_v2 SK_pr | c0 c7 44 1a 76 9f 79 f3 96 09 b9 a8 26 9a 83 f2 | de 0a 89 4c | crypto helper 4 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 10 time elapsed 0.003019 seconds | (#9) spent 3 milliseconds in crypto helper computing work-order 10: ikev2_inR1outI2 KE (pcr) | crypto helper 4 sending results from work-order 10 for state #9 to event queue | scheduling resume sending helper answer for #9 | libevent_malloc: new ptr-libevent@0x7f5ccc006760 size 128 | crypto helper 4 waiting (nothing to do) | processing resume sending helper answer for #9 | start processing: state #9 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 4 replies to request ID 10 | calling continuation function 0x564020443630 | ikev2_parent_inR1outI2_continue for #9: calculating g^{xy}, sending I2 | DH secret MODP2048@0x7f5cc8002010: transferring ownership from helper IKEv2 DH to state #9 | finish_dh_v2: release st_shared_nss-key@NULL | creating state object #10 at 0x564021e1a900 | State DB: adding IKEv2 state #10 in UNDEFINED | pstats #10 ikev2.child started | duplicating state object #9 "aes128" as #10 for IPSEC SA | #10 setting local endpoint to 192.1.2.45:500 from #9.st_localport (in duplicate_state() at state.c:1481) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x7f5cc800d640 | duplicate_state: reference st_skey_ai_nss-key@0x564021dfb870 | duplicate_state: reference st_skey_ar_nss-key@0x564021e07b90 | duplicate_state: reference st_skey_ei_nss-key@0x564021df9ff0 | duplicate_state: reference st_skey_er_nss-key@0x564021e01140 | duplicate_state: reference st_skey_pi_nss-key@0x564021e19e70 | duplicate_state: reference st_skey_pr_nss-key@0x7f5cc80069f0 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #9.#10; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #9 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #9.#10 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #9 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f5cc8011520 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564021e153b0 | event_schedule: new EVENT_SA_REPLACE-pe@0x564021e153b0 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #9 | libevent_malloc: new ptr-libevent@0x7f5cc8011520 size 128 | parent state #9: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | 65 12 22 b9 cd 6a 2c 4d | responder cookie: | f2 c8 2c 02 54 24 8b 03 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | IDr payload will be sent | hmac PRF sha init symkey-key@0x564021e19e70 (size 20) | hmac: symkey-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db978 | result: clone-key@0x564021e06230 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564021dfd2a0 from symkey-key@0x564021e06230 | hmac prf: begin sha with context 0x564021dfd2a0 from symkey-key@0x564021e06230 | hmac: release clone-key@0x564021e06230 | hmac PRF sha crypt-prf@0x564021e16b20 | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 77 65 73 74 | emitting length of IKEv2 Identification - Initiator - Payload: 12 | idhash calc I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x564020542974 (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7fff864dbf10 (length 20) | 34 b4 42 d6 e4 4b 40 1c 06 d7 6e 4f 2c b2 b0 57 | 77 e6 30 59 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload | IDr 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x564021e0a240 (line=1) | concluding with best_match=014 best=0x564021e0a240 (lineno=1) | inputs to hash1 (first packet) | 65 12 22 b9 cd 6a 2c 4d 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 e2 16 37 a1 9c 50 93 9a f8 35 38 f0 | 8a 8e b5 e6 e2 f5 2f 76 0a 60 7d 7c 7d db 09 c0 | 62 dd fe a0 c0 75 84 ba 05 1d eb 95 5b 65 9c e8 | 4e 0d b3 e0 32 60 ba 14 23 9a 7a 54 26 fc 1b 9d | f7 7a b5 0c d9 47 6a 65 64 18 9d 9f 37 3f 0a 52 | 51 33 3d 69 b2 32 46 f8 cf bd 89 b9 e8 cd 9b 5c | 49 7e d3 8a d7 b8 24 63 30 1b 59 ef 54 d5 75 2e | 75 cd b9 c5 2a 80 75 15 06 9f 61 5c 7b 93 e7 47 | 34 19 f2 4d b8 23 a8 f0 44 ad b5 21 af 27 22 f1 | 27 49 f2 a4 e6 0b 26 b7 1b e6 41 95 31 e0 f9 3e | 23 f4 6c 0d 4b 00 dc 89 8e 39 b2 f0 af 4a d2 a9 | 8e 22 69 1d 22 6b 4d 1a 40 dc 4a 28 b6 2a f1 fb | e9 83 fe 1d 72 4d 66 48 40 dc b0 af 08 b5 1c df | d3 c5 6a ec d0 be 94 c3 4a 9e f9 88 e2 66 a4 30 | 76 e6 13 91 1f 44 7f fc d9 e2 07 9a 9e 28 4d 33 | 1a 55 e5 98 61 8e 5e ef 46 5c 3e 65 63 19 4a a4 | 2c 08 1a 63 29 00 00 24 70 d6 aa 5c 81 5d a9 b0 | 1c 5f 80 0c a0 b9 20 86 f8 1a bc 3c 1a ba 84 24 | 9b ab 67 e2 a2 34 4a 53 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 d7 cb cb 44 18 a8 1f c2 | ac fd c9 a4 8e e2 8f 12 f8 98 c5 12 00 00 00 1c | 00 00 40 05 c9 6c 1b 03 7e 87 74 e7 f7 96 19 2c | ee 9d 7b 99 79 54 58 be | create: initiator inputs to hash2 (responder nonce) | 7f 9a 44 bf d6 07 9e 5a 97 6a 89 84 84 1d 0b 69 | 54 64 68 25 54 5f 5b f1 d9 2a 7d 82 a8 df dd 15 | idhash 34 b4 42 d6 e4 4b 40 1c 06 d7 6e 4f 2c b2 b0 57 | idhash 77 e6 30 59 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x564021e14a20 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db770 | result: shared secret-key@0x7f5cd0006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7f5cd0006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db758 | result: shared secret-key@0x564021e06230 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7f5cd0006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x564021dfd2a0 from shared secret-key@0x564021e06230 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x564021dfd2a0 from shared secret-key@0x564021e06230 | = prf(,"Key Pad for IKEv2"): release clone-key@0x564021e06230 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x564021e17f60 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x5640204d6bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db790 | result: final-key@0x7f5cd0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cd0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db778 | result: final-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f5cd0006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x564021e06230 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x564021e06230 (size 20) | = prf(, ): -key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db788 | result: clone-key@0x7f5cd0006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x564021dfd2a0 from -key@0x7f5cd0006900 | = prf(, ) prf: begin sha with context 0x564021dfd2a0 from -key@0x7f5cd0006900 | = prf(, ): release clone-key@0x7f5cd0006900 | = prf(, ) PRF sha crypt-prf@0x564021e15370 | = prf(, ) PRF sha update first-packet-bytes@0x564021e17970 (length 440) | 65 12 22 b9 cd 6a 2c 4d 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 e2 16 37 a1 9c 50 93 9a f8 35 38 f0 | 8a 8e b5 e6 e2 f5 2f 76 0a 60 7d 7c 7d db 09 c0 | 62 dd fe a0 c0 75 84 ba 05 1d eb 95 5b 65 9c e8 | 4e 0d b3 e0 32 60 ba 14 23 9a 7a 54 26 fc 1b 9d | f7 7a b5 0c d9 47 6a 65 64 18 9d 9f 37 3f 0a 52 | 51 33 3d 69 b2 32 46 f8 cf bd 89 b9 e8 cd 9b 5c | 49 7e d3 8a d7 b8 24 63 30 1b 59 ef 54 d5 75 2e | 75 cd b9 c5 2a 80 75 15 06 9f 61 5c 7b 93 e7 47 | 34 19 f2 4d b8 23 a8 f0 44 ad b5 21 af 27 22 f1 | 27 49 f2 a4 e6 0b 26 b7 1b e6 41 95 31 e0 f9 3e | 23 f4 6c 0d 4b 00 dc 89 8e 39 b2 f0 af 4a d2 a9 | 8e 22 69 1d 22 6b 4d 1a 40 dc 4a 28 b6 2a f1 fb | e9 83 fe 1d 72 4d 66 48 40 dc b0 af 08 b5 1c df | d3 c5 6a ec d0 be 94 c3 4a 9e f9 88 e2 66 a4 30 | 76 e6 13 91 1f 44 7f fc d9 e2 07 9a 9e 28 4d 33 | 1a 55 e5 98 61 8e 5e ef 46 5c 3e 65 63 19 4a a4 | 2c 08 1a 63 29 00 00 24 70 d6 aa 5c 81 5d a9 b0 | 1c 5f 80 0c a0 b9 20 86 f8 1a bc 3c 1a ba 84 24 | 9b ab 67 e2 a2 34 4a 53 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 d7 cb cb 44 18 a8 1f c2 | ac fd c9 a4 8e e2 8f 12 f8 98 c5 12 00 00 00 1c | 00 00 40 05 c9 6c 1b 03 7e 87 74 e7 f7 96 19 2c | ee 9d 7b 99 79 54 58 be | = prf(, ) PRF sha update nonce-bytes@0x564021e17240 (length 32) | 7f 9a 44 bf d6 07 9e 5a 97 6a 89 84 84 1d 0b 69 | 54 64 68 25 54 5f 5b f1 d9 2a 7d 82 a8 df dd 15 | = prf(, ) PRF sha update hash-bytes@0x7fff864dbf10 (length 20) | 34 b4 42 d6 e4 4b 40 1c 06 d7 6e 4f 2c b2 b0 57 | 77 e6 30 59 | = prf(, ) PRF sha final-chunk@0x564021e17fd0 (length 20) | ee a4 6f 8b 71 ea 67 cb eb ac 40 bd d7 ed b8 aa | 07 7e 2e 97 | psk_auth: release prf-psk-key@0x564021e06230 | PSK auth octets ee a4 6f 8b 71 ea 67 cb eb ac 40 bd d7 ed b8 aa | PSK auth octets 07 7e 2e 97 | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth ee a4 6f 8b 71 ea 67 cb eb ac 40 bd d7 ed b8 aa | PSK auth 07 7e 2e 97 | emitting length of IKEv2 Authentication Payload: 28 | getting first pending from state #9 | netlink_get_spi: allocated 0x3aa70a7e for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for aes128 (IKE SA initiator emitting ESP/AH proposals) | converting proposal AES_CBC_128-HMAC_SHA1_96-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED "aes128": constructed local ESP/AH proposals for aes128 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 3a a7 0a 7e | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #9: IMPAIR: duplicating key-length attribute | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 16 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 01 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 02 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 12 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 192 | emitting length of ISAKMP Message: 220 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 95 e3 1d 4b 67 99 21 60 7f a5 f4 7d 04 60 e3 50 | data before encryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | ee a4 6f 8b 71 ea 67 cb eb ac 40 bd d7 ed b8 aa | 07 7e 2e 97 2c 00 00 30 00 00 00 2c 01 03 04 03 | 3a a7 0a 7e 03 00 00 10 01 00 00 0c 80 0e 00 80 | 80 0e 00 80 03 00 00 08 03 00 00 02 00 00 00 08 | 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 01 00 c0 00 01 ff 00 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 | c0 00 02 ff 00 01 02 03 04 05 06 07 08 09 0a 0b | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | fa c1 40 85 e4 25 f2 15 91 31 0b 26 e4 e5 5d 45 | 32 13 01 68 b2 b2 ce 9d 27 33 a3 6f cb ee 9d 60 | 73 c9 7c 71 03 f7 d1 4a 6f 67 5b a7 ee 9e 22 6a | be f1 58 8b d4 29 81 86 fa 14 63 c2 a0 48 90 91 | bf dc 75 6d 3b 4c 83 80 63 c4 51 29 02 b1 55 1a | 5f aa 34 dd bf d9 d5 37 2f ef fd e8 80 4f a7 00 | 4c 8d c2 6f 36 40 80 0b e5 50 56 c1 ee 05 49 25 | 2e b5 05 2b 33 81 38 eb 05 2a 80 bf eb c3 1f b9 | be 3c 22 50 43 a6 ed 07 37 f0 57 48 1f 0d 22 68 | 09 92 b7 58 6a 75 34 4a 8f 9d 65 a9 8b 25 03 4c | hmac PRF sha init symkey-key@0x564021dfb870 (size 20) | hmac: symkey-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db888 | result: clone-key@0x564021e06230 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564021dfd2a0 from symkey-key@0x564021e06230 | hmac prf: begin sha with context 0x564021dfd2a0 from symkey-key@0x564021e06230 | hmac: release clone-key@0x564021e06230 | hmac PRF sha crypt-prf@0x564021e17f60 | hmac PRF sha update data-bytes@0x564020542940 (length 208) | 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 95 e3 1d 4b 67 99 21 60 7f a5 f4 7d 04 60 e3 50 | fa c1 40 85 e4 25 f2 15 91 31 0b 26 e4 e5 5d 45 | 32 13 01 68 b2 b2 ce 9d 27 33 a3 6f cb ee 9d 60 | 73 c9 7c 71 03 f7 d1 4a 6f 67 5b a7 ee 9e 22 6a | be f1 58 8b d4 29 81 86 fa 14 63 c2 a0 48 90 91 | bf dc 75 6d 3b 4c 83 80 63 c4 51 29 02 b1 55 1a | 5f aa 34 dd bf d9 d5 37 2f ef fd e8 80 4f a7 00 | 4c 8d c2 6f 36 40 80 0b e5 50 56 c1 ee 05 49 25 | 2e b5 05 2b 33 81 38 eb 05 2a 80 bf eb c3 1f b9 | be 3c 22 50 43 a6 ed 07 37 f0 57 48 1f 0d 22 68 | 09 92 b7 58 6a 75 34 4a 8f 9d 65 a9 8b 25 03 4c | hmac PRF sha final-bytes@0x564020542a10 (length 20) | d0 7c cf 80 4f 86 8d c9 19 ae 6d ff ad 9d 8a 64 | 08 a7 14 1f | data being hmac: 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | data being hmac: 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | data being hmac: 95 e3 1d 4b 67 99 21 60 7f a5 f4 7d 04 60 e3 50 | data being hmac: fa c1 40 85 e4 25 f2 15 91 31 0b 26 e4 e5 5d 45 | data being hmac: 32 13 01 68 b2 b2 ce 9d 27 33 a3 6f cb ee 9d 60 | data being hmac: 73 c9 7c 71 03 f7 d1 4a 6f 67 5b a7 ee 9e 22 6a | data being hmac: be f1 58 8b d4 29 81 86 fa 14 63 c2 a0 48 90 91 | data being hmac: bf dc 75 6d 3b 4c 83 80 63 c4 51 29 02 b1 55 1a | data being hmac: 5f aa 34 dd bf d9 d5 37 2f ef fd e8 80 4f a7 00 | data being hmac: 4c 8d c2 6f 36 40 80 0b e5 50 56 c1 ee 05 49 25 | data being hmac: 2e b5 05 2b 33 81 38 eb 05 2a 80 bf eb c3 1f b9 | data being hmac: be 3c 22 50 43 a6 ed 07 37 f0 57 48 1f 0d 22 68 | data being hmac: 09 92 b7 58 6a 75 34 4a 8f 9d 65 a9 8b 25 03 4c | out calculated auth: | d0 7c cf 80 4f 86 8d c9 19 ae 6d ff | suspend processing: state #9 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #10 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #10 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #10: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #10 to 0 after switching state | Message ID: recv #9.#10 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #9.#10 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "aes128" #10: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 220 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #9) | 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 95 e3 1d 4b 67 99 21 60 7f a5 f4 7d 04 60 e3 50 | fa c1 40 85 e4 25 f2 15 91 31 0b 26 e4 e5 5d 45 | 32 13 01 68 b2 b2 ce 9d 27 33 a3 6f cb ee 9d 60 | 73 c9 7c 71 03 f7 d1 4a 6f 67 5b a7 ee 9e 22 6a | be f1 58 8b d4 29 81 86 fa 14 63 c2 a0 48 90 91 | bf dc 75 6d 3b 4c 83 80 63 c4 51 29 02 b1 55 1a | 5f aa 34 dd bf d9 d5 37 2f ef fd e8 80 4f a7 00 | 4c 8d c2 6f 36 40 80 0b e5 50 56 c1 ee 05 49 25 | 2e b5 05 2b 33 81 38 eb 05 2a 80 bf eb c3 1f b9 | be 3c 22 50 43 a6 ed 07 37 f0 57 48 1f 0d 22 68 | 09 92 b7 58 6a 75 34 4a 8f 9d 65 a9 8b 25 03 4c | d0 7c cf 80 4f 86 8d c9 19 ae 6d ff | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "aes128" #10: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x564021e1fb00 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #10 | libevent_malloc: new ptr-libevent@0x7f5cd0006800 size 128 | #10 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48955.545522 | resume sending helper answer for #9 suppresed complete_v2_state_transition() | #9 spent 1.08 milliseconds in resume sending helper answer | stop processing: state #10 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5ccc006760 | spent 0.00275 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 204 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | 6d 8b 26 28 96 2f 7f 8b a3 d6 c8 8d 29 4d 39 f7 | 65 15 45 d4 e1 3a 1b 41 de 8d a7 20 43 cc b4 3e | cf bb 12 18 01 db 96 5f e0 42 e2 4a 8c 59 a1 32 | 19 72 35 b1 81 80 2f c7 2e cc c0 e2 ae 6d 94 c3 | d3 0c 23 5f 19 a3 d9 c0 ed f1 54 ff b2 3d af 79 | 2f 67 df 2a 94 9d be 38 89 7a 41 96 93 92 8c 0f | be d1 ee ee 05 1e 41 83 57 4c bd b8 42 15 28 a3 | 1a 17 c0 06 71 3f 67 c8 5b 99 dd a1 da b8 27 4a | 55 c5 7e 55 0e c7 24 60 2b 31 84 4d b8 6a ba 13 | e7 ce 00 f8 99 e2 c1 5b 18 13 2d d1 35 7c 23 8c | 65 92 bc 56 51 94 54 88 df 0b d3 cf | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 65 12 22 b9 cd 6a 2c 4d | responder cookie: | f2 c8 2c 02 54 24 8b 03 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 204 (0xcc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #9 in PARENT_I2 (find_v2_ike_sa) | start processing: state #9 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #10 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #9 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | start processing: state #10 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #10 is idle | #10 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 176 (0xb0) | processing payload: ISAKMP_NEXT_v2SK (len=172) | #10 in state PARENT_I2: sent v2I2, expected v2R2 | hmac PRF sha init symkey-key@0x564021e07b90 (size 20) | hmac: symkey-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db7a8 | result: clone-key@0x564021e06230 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564021dfd2a0 from symkey-key@0x564021e06230 | hmac prf: begin sha with context 0x564021dfd2a0 from symkey-key@0x564021e06230 | hmac: release clone-key@0x564021e06230 | hmac PRF sha crypt-prf@0x564021e16cc0 | hmac PRF sha update data-bytes@0x564021e197b0 (length 192) | 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | 6d 8b 26 28 96 2f 7f 8b a3 d6 c8 8d 29 4d 39 f7 | 65 15 45 d4 e1 3a 1b 41 de 8d a7 20 43 cc b4 3e | cf bb 12 18 01 db 96 5f e0 42 e2 4a 8c 59 a1 32 | 19 72 35 b1 81 80 2f c7 2e cc c0 e2 ae 6d 94 c3 | d3 0c 23 5f 19 a3 d9 c0 ed f1 54 ff b2 3d af 79 | 2f 67 df 2a 94 9d be 38 89 7a 41 96 93 92 8c 0f | be d1 ee ee 05 1e 41 83 57 4c bd b8 42 15 28 a3 | 1a 17 c0 06 71 3f 67 c8 5b 99 dd a1 da b8 27 4a | 55 c5 7e 55 0e c7 24 60 2b 31 84 4d b8 6a ba 13 | e7 ce 00 f8 99 e2 c1 5b 18 13 2d d1 35 7c 23 8c | hmac PRF sha final-bytes@0x7fff864db970 (length 20) | 65 92 bc 56 51 94 54 88 df 0b d3 cf f3 52 2f 6d | 00 b7 1c 5e | data for hmac: 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | data for hmac: 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | data for hmac: 6d 8b 26 28 96 2f 7f 8b a3 d6 c8 8d 29 4d 39 f7 | data for hmac: 65 15 45 d4 e1 3a 1b 41 de 8d a7 20 43 cc b4 3e | data for hmac: cf bb 12 18 01 db 96 5f e0 42 e2 4a 8c 59 a1 32 | data for hmac: 19 72 35 b1 81 80 2f c7 2e cc c0 e2 ae 6d 94 c3 | data for hmac: d3 0c 23 5f 19 a3 d9 c0 ed f1 54 ff b2 3d af 79 | data for hmac: 2f 67 df 2a 94 9d be 38 89 7a 41 96 93 92 8c 0f | data for hmac: be d1 ee ee 05 1e 41 83 57 4c bd b8 42 15 28 a3 | data for hmac: 1a 17 c0 06 71 3f 67 c8 5b 99 dd a1 da b8 27 4a | data for hmac: 55 c5 7e 55 0e c7 24 60 2b 31 84 4d b8 6a ba 13 | data for hmac: e7 ce 00 f8 99 e2 c1 5b 18 13 2d d1 35 7c 23 8c | calculated auth: 65 92 bc 56 51 94 54 88 df 0b d3 cf | provided auth: 65 92 bc 56 51 94 54 88 df 0b d3 cf | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 6d 8b 26 28 96 2f 7f 8b a3 d6 c8 8d 29 4d 39 f7 | payload before decryption: | 65 15 45 d4 e1 3a 1b 41 de 8d a7 20 43 cc b4 3e | cf bb 12 18 01 db 96 5f e0 42 e2 4a 8c 59 a1 32 | 19 72 35 b1 81 80 2f c7 2e cc c0 e2 ae 6d 94 c3 | d3 0c 23 5f 19 a3 d9 c0 ed f1 54 ff b2 3d af 79 | 2f 67 df 2a 94 9d be 38 89 7a 41 96 93 92 8c 0f | be d1 ee ee 05 1e 41 83 57 4c bd b8 42 15 28 a3 | 1a 17 c0 06 71 3f 67 c8 5b 99 dd a1 da b8 27 4a | 55 c5 7e 55 0e c7 24 60 2b 31 84 4d b8 6a ba 13 | e7 ce 00 f8 99 e2 c1 5b 18 13 2d d1 35 7c 23 8c | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 a8 2c fb 5e ca e0 f4 f2 7c 72 fc 4d | 84 7d a2 d1 53 3c d1 a9 2c 00 00 2c 00 00 00 28 | 01 03 04 03 9c 5d 98 41 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 03 00 00 02 00 00 00 08 | 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 01 00 c0 00 01 ff 00 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 | c0 00 02 ff 00 01 02 03 04 05 06 07 08 09 0a 0b | stripping 12 octets as pad | #10 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Initiator: process IKE_AUTH response | Now let's proceed with state specific processing | calling processor Initiator: process IKE_AUTH response | offered CA: '%none' "aes128" #10: IKEv2 mode peer ID is ID_FQDN: '@east' | hmac PRF sha init symkey-key@0x7f5cc80069f0 (size 20) | hmac: symkey-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db8d8 | result: clone-key@0x564021e06230 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564021dfd2a0 from symkey-key@0x564021e06230 | hmac prf: begin sha with context 0x564021dfd2a0 from symkey-key@0x564021e06230 | hmac: release clone-key@0x564021e06230 | hmac PRF sha crypt-prf@0x564021e15350 | idhash auth R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x564021e197e4 (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7fff864dba30 (length 20) | c8 bc 37 bf ab a0 9a b8 53 0c 59 79 29 77 82 a9 | 62 4b 97 ed | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x564021e0a240 (line=1) | concluding with best_match=014 best=0x564021e0a240 (lineno=1) | inputs to hash1 (first packet) | 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 f5 5b 6c 89 fc 3a 2b 29 4f b3 64 aa | 61 48 91 ef 69 2d 57 cc f2 19 d1 2d 8a cd c7 16 | e0 26 a9 03 22 b3 f5 c6 5e 9d 56 d6 d0 a4 27 55 | 50 d8 96 45 f1 42 d5 fe 10 a1 cd 5d 81 ee ad 80 | 01 90 47 68 1d 8a aa af 80 f8 c3 31 0b 8b 0a 0a | cf 47 78 45 b3 20 f5 d1 42 1e ff d1 a1 08 7b 49 | fa 0d bf 35 a4 fb 30 be 41 bf d0 d5 0f 7d 9c d4 | 6d c3 59 ff 6d f6 b7 bb 7e 47 7e 0c ff 60 67 60 | 2a 09 01 21 df 41 76 e9 13 83 31 82 ae 8c ad 20 | 13 3d aa 18 1b fd 9a ce f0 f9 3c 36 8e 3a 25 38 | aa da 30 9f ce 49 b9 1c 11 52 6c f8 b8 15 35 f0 | 9f 71 4b 0c 7b 06 68 cf 83 a8 81 47 90 82 2f 38 | 20 fe 49 66 7c 40 f3 55 66 aa 9d a2 4d 9f 80 dc | 9e 06 5b a0 01 66 64 d5 b3 1b 5d 43 60 49 73 1d | 0a 5b 36 89 70 4b 68 49 72 9d 13 78 d9 d7 8f 12 | 49 f5 e1 fd 8a 9e 17 fc 4b 5f e7 37 36 db f6 7a | 1f e6 b0 83 29 00 00 24 7f 9a 44 bf d6 07 9e 5a | 97 6a 89 84 84 1d 0b 69 54 64 68 25 54 5f 5b f1 | d9 2a 7d 82 a8 df dd 15 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 f3 a7 da b5 2f 0e 0e 77 | 89 b4 bc 13 75 b4 7e 6d bc 95 bc 1e 00 00 00 1c | 00 00 40 05 28 f3 3a e4 a7 27 99 d1 02 6a 6e a0 | f3 4c 7a a0 1d c5 98 7f | verify: initiator inputs to hash2 (initiator nonce) | 70 d6 aa 5c 81 5d a9 b0 1c 5f 80 0c a0 b9 20 86 | f8 1a bc 3c 1a ba 84 24 9b ab 67 e2 a2 34 4a 53 | idhash c8 bc 37 bf ab a0 9a b8 53 0c 59 79 29 77 82 a9 | idhash 62 4b 97 ed | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x564021e14a20 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db6e0 | result: shared secret-key@0x7f5cd0006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7f5cd0006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6c8 | result: shared secret-key@0x564021e06230 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7f5cd0006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x564021dfd2a0 from shared secret-key@0x564021e06230 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x564021dfd2a0 from shared secret-key@0x564021e06230 | = prf(,"Key Pad for IKEv2"): release clone-key@0x564021e06230 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x564021e16cc0 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x5640204d6bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db700 | result: final-key@0x7f5cd0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cd0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6e8 | result: final-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f5cd0006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x564021e06230 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x564021e06230 (size 20) | = prf(, ): -key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6f8 | result: clone-key@0x7f5cd0006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x564021dfd2a0 from -key@0x7f5cd0006900 | = prf(, ) prf: begin sha with context 0x564021dfd2a0 from -key@0x7f5cd0006900 | = prf(, ): release clone-key@0x7f5cd0006900 | = prf(, ) PRF sha crypt-prf@0x564021e15370 | = prf(, ) PRF sha update first-packet-bytes@0x564021da9230 (length 440) | 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 f5 5b 6c 89 fc 3a 2b 29 4f b3 64 aa | 61 48 91 ef 69 2d 57 cc f2 19 d1 2d 8a cd c7 16 | e0 26 a9 03 22 b3 f5 c6 5e 9d 56 d6 d0 a4 27 55 | 50 d8 96 45 f1 42 d5 fe 10 a1 cd 5d 81 ee ad 80 | 01 90 47 68 1d 8a aa af 80 f8 c3 31 0b 8b 0a 0a | cf 47 78 45 b3 20 f5 d1 42 1e ff d1 a1 08 7b 49 | fa 0d bf 35 a4 fb 30 be 41 bf d0 d5 0f 7d 9c d4 | 6d c3 59 ff 6d f6 b7 bb 7e 47 7e 0c ff 60 67 60 | 2a 09 01 21 df 41 76 e9 13 83 31 82 ae 8c ad 20 | 13 3d aa 18 1b fd 9a ce f0 f9 3c 36 8e 3a 25 38 | aa da 30 9f ce 49 b9 1c 11 52 6c f8 b8 15 35 f0 | 9f 71 4b 0c 7b 06 68 cf 83 a8 81 47 90 82 2f 38 | 20 fe 49 66 7c 40 f3 55 66 aa 9d a2 4d 9f 80 dc | 9e 06 5b a0 01 66 64 d5 b3 1b 5d 43 60 49 73 1d | 0a 5b 36 89 70 4b 68 49 72 9d 13 78 d9 d7 8f 12 | 49 f5 e1 fd 8a 9e 17 fc 4b 5f e7 37 36 db f6 7a | 1f e6 b0 83 29 00 00 24 7f 9a 44 bf d6 07 9e 5a | 97 6a 89 84 84 1d 0b 69 54 64 68 25 54 5f 5b f1 | d9 2a 7d 82 a8 df dd 15 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 f3 a7 da b5 2f 0e 0e 77 | 89 b4 bc 13 75 b4 7e 6d bc 95 bc 1e 00 00 00 1c | 00 00 40 05 28 f3 3a e4 a7 27 99 d1 02 6a 6e a0 | f3 4c 7a a0 1d c5 98 7f | = prf(, ) PRF sha update nonce-bytes@0x7f5cc800a380 (length 32) | 70 d6 aa 5c 81 5d a9 b0 1c 5f 80 0c a0 b9 20 86 | f8 1a bc 3c 1a ba 84 24 9b ab 67 e2 a2 34 4a 53 | = prf(, ) PRF sha update hash-bytes@0x7fff864dba30 (length 20) | c8 bc 37 bf ab a0 9a b8 53 0c 59 79 29 77 82 a9 | 62 4b 97 ed | = prf(, ) PRF sha final-chunk@0x564021e15350 (length 20) | a8 2c fb 5e ca e0 f4 f2 7c 72 fc 4d 84 7d a2 d1 | 53 3c d1 a9 | psk_auth: release prf-psk-key@0x564021e06230 | Received PSK auth octets | a8 2c fb 5e ca e0 f4 f2 7c 72 fc 4d 84 7d a2 d1 | 53 3c d1 a9 | Calculated PSK auth octets | a8 2c fb 5e ca e0 f4 f2 7c 72 fc 4d 84 7d a2 d1 | 53 3c d1 a9 "aes128" #10: Authenticated using authby=secret | parent state #9: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) | #9 will start re-keying in 2568 seconds with margin of 1032 seconds (attempting re-key) | state #9 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f5cc8011520 | free_event_entry: release EVENT_SA_REPLACE-pe@0x564021e153b0 | event_schedule: new EVENT_SA_REKEY-pe@0x564021e153b0 | inserting event EVENT_SA_REKEY, timeout in 2568 seconds for #9 | libevent_malloc: new ptr-libevent@0x7f5cc8011520 size 128 | pstats #9 ikev2.ike established | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | evaluating our conn="aes128" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found an acceptable TSi/TSr Traffic Selector | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | using existing local ESP/AH proposals for aes128 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI 9c 5d 98 41 | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | *****parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=9c5d9841;ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | integ=sha: .key_size=20 encrypt=aes: .key_size=16 .salt_size=0 keymat_len=36 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db7e0 | result: data=Ni-key@0x7f5cd0006900 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x7f5cd0006900 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db7c8 | result: data=Ni-key@0x564021e06230 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x7f5cd0006900 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e06230 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff864db7d0 | result: data+=Nr-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564021e06230 | prf+0 PRF sha init key-key@0x7f5cc800d640 (size 20) | prf+0: key-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6f8 | result: clone-key@0x564021e06230 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x564021dfd2a0 from key-key@0x564021e06230 | prf+0 prf: begin sha with context 0x564021dfd2a0 from key-key@0x564021e06230 | prf+0: release clone-key@0x564021e06230 | prf+0 PRF sha crypt-prf@0x564021e17f60 | prf+0 PRF sha update seed-key@0x7f5cd0006900 (size 64) | prf+0: seed-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f5cd0006900 | nss hmac digest hack: symkey-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-2041728192: 6f 01 ffffffb2 3a ffffff97 ffffffa1 61 ffffffcc ffffffba 4c ffffff82 00 63 ffffffdf ffffff91 ffffff9a ffffff98 fffffff6 4c 56 ffffffc4 ffffffcf ffffff96 ffffffc6 11 ffffffae ffffff88 18 63 ffffffd7 ffffff91 ffffffd7 46 ffffffb3 28 61 ffffff81 fffffff8 5b ffffff89 ffffffbb 6d ffffffbe 72 ffffffdd ffffffb1 7f 43 ffffffd4 18 ffffffd3 50 ffffffa5 5f ffffff95 5f 6b 78 ffffffb6 ffffff83 03 ffffff93 ffffffbc 00 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 64 bytes at 0x564021e1a0f0 | unwrapped: 70 d6 aa 5c 81 5d a9 b0 1c 5f 80 0c a0 b9 20 86 | unwrapped: f8 1a bc 3c 1a ba 84 24 9b ab 67 e2 a2 34 4a 53 | unwrapped: 7f 9a 44 bf d6 07 9e 5a 97 6a 89 84 84 1d 0b 69 | unwrapped: 54 64 68 25 54 5f 5b f1 d9 2a 7d 82 a8 df dd 15 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db700 | result: final-key@0x7f5cc800eec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cc800eec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6e8 | result: final-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f5cc800eec0 | prf+0 PRF sha final-key@0x564021e06230 (size 20) | prf+0: key-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x564021e06230 | prf+N PRF sha init key-key@0x7f5cc800d640 (size 20) | prf+N: key-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6f8 | result: clone-key@0x7f5cc800eec0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x564021dfd2a0 from key-key@0x7f5cc800eec0 | prf+N prf: begin sha with context 0x564021dfd2a0 from key-key@0x7f5cc800eec0 | prf+N: release clone-key@0x7f5cc800eec0 | prf+N PRF sha crypt-prf@0x564021e16cc0 | prf+N PRF sha update old_t-key@0x564021e06230 (size 20) | prf+N: old_t-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021e06230 | nss hmac digest hack: symkey-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-2041728192: ffffffb5 ffffff93 fffffff2 ffffffd8 43 ffffff98 ffffffbf 4a ffffff8a ffffffd7 76 ffffffe9 ffffffca 31 52 ffffffea 16 3c 51 6a ffffffac ffffffeb fffffffc ffffffcc 4d ffffffa2 ffffffcf 53 ffffffc2 52 53 1c | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x564021e17fa0 | unwrapped: ee 0d a4 7a 65 75 bb 82 8a c5 e7 72 18 12 0f ce | unwrapped: b8 7f 84 b8 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f5cd0006900 (size 64) | prf+N: seed-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f5cd0006900 | nss hmac digest hack: symkey-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-2041728192: 6f 01 ffffffb2 3a ffffff97 ffffffa1 61 ffffffcc ffffffba 4c ffffff82 00 63 ffffffdf ffffff91 ffffff9a ffffff98 fffffff6 4c 56 ffffffc4 ffffffcf ffffff96 ffffffc6 11 ffffffae ffffff88 18 63 ffffffd7 ffffff91 ffffffd7 46 ffffffb3 28 61 ffffff81 fffffff8 5b ffffff89 ffffffbb 6d ffffffbe 72 ffffffdd ffffffb1 7f 43 ffffffd4 18 ffffffd3 50 ffffffa5 5f ffffff95 5f 6b 78 ffffffb6 ffffff83 03 ffffff93 ffffffbc 00 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 64 bytes at 0x564021e1a190 | unwrapped: 70 d6 aa 5c 81 5d a9 b0 1c 5f 80 0c a0 b9 20 86 | unwrapped: f8 1a bc 3c 1a ba 84 24 9b ab 67 e2 a2 34 4a 53 | unwrapped: 7f 9a 44 bf d6 07 9e 5a 97 6a 89 84 84 1d 0b 69 | unwrapped: 54 64 68 25 54 5f 5b f1 d9 2a 7d 82 a8 df dd 15 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db700 | result: final-key@0x7f5cc800a510 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cc800a510 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6e8 | result: final-key@0x7f5cc800eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f5cc800a510 | prf+N PRF sha final-key@0x7f5cc800eec0 (size 20) | prf+N: key-key@0x7f5cc800eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff864db778 | result: result-key@0x7f5cc800a510 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021e06230 | prfplus: release old_t[N]-key@0x564021e06230 | prf+N PRF sha init key-key@0x7f5cc800d640 (size 20) | prf+N: key-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6f8 | result: clone-key@0x564021e06230 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x564021dfd2a0 from key-key@0x564021e06230 | prf+N prf: begin sha with context 0x564021dfd2a0 from key-key@0x564021e06230 | prf+N: release clone-key@0x564021e06230 | prf+N PRF sha crypt-prf@0x564021e15370 | prf+N PRF sha update old_t-key@0x7f5cc800eec0 (size 20) | prf+N: old_t-key@0x7f5cc800eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f5cc800eec0 | nss hmac digest hack: symkey-key@0x7f5cc800eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-2041728192: 22 78 3a 5b ffffffa1 ffffffe1 39 ffffffde 2c ffffff92 ffffffad fffffffc 33 7b 20 7f 5e fffffffb ffffffb4 ffffffb8 fffffff6 03 39 4b 19 23 6c ffffffd2 52 fffffff8 ffffffd5 7e | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x564021e1fe90 | unwrapped: 9b 32 94 c3 5b 54 a4 8e c4 14 fb 07 c1 c1 cc 34 | unwrapped: bf aa ea 0c 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f5cd0006900 (size 64) | prf+N: seed-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f5cd0006900 | nss hmac digest hack: symkey-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-2041728192: 6f 01 ffffffb2 3a ffffff97 ffffffa1 61 ffffffcc ffffffba 4c ffffff82 00 63 ffffffdf ffffff91 ffffff9a ffffff98 fffffff6 4c 56 ffffffc4 ffffffcf ffffff96 ffffffc6 11 ffffffae ffffff88 18 63 ffffffd7 ffffff91 ffffffd7 46 ffffffb3 28 61 ffffff81 fffffff8 5b ffffff89 ffffffbb 6d ffffffbe 72 ffffffdd ffffffb1 7f 43 ffffffd4 18 ffffffd3 50 ffffffa5 5f ffffff95 5f 6b 78 ffffffb6 ffffff83 03 ffffff93 ffffffbc 00 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 64 bytes at 0x564021e15300 | unwrapped: 70 d6 aa 5c 81 5d a9 b0 1c 5f 80 0c a0 b9 20 86 | unwrapped: f8 1a bc 3c 1a ba 84 24 9b ab 67 e2 a2 34 4a 53 | unwrapped: 7f 9a 44 bf d6 07 9e 5a 97 6a 89 84 84 1d 0b 69 | unwrapped: 54 64 68 25 54 5f 5b f1 d9 2a 7d 82 a8 df dd 15 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db700 | result: final-key@0x564021e1e110 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e1e110 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6e8 | result: final-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e1e110 | prf+N PRF sha final-key@0x564021e06230 (size 20) | prf+N: key-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f5cc800a510 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff864db778 | result: result-key@0x564021e1e110 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f5cc800a510 | prfplus: release old_t[N]-key@0x7f5cc800eec0 | prf+N PRF sha init key-key@0x7f5cc800d640 (size 20) | prf+N: key-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6f8 | result: clone-key@0x7f5cc800eec0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x564021dfd2a0 from key-key@0x7f5cc800eec0 | prf+N prf: begin sha with context 0x564021dfd2a0 from key-key@0x7f5cc800eec0 | prf+N: release clone-key@0x7f5cc800eec0 | prf+N PRF sha crypt-prf@0x564021e16cc0 | prf+N PRF sha update old_t-key@0x564021e06230 (size 20) | prf+N: old_t-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021e06230 | nss hmac digest hack: symkey-key@0x564021e06230 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-2041728192: 4e ffffffd2 1e ffffffc9 1a 1c 7f ffffffe3 fffffffb 2e ffffffdd 18 34 ffffffa5 58 33 4b ffffff96 3d ffffff82 ffffffb1 ffffffb0 ffffff99 0d 56 2b ffffffc8 10 ffffffb7 ffffffca ffffffe6 0b | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x564021e17fa0 | unwrapped: 0c 27 58 90 1a 75 6c ce b4 bf ad 05 1c 20 de 77 | unwrapped: 30 51 8e f5 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f5cd0006900 (size 64) | prf+N: seed-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f5cd0006900 | nss hmac digest hack: symkey-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-2041728192: 6f 01 ffffffb2 3a ffffff97 ffffffa1 61 ffffffcc ffffffba 4c ffffff82 00 63 ffffffdf ffffff91 ffffff9a ffffff98 fffffff6 4c 56 ffffffc4 ffffffcf ffffff96 ffffffc6 11 ffffffae ffffff88 18 63 ffffffd7 ffffff91 ffffffd7 46 ffffffb3 28 61 ffffff81 fffffff8 5b ffffff89 ffffffbb 6d ffffffbe 72 ffffffdd ffffffb1 7f 43 ffffffd4 18 ffffffd3 50 ffffffa5 5f ffffff95 5f 6b 78 ffffffb6 ffffff83 03 ffffff93 ffffffbc 00 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 64 bytes at 0x564021e18160 | unwrapped: 70 d6 aa 5c 81 5d a9 b0 1c 5f 80 0c a0 b9 20 86 | unwrapped: f8 1a bc 3c 1a ba 84 24 9b ab 67 e2 a2 34 4a 53 | unwrapped: 7f 9a 44 bf d6 07 9e 5a 97 6a 89 84 84 1d 0b 69 | unwrapped: 54 64 68 25 54 5f 5b f1 d9 2a 7d 82 a8 df dd 15 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db700 | result: final-key@0x7f5cc800a510 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cc800a510 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6e8 | result: final-key@0x7f5cc800eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f5cc800a510 | prf+N PRF sha final-key@0x7f5cc800eec0 (size 20) | prf+N: key-key@0x7f5cc800eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e1e110 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff864db778 | result: result-key@0x7f5cc800a510 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021e1e110 | prfplus: release old_t[N]-key@0x564021e06230 | prfplus: release old_t[final]-key@0x7f5cc800eec0 | child_sa_keymat: release data-key@0x7f5cd0006900 | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x7f5cc800a510 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db858 | result: result-key@0x7f5cd0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 36 bytes of key@0x7f5cd0006900 | initiator to responder keys: symkey-key@0x7f5cd0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x564021dfdd40 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1717986918: ffffffb5 ffffff93 fffffff2 ffffffd8 43 ffffff98 ffffffbf 4a ffffff8a ffffffd7 76 ffffffe9 ffffffca 31 52 ffffffea 64 ffffffeb ffffff84 26 06 2d 32 3d fffffff4 ffffffdf 6b ffffffb1 63 ffffffe2 68 32 20 ffffffdc 11 14 49 ffffffaa ffffffd8 29 ffffff89 ffffffe3 48 6d 66 fffffffe ffffff93 ffffffaf | initiator to responder keys: release slot-key-key@0x564021dfdd40 | initiator to responder keys extracted len 48 bytes at 0x564021e1fa80 | unwrapped: ee 0d a4 7a 65 75 bb 82 8a c5 e7 72 18 12 0f ce | unwrapped: b8 7f 84 b8 9b 32 94 c3 5b 54 a4 8e c4 14 fb 07 | unwrapped: c1 c1 cc 34 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x7f5cd0006900 | key-offset: 36, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x7f5cc800a510 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db858 | result: result-key@0x7f5cd0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 36 bytes of key@0x7f5cd0006900 | responder to initiator keys:: symkey-key@0x7f5cd0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x564021dfdd40 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1717986918: 72 18 31 25 2a ffffffd6 54 ffffffbb 39 ffffff95 33 ffffffd8 ffffffa2 fffffff0 ffffffd0 ffffffd2 31 ffffff8b 6a ffffffee ffffff8e fffffff1 25 ffffffb1 61 01 6a ffffff8b 5c ffffffc7 12 ffffffb1 03 3e 04 5f ffffffdc ffffff89 ffffffcd ffffffa0 34 7d 0e ffffff9d 2c ffffffa3 ffffffa8 ffffff9e | responder to initiator keys:: release slot-key-key@0x564021dfdd40 | responder to initiator keys: extracted len 48 bytes at 0x564021e1fac0 | unwrapped: bf aa ea 0c 0c 27 58 90 1a 75 6c ce b4 bf ad 05 | unwrapped: 1c 20 de 77 30 51 8e f5 ab aa f3 e6 bf 86 05 96 | unwrapped: b0 88 cc b4 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x7f5cd0006900 | ikev2_derive_child_keys: release keymat-key@0x7f5cc800a510 | #9 spent 2.03 milliseconds | install_ipsec_sa() for #10: inbound and outbound | could_route called for aes128 (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn aes128 mark 0/00000000, 0/00000000 vs | conn aes128 mark 0/00000000, 0/00000000 | route owner of "aes128" unrouted: NULL; eroute owner: NULL | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'aes128' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.9c5d9841@192.1.2.23 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'aes128' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.3aa70a7e@192.1.2.45 included non-error error | priority calculation of connection "aes128" is 0xfe7e7 | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #10: unrouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn aes128 mark 0/00000000, 0/00000000 vs | conn aes128 mark 0/00000000, 0/00000000 | route owner of "aes128" unrouted: NULL; eroute owner: NULL | route_and_eroute with c: aes128 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #10 | priority calculation of connection "aes128" is 0xfe7e7 | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16404' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x9c5d9841 SPI_OUT= | popen cmd is 1025 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west: | cmd( 160):' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):404' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+U: | cmd( 640):P+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' : | cmd( 720):PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_D: | cmd( 800):NS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' P: | cmd( 880):LUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SH: | cmd( 960):ARED='no' SPI_IN=0x9c5d9841 SPI_OUT=0x3aa70a7e ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | running updown command "ipsec _updown" for verb prepare | command executing prepare-client | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16404' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x9c5d984 | popen cmd is 1030 chars long | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_: | cmd( 80):INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID=': | cmd( 160):@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_C: | cmd( 240):LIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQI: | cmd( 320):D='16404' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUT: | cmd( 400):O_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT: | cmd( 480):_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=: | cmd( 560):'' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+: | cmd( 640):PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMAN: | cmd( 720):ENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_P: | cmd( 800):EER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER=: | cmd( 880):'0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' V: | cmd( 960):TI_SHARED='no' SPI_IN=0x9c5d9841 SPI_OUT=0x3aa70a7e ipsec _updown 2>&1: | running updown command "ipsec _updown" for verb route | command executing route-client | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16404' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x9c5d9841 SP | popen cmd is 1028 chars long | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_IN: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@w: | cmd( 160):est' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLI: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: | cmd( 320):'16404' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_: | cmd( 400):PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_M: | cmd( 480):ASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='': | cmd( 560): PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PF: | cmd( 640):S+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANEN: | cmd( 720):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: | cmd( 800):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: | cmd( 880):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: | cmd( 960):_SHARED='no' SPI_IN=0x9c5d9841 SPI_OUT=0x3aa70a7e ipsec _updown 2>&1: | route_and_eroute: instance "aes128", setting eroute_owner {spd=0x564021e15b10,sr=0x564021e15b10} to #10 (was #0) (newest_ipsec_sa=#0) | #9 spent 0.778 milliseconds in install_ipsec_sa() | inR2: instance aes128[0], setting IKEv2 newest_ipsec_sa to #10 (was #0) (spd.eroute=#10) cloned from #9 | state #10 requesting EVENT_RETRANSMIT to be deleted | #10 STATE_PARENT_I2: retransmits: cleared | libevent_free: release ptr-libevent@0x7f5cd0006800 | free_event_entry: release EVENT_RETRANSMIT-pe@0x564021e1fb00 | #10 spent 2.5 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() | [RE]START processing: state #10 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #10 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I | child state #10: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) | Message ID: updating counters for #10 to 1 after switching state | Message ID: recv #9.#10 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 | Message ID: #9.#10 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 | pstats #10 ikev2.child established "aes128" #10: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] | NAT-T: encaps is 'auto' "aes128" #10: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x9c5d9841 <0x3aa70a7e xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | releasing whack for #10 (sock=fd@25) | close_any(fd@25) (in release_whack() at state.c:654) | releasing whack and unpending for parent #9 | unpending state #9 connection "aes128" | delete from pending Child SA with 192.1.2.23 "aes128" | removing pending policy for no connection {0x564021e1e1d0} | close_any(fd@24) (in release_whack() at state.c:654) | #10 will start re-keying in 28154 seconds with margin of 646 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x564021e1fb00 | inserting event EVENT_SA_REKEY, timeout in 28154 seconds for #10 | libevent_malloc: new ptr-libevent@0x7f5cd0006800 size 128 | stop processing: state #10 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #9 spent 2.95 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 2.96 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00416 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00266 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00266 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | get_sa_info esp.3aa70a7e@192.1.2.45 | get_sa_info esp.9c5d9841@192.1.2.23 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0716 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | FOR_EACH_STATE_... in shared_phase1_connection | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #10 | suspend processing: connection "aes128" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #10 connection "aes128" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #10 ikev2.child deleted completed | #10 spent 2.5 milliseconds in total | [RE]START processing: state #10 connection "aes128" from 192.1.2.23:500 (in delete_state() at state.c:879) "aes128" #10: deleting state (STATE_V2_IPSEC_I) aged 0.136s and sending notification | child state #10: V2_IPSEC_I(established CHILD SA) => delete | get_sa_info esp.9c5d9841@192.1.2.23 | get_sa_info esp.3aa70a7e@192.1.2.45 "aes128" #10: ESP traffic information: in=84B out=84B | #10 send IKEv2 delete notification for STATE_V2_IPSEC_I | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | 65 12 22 b9 cd 6a 2c 4d | responder cookie: | f2 c8 2c 02 54 24 8b 03 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting 4 raw bytes of local spis into IKEv2 Delete Payload | local spis 3a a7 0a 7e | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 27 d7 01 f2 f8 cd cd 9a d5 0e 9c e4 f8 43 77 7f | data before encryption: | 00 00 00 0c 03 04 00 01 3a a7 0a 7e 00 01 02 03 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 14 dc 25 bb e8 c8 00 3f 36 38 8a 9d e1 73 68 db | hmac PRF sha init symkey-key@0x564021dfb870 (size 20) | hmac: symkey-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864d8698 | result: clone-key@0x7f5cc800a510 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564021dfd2a0 from symkey-key@0x7f5cc800a510 | hmac prf: begin sha with context 0x564021dfd2a0 from symkey-key@0x7f5cc800a510 | hmac: release clone-key@0x7f5cc800a510 | hmac PRF sha crypt-prf@0x564021e15390 | hmac PRF sha update data-bytes@0x7fff864d8a70 (length 64) | 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | 27 d7 01 f2 f8 cd cd 9a d5 0e 9c e4 f8 43 77 7f | 14 dc 25 bb e8 c8 00 3f 36 38 8a 9d e1 73 68 db | hmac PRF sha final-bytes@0x7fff864d8ab0 (length 20) | ee 7e 3e 41 97 57 14 a1 f0 49 4a ab 44 97 57 2a | 4c 75 36 ec | data being hmac: 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | data being hmac: 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | data being hmac: 27 d7 01 f2 f8 cd cd 9a d5 0e 9c e4 f8 43 77 7f | data being hmac: 14 dc 25 bb e8 c8 00 3f 36 38 8a 9d e1 73 68 db | out calculated auth: | ee 7e 3e 41 97 57 14 a1 f0 49 4a ab | sending 76 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #10) | 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | 27 d7 01 f2 f8 cd cd 9a d5 0e 9c e4 f8 43 77 7f | 14 dc 25 bb e8 c8 00 3f 36 38 8a 9d e1 73 68 db | ee 7e 3e 41 97 57 14 a1 f0 49 4a ab | Message ID: IKE #9 sender #10 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 | Message ID: IKE #9 sender #10 in send_delete hacking around record ' send | Message ID: sent #9 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->2 wip.responder=-1 | state #10 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7f5cd0006800 | free_event_entry: release EVENT_SA_REKEY-pe@0x564021e1fb00 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16404' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050309' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x9c5d984 | popen cmd is 1033 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INT: | cmd( 80):ERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@we: | cmd( 160):st' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIE: | cmd( 240):NT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=': | cmd( 320):16404' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_P: | cmd( 400):EER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MA: | cmd( 480):SK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' : | cmd( 560):PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050309' PLUTO_CONN_POLICY='PSK+ENCRYPT+T: | cmd( 640):UNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PER: | cmd( 720):MANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUT: | cmd( 800):O_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERV: | cmd( 880):ER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no: | cmd( 960):' VTI_SHARED='no' SPI_IN=0x9c5d9841 SPI_OUT=0x3aa70a7e ipsec _updown 2>&1: | shunt_eroute() called for connection 'aes128' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 | priority calculation of connection "aes128" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.9c5d9841@192.1.2.23 | netlink response for Del SA esp.9c5d9841@192.1.2.23 included non-error error | priority calculation of connection "aes128" is 0xfe7e7 | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | delete esp.3aa70a7e@192.1.2.45 | netlink response for Del SA esp.3aa70a7e@192.1.2.45 included non-error error | stop processing: connection "aes128" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #10 in V2_IPSEC_I | child state #10: V2_IPSEC_I(established CHILD SA) => UNDEFINED(ignore) | stop processing: state #10 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f5cc800d640 | delete_state: release st->st_skey_ai_nss-key@0x564021dfb870 | delete_state: release st->st_skey_ar_nss-key@0x564021e07b90 | delete_state: release st->st_skey_ei_nss-key@0x564021df9ff0 | delete_state: release st->st_skey_er_nss-key@0x564021e01140 | delete_state: release st->st_skey_pi_nss-key@0x564021e19e70 | delete_state: release st->st_skey_pr_nss-key@0x7f5cc80069f0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #9 | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #9 | start processing: state #9 connection "aes128" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #9 ikev2.ike deleted completed | #9 spent 9.16 milliseconds in total | [RE]START processing: state #9 connection "aes128" from 192.1.2.23:500 (in delete_state() at state.c:879) "aes128" #9: deleting state (STATE_PARENT_I3) aged 0.161s and sending notification | parent state #9: PARENT_I3(established IKE SA) => delete | #9 send IKEv2 delete notification for STATE_PARENT_I3 | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | 65 12 22 b9 cd 6a 2c 4d | responder cookie: | f2 c8 2c 02 54 24 8b 03 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting length of IKEv2 Delete Payload: 8 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 35 65 16 48 18 5e 28 b5 07 f4 b4 d4 82 63 fa ed | data before encryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 7d 60 07 10 fd 60 44 47 e0 07 e8 01 91 5b cd 24 | hmac PRF sha init symkey-key@0x564021dfb870 (size 20) | hmac: symkey-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864d8698 | result: clone-key@0x7f5cc800a510 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564021dfd2a0 from symkey-key@0x7f5cc800a510 | hmac prf: begin sha with context 0x564021dfd2a0 from symkey-key@0x7f5cc800a510 | hmac: release clone-key@0x7f5cc800a510 | hmac PRF sha crypt-prf@0x564021e15350 | hmac PRF sha update data-bytes@0x7fff864d8a70 (length 64) | 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | 35 65 16 48 18 5e 28 b5 07 f4 b4 d4 82 63 fa ed | 7d 60 07 10 fd 60 44 47 e0 07 e8 01 91 5b cd 24 | hmac PRF sha final-bytes@0x7fff864d8ab0 (length 20) | 39 65 6e 09 60 e4 c0 ca 69 b7 e3 d9 9c 14 25 b2 | 29 c4 4c 27 | data being hmac: 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | data being hmac: 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | data being hmac: 35 65 16 48 18 5e 28 b5 07 f4 b4 d4 82 63 fa ed | data being hmac: 7d 60 07 10 fd 60 44 47 e0 07 e8 01 91 5b cd 24 | out calculated auth: | 39 65 6e 09 60 e4 c0 ca 69 b7 e3 d9 | sending 76 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #9) | 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | 35 65 16 48 18 5e 28 b5 07 f4 b4 d4 82 63 fa ed | 7d 60 07 10 fd 60 44 47 e0 07 e8 01 91 5b cd 24 | 39 65 6e 09 60 e4 c0 ca 69 b7 e3 d9 | Message ID: IKE #9 sender #9 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 | Message ID: IKE #9 sender #9 in send_delete hacking around record ' send | Message ID: #9 XXX: expecting sender.wip.initiator 2 == -1 - suspect record'n'send out-of-order?); initiator.sent=3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=3 wip.responder=-1 | Message ID: sent #9 request 3; ike: initiator.sent=2->3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=2->3 wip.responder=-1 | state #9 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7f5cc8011520 | free_event_entry: release EVENT_SA_REKEY-pe@0x564021e153b0 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #9 in PARENT_I3 | parent state #9: PARENT_I3(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f5cc8002010: destroyed | stop processing: state #9 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x564021e04570 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f5cc800d640 | delete_state: release st->st_skey_ai_nss-key@0x564021dfb870 | delete_state: release st->st_skey_ar_nss-key@0x564021e07b90 | delete_state: release st->st_skey_ei_nss-key@0x564021df9ff0 | delete_state: release st->st_skey_er_nss-key@0x564021e01140 | delete_state: release st->st_skey_pi_nss-key@0x564021e19e70 | delete_state: release st->st_skey_pr_nss-key@0x7f5cc80069f0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.3 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.0045 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00314 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | 60 62 cf e8 60 8c 33 73 ef 17 5f 83 ac 8b 14 80 | 58 fa 22 36 bd d8 3b 42 23 fa 9a ee 66 8a 52 bb | d4 ca b8 07 fd 33 89 80 56 7d 40 c8 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 65 12 22 b9 cd 6a 2c 4d | responder cookie: | f2 c8 2c 02 54 24 8b 03 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0668 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00192 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 65 12 22 b9 cd 6a 2c 4d f2 c8 2c 02 54 24 8b 03 | 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | b1 7e 80 1d 06 37 18 07 13 01 af ee 92 43 d4 31 | 2e b8 b2 af db 2c 89 3e 5b af 8b 2d a1 4b 8b 92 | eb b5 ca 41 79 d8 ee fc 7e bd d2 72 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 65 12 22 b9 cd 6a 2c 4d | responder cookie: | f2 c8 2c 02 54 24 8b 03 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0693 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | stop processing: connection "aes128" (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | shunt_eroute() called for connection 'aes128' to 'delete' for rt_kind 'unrouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 | priority calculation of connection "aes128" is 0xfe7e7 | priority calculation of connection "aes128" is 0xfe7e7 | FOR_EACH_CONNECTION_... in route_owner | conn aes128 mark 0/00000000, 0/00000000 vs | conn aes128 mark 0/00000000, 0/00000000 | route owner of "aes128" unrouted: NULL | running updown command "ipsec _updown" for verb unroute | command executing unroute-client | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16404' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT | popen cmd is 1014 chars long | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_: | cmd( 80):INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID=': | cmd( 160):@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_C: | cmd( 240):LIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQI: | cmd( 320):D='16404' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLU: | cmd( 400):TO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIEN: | cmd( 480):T_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA: | cmd( 560):='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL: | cmd( 640):+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANEN: | cmd( 720):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: | cmd( 800):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: | cmd( 880):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: | cmd( 960):_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. | free hp@0x564021e17b30 | flush revival: connection 'aes128' wasn't on the list | stop processing: connection "aes128" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.592 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00427 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing suppress-retransmits + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | child-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0628 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + delete-on-retransmit | base impairing = delete-on-retransmit | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0407 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | ike-key-length-attribute:OMIT | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0605 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection aes128 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x564021e16c10 added connection description "aes128" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.137 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #11 at 0x564021e16060 | State DB: adding IKEv2 state #11 in UNDEFINED | pstats #11 ikev2.ike started | Message ID: init #11: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #11: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #11; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #11 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #11 "aes128" "aes128" #11: initiating v2 parent SA | constructing local IKE proposals for aes128 (IKE SA initiator selecting KE) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "aes128": constructed local IKE proposals for aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 11 for state #11 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564021e1fac0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #11 | libevent_malloc: new ptr-libevent@0x7f5cd0006800 size 128 | #11 spent 0.122 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #11 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.194 milliseconds in whack | crypto helper 5 resuming | crypto helper 5 starting work-order 11 for state #11 | crypto helper 5 doing build KE and nonce (ikev2_outI1 KE); request ID 11 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f5cc00010c0: created | NSS: Local DH MODP2048 secret (pointer): 0x7f5cc00010c0 | NSS: Public DH wire value: | 1e 7b fb 99 4d 9c 37 a7 d7 11 19 9e ad 07 e2 34 | 20 31 c7 3f fc ed 76 66 9c ba f0 82 58 a4 df dc | 3d 6f 64 20 35 98 e2 8d b3 62 ea 22 fb 84 8d 19 | 60 ce 90 58 d0 93 a7 16 04 eb 93 b0 e9 5a bd 5d | 90 fd 9a f5 80 77 e5 67 0c 5c 30 02 14 9b fc dd | 7a 64 39 39 62 71 52 e2 23 a2 27 65 f5 f1 d0 7b | a7 57 20 e8 99 95 30 b4 b6 f6 52 15 b5 95 c5 4f | 5f 9d 6b 8e f4 01 54 61 31 76 b7 ca 86 e8 4e a3 | ea 7a f2 e9 ff 44 13 54 0a 88 bc c7 fb 35 4e 4a | a0 c3 ff ac 97 19 24 2f e8 94 61 81 ee 59 67 67 | 64 32 d4 02 c4 76 5c 41 06 52 41 74 ce 5e fb fb | 19 2a 76 07 48 42 fb 03 21 d9 5c 2c 2d b7 be 7a | bc f0 bc 0a 71 90 b9 7c cf 20 d9 0b 04 b4 a4 51 | e0 8a 6e ff 48 93 22 61 88 94 94 2c 4f 8c 2e 78 | ee c6 6d ef d5 a8 97 dc 1a f9 fe b0 b6 e8 1c 3d | ce 79 fd e5 2b 34 4e 61 41 c4 2e 99 44 e6 5b 3d | Generated nonce: df 16 b1 52 fe bd f0 3a 05 05 41 01 ed d9 40 af | Generated nonce: b2 91 7d 96 82 9b 14 bf f5 49 b7 37 4f f7 64 35 | crypto helper 5 finished build KE and nonce (ikev2_outI1 KE); request ID 11 time elapsed 0.001077 seconds | (#11) spent 1.08 milliseconds in crypto helper computing work-order 11: ikev2_outI1 KE (pcr) | crypto helper 5 sending results from work-order 11 for state #11 to event queue | scheduling resume sending helper answer for #11 | libevent_malloc: new ptr-libevent@0x7f5cc00016a0 size 128 | crypto helper 5 waiting (nothing to do) | processing resume sending helper answer for #11 | start processing: state #11 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 5 replies to request ID 11 | calling continuation function 0x564020443630 | ikev2_parent_outI1_continue for #11 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f5cc00010c0: transferring ownership from helper KE to state #11 | **emit ISAKMP Message: | initiator cookie: | fc f4 86 af 8d 65 a7 f0 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #11: IMPAIR: omitting fixed-size key-length attribute | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 1e 7b fb 99 4d 9c 37 a7 d7 11 19 9e ad 07 e2 34 | ikev2 g^x 20 31 c7 3f fc ed 76 66 9c ba f0 82 58 a4 df dc | ikev2 g^x 3d 6f 64 20 35 98 e2 8d b3 62 ea 22 fb 84 8d 19 | ikev2 g^x 60 ce 90 58 d0 93 a7 16 04 eb 93 b0 e9 5a bd 5d | ikev2 g^x 90 fd 9a f5 80 77 e5 67 0c 5c 30 02 14 9b fc dd | ikev2 g^x 7a 64 39 39 62 71 52 e2 23 a2 27 65 f5 f1 d0 7b | ikev2 g^x a7 57 20 e8 99 95 30 b4 b6 f6 52 15 b5 95 c5 4f | ikev2 g^x 5f 9d 6b 8e f4 01 54 61 31 76 b7 ca 86 e8 4e a3 | ikev2 g^x ea 7a f2 e9 ff 44 13 54 0a 88 bc c7 fb 35 4e 4a | ikev2 g^x a0 c3 ff ac 97 19 24 2f e8 94 61 81 ee 59 67 67 | ikev2 g^x 64 32 d4 02 c4 76 5c 41 06 52 41 74 ce 5e fb fb | ikev2 g^x 19 2a 76 07 48 42 fb 03 21 d9 5c 2c 2d b7 be 7a | ikev2 g^x bc f0 bc 0a 71 90 b9 7c cf 20 d9 0b 04 b4 a4 51 | ikev2 g^x e0 8a 6e ff 48 93 22 61 88 94 94 2c 4f 8c 2e 78 | ikev2 g^x ee c6 6d ef d5 a8 97 dc 1a f9 fe b0 b6 e8 1c 3d | ikev2 g^x ce 79 fd e5 2b 34 4e 61 41 c4 2e 99 44 e6 5b 3d | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce df 16 b1 52 fe bd f0 3a 05 05 41 01 ed d9 40 af | IKEv2 nonce b2 91 7d 96 82 9b 14 bf f5 49 b7 37 4f f7 64 35 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864dbf00 (length 8) | fc f4 86 af 8d 65 a7 f0 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864dbf08 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff864dbe34 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff864dbe26 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864dbeb0 (length 20) | 9c 49 e8 31 6b 1d 5e 04 d8 12 59 9d 1f 8a f2 5a | e2 97 72 ac | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= fc f4 86 af 8d 65 a7 f0 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 9c 49 e8 31 6b 1d 5e 04 d8 12 59 9d 1f 8a f2 5a | natd_hash: hash= e2 97 72 ac | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 9c 49 e8 31 6b 1d 5e 04 d8 12 59 9d 1f 8a f2 5a | Notify data e2 97 72 ac | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864dbf00 (length 8) | fc f4 86 af 8d 65 a7 f0 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864dbf08 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff864dbe34 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff864dbe26 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864dbeb0 (length 20) | 71 e4 16 e4 53 08 3e 4e 59 68 00 0e cb 77 13 17 | 25 67 27 c6 | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= fc f4 86 af 8d 65 a7 f0 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 71 e4 16 e4 53 08 3e 4e 59 68 00 0e cb 77 13 17 | natd_hash: hash= 25 67 27 c6 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 71 e4 16 e4 53 08 3e 4e 59 68 00 0e cb 77 13 17 | Notify data 25 67 27 c6 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 436 | stop processing: state #11 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #11 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #11 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #11: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #11 to 4294967295 after switching state | Message ID: IKE #11 skipping update_recv as MD is fake | Message ID: sent #11 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #11: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 436 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #11) | fc f4 86 af 8d 65 a7 f0 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 0c | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | 1e 7b fb 99 4d 9c 37 a7 d7 11 19 9e ad 07 e2 34 | 20 31 c7 3f fc ed 76 66 9c ba f0 82 58 a4 df dc | 3d 6f 64 20 35 98 e2 8d b3 62 ea 22 fb 84 8d 19 | 60 ce 90 58 d0 93 a7 16 04 eb 93 b0 e9 5a bd 5d | 90 fd 9a f5 80 77 e5 67 0c 5c 30 02 14 9b fc dd | 7a 64 39 39 62 71 52 e2 23 a2 27 65 f5 f1 d0 7b | a7 57 20 e8 99 95 30 b4 b6 f6 52 15 b5 95 c5 4f | 5f 9d 6b 8e f4 01 54 61 31 76 b7 ca 86 e8 4e a3 | ea 7a f2 e9 ff 44 13 54 0a 88 bc c7 fb 35 4e 4a | a0 c3 ff ac 97 19 24 2f e8 94 61 81 ee 59 67 67 | 64 32 d4 02 c4 76 5c 41 06 52 41 74 ce 5e fb fb | 19 2a 76 07 48 42 fb 03 21 d9 5c 2c 2d b7 be 7a | bc f0 bc 0a 71 90 b9 7c cf 20 d9 0b 04 b4 a4 51 | e0 8a 6e ff 48 93 22 61 88 94 94 2c 4f 8c 2e 78 | ee c6 6d ef d5 a8 97 dc 1a f9 fe b0 b6 e8 1c 3d | ce 79 fd e5 2b 34 4e 61 41 c4 2e 99 44 e6 5b 3d | 29 00 00 24 df 16 b1 52 fe bd f0 3a 05 05 41 01 | ed d9 40 af b2 91 7d 96 82 9b 14 bf f5 49 b7 37 | 4f f7 64 35 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 9c 49 e8 31 6b 1d 5e 04 d8 12 59 9d | 1f 8a f2 5a e2 97 72 ac 00 00 00 1c 00 00 40 05 | 71 e4 16 e4 53 08 3e 4e 59 68 00 0e cb 77 13 17 | 25 67 27 c6 | state #11 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f5cd0006800 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564021e1fac0 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x564021e1fac0 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #11 | libevent_malloc: new ptr-libevent@0x7f5cd0006800 size 128 | #11 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48956.241836 | resume sending helper answer for #11 suppresed complete_v2_state_transition() and stole MD | #11 spent 0.607 milliseconds in resume sending helper answer | stop processing: state #11 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5cc00016a0 | spent 0.00273 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | fc f4 86 af 8d 65 a7 f0 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | fc f4 86 af 8d 65 a7 f0 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #11 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #11 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #11 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #11 is idle | #11 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #11 IKE SPIi and SPI[ir] | #11 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "aes128" #11: STATE_PARENT_I1: received unauthenticated v2N_NO_PROPOSAL_CHOSEN - ignored | #11 spent 0.00925 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #11 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #11 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #11 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #11 spent 0.134 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.147 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x564021e1fac0 | handling event EVENT_RETRANSMIT for parent state #11 | start processing: state #11 connection "aes128" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) | IKEv2 retransmit event | [RE]START processing: state #11 connection "aes128" from 192.1.2.23:500 (in retransmit_v2_msg() at retry.c:144) | handling event EVENT_RETRANSMIT for 192.1.2.23 "aes128" #11 attempt 2 of 0 | and parent for 192.1.2.23 "aes128" #11 keying attempt 1 of 0; retransmit 1 "aes128" #11: IMPAIR: retransmit so deleting SA | maximum number of keyingtries reached - deleting state | [RE]START processing: state #11 connection "aes128" from 192.1.2.23:500 (in retransmit_v2_msg() at retry.c:234) | pstats #11 ikev2.ike failed too-many-retransmits | pstats #11 ikev2.ike deleted too-many-retransmits | #11 spent 1.94 milliseconds in total | [RE]START processing: state #11 connection "aes128" from 192.1.2.23:500 (in delete_state() at state.c:879) "aes128" #11: deleting state (STATE_PARENT_I1) aged 0.502s and NOT sending notification | parent state #11: PARENT_I1(half-open IKE SA) => delete | in connection_discard for connection aes128 | close_any(fd@25) (in delete_pending() at pending.c:244) | removing pending policy for "aes128" {0x7f5cc8002d20} | State DB: IKEv2 state not found (flush_incomplete_children) | picked newest_isakmp_sa #0 for #11 "aes128" #11: deleting IKE SA for connection 'aes128' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS | add revival: connection 'aes128' added to the list and scheduled for 0 seconds | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #11 in PARENT_I1 | parent state #11: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | close_any(fd@24) (in release_whack() at state.c:654) | DH secret MODP2048@0x7f5cc00010c0: destroyed | stop processing: state #11 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | libevent_free: release ptr-libevent@0x7f5cd0006800 | free_event_entry: release EVENT_RETRANSMIT-pe@0x564021e1fac0 | in statetime_stop() and could not find #11 | processing: STOP state #0 (in timer_event_cb() at timer.c:557) | processing global timer EVENT_REVIVE_CONNS Initiating connection aes128 which received a Delete/Notify but must remain up per local policy | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #12 at 0x564021e16060 | State DB: adding IKEv2 state #12 in UNDEFINED | pstats #12 ikev2.ike started | Message ID: init #12: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #12: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #12; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #12 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #12 "aes128" "aes128" #12: initiating v2 parent SA | using existing local IKE proposals for connection aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 12 for state #12 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564021e1fac0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #12 | libevent_malloc: new ptr-libevent@0x7f5cc00016a0 size 128 | #12 spent 0.0747 milliseconds in ikev2_parent_outI1() | RESET processing: state #12 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | spent 0.092 milliseconds in global timer EVENT_REVIVE_CONNS | crypto helper 6 resuming | crypto helper 6 starting work-order 12 for state #12 | crypto helper 6 doing build KE and nonce (ikev2_outI1 KE); request ID 12 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f5cc40010c0: created | NSS: Local DH MODP2048 secret (pointer): 0x7f5cc40010c0 | NSS: Public DH wire value: | d2 95 a7 1b de 4a 87 95 3f fa c3 93 db 35 9a cc | af 73 0f 7b b7 b9 cf d6 8e be c9 4f cc 4b 25 f0 | 74 78 3d 13 d2 b3 96 9a d7 af a0 35 05 d8 d6 38 | fe 92 e4 93 bd 89 1e a1 f3 3e 4c 67 92 93 92 cf | a6 18 c3 75 a0 dd ce 11 ff f6 d8 b9 d8 55 02 3a | bb 9e e2 21 8f 3c f5 77 3d e8 3b 81 e9 cb 88 04 | ca 75 f5 41 7a 2e c8 4d d9 56 53 63 6c 9f 3b e2 | de 3b 84 0e 25 f0 c9 8a 8d 78 51 57 2c 37 46 c4 | d5 ff bb 4d 77 6d cb 4c 4a d0 32 bb 05 93 65 65 | d4 58 fb e2 69 e2 b4 82 da 7d c2 7c b1 51 ca ea | b0 7f e7 47 84 63 94 7f 09 05 76 56 b3 a8 34 97 | a0 a9 6a fe a1 64 b2 4e 60 5d f8 32 07 54 3b 96 | fd 5e a6 b2 33 bb 3f a5 68 35 ae d6 01 d6 33 b4 | a6 02 7a ec d3 62 49 27 2d 0c 8b 8a 46 73 d8 75 | bb 4f 8c 4a fd fa 91 d7 b9 9d 9e 2e c7 02 b7 d2 | 45 39 4b 4a ec ea 40 8f cd b5 6b c6 69 87 b5 77 | Generated nonce: f6 5a 9e 32 01 cc 89 d9 a3 8a a5 ee a2 41 4c 2c | Generated nonce: 24 d9 fb 12 32 2d ef a0 79 29 ee 77 05 32 ca af | crypto helper 6 finished build KE and nonce (ikev2_outI1 KE); request ID 12 time elapsed 0.001437 seconds | (#12) spent 0.91 milliseconds in crypto helper computing work-order 12: ikev2_outI1 KE (pcr) | crypto helper 6 sending results from work-order 12 for state #12 to event queue | scheduling resume sending helper answer for #12 | libevent_malloc: new ptr-libevent@0x7f5cc40016a0 size 128 | crypto helper 6 waiting (nothing to do) | processing resume sending helper answer for #12 | start processing: state #12 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 6 replies to request ID 12 | calling continuation function 0x564020443630 | ikev2_parent_outI1_continue for #12 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f5cc40010c0: transferring ownership from helper KE to state #12 | **emit ISAKMP Message: | initiator cookie: | a9 ed 90 bc 76 85 c0 ad | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #12: IMPAIR: omitting fixed-size key-length attribute | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x d2 95 a7 1b de 4a 87 95 3f fa c3 93 db 35 9a cc | ikev2 g^x af 73 0f 7b b7 b9 cf d6 8e be c9 4f cc 4b 25 f0 | ikev2 g^x 74 78 3d 13 d2 b3 96 9a d7 af a0 35 05 d8 d6 38 | ikev2 g^x fe 92 e4 93 bd 89 1e a1 f3 3e 4c 67 92 93 92 cf | ikev2 g^x a6 18 c3 75 a0 dd ce 11 ff f6 d8 b9 d8 55 02 3a | ikev2 g^x bb 9e e2 21 8f 3c f5 77 3d e8 3b 81 e9 cb 88 04 | ikev2 g^x ca 75 f5 41 7a 2e c8 4d d9 56 53 63 6c 9f 3b e2 | ikev2 g^x de 3b 84 0e 25 f0 c9 8a 8d 78 51 57 2c 37 46 c4 | ikev2 g^x d5 ff bb 4d 77 6d cb 4c 4a d0 32 bb 05 93 65 65 | ikev2 g^x d4 58 fb e2 69 e2 b4 82 da 7d c2 7c b1 51 ca ea | ikev2 g^x b0 7f e7 47 84 63 94 7f 09 05 76 56 b3 a8 34 97 | ikev2 g^x a0 a9 6a fe a1 64 b2 4e 60 5d f8 32 07 54 3b 96 | ikev2 g^x fd 5e a6 b2 33 bb 3f a5 68 35 ae d6 01 d6 33 b4 | ikev2 g^x a6 02 7a ec d3 62 49 27 2d 0c 8b 8a 46 73 d8 75 | ikev2 g^x bb 4f 8c 4a fd fa 91 d7 b9 9d 9e 2e c7 02 b7 d2 | ikev2 g^x 45 39 4b 4a ec ea 40 8f cd b5 6b c6 69 87 b5 77 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce f6 5a 9e 32 01 cc 89 d9 a3 8a a5 ee a2 41 4c 2c | IKEv2 nonce 24 d9 fb 12 32 2d ef a0 79 29 ee 77 05 32 ca af | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864dbf00 (length 8) | a9 ed 90 bc 76 85 c0 ad | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864dbf08 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff864dbe34 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff864dbe26 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864dbeb0 (length 20) | 6d 29 54 c6 4b 4d 6c 20 bd 33 f2 76 94 94 67 68 | 15 ff 41 fc | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= a9 ed 90 bc 76 85 c0 ad | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 6d 29 54 c6 4b 4d 6c 20 bd 33 f2 76 94 94 67 68 | natd_hash: hash= 15 ff 41 fc | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 6d 29 54 c6 4b 4d 6c 20 bd 33 f2 76 94 94 67 68 | Notify data 15 ff 41 fc | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864dbf00 (length 8) | a9 ed 90 bc 76 85 c0 ad | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864dbf08 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff864dbe34 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff864dbe26 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864dbeb0 (length 20) | e6 5b f8 fc e3 03 e4 1f a4 dc 38 38 32 b0 cf 6e | 60 9a 74 e1 | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= a9 ed 90 bc 76 85 c0 ad | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= e6 5b f8 fc e3 03 e4 1f a4 dc 38 38 32 b0 cf 6e | natd_hash: hash= 60 9a 74 e1 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data e6 5b f8 fc e3 03 e4 1f a4 dc 38 38 32 b0 cf 6e | Notify data 60 9a 74 e1 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 436 | stop processing: state #12 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #12 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #12 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #12: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #12 to 4294967295 after switching state | Message ID: IKE #12 skipping update_recv as MD is fake | Message ID: sent #12 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #12: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 436 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #12) | a9 ed 90 bc 76 85 c0 ad 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 0c | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | d2 95 a7 1b de 4a 87 95 3f fa c3 93 db 35 9a cc | af 73 0f 7b b7 b9 cf d6 8e be c9 4f cc 4b 25 f0 | 74 78 3d 13 d2 b3 96 9a d7 af a0 35 05 d8 d6 38 | fe 92 e4 93 bd 89 1e a1 f3 3e 4c 67 92 93 92 cf | a6 18 c3 75 a0 dd ce 11 ff f6 d8 b9 d8 55 02 3a | bb 9e e2 21 8f 3c f5 77 3d e8 3b 81 e9 cb 88 04 | ca 75 f5 41 7a 2e c8 4d d9 56 53 63 6c 9f 3b e2 | de 3b 84 0e 25 f0 c9 8a 8d 78 51 57 2c 37 46 c4 | d5 ff bb 4d 77 6d cb 4c 4a d0 32 bb 05 93 65 65 | d4 58 fb e2 69 e2 b4 82 da 7d c2 7c b1 51 ca ea | b0 7f e7 47 84 63 94 7f 09 05 76 56 b3 a8 34 97 | a0 a9 6a fe a1 64 b2 4e 60 5d f8 32 07 54 3b 96 | fd 5e a6 b2 33 bb 3f a5 68 35 ae d6 01 d6 33 b4 | a6 02 7a ec d3 62 49 27 2d 0c 8b 8a 46 73 d8 75 | bb 4f 8c 4a fd fa 91 d7 b9 9d 9e 2e c7 02 b7 d2 | 45 39 4b 4a ec ea 40 8f cd b5 6b c6 69 87 b5 77 | 29 00 00 24 f6 5a 9e 32 01 cc 89 d9 a3 8a a5 ee | a2 41 4c 2c 24 d9 fb 12 32 2d ef a0 79 29 ee 77 | 05 32 ca af 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 6d 29 54 c6 4b 4d 6c 20 bd 33 f2 76 | 94 94 67 68 15 ff 41 fc 00 00 00 1c 00 00 40 05 | e6 5b f8 fc e3 03 e4 1f a4 dc 38 38 32 b0 cf 6e | 60 9a 74 e1 | state #12 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f5cc00016a0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564021e1fac0 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x564021e1fac0 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #12 | libevent_malloc: new ptr-libevent@0x7f5cc00016a0 size 128 | #12 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48956.745622 | resume sending helper answer for #12 suppresed complete_v2_state_transition() and stole MD | #12 spent 0.496 milliseconds in resume sending helper answer | stop processing: state #12 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5cc40016a0 | spent 0.00216 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | a9 ed 90 bc 76 85 c0 ad 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | a9 ed 90 bc 76 85 c0 ad | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #12 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #12 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #12 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #12 is idle | #12 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #12 IKE SPIi and SPI[ir] | #12 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "aes128" #12: STATE_PARENT_I1: received unauthenticated v2N_NO_PROPOSAL_CHOSEN - ignored | #12 spent 0.00416 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #12 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #12 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #12 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #12 spent 0.116 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.128 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.052 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | removing pending policy for no connection {0x7f5cc8002d20} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #12 | suspend processing: connection "aes128" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #12 connection "aes128" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #12 ikev2.ike deleted other | #12 spent 1.6 milliseconds in total | [RE]START processing: state #12 connection "aes128" from 192.1.2.23:500 (in delete_state() at state.c:879) "aes128" #12: deleting state (STATE_PARENT_I1) aged 0.038s and NOT sending notification | parent state #12: PARENT_I1(half-open IKE SA) => delete | state #12 requesting EVENT_RETRANSMIT to be deleted | #12 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x7f5cc00016a0 | free_event_entry: release EVENT_RETRANSMIT-pe@0x564021e1fac0 | State DB: IKEv2 state not found (flush_incomplete_children) | stop processing: connection "aes128" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #12 in PARENT_I1 | parent state #12: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f5cc40010c0: destroyed | stop processing: state #12 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x564021e16c10 | flush revival: connection 'aes128' wasn't on the list | stop processing: connection "aes128" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.202 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | ike-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0621 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + delete-on-retransmit | base impairing = delete-on-retransmit | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0473 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | child-key-length-attribute:OMIT | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0547 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection aes128 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x564021e17eb0 added connection description "aes128" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.157 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #13 at 0x564021e16060 | State DB: adding IKEv2 state #13 in UNDEFINED | pstats #13 ikev2.ike started | Message ID: init #13: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #13: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #13; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #13 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #13 "aes128" "aes128" #13: initiating v2 parent SA | constructing local IKE proposals for aes128 (IKE SA initiator selecting KE) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "aes128": constructed local IKE proposals for aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 13 for state #13 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564021e1fac0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #13 | libevent_malloc: new ptr-libevent@0x7f5cc40016a0 size 128 | #13 spent 0.118 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #13 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.181 milliseconds in whack | crypto helper 1 resuming | crypto helper 1 starting work-order 13 for state #13 | crypto helper 1 doing build KE and nonce (ikev2_outI1 KE); request ID 13 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f5cb8002010: created | NSS: Local DH MODP2048 secret (pointer): 0x7f5cb8002010 | NSS: Public DH wire value: | 0b 37 c5 ca 75 d3 ab bc b8 05 cf 7c 4d 45 1e 9e | fd 12 32 ff 39 45 9b d4 55 bb d5 05 2f 0e 81 8f | e5 6c 56 37 04 9a 49 95 6a ae 5d 3c 2f b9 56 fd | e2 1e 4c bd c9 47 53 d0 eb d2 55 e9 4e 7f 43 3b | be c0 77 15 a5 ca 2d ff 02 5e 27 d7 10 2c cc d7 | 59 6f c2 40 63 e2 f9 98 9d 4a 81 12 5b b1 7e 06 | e4 7d 4d eb f7 1f fe 75 4e fc b3 f4 f2 0a 53 e7 | 13 4c 38 22 97 12 90 17 67 20 f5 ed fd c8 c8 81 | 9b b8 4e 72 fc f3 82 17 5d d4 c4 33 cb 7b 67 4b | 62 1b 3b d3 07 e1 c4 90 fd 39 f1 3e 65 78 d5 bb | a3 f8 3a 71 45 f9 c0 f0 08 8c 2b 06 95 f1 7e 2e | ab 5e 2c a0 27 65 8e d6 62 00 96 88 a0 c5 46 68 | 20 b5 6b e5 60 48 4e e8 75 7a a4 47 75 c7 e6 61 | 5c c5 47 48 7b ad 74 16 b0 12 bc 70 8b 29 f8 b2 | 04 be 70 1b c8 18 a2 e2 d5 18 3d 80 c6 db cd f7 | 4c 50 07 76 cb 4f 0b 5a 97 ca d0 dd 55 5f 2c d4 | Generated nonce: 24 d2 c2 9e 1c 53 18 91 db 47 8c 36 d3 df bd b2 | Generated nonce: 1a 0e fc 2d f5 92 a6 be a4 46 ff 67 80 35 22 da | crypto helper 1 finished build KE and nonce (ikev2_outI1 KE); request ID 13 time elapsed 0.00162 seconds | (#13) spent 1.12 milliseconds in crypto helper computing work-order 13: ikev2_outI1 KE (pcr) | crypto helper 1 sending results from work-order 13 for state #13 to event queue | scheduling resume sending helper answer for #13 | libevent_malloc: new ptr-libevent@0x7f5cb80087a0 size 128 | crypto helper 1 waiting (nothing to do) | processing resume sending helper answer for #13 | start processing: state #13 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 13 | calling continuation function 0x564020443630 | ikev2_parent_outI1_continue for #13 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f5cb8002010: transferring ownership from helper KE to state #13 | **emit ISAKMP Message: | initiator cookie: | 32 8c 0a 7b f8 de 47 71 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 0b 37 c5 ca 75 d3 ab bc b8 05 cf 7c 4d 45 1e 9e | ikev2 g^x fd 12 32 ff 39 45 9b d4 55 bb d5 05 2f 0e 81 8f | ikev2 g^x e5 6c 56 37 04 9a 49 95 6a ae 5d 3c 2f b9 56 fd | ikev2 g^x e2 1e 4c bd c9 47 53 d0 eb d2 55 e9 4e 7f 43 3b | ikev2 g^x be c0 77 15 a5 ca 2d ff 02 5e 27 d7 10 2c cc d7 | ikev2 g^x 59 6f c2 40 63 e2 f9 98 9d 4a 81 12 5b b1 7e 06 | ikev2 g^x e4 7d 4d eb f7 1f fe 75 4e fc b3 f4 f2 0a 53 e7 | ikev2 g^x 13 4c 38 22 97 12 90 17 67 20 f5 ed fd c8 c8 81 | ikev2 g^x 9b b8 4e 72 fc f3 82 17 5d d4 c4 33 cb 7b 67 4b | ikev2 g^x 62 1b 3b d3 07 e1 c4 90 fd 39 f1 3e 65 78 d5 bb | ikev2 g^x a3 f8 3a 71 45 f9 c0 f0 08 8c 2b 06 95 f1 7e 2e | ikev2 g^x ab 5e 2c a0 27 65 8e d6 62 00 96 88 a0 c5 46 68 | ikev2 g^x 20 b5 6b e5 60 48 4e e8 75 7a a4 47 75 c7 e6 61 | ikev2 g^x 5c c5 47 48 7b ad 74 16 b0 12 bc 70 8b 29 f8 b2 | ikev2 g^x 04 be 70 1b c8 18 a2 e2 d5 18 3d 80 c6 db cd f7 | ikev2 g^x 4c 50 07 76 cb 4f 0b 5a 97 ca d0 dd 55 5f 2c d4 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 24 d2 c2 9e 1c 53 18 91 db 47 8c 36 d3 df bd b2 | IKEv2 nonce 1a 0e fc 2d f5 92 a6 be a4 46 ff 67 80 35 22 da | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864dbf00 (length 8) | 32 8c 0a 7b f8 de 47 71 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864dbf08 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff864dbe34 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff864dbe26 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864dbeb0 (length 20) | f3 3c ac f4 c4 fb 3c 36 c4 92 5c 1f 1b 51 5b 0e | 28 f3 95 df | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= 32 8c 0a 7b f8 de 47 71 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= f3 3c ac f4 c4 fb 3c 36 c4 92 5c 1f 1b 51 5b 0e | natd_hash: hash= 28 f3 95 df | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data f3 3c ac f4 c4 fb 3c 36 c4 92 5c 1f 1b 51 5b 0e | Notify data 28 f3 95 df | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864dbf00 (length 8) | 32 8c 0a 7b f8 de 47 71 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864dbf08 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff864dbe34 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff864dbe26 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864dbeb0 (length 20) | dd 08 2b 8a 69 ae 03 41 a2 d9 9a d7 44 c0 08 d7 | b0 2e 2b c5 | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= 32 8c 0a 7b f8 de 47 71 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= dd 08 2b 8a 69 ae 03 41 a2 d9 9a d7 44 c0 08 d7 | natd_hash: hash= b0 2e 2b c5 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data dd 08 2b 8a 69 ae 03 41 a2 d9 9a d7 44 c0 08 d7 | Notify data b0 2e 2b c5 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #13 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #13 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #13 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #13: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #13 to 4294967295 after switching state | Message ID: IKE #13 skipping update_recv as MD is fake | Message ID: sent #13 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #13: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #13) | 32 8c 0a 7b f8 de 47 71 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 0b 37 c5 ca 75 d3 ab bc b8 05 cf 7c | 4d 45 1e 9e fd 12 32 ff 39 45 9b d4 55 bb d5 05 | 2f 0e 81 8f e5 6c 56 37 04 9a 49 95 6a ae 5d 3c | 2f b9 56 fd e2 1e 4c bd c9 47 53 d0 eb d2 55 e9 | 4e 7f 43 3b be c0 77 15 a5 ca 2d ff 02 5e 27 d7 | 10 2c cc d7 59 6f c2 40 63 e2 f9 98 9d 4a 81 12 | 5b b1 7e 06 e4 7d 4d eb f7 1f fe 75 4e fc b3 f4 | f2 0a 53 e7 13 4c 38 22 97 12 90 17 67 20 f5 ed | fd c8 c8 81 9b b8 4e 72 fc f3 82 17 5d d4 c4 33 | cb 7b 67 4b 62 1b 3b d3 07 e1 c4 90 fd 39 f1 3e | 65 78 d5 bb a3 f8 3a 71 45 f9 c0 f0 08 8c 2b 06 | 95 f1 7e 2e ab 5e 2c a0 27 65 8e d6 62 00 96 88 | a0 c5 46 68 20 b5 6b e5 60 48 4e e8 75 7a a4 47 | 75 c7 e6 61 5c c5 47 48 7b ad 74 16 b0 12 bc 70 | 8b 29 f8 b2 04 be 70 1b c8 18 a2 e2 d5 18 3d 80 | c6 db cd f7 4c 50 07 76 cb 4f 0b 5a 97 ca d0 dd | 55 5f 2c d4 29 00 00 24 24 d2 c2 9e 1c 53 18 91 | db 47 8c 36 d3 df bd b2 1a 0e fc 2d f5 92 a6 be | a4 46 ff 67 80 35 22 da 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 f3 3c ac f4 c4 fb 3c 36 | c4 92 5c 1f 1b 51 5b 0e 28 f3 95 df 00 00 00 1c | 00 00 40 05 dd 08 2b 8a 69 ae 03 41 a2 d9 9a d7 | 44 c0 08 d7 b0 2e 2b c5 | state #13 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f5cc40016a0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564021e1fac0 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x564021e1fac0 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #13 | libevent_malloc: new ptr-libevent@0x7f5cc40016a0 size 128 | #13 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48957.216176 | resume sending helper answer for #13 suppresed complete_v2_state_transition() and stole MD | #13 spent 0.519 milliseconds in resume sending helper answer | stop processing: state #13 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5cb80087a0 | spent 0.00244 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 32 8c 0a 7b f8 de 47 71 2c 2f 54 a7 a1 72 6f 05 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 47 54 1c ab 3f 61 a3 6d a7 96 4a a0 | 0f 4f 14 2a b4 41 00 3f 6a df ca 90 e6 a1 b0 57 | 72 dc 1a 8f 45 4b b8 27 61 69 87 24 6d 0d 87 a5 | 69 3f e7 01 03 4f 5a 6c d9 bf eb 21 66 9d 86 8c | 5c f4 2f d2 b7 ab f8 8f 95 d2 58 00 bc 98 31 04 | e6 5c 5c 43 f7 78 23 e8 bd e6 9f 6f 81 74 58 cc | 7d fb 29 f4 b0 29 ef f7 11 ae 4a 14 8e e4 f1 0d | ca 8d c0 6e e6 5f 24 26 5e 01 ef b4 2b 67 50 78 | 58 9f ed b8 10 b7 e0 92 3a c0 ad d0 f5 c1 c2 e4 | 45 96 96 1b 4b 38 6a c0 e3 79 d8 4c 05 ea f4 19 | cd c9 b6 ac 25 b8 e0 2b 85 b4 38 ae 64 4c 39 01 | 81 ed d1 d5 57 e9 a9 9e 78 c1 25 83 6c e7 44 85 | d8 3d 41 d9 74 3f ba 5d 03 66 0b 8f a9 cc fe 16 | 52 59 92 ae 22 52 3a b0 ac 4a 82 7e 3e d9 b5 cd | 2d 61 e0 14 78 1f 80 8c fd 67 5f 74 3d 4b 6d 10 | c2 93 3c ce 48 84 af 6f 1a c6 f8 e3 4d 50 17 e6 | 94 26 aa ae 29 00 00 24 99 a4 f1 4d 04 48 65 ea | b9 39 82 0b e7 86 03 b5 10 fc e7 0c ac 18 e6 13 | 53 7e 0c 1b 65 3b c0 97 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 59 42 f9 60 4c 17 34 e8 | 61 c5 61 e9 6f 51 7e fa be 38 fd 41 00 00 00 1c | 00 00 40 05 97 c4 a4 96 af c0 33 a2 9f f2 c4 2a | 10 86 16 e1 48 97 8c 03 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 32 8c 0a 7b f8 de 47 71 | responder cookie: | 2c 2f 54 a7 a1 72 6f 05 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #13 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #13 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #13 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #13 is idle | #13 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | State DB: re-hashing IKEv2 state #13 IKE SPIi and SPI[ir] | #13 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | DH public value received: | 47 54 1c ab 3f 61 a3 6d a7 96 4a a0 0f 4f 14 2a | b4 41 00 3f 6a df ca 90 e6 a1 b0 57 72 dc 1a 8f | 45 4b b8 27 61 69 87 24 6d 0d 87 a5 69 3f e7 01 | 03 4f 5a 6c d9 bf eb 21 66 9d 86 8c 5c f4 2f d2 | b7 ab f8 8f 95 d2 58 00 bc 98 31 04 e6 5c 5c 43 | f7 78 23 e8 bd e6 9f 6f 81 74 58 cc 7d fb 29 f4 | b0 29 ef f7 11 ae 4a 14 8e e4 f1 0d ca 8d c0 6e | e6 5f 24 26 5e 01 ef b4 2b 67 50 78 58 9f ed b8 | 10 b7 e0 92 3a c0 ad d0 f5 c1 c2 e4 45 96 96 1b | 4b 38 6a c0 e3 79 d8 4c 05 ea f4 19 cd c9 b6 ac | 25 b8 e0 2b 85 b4 38 ae 64 4c 39 01 81 ed d1 d5 | 57 e9 a9 9e 78 c1 25 83 6c e7 44 85 d8 3d 41 d9 | 74 3f ba 5d 03 66 0b 8f a9 cc fe 16 52 59 92 ae | 22 52 3a b0 ac 4a 82 7e 3e d9 b5 cd 2d 61 e0 14 | 78 1f 80 8c fd 67 5f 74 3d 4b 6d 10 c2 93 3c ce | 48 84 af 6f 1a c6 f8 e3 4d 50 17 e6 94 26 aa ae | using existing local IKE proposals for connection aes128 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE initiator (accepting) 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864db9c0 (length 8) | 32 8c 0a 7b f8 de 47 71 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864db9c8 (length 8) | 2c 2f 54 a7 a1 72 6f 05 | NATD hash sha digest IP addr-bytes@0x7fff864db954 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff864db946 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864db9d0 (length 20) | 97 c4 a4 96 af c0 33 a2 9f f2 c4 2a 10 86 16 e1 | 48 97 8c 03 | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= 32 8c 0a 7b f8 de 47 71 | natd_hash: rcookie= 2c 2f 54 a7 a1 72 6f 05 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 97 c4 a4 96 af c0 33 a2 9f f2 c4 2a 10 86 16 e1 | natd_hash: hash= 48 97 8c 03 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864db9c0 (length 8) | 32 8c 0a 7b f8 de 47 71 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864db9c8 (length 8) | 2c 2f 54 a7 a1 72 6f 05 | NATD hash sha digest IP addr-bytes@0x7fff864db954 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff864db946 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864db9f0 (length 20) | 59 42 f9 60 4c 17 34 e8 61 c5 61 e9 6f 51 7e fa | be 38 fd 41 | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= 32 8c 0a 7b f8 de 47 71 | natd_hash: rcookie= 2c 2f 54 a7 a1 72 6f 05 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 59 42 f9 60 4c 17 34 e8 61 c5 61 e9 6f 51 7e fa | natd_hash: hash= be 38 fd 41 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f5cb8002010: transferring ownership from state #13 to helper IKEv2 DH | adding ikev2_inR1outI2 KE work-order 14 for state #13 | state #13 requesting EVENT_RETRANSMIT to be deleted | #13 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x7f5cc40016a0 | free_event_entry: release EVENT_RETRANSMIT-pe@0x564021e1fac0 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564021e1fac0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #13 | libevent_malloc: new ptr-libevent@0x7f5cb80087a0 size 128 | #13 spent 0.276 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | crypto helper 0 resuming | [RE]START processing: state #13 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | crypto helper 0 starting work-order 14 for state #13 | #13 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | crypto helper 0 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 14 | suspending state #13 and saving MD | #13 is busy; has a suspended MD | peer's g: 47 54 1c ab 3f 61 a3 6d a7 96 4a a0 0f 4f 14 2a | [RE]START processing: state #13 connection "aes128" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) | peer's g: b4 41 00 3f 6a df ca 90 e6 a1 b0 57 72 dc 1a 8f | "aes128" #13 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | peer's g: 45 4b b8 27 61 69 87 24 6d 0d 87 a5 69 3f e7 01 | stop processing: state #13 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | peer's g: 03 4f 5a 6c d9 bf eb 21 66 9d 86 8c 5c f4 2f d2 | #13 spent 0.519 milliseconds in ikev2_process_packet() | peer's g: b7 ab f8 8f 95 d2 58 00 bc 98 31 04 e6 5c 5c 43 | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | peer's g: f7 78 23 e8 bd e6 9f 6f 81 74 58 cc 7d fb 29 f4 | processing: STOP state #0 (in process_md() at demux.c:382) | peer's g: b0 29 ef f7 11 ae 4a 14 8e e4 f1 0d ca 8d c0 6e | processing: STOP connection NULL (in process_md() at demux.c:383) | peer's g: e6 5f 24 26 5e 01 ef b4 2b 67 50 78 58 9f ed b8 | spent 0.545 milliseconds in comm_handle_cb() reading and processing packet | peer's g: 10 b7 e0 92 3a c0 ad d0 f5 c1 c2 e4 45 96 96 1b | peer's g: 4b 38 6a c0 e3 79 d8 4c 05 ea f4 19 cd c9 b6 ac | peer's g: 25 b8 e0 2b 85 b4 38 ae 64 4c 39 01 81 ed d1 d5 | peer's g: 57 e9 a9 9e 78 c1 25 83 6c e7 44 85 d8 3d 41 d9 | peer's g: 74 3f ba 5d 03 66 0b 8f a9 cc fe 16 52 59 92 ae | peer's g: 22 52 3a b0 ac 4a 82 7e 3e d9 b5 cd 2d 61 e0 14 | peer's g: 78 1f 80 8c fd 67 5f 74 3d 4b 6d 10 c2 93 3c ce | peer's g: 48 84 af 6f 1a c6 f8 e3 4d 50 17 e6 94 26 aa ae | Started DH shared-secret computation in NSS: | new : g_ir-key@0x7f5cc80069f0 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f5cb8002010: computed shared DH secret key@0x7f5cc80069f0 | dh-shared : g^ir-key@0x7f5cc80069f0 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f5cbc0039a0 (length 64) | 24 d2 c2 9e 1c 53 18 91 db 47 8c 36 d3 df bd b2 | 1a 0e fc 2d f5 92 a6 be a4 46 ff 67 80 35 22 da | 99 a4 f1 4d 04 48 65 ea b9 39 82 0b e7 86 03 b5 | 10 fc e7 0c ac 18 e6 13 53 7e 0c 1b 65 3b c0 97 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd80e8670 | result: Ni | Nr-key@0x564021e01140 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x564021e01140 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd80e8658 | result: Ni | Nr-key@0x564021e19e70 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x564021e01140 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f5cbc003aa0 from Ni | Nr-key@0x564021e19e70 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f5cbc003aa0 from Ni | Nr-key@0x564021e19e70 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x564021e19e70 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f5cbc000d60 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x7f5cc80069f0 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x7f5cc80069f0 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x7f5cc80069f0 | nss hmac digest hack: symkey-key@0x7f5cc80069f0 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)-670137648: 7e 47 1a ffffffe5 4b 63 62 ffffffb7 ffffffa4 00 19 50 ffffffac fffffff7 57 34 77 74 51 ffffffaf 23 ffffffaa ffffffae 00 ffffffab ffffff80 ffffffca fffffff0 2b fffffffb ffffffa3 28 64 1a 72 ffffffd4 1f 3a ffffffeb 62 40 49 ffffffa4 ffffff9a ffffffd6 ffffffec 7f ffffffbb ffffffeb ffffffd1 06 ffffffa2 4d ffffffe7 ffffffc7 ffffffe6 fffffff3 ffffffcd ffffffeb 77 ffffffed ffffffce ffffffac ffffffa4 ffffffc6 ffffffd3 fffffff7 ffffff96 3a 6e ffffffeb 16 fffffffc 23 65 ffffffec ffffff84 71 fffffff1 ffffffe8 5b ffffff9c 4a ffffffb6 5f ffffffad ffffffeb 09 ffffff83 ffffffd0 ffffffa0 70 4c ffffffea ffffffba 71 0f 03 ffffffb6 4d ffffff8f ffffffc3 1f 39 54 7e ffffff8e fffffffa 2e 10 ffffffe2 ffffffc8 33 ffffffc3 3c 4a 53 69 ffffff89 4c 16 30 18 04 6e 49 ffffffd1 65 07 ffffff9b 5f ffffffe2 ffffffdb ffffff90 ffffffe3 49 ffffffc6 ffffffd9 ffffff84 1a 22 0a ffffffc7 ffffffe3 46 74 1f ffffffc8 ffffffc8 ffffffeb ffffffb8 ffffffb8 ffffffa3 ffffffb3 fff | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 256 bytes at 0x7f5cbc0019d0 | unwrapped: b5 0a d4 b3 b3 fb 08 4d 59 99 71 0a af 4c 3f 5f | unwrapped: d7 95 e6 c0 ed 64 c3 fa 1b cb 75 58 6d 32 c7 f1 | unwrapped: 7e 8f be 20 12 ac d5 52 ca 7d 41 77 26 c3 fc 05 | unwrapped: 73 73 92 a1 76 6a 24 4b 64 a8 fc c2 8b 8e 1a 26 | unwrapped: 5d c2 30 13 25 aa a9 1e d8 ab e8 37 7d da 2b fd | unwrapped: 59 e1 e5 0b 9a ea a9 99 2f a4 dd 81 5c 7e ba a3 | unwrapped: ff 4f d1 07 09 50 72 07 33 da 33 b3 85 71 a2 f0 | unwrapped: bb 07 cc 7e 71 70 fe 6a 4f e3 3e ac bd 73 29 18 | unwrapped: a6 97 18 c4 c1 6b 18 7f 91 c6 44 5c e4 00 ef b7 | unwrapped: 03 e1 8d 40 ed bf ba 6e a4 36 aa 57 7c 33 d3 18 | unwrapped: 91 02 bb 94 ae a1 62 72 52 83 d9 c4 96 09 ce 0c | unwrapped: 15 30 35 26 6a bb e3 25 4b 76 73 6a bc 99 ce bb | unwrapped: e5 d5 f2 6a af bc 94 f1 f6 c4 0b 58 d1 50 58 f8 | unwrapped: 3b 38 be dd c1 bf ca dd a7 74 c5 52 f2 13 62 2b | unwrapped: 49 79 fa 2f 6a a4 ec c1 6b ea ad 27 b1 f9 be 88 | unwrapped: 28 70 05 5e b3 58 15 58 ed 54 e7 62 52 36 5e dd | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd80e8690 | result: final-key@0x564021e01140 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e01140 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd80e8678 | result: final-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e01140 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x564021e19e70 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd80e8600 | result: data=Ni-key@0x564021df9ff0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x564021df9ff0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd80e85e8 | result: data=Ni-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x564021df9ff0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e01140 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f5cd80e85f0 | result: data+=Nr-key@0x564021df9ff0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564021e01140 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021df9ff0 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f5cd80e85f0 | result: data+=SPIi-key@0x564021e01140 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564021df9ff0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e01140 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f5cd80e85f0 | result: data+=SPIr-key@0x564021df9ff0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564021e01140 | prf+0 PRF sha init key-key@0x564021e19e70 (size 20) | prf+0: key-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd80e8518 | result: clone-key@0x564021e01140 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f5cbc003aa0 from key-key@0x564021e01140 | prf+0 prf: begin sha with context 0x7f5cbc003aa0 from key-key@0x564021e01140 | prf+0: release clone-key@0x564021e01140 | prf+0 PRF sha crypt-prf@0x7f5cbc001790 | prf+0 PRF sha update seed-key@0x564021df9ff0 (size 80) | prf+0: seed-key@0x564021df9ff0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021df9ff0 | nss hmac digest hack: symkey-key@0x564021df9ff0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-670138016: ffffffc7 1e ffffffe2 48 2f ffffffcc 67 3d ffffff86 6c 0f 79 ffffffd5 ffffffe6 0b 08 ffffffd9 ffffffad 3b ffffff8e ffffff81 ffffffe9 fffffff7 ffffffc8 53 77 4b 1d 0a 24 69 2e fffffffe ffffffab ffffffff 40 10 5a ffffffb5 7c ffffffe1 0b 20 6c 12 fffffff7 49 44 ffffffd4 ffffffff 27 ffffff85 75 ffffff9f ffffffc8 71 42 ffffffb4 0c ffffffe2 ffffffcd 1f ffffffc8 19 ffffffa8 fffffff5 78 ffffffce 36 fffffff0 ffffffb5 ffffff80 2e 0f 41 6b ffffffc7 ffffffee ffffffc9 42 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cbc0048b0 | unwrapped: 24 d2 c2 9e 1c 53 18 91 db 47 8c 36 d3 df bd b2 | unwrapped: 1a 0e fc 2d f5 92 a6 be a4 46 ff 67 80 35 22 da | unwrapped: 99 a4 f1 4d 04 48 65 ea b9 39 82 0b e7 86 03 b5 | unwrapped: 10 fc e7 0c ac 18 e6 13 53 7e 0c 1b 65 3b c0 97 | unwrapped: 32 8c 0a 7b f8 de 47 71 2c 2f 54 a7 a1 72 6f 05 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd80e8520 | result: final-key@0x564021e07b90 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e07b90 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd80e8508 | result: final-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e07b90 | prf+0 PRF sha final-key@0x564021e01140 (size 20) | prf+0: key-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x564021e01140 | prf+N PRF sha init key-key@0x564021e19e70 (size 20) | prf+N: key-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd80e8518 | result: clone-key@0x564021e07b90 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5cbc003aa0 from key-key@0x564021e07b90 | prf+N prf: begin sha with context 0x7f5cbc003aa0 from key-key@0x564021e07b90 | prf+N: release clone-key@0x564021e07b90 | prf+N PRF sha crypt-prf@0x7f5cbc0010c0 | prf+N PRF sha update old_t-key@0x564021e01140 (size 20) | prf+N: old_t-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021e01140 | nss hmac digest hack: symkey-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-670138016: 18 ffffffed ffffff9d ffffffe0 75 5c 1c 15 ffffffb6 ffffff90 ffffffb1 ffffffab 65 0d ffffffab 35 ffffffe2 57 fffffff1 ffffff97 0c ffffff96 fffffffd 68 ffffffe6 ffffffab ffffff93 ffffff91 49 ffffffde ffffff99 6e | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5cbc002b30 | unwrapped: 80 af 59 3e 8a 42 d5 e9 cd 31 23 93 73 bd 74 81 | unwrapped: a2 db 99 a4 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021df9ff0 (size 80) | prf+N: seed-key@0x564021df9ff0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021df9ff0 | nss hmac digest hack: symkey-key@0x564021df9ff0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-670138016: ffffffc7 1e ffffffe2 48 2f ffffffcc 67 3d ffffff86 6c 0f 79 ffffffd5 ffffffe6 0b 08 ffffffd9 ffffffad 3b ffffff8e ffffff81 ffffffe9 fffffff7 ffffffc8 53 77 4b 1d 0a 24 69 2e fffffffe ffffffab ffffffff 40 10 5a ffffffb5 7c ffffffe1 0b 20 6c 12 fffffff7 49 44 ffffffd4 ffffffff 27 ffffff85 75 ffffff9f ffffffc8 71 42 ffffffb4 0c ffffffe2 ffffffcd 1f ffffffc8 19 ffffffa8 fffffff5 78 ffffffce 36 fffffff0 ffffffb5 ffffff80 2e 0f 41 6b ffffffc7 ffffffee ffffffc9 42 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cbc004850 | unwrapped: 24 d2 c2 9e 1c 53 18 91 db 47 8c 36 d3 df bd b2 | unwrapped: 1a 0e fc 2d f5 92 a6 be a4 46 ff 67 80 35 22 da | unwrapped: 99 a4 f1 4d 04 48 65 ea b9 39 82 0b e7 86 03 b5 | unwrapped: 10 fc e7 0c ac 18 e6 13 53 7e 0c 1b 65 3b c0 97 | unwrapped: 32 8c 0a 7b f8 de 47 71 2c 2f 54 a7 a1 72 6f 05 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd80e8520 | result: final-key@0x564021dfb870 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021dfb870 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd80e8508 | result: final-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021dfb870 | prf+N PRF sha final-key@0x564021e07b90 (size 20) | prf+N: key-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd80e8598 | result: result-key@0x564021dfb870 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021e01140 | prfplus: release old_t[N]-key@0x564021e01140 | prf+N PRF sha init key-key@0x564021e19e70 (size 20) | prf+N: key-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd80e8518 | result: clone-key@0x564021e01140 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5cbc003aa0 from key-key@0x564021e01140 | prf+N prf: begin sha with context 0x7f5cbc003aa0 from key-key@0x564021e01140 | prf+N: release clone-key@0x564021e01140 | prf+N PRF sha crypt-prf@0x7f5cbc002a80 | prf+N PRF sha update old_t-key@0x564021e07b90 (size 20) | prf+N: old_t-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021e07b90 | nss hmac digest hack: symkey-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-670138016: 3b ffffff9b ffffffe8 25 ffffffc0 5f ffffffd3 52 77 ffffff8c ffffffd3 ffffff82 15 ffffff81 ffffffe5 77 1e ffffff8b ffffffdf 6a ffffffe2 ffffff80 19 ffffffbb 34 77 6d ffffff91 ffffffeb ffffffaf ffffff89 ffffffdf | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5cbc004910 | unwrapped: f6 07 86 86 8f 0e fb f8 39 08 ee 25 e1 94 47 ad | unwrapped: 49 20 d2 c9 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021df9ff0 (size 80) | prf+N: seed-key@0x564021df9ff0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021df9ff0 | nss hmac digest hack: symkey-key@0x564021df9ff0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-670138016: ffffffc7 1e ffffffe2 48 2f ffffffcc 67 3d ffffff86 6c 0f 79 ffffffd5 ffffffe6 0b 08 ffffffd9 ffffffad 3b ffffff8e ffffff81 ffffffe9 fffffff7 ffffffc8 53 77 4b 1d 0a 24 69 2e fffffffe ffffffab ffffffff 40 10 5a ffffffb5 7c ffffffe1 0b 20 6c 12 fffffff7 49 44 ffffffd4 ffffffff 27 ffffff85 75 ffffff9f ffffffc8 71 42 ffffffb4 0c ffffffe2 ffffffcd 1f ffffffc8 19 ffffffa8 fffffff5 78 ffffffce 36 fffffff0 ffffffb5 ffffff80 2e 0f 41 6b ffffffc7 ffffffee ffffffc9 42 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cbc0047f0 | unwrapped: 24 d2 c2 9e 1c 53 18 91 db 47 8c 36 d3 df bd b2 | unwrapped: 1a 0e fc 2d f5 92 a6 be a4 46 ff 67 80 35 22 da | unwrapped: 99 a4 f1 4d 04 48 65 ea b9 39 82 0b e7 86 03 b5 | unwrapped: 10 fc e7 0c ac 18 e6 13 53 7e 0c 1b 65 3b c0 97 | unwrapped: 32 8c 0a 7b f8 de 47 71 2c 2f 54 a7 a1 72 6f 05 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd80e8520 | result: final-key@0x7f5cc800d640 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cc800d640 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd80e8508 | result: final-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f5cc800d640 | prf+N PRF sha final-key@0x564021e01140 (size 20) | prf+N: key-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021dfb870 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd80e8598 | result: result-key@0x7f5cc800d640 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021dfb870 | prfplus: release old_t[N]-key@0x564021e07b90 | prf+N PRF sha init key-key@0x564021e19e70 (size 20) | prf+N: key-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd80e8518 | result: clone-key@0x564021e07b90 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5cbc003aa0 from key-key@0x564021e07b90 | prf+N prf: begin sha with context 0x7f5cbc003aa0 from key-key@0x564021e07b90 | prf+N: release clone-key@0x564021e07b90 | prf+N PRF sha crypt-prf@0x7f5cbc0010c0 | prf+N PRF sha update old_t-key@0x564021e01140 (size 20) | prf+N: old_t-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021e01140 | nss hmac digest hack: symkey-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-670138016: ffffffb8 ffffffed 49 ffffffe4 ffffffd6 70 79 40 2d ffffffa3 ffffff9e ffffff8b ffffffa9 ffffffcc ffffff95 50 67 ffffff93 2c 3a 60 25 ffffffe8 2f ffffffcf 72 3b 2e 56 25 34 ffffffd9 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5cbc0061b0 | unwrapped: f9 2a 23 67 f1 76 21 f5 53 9c 8d e3 7b 83 cf 59 | unwrapped: a8 e8 0e e5 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021df9ff0 (size 80) | prf+N: seed-key@0x564021df9ff0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021df9ff0 | nss hmac digest hack: symkey-key@0x564021df9ff0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-670138016: ffffffc7 1e ffffffe2 48 2f ffffffcc 67 3d ffffff86 6c 0f 79 ffffffd5 ffffffe6 0b 08 ffffffd9 ffffffad 3b ffffff8e ffffff81 ffffffe9 fffffff7 ffffffc8 53 77 4b 1d 0a 24 69 2e fffffffe ffffffab ffffffff 40 10 5a ffffffb5 7c ffffffe1 0b 20 6c 12 fffffff7 49 44 ffffffd4 ffffffff 27 ffffff85 75 ffffff9f ffffffc8 71 42 ffffffb4 0c ffffffe2 ffffffcd 1f ffffffc8 19 ffffffa8 fffffff5 78 ffffffce 36 fffffff0 ffffffb5 ffffff80 2e 0f 41 6b ffffffc7 ffffffee ffffffc9 42 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cbc004790 | unwrapped: 24 d2 c2 9e 1c 53 18 91 db 47 8c 36 d3 df bd b2 | unwrapped: 1a 0e fc 2d f5 92 a6 be a4 46 ff 67 80 35 22 da | unwrapped: 99 a4 f1 4d 04 48 65 ea b9 39 82 0b e7 86 03 b5 | unwrapped: 10 fc e7 0c ac 18 e6 13 53 7e 0c 1b 65 3b c0 97 | unwrapped: 32 8c 0a 7b f8 de 47 71 2c 2f 54 a7 a1 72 6f 05 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd80e8520 | result: final-key@0x564021dfb870 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021dfb870 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd80e8508 | result: final-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021dfb870 | prf+N PRF sha final-key@0x564021e07b90 (size 20) | prf+N: key-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f5cc800d640 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd80e8598 | result: result-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f5cc800d640 | prfplus: release old_t[N]-key@0x564021e01140 | prf+N PRF sha init key-key@0x564021e19e70 (size 20) | prf+N: key-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd80e8518 | result: clone-key@0x564021e01140 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5cbc003aa0 from key-key@0x564021e01140 | prf+N prf: begin sha with context 0x7f5cbc003aa0 from key-key@0x564021e01140 | prf+N: release clone-key@0x564021e01140 | prf+N PRF sha crypt-prf@0x7f5cbc002a80 | prf+N PRF sha update old_t-key@0x564021e07b90 (size 20) | prf+N: old_t-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021e07b90 | nss hmac digest hack: symkey-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-670138016: fffffff9 1e ffffffa3 ffffffff 02 56 0a 48 7c 6e 4d 4e ffffffc3 52 ffffffc1 fffffff3 2b 15 38 ffffffe8 4a 4f 11 ffffffce 39 65 ffffff91 41 ffffffcd 67 53 ffffffe2 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5cbc006180 | unwrapped: 3a 53 78 9a 7d ac 61 e7 01 4c 0f 65 aa e9 95 16 | unwrapped: 41 78 51 59 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021df9ff0 (size 80) | prf+N: seed-key@0x564021df9ff0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021df9ff0 | nss hmac digest hack: symkey-key@0x564021df9ff0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-670138016: ffffffc7 1e ffffffe2 48 2f ffffffcc 67 3d ffffff86 6c 0f 79 ffffffd5 ffffffe6 0b 08 ffffffd9 ffffffad 3b ffffff8e ffffff81 ffffffe9 fffffff7 ffffffc8 53 77 4b 1d 0a 24 69 2e fffffffe ffffffab ffffffff 40 10 5a ffffffb5 7c ffffffe1 0b 20 6c 12 fffffff7 49 44 ffffffd4 ffffffff 27 ffffff85 75 ffffff9f ffffffc8 71 42 ffffffb4 0c ffffffe2 ffffffcd 1f ffffffc8 19 ffffffa8 fffffff5 78 ffffffce 36 fffffff0 ffffffb5 ffffff80 2e 0f 41 6b ffffffc7 ffffffee ffffffc9 42 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cbc0061e0 | unwrapped: 24 d2 c2 9e 1c 53 18 91 db 47 8c 36 d3 df bd b2 | unwrapped: 1a 0e fc 2d f5 92 a6 be a4 46 ff 67 80 35 22 da | unwrapped: 99 a4 f1 4d 04 48 65 ea b9 39 82 0b e7 86 03 b5 | unwrapped: 10 fc e7 0c ac 18 e6 13 53 7e 0c 1b 65 3b c0 97 | unwrapped: 32 8c 0a 7b f8 de 47 71 2c 2f 54 a7 a1 72 6f 05 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd80e8520 | result: final-key@0x7f5cc800d640 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cc800d640 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd80e8508 | result: final-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f5cc800d640 | prf+N PRF sha final-key@0x564021e01140 (size 20) | prf+N: key-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd80e8598 | result: result-key@0x7f5cc800d640 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021dfb870 | prfplus: release old_t[N]-key@0x564021e07b90 | prf+N PRF sha init key-key@0x564021e19e70 (size 20) | prf+N: key-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd80e8518 | result: clone-key@0x564021e07b90 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5cbc001850 from key-key@0x564021e07b90 | prf+N prf: begin sha with context 0x7f5cbc001850 from key-key@0x564021e07b90 | prf+N: release clone-key@0x564021e07b90 | prf+N PRF sha crypt-prf@0x7f5cbc0010c0 | prf+N PRF sha update old_t-key@0x564021e01140 (size 20) | prf+N: old_t-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021e01140 | nss hmac digest hack: symkey-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-670138016: ffffff90 ffffffd3 fffffffd 5a 68 57 09 67 fffffff8 ffffff96 27 ffffffaa 11 ffffffeb 17 2d fffffff4 ffffffbd 2b ffffffbb ffffffb3 57 66 51 1f 01 59 57 54 fffffffe 75 6e | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5cbc0061b0 | unwrapped: 52 e3 6f c9 d2 c4 d1 fa ce 17 0c ce 63 f8 85 cb | unwrapped: 1d 5a f9 e6 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021df9ff0 (size 80) | prf+N: seed-key@0x564021df9ff0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021df9ff0 | nss hmac digest hack: symkey-key@0x564021df9ff0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-670138016: ffffffc7 1e ffffffe2 48 2f ffffffcc 67 3d ffffff86 6c 0f 79 ffffffd5 ffffffe6 0b 08 ffffffd9 ffffffad 3b ffffff8e ffffff81 ffffffe9 fffffff7 ffffffc8 53 77 4b 1d 0a 24 69 2e fffffffe ffffffab ffffffff 40 10 5a ffffffb5 7c ffffffe1 0b 20 6c 12 fffffff7 49 44 ffffffd4 ffffffff 27 ffffff85 75 ffffff9f ffffffc8 71 42 ffffffb4 0c ffffffe2 ffffffcd 1f ffffffc8 19 ffffffa8 fffffff5 78 ffffffce 36 fffffff0 ffffffb5 ffffff80 2e 0f 41 6b ffffffc7 ffffffee ffffffc9 42 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cbc004850 | unwrapped: 24 d2 c2 9e 1c 53 18 91 db 47 8c 36 d3 df bd b2 | unwrapped: 1a 0e fc 2d f5 92 a6 be a4 46 ff 67 80 35 22 da | unwrapped: 99 a4 f1 4d 04 48 65 ea b9 39 82 0b e7 86 03 b5 | unwrapped: 10 fc e7 0c ac 18 e6 13 53 7e 0c 1b 65 3b c0 97 | unwrapped: 32 8c 0a 7b f8 de 47 71 2c 2f 54 a7 a1 72 6f 05 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd80e8520 | result: final-key@0x564021dfb870 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021dfb870 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd80e8508 | result: final-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021dfb870 | prf+N PRF sha final-key@0x564021e07b90 (size 20) | prf+N: key-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f5cc800d640 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd80e8598 | result: result-key@0x564021dfb870 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f5cc800d640 | prfplus: release old_t[N]-key@0x564021e01140 | prf+N PRF sha init key-key@0x564021e19e70 (size 20) | prf+N: key-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd80e8518 | result: clone-key@0x564021e01140 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5cbc003aa0 from key-key@0x564021e01140 | prf+N prf: begin sha with context 0x7f5cbc003aa0 from key-key@0x564021e01140 | prf+N: release clone-key@0x564021e01140 | prf+N PRF sha crypt-prf@0x7f5cbc002a80 | prf+N PRF sha update old_t-key@0x564021e07b90 (size 20) | prf+N: old_t-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021e07b90 | nss hmac digest hack: symkey-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-670138016: ffffffe8 fffffff1 fffffffe ffffffa9 ffffffdd ffffff88 62 1d ffffffd0 fffffff9 6b 08 ffffffac ffffffeb 70 ffffff81 ffffffac fffffff9 2e 58 fffffffb 39 6f ffffffae ffffffff 7b ffffff8d 6a 05 6e fffffff9 6a | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5cbc006180 | unwrapped: 80 0a 07 3e 41 aa b1 83 c1 72 16 c2 46 ad a5 ff | unwrapped: 97 d8 9b 54 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021df9ff0 (size 80) | prf+N: seed-key@0x564021df9ff0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021df9ff0 | nss hmac digest hack: symkey-key@0x564021df9ff0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-670138016: ffffffc7 1e ffffffe2 48 2f ffffffcc 67 3d ffffff86 6c 0f 79 ffffffd5 ffffffe6 0b 08 ffffffd9 ffffffad 3b ffffff8e ffffff81 ffffffe9 fffffff7 ffffffc8 53 77 4b 1d 0a 24 69 2e fffffffe ffffffab ffffffff 40 10 5a ffffffb5 7c ffffffe1 0b 20 6c 12 fffffff7 49 44 ffffffd4 ffffffff 27 ffffff85 75 ffffff9f ffffffc8 71 42 ffffffb4 0c ffffffe2 ffffffcd 1f ffffffc8 19 ffffffa8 fffffff5 78 ffffffce 36 fffffff0 ffffffb5 ffffff80 2e 0f 41 6b ffffffc7 ffffffee ffffffc9 42 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cbc0061e0 | unwrapped: 24 d2 c2 9e 1c 53 18 91 db 47 8c 36 d3 df bd b2 | unwrapped: 1a 0e fc 2d f5 92 a6 be a4 46 ff 67 80 35 22 da | unwrapped: 99 a4 f1 4d 04 48 65 ea b9 39 82 0b e7 86 03 b5 | unwrapped: 10 fc e7 0c ac 18 e6 13 53 7e 0c 1b 65 3b c0 97 | unwrapped: 32 8c 0a 7b f8 de 47 71 2c 2f 54 a7 a1 72 6f 05 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd80e8520 | result: final-key@0x7f5cc800d640 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cc800d640 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd80e8508 | result: final-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f5cc800d640 | prf+N PRF sha final-key@0x564021e01140 (size 20) | prf+N: key-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021dfb870 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd80e8598 | result: result-key@0x7f5cc800d640 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021dfb870 | prfplus: release old_t[N]-key@0x564021e07b90 | prfplus: release old_t[final]-key@0x564021e01140 | ike_sa_keymat: release data-key@0x564021df9ff0 | calc_skeyseed_v2: release skeyseed_k-key@0x564021e19e70 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cc800d640 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd80e8738 | result: result-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cc800d640 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd80e8738 | result: result-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cc800d640 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd80e8738 | result: result-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f5cc800d640 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd80e8748 | result: SK_ei_k-key@0x564021e07b90 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f5cc800d640 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd80e8748 | result: SK_er_k-key@0x564021dfb870 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cc800d640 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd80e8748 | result: result-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x564021e04570 | chunk_SK_pi: symkey-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)945907302: 54 6d 3c 47 ffffff93 ffffffae ffffffda 1f 5d ffffffe6 16 45 ffffffa2 5f ffffffba ffffffcf ffffff97 ffffff9c 24 ffffff8f ffffffac ffffffa7 ffffff94 ffffff87 44 ffffffa6 12 71 65 79 08 6b | chunk_SK_pi: release slot-key-key@0x564021dfdd40 | chunk_SK_pi extracted len 32 bytes at 0x7f5cbc0059e0 | unwrapped: 63 f8 85 cb 1d 5a f9 e6 80 0a 07 3e 41 aa b1 83 | unwrapped: c1 72 16 c2 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cc800d640 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd80e8748 | result: result-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x7f5cc800a510 | chunk_SK_pr: symkey-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)945907302: 17 4c ffffffab 18 0d ffffffa8 0b 4f ffffffb6 ffffffff 34 fffffff8 6f ffffff8d 11 ffffff8d ffffff84 ffffffc5 ffffff92 ffffffc8 45 ffffffc2 3b 53 ffffffbe ffffffef ffffffd1 ffffffb9 5f 56 66 ffffff99 | chunk_SK_pr: release slot-key-key@0x564021dfdd40 | chunk_SK_pr extracted len 32 bytes at 0x7f5cbc006340 | unwrapped: 46 ad a5 ff 97 d8 9b 54 53 cf f5 69 72 c5 5b 4f | unwrapped: 14 06 82 cb 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x7f5cc800d640 | calc_skeyseed_v2 pointers: shared-key@0x7f5cc80069f0, SK_d-key@0x564021e19e70, SK_ai-key@0x564021df9ff0, SK_ar-key@0x564021e01140, SK_ei-key@0x564021e07b90, SK_er-key@0x564021dfb870, SK_pi-key@0x564021e04570, SK_pr-key@0x7f5cc800a510 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | 63 f8 85 cb 1d 5a f9 e6 80 0a 07 3e 41 aa b1 83 | c1 72 16 c2 | calc_skeyseed_v2 SK_pr | 46 ad a5 ff 97 d8 9b 54 53 cf f5 69 72 c5 5b 4f | 14 06 82 cb | crypto helper 0 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 14 time elapsed 0.004025 seconds | (#13) spent 3.03 milliseconds in crypto helper computing work-order 14: ikev2_inR1outI2 KE (pcr) | crypto helper 0 sending results from work-order 14 for state #13 to event queue | scheduling resume sending helper answer for #13 | libevent_malloc: new ptr-libevent@0x7f5cbc006560 size 128 | crypto helper 0 waiting (nothing to do) | processing resume sending helper answer for #13 | start processing: state #13 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 14 | calling continuation function 0x564020443630 | ikev2_parent_inR1outI2_continue for #13: calculating g^{xy}, sending I2 | DH secret MODP2048@0x7f5cb8002010: transferring ownership from helper IKEv2 DH to state #13 | finish_dh_v2: release st_shared_nss-key@NULL | creating state object #14 at 0x564021e1a900 | State DB: adding IKEv2 state #14 in UNDEFINED | pstats #14 ikev2.child started | duplicating state object #13 "aes128" as #14 for IPSEC SA | #14 setting local endpoint to 192.1.2.45:500 from #13.st_localport (in duplicate_state() at state.c:1481) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x564021e19e70 | duplicate_state: reference st_skey_ai_nss-key@0x564021df9ff0 | duplicate_state: reference st_skey_ar_nss-key@0x564021e01140 | duplicate_state: reference st_skey_ei_nss-key@0x564021e07b90 | duplicate_state: reference st_skey_er_nss-key@0x564021dfb870 | duplicate_state: reference st_skey_pi_nss-key@0x564021e04570 | duplicate_state: reference st_skey_pr_nss-key@0x7f5cc800a510 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #13.#14; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #13 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #13.#14 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #13 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f5cb80087a0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564021e1fac0 | event_schedule: new EVENT_SA_REPLACE-pe@0x564021e1fac0 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #13 | libevent_malloc: new ptr-libevent@0x7f5cb80087a0 size 128 | parent state #13: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | 32 8c 0a 7b f8 de 47 71 | responder cookie: | 2c 2f 54 a7 a1 72 6f 05 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | IDr payload will be sent | hmac PRF sha init symkey-key@0x564021e04570 (size 20) | hmac: symkey-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db978 | result: clone-key@0x7f5cc800d640 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564021dfd2a0 from symkey-key@0x7f5cc800d640 | hmac prf: begin sha with context 0x564021dfd2a0 from symkey-key@0x7f5cc800d640 | hmac: release clone-key@0x7f5cc800d640 | hmac PRF sha crypt-prf@0x564021e16cc0 | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 77 65 73 74 | emitting length of IKEv2 Identification - Initiator - Payload: 12 | idhash calc I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x564020542974 (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7fff864dbf10 (length 20) | 4d c5 05 d1 59 4f 24 1f 9b e6 a3 e6 4e 35 48 70 | f1 2c 3d 5e | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload | IDr 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x564021e0a240 (line=1) | concluding with best_match=014 best=0x564021e0a240 (lineno=1) | inputs to hash1 (first packet) | 32 8c 0a 7b f8 de 47 71 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 0b 37 c5 ca 75 d3 ab bc b8 05 cf 7c | 4d 45 1e 9e fd 12 32 ff 39 45 9b d4 55 bb d5 05 | 2f 0e 81 8f e5 6c 56 37 04 9a 49 95 6a ae 5d 3c | 2f b9 56 fd e2 1e 4c bd c9 47 53 d0 eb d2 55 e9 | 4e 7f 43 3b be c0 77 15 a5 ca 2d ff 02 5e 27 d7 | 10 2c cc d7 59 6f c2 40 63 e2 f9 98 9d 4a 81 12 | 5b b1 7e 06 e4 7d 4d eb f7 1f fe 75 4e fc b3 f4 | f2 0a 53 e7 13 4c 38 22 97 12 90 17 67 20 f5 ed | fd c8 c8 81 9b b8 4e 72 fc f3 82 17 5d d4 c4 33 | cb 7b 67 4b 62 1b 3b d3 07 e1 c4 90 fd 39 f1 3e | 65 78 d5 bb a3 f8 3a 71 45 f9 c0 f0 08 8c 2b 06 | 95 f1 7e 2e ab 5e 2c a0 27 65 8e d6 62 00 96 88 | a0 c5 46 68 20 b5 6b e5 60 48 4e e8 75 7a a4 47 | 75 c7 e6 61 5c c5 47 48 7b ad 74 16 b0 12 bc 70 | 8b 29 f8 b2 04 be 70 1b c8 18 a2 e2 d5 18 3d 80 | c6 db cd f7 4c 50 07 76 cb 4f 0b 5a 97 ca d0 dd | 55 5f 2c d4 29 00 00 24 24 d2 c2 9e 1c 53 18 91 | db 47 8c 36 d3 df bd b2 1a 0e fc 2d f5 92 a6 be | a4 46 ff 67 80 35 22 da 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 f3 3c ac f4 c4 fb 3c 36 | c4 92 5c 1f 1b 51 5b 0e 28 f3 95 df 00 00 00 1c | 00 00 40 05 dd 08 2b 8a 69 ae 03 41 a2 d9 9a d7 | 44 c0 08 d7 b0 2e 2b c5 | create: initiator inputs to hash2 (responder nonce) | 99 a4 f1 4d 04 48 65 ea b9 39 82 0b e7 86 03 b5 | 10 fc e7 0c ac 18 e6 13 53 7e 0c 1b 65 3b c0 97 | idhash 4d c5 05 d1 59 4f 24 1f 9b e6 a3 e6 4e 35 48 70 | idhash f1 2c 3d 5e | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x564021e14a20 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db770 | result: shared secret-key@0x7f5cd0006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7f5cd0006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db758 | result: shared secret-key@0x7f5cc800d640 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7f5cd0006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x564021dfd2a0 from shared secret-key@0x7f5cc800d640 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x564021dfd2a0 from shared secret-key@0x7f5cc800d640 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f5cc800d640 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x564021da3880 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x5640204d6bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db790 | result: final-key@0x7f5cd0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cd0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db778 | result: final-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f5cd0006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f5cc800d640 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f5cc800d640 (size 20) | = prf(, ): -key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db788 | result: clone-key@0x7f5cd0006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x564021dfd2a0 from -key@0x7f5cd0006900 | = prf(, ) prf: begin sha with context 0x564021dfd2a0 from -key@0x7f5cd0006900 | = prf(, ): release clone-key@0x7f5cd0006900 | = prf(, ) PRF sha crypt-prf@0x564021e17be0 | = prf(, ) PRF sha update first-packet-bytes@0x564021da9230 (length 440) | 32 8c 0a 7b f8 de 47 71 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 0b 37 c5 ca 75 d3 ab bc b8 05 cf 7c | 4d 45 1e 9e fd 12 32 ff 39 45 9b d4 55 bb d5 05 | 2f 0e 81 8f e5 6c 56 37 04 9a 49 95 6a ae 5d 3c | 2f b9 56 fd e2 1e 4c bd c9 47 53 d0 eb d2 55 e9 | 4e 7f 43 3b be c0 77 15 a5 ca 2d ff 02 5e 27 d7 | 10 2c cc d7 59 6f c2 40 63 e2 f9 98 9d 4a 81 12 | 5b b1 7e 06 e4 7d 4d eb f7 1f fe 75 4e fc b3 f4 | f2 0a 53 e7 13 4c 38 22 97 12 90 17 67 20 f5 ed | fd c8 c8 81 9b b8 4e 72 fc f3 82 17 5d d4 c4 33 | cb 7b 67 4b 62 1b 3b d3 07 e1 c4 90 fd 39 f1 3e | 65 78 d5 bb a3 f8 3a 71 45 f9 c0 f0 08 8c 2b 06 | 95 f1 7e 2e ab 5e 2c a0 27 65 8e d6 62 00 96 88 | a0 c5 46 68 20 b5 6b e5 60 48 4e e8 75 7a a4 47 | 75 c7 e6 61 5c c5 47 48 7b ad 74 16 b0 12 bc 70 | 8b 29 f8 b2 04 be 70 1b c8 18 a2 e2 d5 18 3d 80 | c6 db cd f7 4c 50 07 76 cb 4f 0b 5a 97 ca d0 dd | 55 5f 2c d4 29 00 00 24 24 d2 c2 9e 1c 53 18 91 | db 47 8c 36 d3 df bd b2 1a 0e fc 2d f5 92 a6 be | a4 46 ff 67 80 35 22 da 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 f3 3c ac f4 c4 fb 3c 36 | c4 92 5c 1f 1b 51 5b 0e 28 f3 95 df 00 00 00 1c | 00 00 40 05 dd 08 2b 8a 69 ae 03 41 a2 d9 9a d7 | 44 c0 08 d7 b0 2e 2b c5 | = prf(, ) PRF sha update nonce-bytes@0x564021e1fe90 (length 32) | 99 a4 f1 4d 04 48 65 ea b9 39 82 0b e7 86 03 b5 | 10 fc e7 0c ac 18 e6 13 53 7e 0c 1b 65 3b c0 97 | = prf(, ) PRF sha update hash-bytes@0x7fff864dbf10 (length 20) | 4d c5 05 d1 59 4f 24 1f 9b e6 a3 e6 4e 35 48 70 | f1 2c 3d 5e | = prf(, ) PRF sha final-chunk@0x564021e16cc0 (length 20) | b7 42 26 47 3f da f0 cc 9c 94 c2 fb b9 9c 29 26 | e4 70 fd f6 | psk_auth: release prf-psk-key@0x7f5cc800d640 | PSK auth octets b7 42 26 47 3f da f0 cc 9c 94 c2 fb b9 9c 29 26 | PSK auth octets e4 70 fd f6 | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth b7 42 26 47 3f da f0 cc 9c 94 c2 fb b9 9c 29 26 | PSK auth e4 70 fd f6 | emitting length of IKEv2 Authentication Payload: 28 | getting first pending from state #13 | netlink_get_spi: allocated 0x569cad86 for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for aes128 (IKE SA initiator emitting ESP/AH proposals) | converting proposal AES_CBC_128-HMAC_SHA1_96-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED "aes128": constructed local ESP/AH proposals for aes128 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 56 9c ad 86 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #13: IMPAIR: omitting fixed-size key-length attribute | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 36 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 40 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 01 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 02 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 176 | emitting length of ISAKMP Message: 204 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 07 99 cc ad fa 41 ec b2 4f e9 bc e3 09 6c d8 e1 | data before encryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | b7 42 26 47 3f da f0 cc 9c 94 c2 fb b9 9c 29 26 | e4 70 fd f6 2c 00 00 28 00 00 00 24 01 03 04 03 | 56 9c ad 86 03 00 00 08 01 00 00 0c 03 00 00 08 | 03 00 00 02 00 00 00 08 05 00 00 00 2d 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 01 00 | c0 00 01 ff 00 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 02 00 c0 00 02 ff 00 01 02 03 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 97 85 59 7a b2 3d 97 5c f2 5f 6c 3a 1d 87 c6 1f | 64 c7 01 50 17 fd 21 25 5c f3 29 f0 31 2e 95 07 | d9 f4 0f db d2 39 33 7a 2d 88 c1 1c 2b 13 e7 24 | e2 58 42 b3 ef a9 50 20 a2 af bf f6 51 99 a5 ef | 85 e2 ea c9 1b bc fc f2 4d fa 77 0c 36 bb 6b 49 | 32 3d ee 14 69 7a 68 72 ed fb 43 18 48 90 36 7f | fb 93 2f b3 96 cc 22 59 a7 0a a0 be e4 60 92 40 | 26 4b 66 82 5d e3 4c 96 c4 e8 42 20 68 5e 63 fa | 8a 2f 3d 31 26 5b 9b df 2a a3 c3 9d 05 48 7b a7 | hmac PRF sha init symkey-key@0x564021df9ff0 (size 20) | hmac: symkey-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db888 | result: clone-key@0x7f5cc800d640 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564021dfd2a0 from symkey-key@0x7f5cc800d640 | hmac prf: begin sha with context 0x564021dfd2a0 from symkey-key@0x7f5cc800d640 | hmac: release clone-key@0x7f5cc800d640 | hmac PRF sha crypt-prf@0x564021da3880 | hmac PRF sha update data-bytes@0x564020542940 (length 192) | 32 8c 0a 7b f8 de 47 71 2c 2f 54 a7 a1 72 6f 05 | 2e 20 23 08 00 00 00 01 00 00 00 cc 23 00 00 b0 | 07 99 cc ad fa 41 ec b2 4f e9 bc e3 09 6c d8 e1 | 97 85 59 7a b2 3d 97 5c f2 5f 6c 3a 1d 87 c6 1f | 64 c7 01 50 17 fd 21 25 5c f3 29 f0 31 2e 95 07 | d9 f4 0f db d2 39 33 7a 2d 88 c1 1c 2b 13 e7 24 | e2 58 42 b3 ef a9 50 20 a2 af bf f6 51 99 a5 ef | 85 e2 ea c9 1b bc fc f2 4d fa 77 0c 36 bb 6b 49 | 32 3d ee 14 69 7a 68 72 ed fb 43 18 48 90 36 7f | fb 93 2f b3 96 cc 22 59 a7 0a a0 be e4 60 92 40 | 26 4b 66 82 5d e3 4c 96 c4 e8 42 20 68 5e 63 fa | 8a 2f 3d 31 26 5b 9b df 2a a3 c3 9d 05 48 7b a7 | hmac PRF sha final-bytes@0x564020542a00 (length 20) | 95 5f 42 d1 21 3b e4 6b 2e 05 97 2c ff 91 9a 68 | e7 6f b1 37 | data being hmac: 32 8c 0a 7b f8 de 47 71 2c 2f 54 a7 a1 72 6f 05 | data being hmac: 2e 20 23 08 00 00 00 01 00 00 00 cc 23 00 00 b0 | data being hmac: 07 99 cc ad fa 41 ec b2 4f e9 bc e3 09 6c d8 e1 | data being hmac: 97 85 59 7a b2 3d 97 5c f2 5f 6c 3a 1d 87 c6 1f | data being hmac: 64 c7 01 50 17 fd 21 25 5c f3 29 f0 31 2e 95 07 | data being hmac: d9 f4 0f db d2 39 33 7a 2d 88 c1 1c 2b 13 e7 24 | data being hmac: e2 58 42 b3 ef a9 50 20 a2 af bf f6 51 99 a5 ef | data being hmac: 85 e2 ea c9 1b bc fc f2 4d fa 77 0c 36 bb 6b 49 | data being hmac: 32 3d ee 14 69 7a 68 72 ed fb 43 18 48 90 36 7f | data being hmac: fb 93 2f b3 96 cc 22 59 a7 0a a0 be e4 60 92 40 | data being hmac: 26 4b 66 82 5d e3 4c 96 c4 e8 42 20 68 5e 63 fa | data being hmac: 8a 2f 3d 31 26 5b 9b df 2a a3 c3 9d 05 48 7b a7 | out calculated auth: | 95 5f 42 d1 21 3b e4 6b 2e 05 97 2c | suspend processing: state #13 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #14 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #14 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #14: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #14 to 0 after switching state | Message ID: recv #13.#14 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #13.#14 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "aes128" #14: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 204 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #13) | 32 8c 0a 7b f8 de 47 71 2c 2f 54 a7 a1 72 6f 05 | 2e 20 23 08 00 00 00 01 00 00 00 cc 23 00 00 b0 | 07 99 cc ad fa 41 ec b2 4f e9 bc e3 09 6c d8 e1 | 97 85 59 7a b2 3d 97 5c f2 5f 6c 3a 1d 87 c6 1f | 64 c7 01 50 17 fd 21 25 5c f3 29 f0 31 2e 95 07 | d9 f4 0f db d2 39 33 7a 2d 88 c1 1c 2b 13 e7 24 | e2 58 42 b3 ef a9 50 20 a2 af bf f6 51 99 a5 ef | 85 e2 ea c9 1b bc fc f2 4d fa 77 0c 36 bb 6b 49 | 32 3d ee 14 69 7a 68 72 ed fb 43 18 48 90 36 7f | fb 93 2f b3 96 cc 22 59 a7 0a a0 be e4 60 92 40 | 26 4b 66 82 5d e3 4c 96 c4 e8 42 20 68 5e 63 fa | 8a 2f 3d 31 26 5b 9b df 2a a3 c3 9d 05 48 7b a7 | 95 5f 42 d1 21 3b e4 6b 2e 05 97 2c | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x564021e1fb00 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #14 | libevent_malloc: new ptr-libevent@0x7f5ccc006760 size 128 | #14 STATE_PARENT_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48957.223885 | resume sending helper answer for #13 suppresed complete_v2_state_transition() | #13 spent 0.85 milliseconds in resume sending helper answer | stop processing: state #14 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5cbc006560 | spent 0.00283 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 32 8c 0a 7b f8 de 47 71 2c 2f 54 a7 a1 72 6f 05 | 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | f5 c0 f9 70 32 7d 46 15 f8 3e 99 1e 39 02 01 44 | 73 65 d7 2e 2a f2 54 a1 fb c7 c5 e2 c4 b8 b8 9c | 67 f7 cd bf 24 7b 5b 63 51 ca c1 88 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 32 8c 0a 7b f8 de 47 71 | responder cookie: | 2c 2f 54 a7 a1 72 6f 05 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #13 in PARENT_I2 (find_v2_ike_sa) | start processing: state #13 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #14 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #13 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | start processing: state #14 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #14 is idle | #14 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SK (len=44) | #14 in state PARENT_I2: sent v2I2, expected v2R2 | hmac PRF sha init symkey-key@0x564021e01140 (size 20) | hmac: symkey-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db7a8 | result: clone-key@0x7f5cc800d640 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564021dfd2a0 from symkey-key@0x7f5cc800d640 | hmac prf: begin sha with context 0x564021dfd2a0 from symkey-key@0x7f5cc800d640 | hmac: release clone-key@0x7f5cc800d640 | hmac PRF sha crypt-prf@0x564021da38a0 | hmac PRF sha update data-bytes@0x564021d74460 (length 64) | 32 8c 0a 7b f8 de 47 71 2c 2f 54 a7 a1 72 6f 05 | 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | f5 c0 f9 70 32 7d 46 15 f8 3e 99 1e 39 02 01 44 | 73 65 d7 2e 2a f2 54 a1 fb c7 c5 e2 c4 b8 b8 9c | hmac PRF sha final-bytes@0x7fff864db970 (length 20) | 67 f7 cd bf 24 7b 5b 63 51 ca c1 88 34 04 6a 6d | a7 8c 2a 6c | data for hmac: 32 8c 0a 7b f8 de 47 71 2c 2f 54 a7 a1 72 6f 05 | data for hmac: 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | data for hmac: f5 c0 f9 70 32 7d 46 15 f8 3e 99 1e 39 02 01 44 | data for hmac: 73 65 d7 2e 2a f2 54 a1 fb c7 c5 e2 c4 b8 b8 9c | calculated auth: 67 f7 cd bf 24 7b 5b 63 51 ca c1 88 | provided auth: 67 f7 cd bf 24 7b 5b 63 51 ca c1 88 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | f5 c0 f9 70 32 7d 46 15 f8 3e 99 1e 39 02 01 44 | payload before decryption: | 73 65 d7 2e 2a f2 54 a1 fb c7 c5 e2 c4 b8 b8 9c | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 00 00 00 08 00 00 00 0e 00 01 02 03 04 05 06 07 | stripping 8 octets as pad | #14 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2N) | **parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | processing payload: ISAKMP_NEXT_v2N (len=0) | selected state microcode IKE SA: process IKE_AUTH response containing unknown notification | Now let's proceed with state specific processing | calling processor IKE SA: process IKE_AUTH response containing unknown notification "aes128" #14: IKE_AUTH response contained the error notification NO_PROPOSAL_CHOSEN "aes128" #14: scheduling retry attempt 1 of an unlimited number, but releasing whack | release_pending_whacks: state #14 fd@25 .st_dev=9 .st_ino=1573967 | close_any(fd@25) (in release_whack() at state.c:654) | close_any(fd@24) (in release_whack() at state.c:654) | release_pending_whacks: IKE SA #13 fd@-1 has pending CHILD SA with socket fd@25 | libevent_free: release ptr-libevent@0x7f5ccc006760 | free_event_entry: release EVENT_RETRANSMIT-pe@0x564021e1fb00 | event_schedule: new EVENT_RETRANSMIT-pe@0x564021e1fb00 | inserting event EVENT_RETRANSMIT, timeout in 59.995393 seconds for #14 | libevent_malloc: new ptr-libevent@0x7f5ccc006760 size 128 "aes128" #14: STATE_PARENT_I2: suppressing retransmits; will wait 59.995393 seconds for retry | #14 spent 0.107 milliseconds in processing: IKE SA: process IKE_AUTH response containing unknown notification in ikev2_process_state_packet() | [RE]START processing: state #14 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #14 complete_v2_state_transition() PARENT_I2->PARENT_I2 with status STF_IGNORE | stop processing: state #14 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #13 spent 0.347 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.357 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0479 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | close_any(fd@25) Errno 9: Bad file descriptor (in delete_pending() at pending.c:244) | removing pending policy for no connection {0x7f5cc8002d20} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #14 | suspend processing: connection "aes128" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #14 connection "aes128" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #14 ikev2.child deleted other | #14 spent 0.107 milliseconds in total | [RE]START processing: state #14 connection "aes128" from 192.1.2.23:500 (in delete_state() at state.c:879) "aes128" #14: deleting state (STATE_PARENT_I2) aged 0.027s and NOT sending notification | child state #14: PARENT_I2(open IKE SA) => delete | child state #14: PARENT_I2(open IKE SA) => CHILDSA_DEL(informational) | state #14 requesting EVENT_RETRANSMIT to be deleted | #14 STATE_CHILDSA_DEL: retransmits: cleared | libevent_free: release ptr-libevent@0x7f5ccc006760 | free_event_entry: release EVENT_RETRANSMIT-pe@0x564021e1fb00 | priority calculation of connection "aes128" is 0xfe7e7 | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | stop processing: connection "aes128" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #14 in CHILDSA_DEL | child state #14: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #14 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x564021e19e70 | delete_state: release st->st_skey_ai_nss-key@0x564021df9ff0 | delete_state: release st->st_skey_ar_nss-key@0x564021e01140 | delete_state: release st->st_skey_ei_nss-key@0x564021e07b90 | delete_state: release st->st_skey_er_nss-key@0x564021dfb870 | delete_state: release st->st_skey_pi_nss-key@0x564021e04570 | delete_state: release st->st_skey_pr_nss-key@0x7f5cc800a510 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #13 | start processing: state #13 connection "aes128" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #13 ikev2.ike deleted other | #13 spent 6.5 milliseconds in total | [RE]START processing: state #13 connection "aes128" from 192.1.2.23:500 (in delete_state() at state.c:879) "aes128" #13: deleting state (STATE_PARENT_I2) aged 0.037s and NOT sending notification | parent state #13: PARENT_I2(open IKE SA) => delete | state #13 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f5cb80087a0 | free_event_entry: release EVENT_SA_REPLACE-pe@0x564021e1fac0 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #13 in PARENT_I2 | parent state #13: PARENT_I2(open IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f5cb8002010: destroyed | stop processing: state #13 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x7f5cc80069f0 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x564021e19e70 | delete_state: release st->st_skey_ai_nss-key@0x564021df9ff0 | delete_state: release st->st_skey_ar_nss-key@0x564021e01140 | delete_state: release st->st_skey_ei_nss-key@0x564021e07b90 | delete_state: release st->st_skey_er_nss-key@0x564021dfb870 | delete_state: release st->st_skey_pi_nss-key@0x564021e04570 | delete_state: release st->st_skey_pr_nss-key@0x7f5cc800a510 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x564021e17eb0 | flush revival: connection 'aes128' wasn't on the list | stop processing: connection "aes128" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.328 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | child-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0589 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + delete-on-retransmit | base impairing = delete-on-retransmit | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0483 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | emitting | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0571 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | ike-key-length-attribute:EMPTY | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0492 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection aes128 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x564021de15d0 added connection description "aes128" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.142 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #15 at 0x564021e16060 | State DB: adding IKEv2 state #15 in UNDEFINED | pstats #15 ikev2.ike started | Message ID: init #15: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #15: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #15; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #15 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #15 "aes128" "aes128" #15: initiating v2 parent SA | constructing local IKE proposals for aes128 (IKE SA initiator selecting KE) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "aes128": constructed local IKE proposals for aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 15 for state #15 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564021e1fac0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #15 | libevent_malloc: new ptr-libevent@0x7f5ccc006760 size 128 | #15 spent 0.116 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #15 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.176 milliseconds in whack | crypto helper 2 resuming | crypto helper 2 starting work-order 15 for state #15 | crypto helper 2 doing build KE and nonce (ikev2_outI1 KE); request ID 15 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f5cd0002a80: created | NSS: Local DH MODP2048 secret (pointer): 0x7f5cd0002a80 | NSS: Public DH wire value: | 56 0f 4a 49 b6 d8 ef 5e 9a 20 49 08 dd 4f f6 f4 | 4c c1 98 0c 10 59 a0 6d 0a 3f 22 e6 fd eb e3 cc | dd e7 45 14 1e d1 a2 5a bb b5 9f b3 53 c4 d2 50 | f8 ca 28 88 0d c1 6f ce 83 8c cc 10 c8 0e 29 2e | 7d 8f 78 58 73 eb e5 19 3e 2f 28 fd e8 ca 3a 57 | 2b 23 2e 44 9f b8 3c 2d c1 90 58 12 61 c6 a3 a1 | 90 10 12 de 30 5a f3 38 d1 cc c6 f7 aa bd 37 df | 5b 83 df b1 41 88 0a 3c f2 ef 23 6b ea 57 ca 38 | 6b fd 28 64 df ba 18 24 54 83 d4 9f 67 56 79 c1 | 36 20 8f 64 4b 17 43 44 bd 61 e6 31 50 24 7e da | 46 17 ca 99 af 74 b2 3f 39 57 1e 86 8c b0 e6 83 | 22 dc 3a 59 dc 63 78 1b fd 05 74 87 d9 3b 77 39 | 77 71 1f b4 5c f8 52 2a 99 cc a6 bb 1b 6f 32 54 | ac 55 a8 7a c8 f9 87 70 0b 4a e4 80 3f dd 2a 8f | fd fd 92 e2 7a e6 16 60 3b ba 22 ba 13 d3 2e 14 | 6b 35 ce 90 5e 77 1d d8 a5 47 ea 87 5f fb 80 f4 | Generated nonce: 19 54 a8 29 bd ca 2a 0e db 5e 5e 3e cd b8 b3 cb | Generated nonce: cf 49 5e 6c 04 bf 09 00 41 49 39 40 09 44 58 db | crypto helper 2 finished build KE and nonce (ikev2_outI1 KE); request ID 15 time elapsed 0.001066 seconds | (#15) spent 1.06 milliseconds in crypto helper computing work-order 15: ikev2_outI1 KE (pcr) | crypto helper 2 sending results from work-order 15 for state #15 to event queue | scheduling resume sending helper answer for #15 | libevent_malloc: new ptr-libevent@0x7f5cd0008b30 size 128 | crypto helper 2 waiting (nothing to do) | processing resume sending helper answer for #15 | start processing: state #15 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 2 replies to request ID 15 | calling continuation function 0x564020443630 | ikev2_parent_outI1_continue for #15 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f5cd0002a80: transferring ownership from helper KE to state #15 | **emit ISAKMP Message: | initiator cookie: | 8f b8 e0 55 77 b6 fa 77 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #15: IMPAIR: emitting variable-size key-length attribute with no key | ******emit IKEv2 Attribute Substructure Payload: | af+type: 14?? (0xe) | length/value: 0 (0x0) "aes128" #15: IMPAIR: emitting af+type of IKEv2 Attribute Substructure Payload has an unknown value: 0x0+14 (0xe) | emitting length of IKEv2 Attribute Substructure Payload: 0 | emitting 0 raw bytes of attribute value into IKEv2 Transform Substructure Payload | attribute value | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 56 0f 4a 49 b6 d8 ef 5e 9a 20 49 08 dd 4f f6 f4 | ikev2 g^x 4c c1 98 0c 10 59 a0 6d 0a 3f 22 e6 fd eb e3 cc | ikev2 g^x dd e7 45 14 1e d1 a2 5a bb b5 9f b3 53 c4 d2 50 | ikev2 g^x f8 ca 28 88 0d c1 6f ce 83 8c cc 10 c8 0e 29 2e | ikev2 g^x 7d 8f 78 58 73 eb e5 19 3e 2f 28 fd e8 ca 3a 57 | ikev2 g^x 2b 23 2e 44 9f b8 3c 2d c1 90 58 12 61 c6 a3 a1 | ikev2 g^x 90 10 12 de 30 5a f3 38 d1 cc c6 f7 aa bd 37 df | ikev2 g^x 5b 83 df b1 41 88 0a 3c f2 ef 23 6b ea 57 ca 38 | ikev2 g^x 6b fd 28 64 df ba 18 24 54 83 d4 9f 67 56 79 c1 | ikev2 g^x 36 20 8f 64 4b 17 43 44 bd 61 e6 31 50 24 7e da | ikev2 g^x 46 17 ca 99 af 74 b2 3f 39 57 1e 86 8c b0 e6 83 | ikev2 g^x 22 dc 3a 59 dc 63 78 1b fd 05 74 87 d9 3b 77 39 | ikev2 g^x 77 71 1f b4 5c f8 52 2a 99 cc a6 bb 1b 6f 32 54 | ikev2 g^x ac 55 a8 7a c8 f9 87 70 0b 4a e4 80 3f dd 2a 8f | ikev2 g^x fd fd 92 e2 7a e6 16 60 3b ba 22 ba 13 d3 2e 14 | ikev2 g^x 6b 35 ce 90 5e 77 1d d8 a5 47 ea 87 5f fb 80 f4 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 19 54 a8 29 bd ca 2a 0e db 5e 5e 3e cd b8 b3 cb | IKEv2 nonce cf 49 5e 6c 04 bf 09 00 41 49 39 40 09 44 58 db | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864dbf00 (length 8) | 8f b8 e0 55 77 b6 fa 77 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864dbf08 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff864dbe34 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff864dbe26 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864dbeb0 (length 20) | 0e d4 2b 9e bc 40 ea 1d dc 27 df 40 a7 bc 01 b2 | 37 18 d4 99 | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= 8f b8 e0 55 77 b6 fa 77 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 0e d4 2b 9e bc 40 ea 1d dc 27 df 40 a7 bc 01 b2 | natd_hash: hash= 37 18 d4 99 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 0e d4 2b 9e bc 40 ea 1d dc 27 df 40 a7 bc 01 b2 | Notify data 37 18 d4 99 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864dbf00 (length 8) | 8f b8 e0 55 77 b6 fa 77 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864dbf08 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff864dbe34 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff864dbe26 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864dbeb0 (length 20) | fe 37 2d b6 5f 19 70 d2 b2 72 a1 83 ce fd 41 91 | 61 7d af 95 | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= 8f b8 e0 55 77 b6 fa 77 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= fe 37 2d b6 5f 19 70 d2 b2 72 a1 83 ce fd 41 91 | natd_hash: hash= 61 7d af 95 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data fe 37 2d b6 5f 19 70 d2 b2 72 a1 83 ce fd 41 91 | Notify data 61 7d af 95 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #15 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #15 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #15 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #15: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #15 to 4294967295 after switching state | Message ID: IKE #15 skipping update_recv as MD is fake | Message ID: sent #15 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #15: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #15) | 8f b8 e0 55 77 b6 fa 77 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 00 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 56 0f 4a 49 b6 d8 ef 5e 9a 20 49 08 | dd 4f f6 f4 4c c1 98 0c 10 59 a0 6d 0a 3f 22 e6 | fd eb e3 cc dd e7 45 14 1e d1 a2 5a bb b5 9f b3 | 53 c4 d2 50 f8 ca 28 88 0d c1 6f ce 83 8c cc 10 | c8 0e 29 2e 7d 8f 78 58 73 eb e5 19 3e 2f 28 fd | e8 ca 3a 57 2b 23 2e 44 9f b8 3c 2d c1 90 58 12 | 61 c6 a3 a1 90 10 12 de 30 5a f3 38 d1 cc c6 f7 | aa bd 37 df 5b 83 df b1 41 88 0a 3c f2 ef 23 6b | ea 57 ca 38 6b fd 28 64 df ba 18 24 54 83 d4 9f | 67 56 79 c1 36 20 8f 64 4b 17 43 44 bd 61 e6 31 | 50 24 7e da 46 17 ca 99 af 74 b2 3f 39 57 1e 86 | 8c b0 e6 83 22 dc 3a 59 dc 63 78 1b fd 05 74 87 | d9 3b 77 39 77 71 1f b4 5c f8 52 2a 99 cc a6 bb | 1b 6f 32 54 ac 55 a8 7a c8 f9 87 70 0b 4a e4 80 | 3f dd 2a 8f fd fd 92 e2 7a e6 16 60 3b ba 22 ba | 13 d3 2e 14 6b 35 ce 90 5e 77 1d d8 a5 47 ea 87 | 5f fb 80 f4 29 00 00 24 19 54 a8 29 bd ca 2a 0e | db 5e 5e 3e cd b8 b3 cb cf 49 5e 6c 04 bf 09 00 | 41 49 39 40 09 44 58 db 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 0e d4 2b 9e bc 40 ea 1d | dc 27 df 40 a7 bc 01 b2 37 18 d4 99 00 00 00 1c | 00 00 40 05 fe 37 2d b6 5f 19 70 d2 b2 72 a1 83 | ce fd 41 91 61 7d af 95 | state #15 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f5ccc006760 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564021e1fac0 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x564021e1fac0 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #15 | libevent_malloc: new ptr-libevent@0x7f5ccc006760 size 128 | #15 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48957.793683 | resume sending helper answer for #15 suppresed complete_v2_state_transition() and stole MD | #15 spent 0.55 milliseconds in resume sending helper answer | stop processing: state #15 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5cd0008b30 | spent 0.00209 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 8f b8 e0 55 77 b6 fa 77 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 07 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 8f b8 e0 55 77 b6 fa 77 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #15 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #15 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #15 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #15 is idle | #15 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_INVALID_SYNTAX (0x7) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #15 IKE SPIi and SPI[ir] | #15 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "aes128" #15: STATE_PARENT_I1: received unauthenticated v2N_INVALID_SYNTAX - ignored | #15 spent 0.00676 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #15 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #15 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #15 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #15 spent 0.129 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.143 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x564021e1fac0 | handling event EVENT_RETRANSMIT for parent state #15 | start processing: state #15 connection "aes128" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) | IKEv2 retransmit event | [RE]START processing: state #15 connection "aes128" from 192.1.2.23:500 (in retransmit_v2_msg() at retry.c:144) | handling event EVENT_RETRANSMIT for 192.1.2.23 "aes128" #15 attempt 2 of 0 | and parent for 192.1.2.23 "aes128" #15 keying attempt 1 of 0; retransmit 1 "aes128" #15: IMPAIR: retransmit so deleting SA | maximum number of keyingtries reached - deleting state | [RE]START processing: state #15 connection "aes128" from 192.1.2.23:500 (in retransmit_v2_msg() at retry.c:234) | pstats #15 ikev2.ike failed too-many-retransmits | pstats #15 ikev2.ike deleted too-many-retransmits | #15 spent 1.86 milliseconds in total | [RE]START processing: state #15 connection "aes128" from 192.1.2.23:500 (in delete_state() at state.c:879) "aes128" #15: deleting state (STATE_PARENT_I1) aged 0.503s and NOT sending notification | parent state #15: PARENT_I1(half-open IKE SA) => delete | in connection_discard for connection aes128 | close_any(fd@25) (in delete_pending() at pending.c:244) | removing pending policy for "aes128" {0x7f5cc8002d20} | State DB: IKEv2 state not found (flush_incomplete_children) | picked newest_isakmp_sa #0 for #15 "aes128" #15: deleting IKE SA for connection 'aes128' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS | add revival: connection 'aes128' added to the list and scheduled for 0 seconds | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #15 in PARENT_I1 | parent state #15: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | close_any(fd@24) (in release_whack() at state.c:654) | DH secret MODP2048@0x7f5cd0002a80: destroyed | stop processing: state #15 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | libevent_free: release ptr-libevent@0x7f5ccc006760 | free_event_entry: release EVENT_RETRANSMIT-pe@0x564021e1fac0 | in statetime_stop() and could not find #15 | processing: STOP state #0 (in timer_event_cb() at timer.c:557) | processing global timer EVENT_REVIVE_CONNS Initiating connection aes128 which received a Delete/Notify but must remain up per local policy | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #16 at 0x564021e16060 | State DB: adding IKEv2 state #16 in UNDEFINED | pstats #16 ikev2.ike started | Message ID: init #16: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #16: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #16; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #16 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #16 "aes128" "aes128" #16: initiating v2 parent SA | using existing local IKE proposals for connection aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 16 for state #16 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564021e1fac0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #16 | libevent_malloc: new ptr-libevent@0x7f5cd0008b30 size 128 | #16 spent 0.0871 milliseconds in ikev2_parent_outI1() | crypto helper 3 resuming | crypto helper 3 starting work-order 16 for state #16 | RESET processing: state #16 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 3 doing build KE and nonce (ikev2_outI1 KE); request ID 16 | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | spent 0.122 milliseconds in global timer EVENT_REVIVE_CONNS | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | NSS: re-generating dh keys (pubkey 255 did not match 256) | DH secret MODP2048@0x7f5cc8001f40: created | NSS: Local DH MODP2048 secret (pointer): 0x7f5cc8001f40 | NSS: Public DH wire value: | 03 e2 eb fa 70 a7 86 21 02 15 5f ae 73 25 ee 5a | 8f 71 3e e1 f7 47 a1 b3 52 c1 df ca 35 6c c4 c2 | 20 e5 cf 4c 85 07 53 a1 e4 db 14 68 f9 f7 bc 79 | 7a bf e1 3c f4 53 b3 62 ff 92 70 90 74 dc d4 3f | 9b aa c5 b6 29 cf d8 2c 50 c2 4e fc fa 22 f2 ce | 96 c4 91 b2 5a 9b 25 db 0a 8c da 40 5b ba ba dd | 84 9b 81 cc 43 d7 5f ba 21 75 ab 6e 8a 70 b2 ce | 2a 98 8a 6d 09 93 ef 6e 95 af 27 d7 01 02 6e 86 | 07 fd 1c b0 20 1f de 01 a2 aa 19 9e 65 0f 05 db | de 1d cd 89 b6 ec 46 38 5c 09 51 15 6f 11 7b 85 | 4a 9b 27 ff da f3 35 27 78 25 7a 67 10 2a 80 ba | bd 6b d2 19 d1 62 cb ca 3a 0d e0 10 6e be e5 09 | 90 31 7f c9 56 3a a7 b9 b1 46 1d ca cc 89 12 5a | 5a b1 24 2c 01 b2 95 92 8b 3c 16 bc 66 e1 3d d9 | ff 2e 30 d3 71 86 15 86 75 af 1a 68 17 f8 b1 20 | 6b 2c 00 c8 f6 60 f1 0a 7e a4 4c 26 92 ac f8 d1 | Generated nonce: dd e0 e1 96 58 ee 0b e4 bd c7 2b 3a cb 7f d8 6e | Generated nonce: fb 1b ee 7e b1 15 4c e1 49 52 d9 90 b6 e5 a4 76 | crypto helper 3 finished build KE and nonce (ikev2_outI1 KE); request ID 16 time elapsed 0.001186 seconds | (#16) spent 1.17 milliseconds in crypto helper computing work-order 16: ikev2_outI1 KE (pcr) | crypto helper 3 sending results from work-order 16 for state #16 to event queue | scheduling resume sending helper answer for #16 | libevent_malloc: new ptr-libevent@0x7f5cc800f290 size 128 | crypto helper 3 waiting (nothing to do) | processing resume sending helper answer for #16 | start processing: state #16 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 16 | calling continuation function 0x564020443630 | ikev2_parent_outI1_continue for #16 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f5cc8001f40: transferring ownership from helper KE to state #16 | **emit ISAKMP Message: | initiator cookie: | cb 78 6f 84 f9 0f 2e af | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #16: IMPAIR: emitting variable-size key-length attribute with no key | ******emit IKEv2 Attribute Substructure Payload: | af+type: 14?? (0xe) | length/value: 0 (0x0) "aes128" #16: IMPAIR: emitting af+type of IKEv2 Attribute Substructure Payload has an unknown value: 0x0+14 (0xe) | emitting length of IKEv2 Attribute Substructure Payload: 0 | emitting 0 raw bytes of attribute value into IKEv2 Transform Substructure Payload | attribute value | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 03 e2 eb fa 70 a7 86 21 02 15 5f ae 73 25 ee 5a | ikev2 g^x 8f 71 3e e1 f7 47 a1 b3 52 c1 df ca 35 6c c4 c2 | ikev2 g^x 20 e5 cf 4c 85 07 53 a1 e4 db 14 68 f9 f7 bc 79 | ikev2 g^x 7a bf e1 3c f4 53 b3 62 ff 92 70 90 74 dc d4 3f | ikev2 g^x 9b aa c5 b6 29 cf d8 2c 50 c2 4e fc fa 22 f2 ce | ikev2 g^x 96 c4 91 b2 5a 9b 25 db 0a 8c da 40 5b ba ba dd | ikev2 g^x 84 9b 81 cc 43 d7 5f ba 21 75 ab 6e 8a 70 b2 ce | ikev2 g^x 2a 98 8a 6d 09 93 ef 6e 95 af 27 d7 01 02 6e 86 | ikev2 g^x 07 fd 1c b0 20 1f de 01 a2 aa 19 9e 65 0f 05 db | ikev2 g^x de 1d cd 89 b6 ec 46 38 5c 09 51 15 6f 11 7b 85 | ikev2 g^x 4a 9b 27 ff da f3 35 27 78 25 7a 67 10 2a 80 ba | ikev2 g^x bd 6b d2 19 d1 62 cb ca 3a 0d e0 10 6e be e5 09 | ikev2 g^x 90 31 7f c9 56 3a a7 b9 b1 46 1d ca cc 89 12 5a | ikev2 g^x 5a b1 24 2c 01 b2 95 92 8b 3c 16 bc 66 e1 3d d9 | ikev2 g^x ff 2e 30 d3 71 86 15 86 75 af 1a 68 17 f8 b1 20 | ikev2 g^x 6b 2c 00 c8 f6 60 f1 0a 7e a4 4c 26 92 ac f8 d1 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce dd e0 e1 96 58 ee 0b e4 bd c7 2b 3a cb 7f d8 6e | IKEv2 nonce fb 1b ee 7e b1 15 4c e1 49 52 d9 90 b6 e5 a4 76 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864dbf00 (length 8) | cb 78 6f 84 f9 0f 2e af | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864dbf08 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff864dbe34 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff864dbe26 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864dbeb0 (length 20) | 25 e2 6b 54 fa 4c e4 09 b1 55 fb d3 74 64 85 f1 | b3 6d 1a 6f | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= cb 78 6f 84 f9 0f 2e af | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 25 e2 6b 54 fa 4c e4 09 b1 55 fb d3 74 64 85 f1 | natd_hash: hash= b3 6d 1a 6f | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 25 e2 6b 54 fa 4c e4 09 b1 55 fb d3 74 64 85 f1 | Notify data b3 6d 1a 6f | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864dbf00 (length 8) | cb 78 6f 84 f9 0f 2e af | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864dbf08 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff864dbe34 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff864dbe26 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864dbeb0 (length 20) | e0 cc 04 61 17 07 f3 ec b5 09 a7 45 96 5d 99 a5 | 9d eb 13 4c | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= cb 78 6f 84 f9 0f 2e af | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= e0 cc 04 61 17 07 f3 ec b5 09 a7 45 96 5d 99 a5 | natd_hash: hash= 9d eb 13 4c | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data e0 cc 04 61 17 07 f3 ec b5 09 a7 45 96 5d 99 a5 | Notify data 9d eb 13 4c | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #16 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #16 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #16 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #16: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #16 to 4294967295 after switching state | Message ID: IKE #16 skipping update_recv as MD is fake | Message ID: sent #16 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #16: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #16) | cb 78 6f 84 f9 0f 2e af 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 00 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 03 e2 eb fa 70 a7 86 21 02 15 5f ae | 73 25 ee 5a 8f 71 3e e1 f7 47 a1 b3 52 c1 df ca | 35 6c c4 c2 20 e5 cf 4c 85 07 53 a1 e4 db 14 68 | f9 f7 bc 79 7a bf e1 3c f4 53 b3 62 ff 92 70 90 | 74 dc d4 3f 9b aa c5 b6 29 cf d8 2c 50 c2 4e fc | fa 22 f2 ce 96 c4 91 b2 5a 9b 25 db 0a 8c da 40 | 5b ba ba dd 84 9b 81 cc 43 d7 5f ba 21 75 ab 6e | 8a 70 b2 ce 2a 98 8a 6d 09 93 ef 6e 95 af 27 d7 | 01 02 6e 86 07 fd 1c b0 20 1f de 01 a2 aa 19 9e | 65 0f 05 db de 1d cd 89 b6 ec 46 38 5c 09 51 15 | 6f 11 7b 85 4a 9b 27 ff da f3 35 27 78 25 7a 67 | 10 2a 80 ba bd 6b d2 19 d1 62 cb ca 3a 0d e0 10 | 6e be e5 09 90 31 7f c9 56 3a a7 b9 b1 46 1d ca | cc 89 12 5a 5a b1 24 2c 01 b2 95 92 8b 3c 16 bc | 66 e1 3d d9 ff 2e 30 d3 71 86 15 86 75 af 1a 68 | 17 f8 b1 20 6b 2c 00 c8 f6 60 f1 0a 7e a4 4c 26 | 92 ac f8 d1 29 00 00 24 dd e0 e1 96 58 ee 0b e4 | bd c7 2b 3a cb 7f d8 6e fb 1b ee 7e b1 15 4c e1 | 49 52 d9 90 b6 e5 a4 76 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 25 e2 6b 54 fa 4c e4 09 | b1 55 fb d3 74 64 85 f1 b3 6d 1a 6f 00 00 00 1c | 00 00 40 05 e0 cc 04 61 17 07 f3 ec b5 09 a7 45 | 96 5d 99 a5 9d eb 13 4c | state #16 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f5cd0008b30 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564021e1fac0 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x564021e1fac0 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #16 | libevent_malloc: new ptr-libevent@0x7f5cd0008b30 size 128 | #16 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48958.297166 | resume sending helper answer for #16 suppresed complete_v2_state_transition() and stole MD | #16 spent 0.574 milliseconds in resume sending helper answer | stop processing: state #16 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5cc800f290 | spent 0.00234 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | cb 78 6f 84 f9 0f 2e af 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 07 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | cb 78 6f 84 f9 0f 2e af | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #16 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #16 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #16 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #16 is idle | #16 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_INVALID_SYNTAX (0x7) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #16 IKE SPIi and SPI[ir] | #16 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "aes128" #16: STATE_PARENT_I1: received unauthenticated v2N_INVALID_SYNTAX - ignored | #16 spent 0.00403 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #16 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #16 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #16 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #16 spent 0.113 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.124 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0407 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | removing pending policy for no connection {0x7f5cc8002d20} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #16 | suspend processing: connection "aes128" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #16 connection "aes128" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #16 ikev2.ike deleted other | #16 spent 1.94 milliseconds in total | [RE]START processing: state #16 connection "aes128" from 192.1.2.23:500 (in delete_state() at state.c:879) "aes128" #16: deleting state (STATE_PARENT_I1) aged 0.021s and NOT sending notification | parent state #16: PARENT_I1(half-open IKE SA) => delete | state #16 requesting EVENT_RETRANSMIT to be deleted | #16 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x7f5cd0008b30 | free_event_entry: release EVENT_RETRANSMIT-pe@0x564021e1fac0 | State DB: IKEv2 state not found (flush_incomplete_children) | stop processing: connection "aes128" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #16 in PARENT_I1 | parent state #16: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f5cc8001f40: destroyed | stop processing: state #16 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x564021de15d0 | flush revival: connection 'aes128' wasn't on the list | stop processing: connection "aes128" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.154 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | emitting: disabled | ike-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0494 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + delete-on-retransmit | base impairing = delete-on-retransmit | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0522 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | emitting | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0486 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | ike-key-length-attribute:EMPTY | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0837 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection aes128 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x564021e17b30 added connection description "aes128" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.147 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #17 at 0x564021e16060 | State DB: adding IKEv2 state #17 in UNDEFINED | pstats #17 ikev2.ike started | Message ID: init #17: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #17: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #17; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #17 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #17 "aes128" "aes128" #17: initiating v2 parent SA | constructing local IKE proposals for aes128 (IKE SA initiator selecting KE) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "aes128": constructed local IKE proposals for aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 17 for state #17 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564021e1fac0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #17 | libevent_malloc: new ptr-libevent@0x7f5cc800f290 size 128 | crypto helper 4 resuming | crypto helper 4 starting work-order 17 for state #17 | crypto helper 4 doing build KE and nonce (ikev2_outI1 KE); request ID 17 | #17 spent 0.126 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | NSS: Value of Prime: | RESET processing: state #17 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.251 milliseconds in whack | DH secret MODP2048@0x7f5ccc0010c0: created | NSS: Local DH MODP2048 secret (pointer): 0x7f5ccc0010c0 | NSS: Public DH wire value: | c0 12 cf 89 3a ec 22 d3 de 58 72 b3 0c a1 c9 c3 | 90 99 b0 12 17 8d 71 42 ff 71 43 d6 6f bf 31 15 | 51 bf ee a3 f1 99 7e e6 60 46 02 59 ec c0 4a 5e | 9a b1 6c 8e 6d 59 2c 49 b4 b3 1f 20 6b 68 20 b2 | 5e 2e 04 7f d6 ea 8b 0c 4d 5d 0f 47 bf b3 5b 8f | f5 0a e4 02 fe 69 6d 2c 23 b6 36 70 3d 8f 5c 4d | 4a 33 ff 7e 32 ca e7 ad 4d aa 25 69 67 e2 e9 4d | 5e e8 d0 6d da 15 a8 15 4a 01 aa 6c da 24 5d 63 | fe 38 d4 a3 44 28 72 a8 1c 73 f0 a5 5e af db a6 | 81 6e b2 16 4f 08 4a 50 76 2b cf db c9 35 83 f1 | 70 69 37 67 88 c7 8b 31 91 c3 f3 7d e9 33 9a 73 | 1e 79 ba 20 be 98 33 b7 4a 8b 02 ff 05 03 72 0d | ef 40 b2 3c c1 f6 bb 64 61 93 30 70 92 22 71 eb | e8 4d 30 3d 71 3f 5c 8c 47 f9 bb b5 59 22 38 4c | eb 8f 69 ab 00 eb d0 0d 40 a5 4c 05 af 72 10 f8 | f1 87 af 4b cc d5 8d a9 ff 66 30 ec ba 9b ca bc | Generated nonce: af 2c 31 db 93 db ed b0 ac f9 70 ad 8a 58 70 ed | Generated nonce: 98 f9 09 d1 50 a1 68 e1 3e 73 7a 28 40 96 99 95 | crypto helper 4 finished build KE and nonce (ikev2_outI1 KE); request ID 17 time elapsed 0.001132 seconds | (#17) spent 1.13 milliseconds in crypto helper computing work-order 17: ikev2_outI1 KE (pcr) | crypto helper 4 sending results from work-order 17 for state #17 to event queue | scheduling resume sending helper answer for #17 | libevent_malloc: new ptr-libevent@0x7f5ccc0089d0 size 128 | crypto helper 4 waiting (nothing to do) | processing resume sending helper answer for #17 | start processing: state #17 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 4 replies to request ID 17 | calling continuation function 0x564020443630 | ikev2_parent_outI1_continue for #17 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f5ccc0010c0: transferring ownership from helper KE to state #17 | **emit ISAKMP Message: | initiator cookie: | e4 28 0a 78 88 3f a0 b2 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #17: IMPAIR: emitting variable-size key-length attribute with no key | ******emit IKEv2 Attribute Substructure Payload: | af+type: 14?? (0xe) | length/value: 0 (0x0) "aes128" #17: IMPAIR: emitting af+type of IKEv2 Attribute Substructure Payload has an unknown value: 0x0+14 (0xe) | emitting length of IKEv2 Attribute Substructure Payload: 0 | emitting 0 raw bytes of attribute value into IKEv2 Transform Substructure Payload | attribute value | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x c0 12 cf 89 3a ec 22 d3 de 58 72 b3 0c a1 c9 c3 | ikev2 g^x 90 99 b0 12 17 8d 71 42 ff 71 43 d6 6f bf 31 15 | ikev2 g^x 51 bf ee a3 f1 99 7e e6 60 46 02 59 ec c0 4a 5e | ikev2 g^x 9a b1 6c 8e 6d 59 2c 49 b4 b3 1f 20 6b 68 20 b2 | ikev2 g^x 5e 2e 04 7f d6 ea 8b 0c 4d 5d 0f 47 bf b3 5b 8f | ikev2 g^x f5 0a e4 02 fe 69 6d 2c 23 b6 36 70 3d 8f 5c 4d | ikev2 g^x 4a 33 ff 7e 32 ca e7 ad 4d aa 25 69 67 e2 e9 4d | ikev2 g^x 5e e8 d0 6d da 15 a8 15 4a 01 aa 6c da 24 5d 63 | ikev2 g^x fe 38 d4 a3 44 28 72 a8 1c 73 f0 a5 5e af db a6 | ikev2 g^x 81 6e b2 16 4f 08 4a 50 76 2b cf db c9 35 83 f1 | ikev2 g^x 70 69 37 67 88 c7 8b 31 91 c3 f3 7d e9 33 9a 73 | ikev2 g^x 1e 79 ba 20 be 98 33 b7 4a 8b 02 ff 05 03 72 0d | ikev2 g^x ef 40 b2 3c c1 f6 bb 64 61 93 30 70 92 22 71 eb | ikev2 g^x e8 4d 30 3d 71 3f 5c 8c 47 f9 bb b5 59 22 38 4c | ikev2 g^x eb 8f 69 ab 00 eb d0 0d 40 a5 4c 05 af 72 10 f8 | ikev2 g^x f1 87 af 4b cc d5 8d a9 ff 66 30 ec ba 9b ca bc | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce af 2c 31 db 93 db ed b0 ac f9 70 ad 8a 58 70 ed | IKEv2 nonce 98 f9 09 d1 50 a1 68 e1 3e 73 7a 28 40 96 99 95 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864dbf00 (length 8) | e4 28 0a 78 88 3f a0 b2 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864dbf08 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff864dbe34 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff864dbe26 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864dbeb0 (length 20) | fc f2 02 84 27 93 70 63 2a 34 89 a2 68 8e 53 a1 | 43 f4 d3 e5 | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= e4 28 0a 78 88 3f a0 b2 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= fc f2 02 84 27 93 70 63 2a 34 89 a2 68 8e 53 a1 | natd_hash: hash= 43 f4 d3 e5 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data fc f2 02 84 27 93 70 63 2a 34 89 a2 68 8e 53 a1 | Notify data 43 f4 d3 e5 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864dbf00 (length 8) | e4 28 0a 78 88 3f a0 b2 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864dbf08 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff864dbe34 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff864dbe26 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864dbeb0 (length 20) | e1 11 32 cd af 36 08 e1 b3 88 e9 31 6c 2d 0f a2 | 2a cf fe 9b | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= e4 28 0a 78 88 3f a0 b2 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= e1 11 32 cd af 36 08 e1 b3 88 e9 31 6c 2d 0f a2 | natd_hash: hash= 2a cf fe 9b | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data e1 11 32 cd af 36 08 e1 b3 88 e9 31 6c 2d 0f a2 | Notify data 2a cf fe 9b | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #17 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #17 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #17 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #17: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #17 to 4294967295 after switching state | Message ID: IKE #17 skipping update_recv as MD is fake | Message ID: sent #17 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #17: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #17) | e4 28 0a 78 88 3f a0 b2 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 00 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 c0 12 cf 89 3a ec 22 d3 de 58 72 b3 | 0c a1 c9 c3 90 99 b0 12 17 8d 71 42 ff 71 43 d6 | 6f bf 31 15 51 bf ee a3 f1 99 7e e6 60 46 02 59 | ec c0 4a 5e 9a b1 6c 8e 6d 59 2c 49 b4 b3 1f 20 | 6b 68 20 b2 5e 2e 04 7f d6 ea 8b 0c 4d 5d 0f 47 | bf b3 5b 8f f5 0a e4 02 fe 69 6d 2c 23 b6 36 70 | 3d 8f 5c 4d 4a 33 ff 7e 32 ca e7 ad 4d aa 25 69 | 67 e2 e9 4d 5e e8 d0 6d da 15 a8 15 4a 01 aa 6c | da 24 5d 63 fe 38 d4 a3 44 28 72 a8 1c 73 f0 a5 | 5e af db a6 81 6e b2 16 4f 08 4a 50 76 2b cf db | c9 35 83 f1 70 69 37 67 88 c7 8b 31 91 c3 f3 7d | e9 33 9a 73 1e 79 ba 20 be 98 33 b7 4a 8b 02 ff | 05 03 72 0d ef 40 b2 3c c1 f6 bb 64 61 93 30 70 | 92 22 71 eb e8 4d 30 3d 71 3f 5c 8c 47 f9 bb b5 | 59 22 38 4c eb 8f 69 ab 00 eb d0 0d 40 a5 4c 05 | af 72 10 f8 f1 87 af 4b cc d5 8d a9 ff 66 30 ec | ba 9b ca bc 29 00 00 24 af 2c 31 db 93 db ed b0 | ac f9 70 ad 8a 58 70 ed 98 f9 09 d1 50 a1 68 e1 | 3e 73 7a 28 40 96 99 95 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 fc f2 02 84 27 93 70 63 | 2a 34 89 a2 68 8e 53 a1 43 f4 d3 e5 00 00 00 1c | 00 00 40 05 e1 11 32 cd af 36 08 e1 b3 88 e9 31 | 6c 2d 0f a2 2a cf fe 9b | state #17 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f5cc800f290 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564021e1fac0 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x564021e1fac0 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #17 | libevent_malloc: new ptr-libevent@0x7f5cc800f290 size 128 | #17 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48958.766219 | resume sending helper answer for #17 suppresed complete_v2_state_transition() and stole MD | #17 spent 0.55 milliseconds in resume sending helper answer | stop processing: state #17 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5ccc0089d0 | spent 0.00247 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | e4 28 0a 78 88 3f a0 b2 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 07 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | e4 28 0a 78 88 3f a0 b2 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #17 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #17 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #17 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #17 is idle | #17 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_INVALID_SYNTAX (0x7) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #17 IKE SPIi and SPI[ir] | #17 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "aes128" #17: STATE_PARENT_I1: received unauthenticated v2N_INVALID_SYNTAX - ignored | #17 spent 0.00981 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #17 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #17 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #17 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #17 spent 0.119 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.132 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x564021e1fac0 | handling event EVENT_RETRANSMIT for parent state #17 | start processing: state #17 connection "aes128" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) | IKEv2 retransmit event | [RE]START processing: state #17 connection "aes128" from 192.1.2.23:500 (in retransmit_v2_msg() at retry.c:144) | handling event EVENT_RETRANSMIT for 192.1.2.23 "aes128" #17 attempt 2 of 0 | and parent for 192.1.2.23 "aes128" #17 keying attempt 1 of 0; retransmit 1 "aes128" #17: IMPAIR: retransmit so deleting SA | maximum number of keyingtries reached - deleting state | [RE]START processing: state #17 connection "aes128" from 192.1.2.23:500 (in retransmit_v2_msg() at retry.c:234) | pstats #17 ikev2.ike failed too-many-retransmits | pstats #17 ikev2.ike deleted too-many-retransmits | #17 spent 1.92 milliseconds in total | [RE]START processing: state #17 connection "aes128" from 192.1.2.23:500 (in delete_state() at state.c:879) "aes128" #17: deleting state (STATE_PARENT_I1) aged 0.501s and NOT sending notification | parent state #17: PARENT_I1(half-open IKE SA) => delete | in connection_discard for connection aes128 | close_any(fd@25) (in delete_pending() at pending.c:244) | removing pending policy for "aes128" {0x7f5cc8002d20} | State DB: IKEv2 state not found (flush_incomplete_children) | picked newest_isakmp_sa #0 for #17 "aes128" #17: deleting IKE SA for connection 'aes128' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS | add revival: connection 'aes128' added to the list and scheduled for 0 seconds | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #17 in PARENT_I1 | parent state #17: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | close_any(fd@24) (in release_whack() at state.c:654) | DH secret MODP2048@0x7f5ccc0010c0: destroyed | stop processing: state #17 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | libevent_free: release ptr-libevent@0x7f5cc800f290 | free_event_entry: release EVENT_RETRANSMIT-pe@0x564021e1fac0 | in statetime_stop() and could not find #17 | processing: STOP state #0 (in timer_event_cb() at timer.c:557) | processing global timer EVENT_REVIVE_CONNS Initiating connection aes128 which received a Delete/Notify but must remain up per local policy | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #18 at 0x564021e16060 | State DB: adding IKEv2 state #18 in UNDEFINED | pstats #18 ikev2.ike started | Message ID: init #18: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #18: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #18; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #18 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #18 "aes128" "aes128" #18: initiating v2 parent SA | using existing local IKE proposals for connection aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 18 for state #18 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564021e1fac0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #18 | libevent_malloc: new ptr-libevent@0x7f5ccc0089d0 size 128 | #18 spent 0.086 milliseconds in ikev2_parent_outI1() | crypto helper 5 resuming | crypto helper 5 starting work-order 18 for state #18 | RESET processing: state #18 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | spent 0.123 milliseconds in global timer EVENT_REVIVE_CONNS | crypto helper 5 doing build KE and nonce (ikev2_outI1 KE); request ID 18 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f5cc0002a80: created | NSS: Local DH MODP2048 secret (pointer): 0x7f5cc0002a80 | NSS: Public DH wire value: | 50 45 56 e9 cf 2d 77 9b bf c9 36 13 63 92 48 98 | e3 69 11 e2 c2 fe f6 bb cb 73 74 d7 4a c8 2e 07 | d7 98 eb 18 9b e4 ed 10 ce dd 60 b6 f8 60 3d 3a | fc 03 8d 09 67 c3 7c 80 d3 dd 57 26 80 6d 0a a1 | 25 20 eb d7 03 4f 9b c7 d4 2f 59 79 4f 53 0d 18 | bb a0 25 a1 5d f7 de cf ca 29 b9 94 aa b8 f4 ff | 6e d5 ce 75 a8 0c 5b 0e 07 e3 56 90 68 83 26 70 | 6b f3 d5 39 18 b4 da 45 ed 3a 4b 93 9d 6c ae 30 | 0a 0f a5 a8 74 96 1d dd da 45 cd 86 10 86 a1 78 | e7 db fc dc 12 49 b2 0b fe 71 76 6f 26 54 5b a9 | c1 cb f3 03 7b e9 b6 f5 18 86 67 83 8c 88 49 4c | a0 d0 2d c7 ee 4d b9 97 f5 49 9a c1 8a c8 ae ee | 53 3f b9 bd c3 e2 f0 c6 d5 62 2f 82 08 ad 59 f5 | 52 06 72 9c 07 c7 23 f8 ed 5f 55 f4 d2 62 3f ca | 3b 97 4f 04 2b 42 ab d0 96 56 00 95 b2 96 4a 0d | 29 36 9c aa 11 da 61 c4 eb a4 8e 8e 34 8c 06 f3 | Generated nonce: 56 45 63 de c1 05 1f f7 02 bc c6 1f a1 1a 21 77 | Generated nonce: 19 b2 bf 57 64 ff 22 04 5e 93 44 63 84 a8 66 26 | crypto helper 5 finished build KE and nonce (ikev2_outI1 KE); request ID 18 time elapsed 0.0012 seconds | (#18) spent 1.03 milliseconds in crypto helper computing work-order 18: ikev2_outI1 KE (pcr) | crypto helper 5 sending results from work-order 18 for state #18 to event queue | scheduling resume sending helper answer for #18 | libevent_malloc: new ptr-libevent@0x7f5cc00016a0 size 128 | crypto helper 5 waiting (nothing to do) | processing resume sending helper answer for #18 | start processing: state #18 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 5 replies to request ID 18 | calling continuation function 0x564020443630 | ikev2_parent_outI1_continue for #18 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f5cc0002a80: transferring ownership from helper KE to state #18 | **emit ISAKMP Message: | initiator cookie: | ca ef f6 ba 4f 39 78 4c | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #18: IMPAIR: emitting variable-size key-length attribute with no key | ******emit IKEv2 Attribute Substructure Payload: | af+type: 14?? (0xe) | length/value: 0 (0x0) "aes128" #18: IMPAIR: emitting af+type of IKEv2 Attribute Substructure Payload has an unknown value: 0x0+14 (0xe) | emitting length of IKEv2 Attribute Substructure Payload: 0 | emitting 0 raw bytes of attribute value into IKEv2 Transform Substructure Payload | attribute value | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 50 45 56 e9 cf 2d 77 9b bf c9 36 13 63 92 48 98 | ikev2 g^x e3 69 11 e2 c2 fe f6 bb cb 73 74 d7 4a c8 2e 07 | ikev2 g^x d7 98 eb 18 9b e4 ed 10 ce dd 60 b6 f8 60 3d 3a | ikev2 g^x fc 03 8d 09 67 c3 7c 80 d3 dd 57 26 80 6d 0a a1 | ikev2 g^x 25 20 eb d7 03 4f 9b c7 d4 2f 59 79 4f 53 0d 18 | ikev2 g^x bb a0 25 a1 5d f7 de cf ca 29 b9 94 aa b8 f4 ff | ikev2 g^x 6e d5 ce 75 a8 0c 5b 0e 07 e3 56 90 68 83 26 70 | ikev2 g^x 6b f3 d5 39 18 b4 da 45 ed 3a 4b 93 9d 6c ae 30 | ikev2 g^x 0a 0f a5 a8 74 96 1d dd da 45 cd 86 10 86 a1 78 | ikev2 g^x e7 db fc dc 12 49 b2 0b fe 71 76 6f 26 54 5b a9 | ikev2 g^x c1 cb f3 03 7b e9 b6 f5 18 86 67 83 8c 88 49 4c | ikev2 g^x a0 d0 2d c7 ee 4d b9 97 f5 49 9a c1 8a c8 ae ee | ikev2 g^x 53 3f b9 bd c3 e2 f0 c6 d5 62 2f 82 08 ad 59 f5 | ikev2 g^x 52 06 72 9c 07 c7 23 f8 ed 5f 55 f4 d2 62 3f ca | ikev2 g^x 3b 97 4f 04 2b 42 ab d0 96 56 00 95 b2 96 4a 0d | ikev2 g^x 29 36 9c aa 11 da 61 c4 eb a4 8e 8e 34 8c 06 f3 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 56 45 63 de c1 05 1f f7 02 bc c6 1f a1 1a 21 77 | IKEv2 nonce 19 b2 bf 57 64 ff 22 04 5e 93 44 63 84 a8 66 26 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864dbf00 (length 8) | ca ef f6 ba 4f 39 78 4c | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864dbf08 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff864dbe34 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff864dbe26 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864dbeb0 (length 20) | a5 fb f5 71 6f a5 3d a0 dc a6 7f 15 97 fe 2c ec | 74 89 a3 81 | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= ca ef f6 ba 4f 39 78 4c | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= a5 fb f5 71 6f a5 3d a0 dc a6 7f 15 97 fe 2c ec | natd_hash: hash= 74 89 a3 81 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data a5 fb f5 71 6f a5 3d a0 dc a6 7f 15 97 fe 2c ec | Notify data 74 89 a3 81 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864dbf00 (length 8) | ca ef f6 ba 4f 39 78 4c | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864dbf08 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff864dbe34 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff864dbe26 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864dbeb0 (length 20) | 16 33 e7 2c 25 c0 95 1d 30 8c 95 7b b4 15 d8 bc | 0d 98 09 4f | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= ca ef f6 ba 4f 39 78 4c | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 16 33 e7 2c 25 c0 95 1d 30 8c 95 7b b4 15 d8 bc | natd_hash: hash= 0d 98 09 4f | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 16 33 e7 2c 25 c0 95 1d 30 8c 95 7b b4 15 d8 bc | Notify data 0d 98 09 4f | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #18 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #18 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #18 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #18: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #18 to 4294967295 after switching state | Message ID: IKE #18 skipping update_recv as MD is fake | Message ID: sent #18 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #18: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #18) | ca ef f6 ba 4f 39 78 4c 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 00 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 50 45 56 e9 cf 2d 77 9b bf c9 36 13 | 63 92 48 98 e3 69 11 e2 c2 fe f6 bb cb 73 74 d7 | 4a c8 2e 07 d7 98 eb 18 9b e4 ed 10 ce dd 60 b6 | f8 60 3d 3a fc 03 8d 09 67 c3 7c 80 d3 dd 57 26 | 80 6d 0a a1 25 20 eb d7 03 4f 9b c7 d4 2f 59 79 | 4f 53 0d 18 bb a0 25 a1 5d f7 de cf ca 29 b9 94 | aa b8 f4 ff 6e d5 ce 75 a8 0c 5b 0e 07 e3 56 90 | 68 83 26 70 6b f3 d5 39 18 b4 da 45 ed 3a 4b 93 | 9d 6c ae 30 0a 0f a5 a8 74 96 1d dd da 45 cd 86 | 10 86 a1 78 e7 db fc dc 12 49 b2 0b fe 71 76 6f | 26 54 5b a9 c1 cb f3 03 7b e9 b6 f5 18 86 67 83 | 8c 88 49 4c a0 d0 2d c7 ee 4d b9 97 f5 49 9a c1 | 8a c8 ae ee 53 3f b9 bd c3 e2 f0 c6 d5 62 2f 82 | 08 ad 59 f5 52 06 72 9c 07 c7 23 f8 ed 5f 55 f4 | d2 62 3f ca 3b 97 4f 04 2b 42 ab d0 96 56 00 95 | b2 96 4a 0d 29 36 9c aa 11 da 61 c4 eb a4 8e 8e | 34 8c 06 f3 29 00 00 24 56 45 63 de c1 05 1f f7 | 02 bc c6 1f a1 1a 21 77 19 b2 bf 57 64 ff 22 04 | 5e 93 44 63 84 a8 66 26 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 a5 fb f5 71 6f a5 3d a0 | dc a6 7f 15 97 fe 2c ec 74 89 a3 81 00 00 00 1c | 00 00 40 05 16 33 e7 2c 25 c0 95 1d 30 8c 95 7b | b4 15 d8 bc 0d 98 09 4f | state #18 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f5ccc0089d0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564021e1fac0 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x564021e1fac0 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #18 | libevent_malloc: new ptr-libevent@0x7f5ccc0089d0 size 128 | #18 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48959.26815 | resume sending helper answer for #18 suppresed complete_v2_state_transition() and stole MD | #18 spent 0.537 milliseconds in resume sending helper answer | stop processing: state #18 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5cc00016a0 | spent 0.00203 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | ca ef f6 ba 4f 39 78 4c 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 07 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | ca ef f6 ba 4f 39 78 4c | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #18 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #18 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #18 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #18 is idle | #18 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_INVALID_SYNTAX (0x7) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #18 IKE SPIi and SPI[ir] | #18 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "aes128" #18: STATE_PARENT_I1: received unauthenticated v2N_INVALID_SYNTAX - ignored | #18 spent 0.00397 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #18 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #18 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #18 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #18 spent 0.113 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.125 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0482 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | removing pending policy for no connection {0x7f5cc8002d20} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #18 | suspend processing: connection "aes128" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #18 connection "aes128" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #18 ikev2.ike deleted other | #18 spent 1.76 milliseconds in total | [RE]START processing: state #18 connection "aes128" from 192.1.2.23:500 (in delete_state() at state.c:879) "aes128" #18: deleting state (STATE_PARENT_I1) aged 0.023s and NOT sending notification | parent state #18: PARENT_I1(half-open IKE SA) => delete | state #18 requesting EVENT_RETRANSMIT to be deleted | #18 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x7f5ccc0089d0 | free_event_entry: release EVENT_RETRANSMIT-pe@0x564021e1fac0 | State DB: IKEv2 state not found (flush_incomplete_children) | stop processing: connection "aes128" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #18 in PARENT_I1 | parent state #18: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f5cc0002a80: destroyed | stop processing: state #18 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x564021e17b30 | flush revival: connection 'aes128' wasn't on the list | stop processing: connection "aes128" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.21 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | emitting: disabled | ike-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0627 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + suppress-retransmits | base impairing = suppress-retransmits | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0479 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection 3des with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: 3DES_CBC-HMAC_SHA1-MODP2048 | from whack: got --esp=3des-sha1;modp2048 | ESP/AH string values: 3DES_CBC-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x564021de15d0 added connection description "3des" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.119 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in initiate_a_connection() at initiate.c:186) | connection '3des' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #19 at 0x564021e16060 | State DB: adding IKEv2 state #19 in UNDEFINED | pstats #19 ikev2.ike started | Message ID: init #19: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #19: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #19; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "3des" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #19 connection "3des" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "3des" IKE SA #19 "3des" "3des" #19: initiating v2 parent SA | constructing local IKE proposals for 3des (IKE SA initiator selecting KE) | converting ike_info 3DES_CBC-HMAC_SHA1-MODP2048 to ikev2 ... | omitting IKEv2 PROTO_v2_IKE 3des_cbc ENCRYPT transform key-length | ... ikev2_proposal: 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "3des": constructed local IKE proposals for 3des (IKE SA initiator selecting KE): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 19 for state #19 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f5cc0001560 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #19 | libevent_malloc: new ptr-libevent@0x7f5cc00016a0 size 128 | #19 spent 0.113 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 6 resuming | RESET processing: state #19 connection "3des" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "3des" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | crypto helper 6 starting work-order 19 for state #19 | close_any(fd@23) (in initiate_connection() at initiate.c:372) | crypto helper 6 doing build KE and nonce (ikev2_outI1 KE); request ID 19 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.191 milliseconds in whack | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f5cc4002a80: created | NSS: Local DH MODP2048 secret (pointer): 0x7f5cc4002a80 | NSS: Public DH wire value: | fc a6 33 33 e8 8a e7 83 c7 8d 84 29 25 23 a0 e1 | ee ea 09 e2 73 d5 47 d3 59 9b a0 98 28 8d d2 a1 | b8 5e 31 d2 fa 43 5a 9e 7e 97 6e 21 1f 12 bd ff | 77 04 b5 1e 44 c4 61 93 61 a9 03 2b de 3c 1b fe | 22 54 be 08 8a cc fe 8a ff 22 30 4c c7 ea 6e 8e | 38 41 f7 3f fd 64 63 c8 fd e1 d3 83 54 76 bc a4 | 04 b3 b9 26 f9 75 75 a9 7c cd e4 e0 9c ea 48 e7 | 45 7c a8 71 fd cf 26 2d d6 81 36 0e 7e cc 38 e5 | f4 7c b8 0d 2c fd 9a b6 3c db e8 2b 4b 31 e0 cb | 4a c2 ad 1d 12 c2 b9 32 a4 9c 03 ef 37 64 c9 92 | 2e a6 8b a9 e1 85 71 e5 7f 99 16 05 5f c4 ce 02 | 2b c3 61 d8 8f 6e 06 94 9f 48 9d c1 1f df 09 ab | 22 8c 85 cc 25 78 ec c9 27 cb 23 7c 82 a6 33 2c | fb 3e f1 f3 aa 97 a0 b3 58 0a f2 d0 85 9f 5b 39 | a8 74 40 59 16 be f4 54 cd f9 12 f1 29 6c aa 8a | b7 c2 45 76 9d b8 e3 53 d2 dd 7e b9 dd fb 29 b6 | Generated nonce: 82 a0 03 80 06 37 a7 c5 93 c8 65 21 86 0b 0b d6 | Generated nonce: 1f 11 93 80 f9 76 4e c6 bb 49 37 fc 0f 0b dd 83 | crypto helper 6 finished build KE and nonce (ikev2_outI1 KE); request ID 19 time elapsed 0.001044 seconds | (#19) spent 1.04 milliseconds in crypto helper computing work-order 19: ikev2_outI1 KE (pcr) | crypto helper 6 sending results from work-order 19 for state #19 to event queue | scheduling resume sending helper answer for #19 | libevent_malloc: new ptr-libevent@0x7f5cc40016a0 size 128 | crypto helper 6 waiting (nothing to do) | processing resume sending helper answer for #19 | start processing: state #19 connection "3des" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 6 replies to request ID 19 | calling continuation function 0x564020443630 | ikev2_parent_outI1_continue for #19 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f5cc4002a80: transferring ownership from helper KE to state #19 | **emit ISAKMP Message: | initiator cookie: | 77 b7 16 f5 93 c2 45 01 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection 3des (IKE SA initiator emitting local proposals): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x fc a6 33 33 e8 8a e7 83 c7 8d 84 29 25 23 a0 e1 | ikev2 g^x ee ea 09 e2 73 d5 47 d3 59 9b a0 98 28 8d d2 a1 | ikev2 g^x b8 5e 31 d2 fa 43 5a 9e 7e 97 6e 21 1f 12 bd ff | ikev2 g^x 77 04 b5 1e 44 c4 61 93 61 a9 03 2b de 3c 1b fe | ikev2 g^x 22 54 be 08 8a cc fe 8a ff 22 30 4c c7 ea 6e 8e | ikev2 g^x 38 41 f7 3f fd 64 63 c8 fd e1 d3 83 54 76 bc a4 | ikev2 g^x 04 b3 b9 26 f9 75 75 a9 7c cd e4 e0 9c ea 48 e7 | ikev2 g^x 45 7c a8 71 fd cf 26 2d d6 81 36 0e 7e cc 38 e5 | ikev2 g^x f4 7c b8 0d 2c fd 9a b6 3c db e8 2b 4b 31 e0 cb | ikev2 g^x 4a c2 ad 1d 12 c2 b9 32 a4 9c 03 ef 37 64 c9 92 | ikev2 g^x 2e a6 8b a9 e1 85 71 e5 7f 99 16 05 5f c4 ce 02 | ikev2 g^x 2b c3 61 d8 8f 6e 06 94 9f 48 9d c1 1f df 09 ab | ikev2 g^x 22 8c 85 cc 25 78 ec c9 27 cb 23 7c 82 a6 33 2c | ikev2 g^x fb 3e f1 f3 aa 97 a0 b3 58 0a f2 d0 85 9f 5b 39 | ikev2 g^x a8 74 40 59 16 be f4 54 cd f9 12 f1 29 6c aa 8a | ikev2 g^x b7 c2 45 76 9d b8 e3 53 d2 dd 7e b9 dd fb 29 b6 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 82 a0 03 80 06 37 a7 c5 93 c8 65 21 86 0b 0b d6 | IKEv2 nonce 1f 11 93 80 f9 76 4e c6 bb 49 37 fc 0f 0b dd 83 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864dbf00 (length 8) | 77 b7 16 f5 93 c2 45 01 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864dbf08 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff864dbe34 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff864dbe26 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864dbeb0 (length 20) | 9c 0d c6 18 90 d9 15 25 e6 5d 73 e3 19 72 28 5a | be 28 a4 fa | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= 77 b7 16 f5 93 c2 45 01 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 9c 0d c6 18 90 d9 15 25 e6 5d 73 e3 19 72 28 5a | natd_hash: hash= be 28 a4 fa | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 9c 0d c6 18 90 d9 15 25 e6 5d 73 e3 19 72 28 5a | Notify data be 28 a4 fa | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864dbf00 (length 8) | 77 b7 16 f5 93 c2 45 01 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864dbf08 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff864dbe34 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff864dbe26 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864dbeb0 (length 20) | 92 e1 e0 8b c0 2a 75 c4 94 db 0d 96 ad 87 7b d0 | 78 94 25 da | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= 77 b7 16 f5 93 c2 45 01 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 92 e1 e0 8b c0 2a 75 c4 94 db 0d 96 ad 87 7b d0 | natd_hash: hash= 78 94 25 da | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 92 e1 e0 8b c0 2a 75 c4 94 db 0d 96 ad 87 7b d0 | Notify data 78 94 25 da | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 436 | stop processing: state #19 connection "3des" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #19 connection "3des" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #19 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #19: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #19 to 4294967295 after switching state | Message ID: IKE #19 skipping update_recv as MD is fake | Message ID: sent #19 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "3des" #19: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 436 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #19) | 77 b7 16 f5 93 c2 45 01 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | fc a6 33 33 e8 8a e7 83 c7 8d 84 29 25 23 a0 e1 | ee ea 09 e2 73 d5 47 d3 59 9b a0 98 28 8d d2 a1 | b8 5e 31 d2 fa 43 5a 9e 7e 97 6e 21 1f 12 bd ff | 77 04 b5 1e 44 c4 61 93 61 a9 03 2b de 3c 1b fe | 22 54 be 08 8a cc fe 8a ff 22 30 4c c7 ea 6e 8e | 38 41 f7 3f fd 64 63 c8 fd e1 d3 83 54 76 bc a4 | 04 b3 b9 26 f9 75 75 a9 7c cd e4 e0 9c ea 48 e7 | 45 7c a8 71 fd cf 26 2d d6 81 36 0e 7e cc 38 e5 | f4 7c b8 0d 2c fd 9a b6 3c db e8 2b 4b 31 e0 cb | 4a c2 ad 1d 12 c2 b9 32 a4 9c 03 ef 37 64 c9 92 | 2e a6 8b a9 e1 85 71 e5 7f 99 16 05 5f c4 ce 02 | 2b c3 61 d8 8f 6e 06 94 9f 48 9d c1 1f df 09 ab | 22 8c 85 cc 25 78 ec c9 27 cb 23 7c 82 a6 33 2c | fb 3e f1 f3 aa 97 a0 b3 58 0a f2 d0 85 9f 5b 39 | a8 74 40 59 16 be f4 54 cd f9 12 f1 29 6c aa 8a | b7 c2 45 76 9d b8 e3 53 d2 dd 7e b9 dd fb 29 b6 | 29 00 00 24 82 a0 03 80 06 37 a7 c5 93 c8 65 21 | 86 0b 0b d6 1f 11 93 80 f9 76 4e c6 bb 49 37 fc | 0f 0b dd 83 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 9c 0d c6 18 90 d9 15 25 e6 5d 73 e3 | 19 72 28 5a be 28 a4 fa 00 00 00 1c 00 00 40 05 | 92 e1 e0 8b c0 2a 75 c4 94 db 0d 96 ad 87 7b d0 | 78 94 25 da | state #19 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f5cc00016a0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f5cc0001560 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "3des" #19: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x7f5cc0001560 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #19 | libevent_malloc: new ptr-libevent@0x7f5cc00016a0 size 128 | #19 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48959.785153 | resume sending helper answer for #19 suppresed complete_v2_state_transition() and stole MD | #19 spent 0.501 milliseconds in resume sending helper answer | stop processing: state #19 connection "3des" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5cc40016a0 | spent 0.00267 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 436 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | 3b d2 e1 39 da 3d e9 2a 83 0c d2 04 be ce d8 df | f5 48 b7 94 ce 04 9d 8c 0b b1 42 07 1f 6d 4a 7a | 4f 4c 03 3e de 3d b6 fe e3 d1 d2 62 9e 26 8d 80 | 51 fa a1 55 77 04 5b f6 cb 15 28 d9 9f a1 25 e9 | b9 c7 05 cc 85 c2 c2 b0 a4 6f b0 fe 95 21 cc 77 | af 3d 89 a5 7e de b2 2f db 81 6c 24 be 21 b6 b3 | b4 5c 3a 25 fe b8 22 c4 ba c2 2d 48 ee 23 62 bc | 44 cf 53 22 62 85 ca d8 27 42 cf 8c 45 f5 16 20 | a6 1d fd ae 99 9c eb 0a 87 c5 0e 89 05 ff 4c 6f | 41 d4 4d 46 49 60 90 c1 4c 18 34 ed 03 8a 70 e3 | d0 33 2d 45 ea db 58 c0 27 81 dd cb 43 39 a7 bc | 38 59 7e ba bd 4c 30 c9 0a 28 79 a5 54 6e e4 13 | 42 6b 68 ed f7 ea 2d 88 89 24 35 9a 21 ee 33 17 | 8f ad 85 00 85 e6 58 3b 96 d2 ea 28 06 73 dd 20 | d8 3d 2a 54 fe 1a bf b9 9a 66 66 dd 85 26 51 c7 | 4c 04 15 c7 4f c0 64 bc a4 1d b4 1a 7c ad 72 c4 | 29 00 00 24 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 | 7b f1 e3 e6 35 4f 19 fb cf a6 4f 83 35 0a 52 1a | c7 9c 46 ce 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 f1 05 de 2d 07 2f 07 6d f2 56 c0 e2 | 35 f6 36 ab 3f 59 63 c6 00 00 00 1c 00 00 40 05 | db 3f ad ff d9 41 57 4c 05 c7 50 98 15 16 56 5d | cf 1d 80 22 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 77 b7 16 f5 93 c2 45 01 | responder cookie: | 4d 0c 58 38 db f7 da 56 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 436 (0x1b4) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #19 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #19 connection "3des" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #19 connection "3des" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #19 is idle | #19 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | State DB: re-hashing IKEv2 state #19 IKE SPIi and SPI[ir] | #19 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | DH public value received: | 3b d2 e1 39 da 3d e9 2a 83 0c d2 04 be ce d8 df | f5 48 b7 94 ce 04 9d 8c 0b b1 42 07 1f 6d 4a 7a | 4f 4c 03 3e de 3d b6 fe e3 d1 d2 62 9e 26 8d 80 | 51 fa a1 55 77 04 5b f6 cb 15 28 d9 9f a1 25 e9 | b9 c7 05 cc 85 c2 c2 b0 a4 6f b0 fe 95 21 cc 77 | af 3d 89 a5 7e de b2 2f db 81 6c 24 be 21 b6 b3 | b4 5c 3a 25 fe b8 22 c4 ba c2 2d 48 ee 23 62 bc | 44 cf 53 22 62 85 ca d8 27 42 cf 8c 45 f5 16 20 | a6 1d fd ae 99 9c eb 0a 87 c5 0e 89 05 ff 4c 6f | 41 d4 4d 46 49 60 90 c1 4c 18 34 ed 03 8a 70 e3 | d0 33 2d 45 ea db 58 c0 27 81 dd cb 43 39 a7 bc | 38 59 7e ba bd 4c 30 c9 0a 28 79 a5 54 6e e4 13 | 42 6b 68 ed f7 ea 2d 88 89 24 35 9a 21 ee 33 17 | 8f ad 85 00 85 e6 58 3b 96 d2 ea 28 06 73 dd 20 | d8 3d 2a 54 fe 1a bf b9 9a 66 66 dd 85 26 51 c7 | 4c 04 15 c7 4f c0 64 bc a4 1d b4 1a 7c ad 72 c4 | using existing local IKE proposals for connection 3des (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE initiator (accepting) 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | remote proposal 1 transform 0 (ENCR=3DES) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: 3DES=3, found 3DES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864db9c0 (length 8) | 77 b7 16 f5 93 c2 45 01 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864db9c8 (length 8) | 4d 0c 58 38 db f7 da 56 | NATD hash sha digest IP addr-bytes@0x7fff864db954 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff864db946 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864db9d0 (length 20) | db 3f ad ff d9 41 57 4c 05 c7 50 98 15 16 56 5d | cf 1d 80 22 | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= 77 b7 16 f5 93 c2 45 01 | natd_hash: rcookie= 4d 0c 58 38 db f7 da 56 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= db 3f ad ff d9 41 57 4c 05 c7 50 98 15 16 56 5d | natd_hash: hash= cf 1d 80 22 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864db9c0 (length 8) | 77 b7 16 f5 93 c2 45 01 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864db9c8 (length 8) | 4d 0c 58 38 db f7 da 56 | NATD hash sha digest IP addr-bytes@0x7fff864db954 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff864db946 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864db9f0 (length 20) | f1 05 de 2d 07 2f 07 6d f2 56 c0 e2 35 f6 36 ab | 3f 59 63 c6 | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= 77 b7 16 f5 93 c2 45 01 | natd_hash: rcookie= 4d 0c 58 38 db f7 da 56 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= f1 05 de 2d 07 2f 07 6d f2 56 c0 e2 35 f6 36 ab | natd_hash: hash= 3f 59 63 c6 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=3DES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f5cc4002a80: transferring ownership from state #19 to helper IKEv2 DH | adding ikev2_inR1outI2 KE work-order 20 for state #19 | state #19 requesting EVENT_RETRANSMIT to be deleted | #19 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x7f5cc00016a0 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f5cc0001560 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f5cc0001560 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #19 | libevent_malloc: new ptr-libevent@0x7f5cc40016a0 size 128 | #19 spent 0.275 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | [RE]START processing: state #19 connection "3des" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #19 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #19 and saving MD | #19 is busy; has a suspended MD | [RE]START processing: state #19 connection "3des" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) | "3des" #19 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #19 connection "3des" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #19 spent 0.528 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.539 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 1 resuming | crypto helper 1 starting work-order 20 for state #19 | crypto helper 1 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 20 | peer's g: 3b d2 e1 39 da 3d e9 2a 83 0c d2 04 be ce d8 df | peer's g: f5 48 b7 94 ce 04 9d 8c 0b b1 42 07 1f 6d 4a 7a | peer's g: 4f 4c 03 3e de 3d b6 fe e3 d1 d2 62 9e 26 8d 80 | peer's g: 51 fa a1 55 77 04 5b f6 cb 15 28 d9 9f a1 25 e9 | peer's g: b9 c7 05 cc 85 c2 c2 b0 a4 6f b0 fe 95 21 cc 77 | peer's g: af 3d 89 a5 7e de b2 2f db 81 6c 24 be 21 b6 b3 | peer's g: b4 5c 3a 25 fe b8 22 c4 ba c2 2d 48 ee 23 62 bc | peer's g: 44 cf 53 22 62 85 ca d8 27 42 cf 8c 45 f5 16 20 | peer's g: a6 1d fd ae 99 9c eb 0a 87 c5 0e 89 05 ff 4c 6f | peer's g: 41 d4 4d 46 49 60 90 c1 4c 18 34 ed 03 8a 70 e3 | peer's g: d0 33 2d 45 ea db 58 c0 27 81 dd cb 43 39 a7 bc | peer's g: 38 59 7e ba bd 4c 30 c9 0a 28 79 a5 54 6e e4 13 | peer's g: 42 6b 68 ed f7 ea 2d 88 89 24 35 9a 21 ee 33 17 | peer's g: 8f ad 85 00 85 e6 58 3b 96 d2 ea 28 06 73 dd 20 | peer's g: d8 3d 2a 54 fe 1a bf b9 9a 66 66 dd 85 26 51 c7 | peer's g: 4c 04 15 c7 4f c0 64 bc a4 1d b4 1a 7c ad 72 c4 | Started DH shared-secret computation in NSS: | new : g_ir-key@0x7f5cc800a510 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f5cc4002a80: computed shared DH secret key@0x7f5cc800a510 | dh-shared : g^ir-key@0x7f5cc800a510 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=24 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f5cb80075d0 (length 64) | 82 a0 03 80 06 37 a7 c5 93 c8 65 21 86 0b 0b d6 | 1f 11 93 80 f9 76 4e c6 bb 49 37 fc 0f 0b dd 83 | 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 7b f1 e3 e6 | 35 4f 19 fb cf a6 4f 83 35 0a 52 1a c7 9c 46 ce | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd78e7670 | result: Ni | Nr-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7658 | result: Ni | Nr-key@0x564021e04570 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x564021dfb870 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f5cb8002e80 from Ni | Nr-key@0x564021e04570 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f5cb8002e80 from Ni | Nr-key@0x564021e04570 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x564021e04570 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f5cb8003110 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x7f5cc800a510 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x7f5cc800a510 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x7f5cc800a510 | nss hmac digest hack: symkey-key@0x7f5cc800a510 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)-678530352: 30 6c ffffffe2 14 ffffff87 76 ffffffce 50 ffffffd8 6b fffffffd 1e ffffffb2 ffffff8e fffffff6 5f ffffffbe 40 7a 65 ffffffb9 ffffffae ffffff95 ffffffd2 ffffffe3 ffffff95 ffffff87 ffffff81 73 13 ffffff9a ffffffca ffffff8c ffffffe6 0f ffffffc9 ffffffd7 53 08 ffffffae ffffffcd 59 ffffffcb ffffff8f ffffffd1 72 ffffffc6 16 fffffff9 05 ffffff86 1e ffffff87 64 48 ffffffbf ffffff8b ffffffa3 ffffff9e fffffffd 72 ffffffbb ffffff86 ffffffac 0f ffffffe6 5d 4c 5a 14 26 ffffffbe fffffff0 ffffff8a ffffffc2 2e ffffffdb 2a ffffffeb ffffffde ffffff92 2c 40 1f 1f ffffffe7 ffffff92 2c 09 1e 7e 7b 62 ffffffb1 ffffffe6 ffffff9b ffffffa8 ffffffe5 11 7c ffffffb4 24 ffffffbf ffffffa9 48 ffffffaf 7d ffffffc0 ffffffe1 48 ffffff86 ffffffc3 48 ffffff9b ffffff96 ffffffa7 ffffffbd ffffffc9 fffffff1 ffffff9b 01 ffffff9c 05 ffffff9e ffffffb3 2a 0d 12 60 3f ffffffd2 ffffffa0 12 ffffffb1 5c ffffffd5 ffffff9a 05 ffffffb4 7e ffffff97 58 2b 04 fffffff8 2f ffffffee ffffffe4 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 256 bytes at 0x7f5cb80066a0 | unwrapped: b7 12 7d 50 a0 6f 73 b1 7c 78 5c a7 7d 1b 73 65 | unwrapped: c5 75 3c 82 17 03 e8 02 d8 87 26 64 c7 aa 43 e6 | unwrapped: 84 11 ed ea 56 aa 41 22 65 f9 8a 19 db b0 f8 e1 | unwrapped: 25 45 8e c9 05 d7 cd 8a 17 71 cd d1 b4 30 4f f1 | unwrapped: 18 11 57 21 31 9e 4a 41 a7 65 10 67 f5 b6 1a f3 | unwrapped: f6 8c b0 13 91 33 4f a5 34 c5 86 6c 63 3f 7b f5 | unwrapped: ff 23 7b 72 14 ce 78 ba b1 ad 41 09 62 dc 71 2e | unwrapped: 28 fe c7 c5 f2 ed 2a 2b 00 5f d1 05 f5 9b 2c 7d | unwrapped: 97 42 6b 52 89 21 d8 c8 14 e6 ac 5d fb 0c 48 c9 | unwrapped: 34 7e c3 1c 89 ad f1 c3 64 54 ce 42 dd 03 e8 c5 | unwrapped: 58 6a c5 49 6a 8b 39 bd 91 f0 62 92 49 9a 15 93 | unwrapped: 05 49 f5 d5 0c c9 e5 de 81 c1 1a 31 ef 8d 1f 20 | unwrapped: 01 62 b8 a4 9f 62 3b af b6 32 12 84 e9 73 6d d3 | unwrapped: ab 82 7a 59 23 33 e3 42 f2 9d 6c 62 6f b1 64 f9 | unwrapped: 17 da 81 d2 cb c1 2f 4c d9 fe 30 0f 3f 23 f4 4d | unwrapped: c9 26 5c 71 dc 9b 7e 60 28 f7 77 10 34 14 44 bf | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd78e7690 | result: final-key@0x564021dfb870 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021dfb870 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7678 | result: final-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021dfb870 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x564021e04570 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd78e7600 | result: data=Ni-key@0x564021e07b90 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x564021e07b90 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e75e8 | result: data=Ni-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x564021e07b90 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021dfb870 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f5cd78e75f0 | result: data+=Nr-key@0x564021e07b90 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564021dfb870 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e07b90 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f5cd78e75f0 | result: data+=SPIi-key@0x564021dfb870 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564021e07b90 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021dfb870 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f5cd78e75f0 | result: data+=SPIr-key@0x564021e07b90 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564021dfb870 | prf+0 PRF sha init key-key@0x564021e04570 (size 20) | prf+0: key-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7518 | result: clone-key@0x564021dfb870 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f5cb8002e80 from key-key@0x564021dfb870 | prf+0 prf: begin sha with context 0x7f5cb8002e80 from key-key@0x564021dfb870 | prf+0: release clone-key@0x564021dfb870 | prf+0 PRF sha crypt-prf@0x7f5cb80051e0 | prf+0 PRF sha update seed-key@0x564021e07b90 (size 80) | prf+0: seed-key@0x564021e07b90 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021e07b90 | nss hmac digest hack: symkey-key@0x564021e07b90 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-678530720: 3c 34 ffffffe6 00 2e fffffff3 ffffff93 ffffffaf ffffffb2 ffffffde 08 73 11 1a fffffff0 fffffffe ffffffce ffffff89 ffffff8a ffffff9f 03 6d 05 ffffffd2 56 ffffffed 66 59 ffffffd7 42 ffffff8a fffffffb 19 ffffffc7 0b 18 5b ffffffab ffffffdd ffffffa4 fffffffc ffffffb0 18 ffffffaa 3a ffffff8b 47 09 1c ffffffde ffffffa2 65 7f 4e ffffffc4 29 ffffffae 13 ffffffc2 fffffffb ffffffb8 ffffffee fffffffd 34 05 ffffffd2 5e ffffffbb ffffffbb ffffffb8 2b ffffff92 0f 6e 53 2a 1b 1d ffffffdd 4a | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cb8005090 | unwrapped: 82 a0 03 80 06 37 a7 c5 93 c8 65 21 86 0b 0b d6 | unwrapped: 1f 11 93 80 f9 76 4e c6 bb 49 37 fc 0f 0b dd 83 | unwrapped: 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 7b f1 e3 e6 | unwrapped: 35 4f 19 fb cf a6 4f 83 35 0a 52 1a c7 9c 46 ce | unwrapped: 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd78e7520 | result: final-key@0x564021e01140 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e01140 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7508 | result: final-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e01140 | prf+0 PRF sha final-key@0x564021dfb870 (size 20) | prf+0: key-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x564021dfb870 | prf+N PRF sha init key-key@0x564021e04570 (size 20) | prf+N: key-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7518 | result: clone-key@0x564021e01140 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5cb8002e80 from key-key@0x564021e01140 | prf+N prf: begin sha with context 0x7f5cb8002e80 from key-key@0x564021e01140 | prf+N: release clone-key@0x564021e01140 | prf+N PRF sha crypt-prf@0x7f5cb8001f40 | prf+N PRF sha update old_t-key@0x564021dfb870 (size 20) | prf+N: old_t-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021dfb870 | nss hmac digest hack: symkey-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-678530720: 50 ffffff88 ffffff9e 4e ffffffc4 ffffffb0 ffffffa8 ffffffff 40 ffffff91 4b ffffffbd 60 ffffff8a ffffffdd 34 70 34 fffffff2 ffffffee 5e 6f ffffff9b 65 3d 67 fffffffa 44 6a ffffffd1 ffffffd7 42 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5cb8005f00 | unwrapped: a1 61 61 1d c2 cd 87 3e 2a a2 e1 76 d6 40 5d d9 | unwrapped: 8d 29 7b 5a 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021e07b90 (size 80) | prf+N: seed-key@0x564021e07b90 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021e07b90 | nss hmac digest hack: symkey-key@0x564021e07b90 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-678530720: 3c 34 ffffffe6 00 2e fffffff3 ffffff93 ffffffaf ffffffb2 ffffffde 08 73 11 1a fffffff0 fffffffe ffffffce ffffff89 ffffff8a ffffff9f 03 6d 05 ffffffd2 56 ffffffed 66 59 ffffffd7 42 ffffff8a fffffffb 19 ffffffc7 0b 18 5b ffffffab ffffffdd ffffffa4 fffffffc ffffffb0 18 ffffffaa 3a ffffff8b 47 09 1c ffffffde ffffffa2 65 7f 4e ffffffc4 29 ffffffae 13 ffffffc2 fffffffb ffffffb8 ffffffee fffffffd 34 05 ffffffd2 5e ffffffbb ffffffbb ffffffb8 2b ffffff92 0f 6e 53 2a 1b 1d ffffffdd 4a | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cb8005030 | unwrapped: 82 a0 03 80 06 37 a7 c5 93 c8 65 21 86 0b 0b d6 | unwrapped: 1f 11 93 80 f9 76 4e c6 bb 49 37 fc 0f 0b dd 83 | unwrapped: 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 7b f1 e3 e6 | unwrapped: 35 4f 19 fb cf a6 4f 83 35 0a 52 1a c7 9c 46 ce | unwrapped: 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd78e7520 | result: final-key@0x564021df9ff0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021df9ff0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7508 | result: final-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021df9ff0 | prf+N PRF sha final-key@0x564021e01140 (size 20) | prf+N: key-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd78e7598 | result: result-key@0x564021df9ff0 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021dfb870 | prfplus: release old_t[N]-key@0x564021dfb870 | prf+N PRF sha init key-key@0x564021e04570 (size 20) | prf+N: key-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7518 | result: clone-key@0x564021dfb870 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5cb8002e80 from key-key@0x564021dfb870 | prf+N prf: begin sha with context 0x7f5cb8002e80 from key-key@0x564021dfb870 | prf+N: release clone-key@0x564021dfb870 | prf+N PRF sha crypt-prf@0x7f5cb80018a0 | prf+N PRF sha update old_t-key@0x564021e01140 (size 20) | prf+N: old_t-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021e01140 | nss hmac digest hack: symkey-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-678530720: 68 ffffffc1 54 ffffffc9 57 3e 4a ffffffa7 46 ffffff8a 67 59 4a ffffff96 71 2a 60 ffffffc8 03 ffffff8c ffffff87 ffffffe4 03 fffffff8 7d ffffffe8 ffffffec ffffffc5 ffffffef 6a ffffffa9 ffffffac | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5cb80069b0 | unwrapped: b3 58 65 f4 94 29 0c 2d 47 90 8c 95 09 6f 62 68 | unwrapped: 92 10 79 44 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021e07b90 (size 80) | prf+N: seed-key@0x564021e07b90 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021e07b90 | nss hmac digest hack: symkey-key@0x564021e07b90 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-678530720: 3c 34 ffffffe6 00 2e fffffff3 ffffff93 ffffffaf ffffffb2 ffffffde 08 73 11 1a fffffff0 fffffffe ffffffce ffffff89 ffffff8a ffffff9f 03 6d 05 ffffffd2 56 ffffffed 66 59 ffffffd7 42 ffffff8a fffffffb 19 ffffffc7 0b 18 5b ffffffab ffffffdd ffffffa4 fffffffc ffffffb0 18 ffffffaa 3a ffffff8b 47 09 1c ffffffde ffffffa2 65 7f 4e ffffffc4 29 ffffffae 13 ffffffc2 fffffffb ffffffb8 ffffffee fffffffd 34 05 ffffffd2 5e ffffffbb ffffffbb ffffffb8 2b ffffff92 0f 6e 53 2a 1b 1d ffffffdd 4a | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cb80050f0 | unwrapped: 82 a0 03 80 06 37 a7 c5 93 c8 65 21 86 0b 0b d6 | unwrapped: 1f 11 93 80 f9 76 4e c6 bb 49 37 fc 0f 0b dd 83 | unwrapped: 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 7b f1 e3 e6 | unwrapped: 35 4f 19 fb cf a6 4f 83 35 0a 52 1a c7 9c 46 ce | unwrapped: 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd78e7520 | result: final-key@0x564021e19e70 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e19e70 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7508 | result: final-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e19e70 | prf+N PRF sha final-key@0x564021dfb870 (size 20) | prf+N: key-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021df9ff0 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd78e7598 | result: result-key@0x564021e19e70 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021df9ff0 | prfplus: release old_t[N]-key@0x564021e01140 | prf+N PRF sha init key-key@0x564021e04570 (size 20) | prf+N: key-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7518 | result: clone-key@0x564021e01140 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5cb8002e80 from key-key@0x564021e01140 | prf+N prf: begin sha with context 0x7f5cb8002e80 from key-key@0x564021e01140 | prf+N: release clone-key@0x564021e01140 | prf+N PRF sha crypt-prf@0x7f5cb8001f40 | prf+N PRF sha update old_t-key@0x564021dfb870 (size 20) | prf+N: old_t-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021dfb870 | nss hmac digest hack: symkey-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-678530720: 3f 55 ffffffa0 ffffffe6 ffffff84 ffffff8b 6d 19 2d ffffff90 4f 48 5a 5a ffffffb2 ffffffeb 00 76 16 72 23 3c 66 ffffffd6 0a ffffffde 16 4f 6e ffffffca 01 0f | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5cb8001210 | unwrapped: c0 9d 33 66 12 77 c7 f5 fd 37 8c 41 45 fa 0e d2 | unwrapped: 4c 5f 0f ce 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021e07b90 (size 80) | prf+N: seed-key@0x564021e07b90 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021e07b90 | nss hmac digest hack: symkey-key@0x564021e07b90 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-678530720: 3c 34 ffffffe6 00 2e fffffff3 ffffff93 ffffffaf ffffffb2 ffffffde 08 73 11 1a fffffff0 fffffffe ffffffce ffffff89 ffffff8a ffffff9f 03 6d 05 ffffffd2 56 ffffffed 66 59 ffffffd7 42 ffffff8a fffffffb 19 ffffffc7 0b 18 5b ffffffab ffffffdd ffffffa4 fffffffc ffffffb0 18 ffffffaa 3a ffffff8b 47 09 1c ffffffde ffffffa2 65 7f 4e ffffffc4 29 ffffffae 13 ffffffc2 fffffffb ffffffb8 ffffffee fffffffd 34 05 ffffffd2 5e ffffffbb ffffffbb ffffffb8 2b ffffff92 0f 6e 53 2a 1b 1d ffffffdd 4a | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cb8005e20 | unwrapped: 82 a0 03 80 06 37 a7 c5 93 c8 65 21 86 0b 0b d6 | unwrapped: 1f 11 93 80 f9 76 4e c6 bb 49 37 fc 0f 0b dd 83 | unwrapped: 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 7b f1 e3 e6 | unwrapped: 35 4f 19 fb cf a6 4f 83 35 0a 52 1a c7 9c 46 ce | unwrapped: 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd78e7520 | result: final-key@0x564021df9ff0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021df9ff0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7508 | result: final-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021df9ff0 | prf+N PRF sha final-key@0x564021e01140 (size 20) | prf+N: key-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e19e70 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd78e7598 | result: result-key@0x564021df9ff0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021e19e70 | prfplus: release old_t[N]-key@0x564021dfb870 | prf+N PRF sha init key-key@0x564021e04570 (size 20) | prf+N: key-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7518 | result: clone-key@0x564021dfb870 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5cb8002e80 from key-key@0x564021dfb870 | prf+N prf: begin sha with context 0x7f5cb8002e80 from key-key@0x564021dfb870 | prf+N: release clone-key@0x564021dfb870 | prf+N PRF sha crypt-prf@0x7f5cb80018a0 | prf+N PRF sha update old_t-key@0x564021e01140 (size 20) | prf+N: old_t-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021e01140 | nss hmac digest hack: symkey-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-678530720: ffffffbc 78 70 ffffffa5 ffffff8f 7d 62 0d 3f 3a fffffffc ffffffa4 ffffffdc ffffffa5 ffffff95 79 6f ffffffad 41 71 fffffff7 ffffffa2 ffffff81 4e 12 ffffffea fffffff4 7f ffffff94 ffffffb1 ffffff99 78 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5cb8001210 | unwrapped: b3 f6 8e ce 3b a4 b2 03 c0 01 78 56 a4 2d 2f cd | unwrapped: bd 08 2f cf 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021e07b90 (size 80) | prf+N: seed-key@0x564021e07b90 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021e07b90 | nss hmac digest hack: symkey-key@0x564021e07b90 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-678530720: 3c 34 ffffffe6 00 2e fffffff3 ffffff93 ffffffaf ffffffb2 ffffffde 08 73 11 1a fffffff0 fffffffe ffffffce ffffff89 ffffff8a ffffff9f 03 6d 05 ffffffd2 56 ffffffed 66 59 ffffffd7 42 ffffff8a fffffffb 19 ffffffc7 0b 18 5b ffffffab ffffffdd ffffffa4 fffffffc ffffffb0 18 ffffffaa 3a ffffff8b 47 09 1c ffffffde ffffffa2 65 7f 4e ffffffc4 29 ffffffae 13 ffffffc2 fffffffb ffffffb8 ffffffee fffffffd 34 05 ffffffd2 5e ffffffbb ffffffbb ffffffb8 2b ffffff92 0f 6e 53 2a 1b 1d ffffffdd 4a | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cb80067b0 | unwrapped: 82 a0 03 80 06 37 a7 c5 93 c8 65 21 86 0b 0b d6 | unwrapped: 1f 11 93 80 f9 76 4e c6 bb 49 37 fc 0f 0b dd 83 | unwrapped: 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 7b f1 e3 e6 | unwrapped: 35 4f 19 fb cf a6 4f 83 35 0a 52 1a c7 9c 46 ce | unwrapped: 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd78e7520 | result: final-key@0x564021e19e70 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e19e70 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7508 | result: final-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e19e70 | prf+N PRF sha final-key@0x564021dfb870 (size 20) | prf+N: key-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021df9ff0 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd78e7598 | result: result-key@0x564021e19e70 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021df9ff0 | prfplus: release old_t[N]-key@0x564021e01140 | prf+N PRF sha init key-key@0x564021e04570 (size 20) | prf+N: key-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7518 | result: clone-key@0x564021e01140 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5cb8005b80 from key-key@0x564021e01140 | prf+N prf: begin sha with context 0x7f5cb8005b80 from key-key@0x564021e01140 | prf+N: release clone-key@0x564021e01140 | prf+N PRF sha crypt-prf@0x7f5cb8001f40 | prf+N PRF sha update old_t-key@0x564021dfb870 (size 20) | prf+N: old_t-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021dfb870 | nss hmac digest hack: symkey-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-678530720: 7c 6a 64 ffffffac fffffff4 ffffff8b fffffffe 55 ffffffe1 ffffffa8 ffffffd2 3b 45 19 ffffff89 44 ffffffa3 ffffff9a 67 ffffffad ffffffa8 ffffff88 ffffffd1 0a ffffffd2 ffffffd7 19 ffffff91 27 ffffffa5 ffffffb5 ffffffb0 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5cb8001210 | unwrapped: 70 82 e8 22 43 41 bb 69 b7 6d b4 60 d1 3b 2a 37 | unwrapped: ab c4 3b fe 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021e07b90 (size 80) | prf+N: seed-key@0x564021e07b90 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021e07b90 | nss hmac digest hack: symkey-key@0x564021e07b90 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-678530720: 3c 34 ffffffe6 00 2e fffffff3 ffffff93 ffffffaf ffffffb2 ffffffde 08 73 11 1a fffffff0 fffffffe ffffffce ffffff89 ffffff8a ffffff9f 03 6d 05 ffffffd2 56 ffffffed 66 59 ffffffd7 42 ffffff8a fffffffb 19 ffffffc7 0b 18 5b ffffffab ffffffdd ffffffa4 fffffffc ffffffb0 18 ffffffaa 3a ffffff8b 47 09 1c ffffffde ffffffa2 65 7f 4e ffffffc4 29 ffffffae 13 ffffffc2 fffffffb ffffffb8 ffffffee fffffffd 34 05 ffffffd2 5e ffffffbb ffffffbb ffffffb8 2b ffffff92 0f 6e 53 2a 1b 1d ffffffdd 4a | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cb8005030 | unwrapped: 82 a0 03 80 06 37 a7 c5 93 c8 65 21 86 0b 0b d6 | unwrapped: 1f 11 93 80 f9 76 4e c6 bb 49 37 fc 0f 0b dd 83 | unwrapped: 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 7b f1 e3 e6 | unwrapped: 35 4f 19 fb cf a6 4f 83 35 0a 52 1a c7 9c 46 ce | unwrapped: 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd78e7520 | result: final-key@0x564021df9ff0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021df9ff0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7508 | result: final-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021df9ff0 | prf+N PRF sha final-key@0x564021e01140 (size 20) | prf+N: key-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e19e70 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd78e7598 | result: result-key@0x564021df9ff0 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021e19e70 | prfplus: release old_t[N]-key@0x564021dfb870 | prf+N PRF sha init key-key@0x564021e04570 (size 20) | prf+N: key-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7518 | result: clone-key@0x564021dfb870 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5cb8002e80 from key-key@0x564021dfb870 | prf+N prf: begin sha with context 0x7f5cb8002e80 from key-key@0x564021dfb870 | prf+N: release clone-key@0x564021dfb870 | prf+N PRF sha crypt-prf@0x7f5cb80018a0 | prf+N PRF sha update old_t-key@0x564021e01140 (size 20) | prf+N: old_t-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021e01140 | nss hmac digest hack: symkey-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-678530720: ffffffdc 41 ffffff84 65 1b ffffffa2 66 ffffffbf fffffff4 ffffff9e 37 51 ffffff91 fffffff7 ffffffaa ffffffb7 61 7c fffffffa 6b ffffffb9 01 2a 5d 2e 61 64 07 14 ffffffbc ffffffe8 ffffffae | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5cb8001210 | unwrapped: b6 c1 4f 5b 5e 69 57 82 3b 52 79 95 dd 2c f0 bb | unwrapped: 56 b2 18 d7 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021e07b90 (size 80) | prf+N: seed-key@0x564021e07b90 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021e07b90 | nss hmac digest hack: symkey-key@0x564021e07b90 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-678530720: 3c 34 ffffffe6 00 2e fffffff3 ffffff93 ffffffaf ffffffb2 ffffffde 08 73 11 1a fffffff0 fffffffe ffffffce ffffff89 ffffff8a ffffff9f 03 6d 05 ffffffd2 56 ffffffed 66 59 ffffffd7 42 ffffff8a fffffffb 19 ffffffc7 0b 18 5b ffffffab ffffffdd ffffffa4 fffffffc ffffffb0 18 ffffffaa 3a ffffff8b 47 09 1c ffffffde ffffffa2 65 7f 4e ffffffc4 29 ffffffae 13 ffffffc2 fffffffb ffffffb8 ffffffee fffffffd 34 05 ffffffd2 5e ffffffbb ffffffbb ffffffb8 2b ffffff92 0f 6e 53 2a 1b 1d ffffffdd 4a | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cb80067b0 | unwrapped: 82 a0 03 80 06 37 a7 c5 93 c8 65 21 86 0b 0b d6 | unwrapped: 1f 11 93 80 f9 76 4e c6 bb 49 37 fc 0f 0b dd 83 | unwrapped: 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 7b f1 e3 e6 | unwrapped: 35 4f 19 fb cf a6 4f 83 35 0a 52 1a c7 9c 46 ce | unwrapped: 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd78e7520 | result: final-key@0x564021e19e70 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e19e70 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7508 | result: final-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e19e70 | prf+N PRF sha final-key@0x564021dfb870 (size 20) | prf+N: key-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021df9ff0 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd78e7598 | result: result-key@0x564021e19e70 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021df9ff0 | prfplus: release old_t[N]-key@0x564021e01140 | prf+N PRF sha init key-key@0x564021e04570 (size 20) | prf+N: key-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7518 | result: clone-key@0x564021e01140 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5cb8002e80 from key-key@0x564021e01140 | prf+N prf: begin sha with context 0x7f5cb8002e80 from key-key@0x564021e01140 | prf+N: release clone-key@0x564021e01140 | prf+N PRF sha crypt-prf@0x7f5cb8001f40 | prf+N PRF sha update old_t-key@0x564021dfb870 (size 20) | prf+N: old_t-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021dfb870 | nss hmac digest hack: symkey-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-678530720: ffffff85 22 26 33 ffffff8d 2a ffffff8d ffffffa6 5d fffffff1 ffffffa3 6c 5d 65 ffffff9c 2b 40 2e ffffff97 ffffffaa ffffffad ffffffa9 fffffff7 35 ffffff96 32 0d ffffffe9 2a 48 ffffffb6 75 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5cb8001210 | unwrapped: e9 38 46 26 a9 99 c1 aa 09 f9 66 64 fd ba c7 08 | unwrapped: 2c 82 db c2 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021e07b90 (size 80) | prf+N: seed-key@0x564021e07b90 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021e07b90 | nss hmac digest hack: symkey-key@0x564021e07b90 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-678530720: 3c 34 ffffffe6 00 2e fffffff3 ffffff93 ffffffaf ffffffb2 ffffffde 08 73 11 1a fffffff0 fffffffe ffffffce ffffff89 ffffff8a ffffff9f 03 6d 05 ffffffd2 56 ffffffed 66 59 ffffffd7 42 ffffff8a fffffffb 19 ffffffc7 0b 18 5b ffffffab ffffffdd ffffffa4 fffffffc ffffffb0 18 ffffffaa 3a ffffff8b 47 09 1c ffffffde ffffffa2 65 7f 4e ffffffc4 29 ffffffae 13 ffffffc2 fffffffb ffffffb8 ffffffee fffffffd 34 05 ffffffd2 5e ffffffbb ffffffbb ffffffb8 2b ffffff92 0f 6e 53 2a 1b 1d ffffffdd 4a | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cb80050f0 | unwrapped: 82 a0 03 80 06 37 a7 c5 93 c8 65 21 86 0b 0b d6 | unwrapped: 1f 11 93 80 f9 76 4e c6 bb 49 37 fc 0f 0b dd 83 | unwrapped: 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 7b f1 e3 e6 | unwrapped: 35 4f 19 fb cf a6 4f 83 35 0a 52 1a c7 9c 46 ce | unwrapped: 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | prf+N PRF sha update N++-byte@0x8 (8) | 08 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd78e7520 | result: final-key@0x564021df9ff0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021df9ff0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7508 | result: final-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021df9ff0 | prf+N PRF sha final-key@0x564021e01140 (size 20) | prf+N: key-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e19e70 (140-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd78e7598 | result: result-key@0x564021df9ff0 (160-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021e19e70 | prfplus: release old_t[N]-key@0x564021dfb870 | prfplus: release old_t[final]-key@0x564021e01140 | ike_sa_keymat: release data-key@0x564021e07b90 | calc_skeyseed_v2: release skeyseed_k-key@0x564021e04570 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021df9ff0 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7738 | result: result-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021df9ff0 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7738 | result: result-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021df9ff0 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7738 | result: result-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: DES3_CBC | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x564021df9ff0 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7748 | result: SK_ei_k-key@0x564021dfb870 (24-bytes, DES3_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 84, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: DES3_CBC | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x564021df9ff0 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7748 | result: SK_er_k-key@0x564021e19e70 (24-bytes, DES3_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 108, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021df9ff0 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7748 | result: result-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x7f5cc80069f0 | chunk_SK_pi: symkey-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1717986848: 5d 4e 08 ffffffac ffffffcc 17 ffffffe6 4c 44 ffffff86 ffffffb0 ffffffe5 ffffffbb 38 31 21 ffffffe2 ffffff9b ffffffdd 78 5a ffffffeb ffffff95 6f 42 04 77 50 ffffffb0 ffffffda 26 14 | chunk_SK_pi: release slot-key-key@0x564021dfdd40 | chunk_SK_pi extracted len 32 bytes at 0x7f5cb8001210 | unwrapped: 3b 52 79 95 dd 2c f0 bb 56 b2 18 d7 e9 38 46 26 | unwrapped: a9 99 c1 aa 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 128, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021df9ff0 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd78e7748 | result: result-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x7f5cc800d640 | chunk_SK_pr: symkey-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1717986848: 27 31 2f 24 48 29 ffffffbc 03 ffffffb0 78 ffffffb5 36 02 ffffff80 6f 69 ffffffc2 35 ffffff97 4b 57 fffffff7 ffffffd1 ffffff9d 7b ffffff85 ffffffe9 ffffff91 ffffffdc fffffff3 06 ffffffce | chunk_SK_pr: release slot-key-key@0x564021dfdd40 | chunk_SK_pr extracted len 32 bytes at 0x7f5cb8006400 | unwrapped: 09 f9 66 64 fd ba c7 08 2c 82 db c2 b2 76 5a bd | unwrapped: 81 5d 4b da 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x564021df9ff0 | calc_skeyseed_v2 pointers: shared-key@0x7f5cc800a510, SK_d-key@0x564021e04570, SK_ai-key@0x564021e07b90, SK_ar-key@0x564021e01140, SK_ei-key@0x564021dfb870, SK_er-key@0x564021e19e70, SK_pi-key@0x7f5cc80069f0, SK_pr-key@0x7f5cc800d640 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | 3b 52 79 95 dd 2c f0 bb 56 b2 18 d7 e9 38 46 26 | a9 99 c1 aa | calc_skeyseed_v2 SK_pr | 09 f9 66 64 fd ba c7 08 2c 82 db c2 b2 76 5a bd | 81 5d 4b da | crypto helper 1 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 20 time elapsed 0.003706 seconds | (#19) spent 3.26 milliseconds in crypto helper computing work-order 20: ikev2_inR1outI2 KE (pcr) | crypto helper 1 sending results from work-order 20 for state #19 to event queue | scheduling resume sending helper answer for #19 | libevent_malloc: new ptr-libevent@0x7f5cb80068c0 size 128 | crypto helper 1 waiting (nothing to do) | processing resume sending helper answer for #19 | start processing: state #19 connection "3des" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 20 | calling continuation function 0x564020443630 | ikev2_parent_inR1outI2_continue for #19: calculating g^{xy}, sending I2 | DH secret MODP2048@0x7f5cc4002a80: transferring ownership from helper IKEv2 DH to state #19 | finish_dh_v2: release st_shared_nss-key@NULL | creating state object #20 at 0x564021e1a900 | State DB: adding IKEv2 state #20 in UNDEFINED | pstats #20 ikev2.child started | duplicating state object #19 "3des" as #20 for IPSEC SA | #20 setting local endpoint to 192.1.2.45:500 from #19.st_localport (in duplicate_state() at state.c:1481) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x564021e04570 | duplicate_state: reference st_skey_ai_nss-key@0x564021e07b90 | duplicate_state: reference st_skey_ar_nss-key@0x564021e01140 | duplicate_state: reference st_skey_ei_nss-key@0x564021dfb870 | duplicate_state: reference st_skey_er_nss-key@0x564021e19e70 | duplicate_state: reference st_skey_pi_nss-key@0x7f5cc80069f0 | duplicate_state: reference st_skey_pr_nss-key@0x7f5cc800d640 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #19.#20; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #19 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #19.#20 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #19 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f5cc40016a0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f5cc0001560 | event_schedule: new EVENT_SA_REPLACE-pe@0x7f5cc0001560 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #19 | libevent_malloc: new ptr-libevent@0x7f5cc40016a0 size 128 | parent state #19: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | 77 b7 16 f5 93 c2 45 01 | responder cookie: | 4d 0c 58 38 db f7 da 56 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | IDr payload will be sent | hmac PRF sha init symkey-key@0x7f5cc80069f0 (size 20) | hmac: symkey-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db978 | result: clone-key@0x564021df9ff0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564021dfd2a0 from symkey-key@0x564021df9ff0 | hmac prf: begin sha with context 0x564021dfd2a0 from symkey-key@0x564021df9ff0 | hmac: release clone-key@0x564021df9ff0 | hmac PRF sha crypt-prf@0x564021e1b470 | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 77 65 73 74 | emitting length of IKEv2 Identification - Initiator - Payload: 12 | idhash calc I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x56402054296c (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7fff864dbf10 (length 20) | 45 9e 94 2d 80 2b 55 29 22 79 c8 da 24 24 9e 26 | cc a9 ce b3 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload | IDr 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x564021e0a240 (line=1) | concluding with best_match=014 best=0x564021e0a240 (lineno=1) | inputs to hash1 (first packet) | 77 b7 16 f5 93 c2 45 01 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | fc a6 33 33 e8 8a e7 83 c7 8d 84 29 25 23 a0 e1 | ee ea 09 e2 73 d5 47 d3 59 9b a0 98 28 8d d2 a1 | b8 5e 31 d2 fa 43 5a 9e 7e 97 6e 21 1f 12 bd ff | 77 04 b5 1e 44 c4 61 93 61 a9 03 2b de 3c 1b fe | 22 54 be 08 8a cc fe 8a ff 22 30 4c c7 ea 6e 8e | 38 41 f7 3f fd 64 63 c8 fd e1 d3 83 54 76 bc a4 | 04 b3 b9 26 f9 75 75 a9 7c cd e4 e0 9c ea 48 e7 | 45 7c a8 71 fd cf 26 2d d6 81 36 0e 7e cc 38 e5 | f4 7c b8 0d 2c fd 9a b6 3c db e8 2b 4b 31 e0 cb | 4a c2 ad 1d 12 c2 b9 32 a4 9c 03 ef 37 64 c9 92 | 2e a6 8b a9 e1 85 71 e5 7f 99 16 05 5f c4 ce 02 | 2b c3 61 d8 8f 6e 06 94 9f 48 9d c1 1f df 09 ab | 22 8c 85 cc 25 78 ec c9 27 cb 23 7c 82 a6 33 2c | fb 3e f1 f3 aa 97 a0 b3 58 0a f2 d0 85 9f 5b 39 | a8 74 40 59 16 be f4 54 cd f9 12 f1 29 6c aa 8a | b7 c2 45 76 9d b8 e3 53 d2 dd 7e b9 dd fb 29 b6 | 29 00 00 24 82 a0 03 80 06 37 a7 c5 93 c8 65 21 | 86 0b 0b d6 1f 11 93 80 f9 76 4e c6 bb 49 37 fc | 0f 0b dd 83 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 9c 0d c6 18 90 d9 15 25 e6 5d 73 e3 | 19 72 28 5a be 28 a4 fa 00 00 00 1c 00 00 40 05 | 92 e1 e0 8b c0 2a 75 c4 94 db 0d 96 ad 87 7b d0 | 78 94 25 da | create: initiator inputs to hash2 (responder nonce) | 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 7b f1 e3 e6 | 35 4f 19 fb cf a6 4f 83 35 0a 52 1a c7 9c 46 ce | idhash 45 9e 94 2d 80 2b 55 29 22 79 c8 da 24 24 9e 26 | idhash cc a9 ce b3 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x564021e14a20 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db770 | result: shared secret-key@0x7f5cd0006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7f5cd0006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db758 | result: shared secret-key@0x564021df9ff0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7f5cd0006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x564021dfd2a0 from shared secret-key@0x564021df9ff0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x564021dfd2a0 from shared secret-key@0x564021df9ff0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x564021df9ff0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x564021e1e1a0 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x5640204d6bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db790 | result: final-key@0x7f5cd0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cd0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db778 | result: final-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f5cd0006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x564021df9ff0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x564021df9ff0 (size 20) | = prf(, ): -key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db788 | result: clone-key@0x7f5cd0006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x564021dfd2a0 from -key@0x7f5cd0006900 | = prf(, ) prf: begin sha with context 0x564021dfd2a0 from -key@0x7f5cd0006900 | = prf(, ): release clone-key@0x7f5cd0006900 | = prf(, ) PRF sha crypt-prf@0x564021e17610 | = prf(, ) PRF sha update first-packet-bytes@0x564021e18210 (length 436) | 77 b7 16 f5 93 c2 45 01 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | fc a6 33 33 e8 8a e7 83 c7 8d 84 29 25 23 a0 e1 | ee ea 09 e2 73 d5 47 d3 59 9b a0 98 28 8d d2 a1 | b8 5e 31 d2 fa 43 5a 9e 7e 97 6e 21 1f 12 bd ff | 77 04 b5 1e 44 c4 61 93 61 a9 03 2b de 3c 1b fe | 22 54 be 08 8a cc fe 8a ff 22 30 4c c7 ea 6e 8e | 38 41 f7 3f fd 64 63 c8 fd e1 d3 83 54 76 bc a4 | 04 b3 b9 26 f9 75 75 a9 7c cd e4 e0 9c ea 48 e7 | 45 7c a8 71 fd cf 26 2d d6 81 36 0e 7e cc 38 e5 | f4 7c b8 0d 2c fd 9a b6 3c db e8 2b 4b 31 e0 cb | 4a c2 ad 1d 12 c2 b9 32 a4 9c 03 ef 37 64 c9 92 | 2e a6 8b a9 e1 85 71 e5 7f 99 16 05 5f c4 ce 02 | 2b c3 61 d8 8f 6e 06 94 9f 48 9d c1 1f df 09 ab | 22 8c 85 cc 25 78 ec c9 27 cb 23 7c 82 a6 33 2c | fb 3e f1 f3 aa 97 a0 b3 58 0a f2 d0 85 9f 5b 39 | a8 74 40 59 16 be f4 54 cd f9 12 f1 29 6c aa 8a | b7 c2 45 76 9d b8 e3 53 d2 dd 7e b9 dd fb 29 b6 | 29 00 00 24 82 a0 03 80 06 37 a7 c5 93 c8 65 21 | 86 0b 0b d6 1f 11 93 80 f9 76 4e c6 bb 49 37 fc | 0f 0b dd 83 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 9c 0d c6 18 90 d9 15 25 e6 5d 73 e3 | 19 72 28 5a be 28 a4 fa 00 00 00 1c 00 00 40 05 | 92 e1 e0 8b c0 2a 75 c4 94 db 0d 96 ad 87 7b d0 | 78 94 25 da | = prf(, ) PRF sha update nonce-bytes@0x564021e16b20 (length 32) | 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 7b f1 e3 e6 | 35 4f 19 fb cf a6 4f 83 35 0a 52 1a c7 9c 46 ce | = prf(, ) PRF sha update hash-bytes@0x7fff864dbf10 (length 20) | 45 9e 94 2d 80 2b 55 29 22 79 c8 da 24 24 9e 26 | cc a9 ce b3 | = prf(, ) PRF sha final-chunk@0x564021e1b470 (length 20) | c3 b3 38 e7 96 bc c0 2c 96 c2 33 7e 33 7c b0 cb | fb 2c d9 4f | psk_auth: release prf-psk-key@0x564021df9ff0 | PSK auth octets c3 b3 38 e7 96 bc c0 2c 96 c2 33 7e 33 7c b0 cb | PSK auth octets fb 2c d9 4f | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth c3 b3 38 e7 96 bc c0 2c 96 c2 33 7e 33 7c b0 cb | PSK auth fb 2c d9 4f | emitting length of IKEv2 Authentication Payload: 28 | getting first pending from state #19 | netlink_get_spi: allocated 0xe5852e50 for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for 3des (IKE SA initiator emitting ESP/AH proposals) | converting proposal 3DES_CBC-HMAC_SHA1_96-MODP2048 to ikev2 ... | omitting IKEv2 PROTO_v2_ESP 3des_cbc ENCRYPT transform key-length | ... ikev2_proposal: 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED "3des": constructed local ESP/AH proposals for 3des (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi e5 85 2e 50 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 36 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 40 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 01 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 02 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 168 | emitting length of ISAKMP Message: 196 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | a6 c2 c8 d1 d1 e9 70 7f | data before encryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | c3 b3 38 e7 96 bc c0 2c 96 c2 33 7e 33 7c b0 cb | fb 2c d9 4f 2c 00 00 28 00 00 00 24 01 03 04 03 | e5 85 2e 50 03 00 00 08 01 00 00 03 03 00 00 08 | 03 00 00 02 00 00 00 08 05 00 00 00 2d 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 01 00 | c0 00 01 ff 00 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 02 00 c0 00 02 ff 00 01 02 03 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | 41 9d 18 8f 9e 2b 7d 3f f3 c8 86 3a 3e ea 6e 1d | 57 2f c7 80 7c 51 5a ba 8e c2 f7 e4 d3 c3 07 ca | ea d5 b1 18 dd ec 34 2b 04 3b 96 c7 ad 06 8e 92 | 40 f1 2c ac e8 91 49 7a fa 93 3a b9 d8 e3 be e5 | d3 e0 c3 fa 01 8a 49 ff 29 64 e4 c4 dc 6b d1 44 | c5 a6 64 80 3c de 8f 72 4c 98 60 81 7f 25 bc 32 | 6c 66 ed 6a 5e e8 85 ab ee c8 ff b8 70 f9 9d ae | c5 fa 77 2b 58 b8 b1 b4 aa 94 f4 b8 76 fe 27 e5 | 9f 85 59 75 ca b4 e4 31 98 d6 5f 4c 87 8f 7b 07 | hmac PRF sha init symkey-key@0x564021e07b90 (size 20) | hmac: symkey-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db888 | result: clone-key@0x564021df9ff0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564021dfd2a0 from symkey-key@0x564021df9ff0 | hmac prf: begin sha with context 0x564021dfd2a0 from symkey-key@0x564021df9ff0 | hmac: release clone-key@0x564021df9ff0 | hmac PRF sha crypt-prf@0x564021e1e1a0 | hmac PRF sha update data-bytes@0x564020542940 (length 184) | 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | a6 c2 c8 d1 d1 e9 70 7f 41 9d 18 8f 9e 2b 7d 3f | f3 c8 86 3a 3e ea 6e 1d 57 2f c7 80 7c 51 5a ba | 8e c2 f7 e4 d3 c3 07 ca ea d5 b1 18 dd ec 34 2b | 04 3b 96 c7 ad 06 8e 92 40 f1 2c ac e8 91 49 7a | fa 93 3a b9 d8 e3 be e5 d3 e0 c3 fa 01 8a 49 ff | 29 64 e4 c4 dc 6b d1 44 c5 a6 64 80 3c de 8f 72 | 4c 98 60 81 7f 25 bc 32 6c 66 ed 6a 5e e8 85 ab | ee c8 ff b8 70 f9 9d ae c5 fa 77 2b 58 b8 b1 b4 | aa 94 f4 b8 76 fe 27 e5 9f 85 59 75 ca b4 e4 31 | 98 d6 5f 4c 87 8f 7b 07 | hmac PRF sha final-bytes@0x5640205429f8 (length 20) | a6 98 a5 a0 de c6 11 6c eb 31 67 d0 c5 d8 41 98 | 33 25 d0 58 | data being hmac: 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | data being hmac: 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | data being hmac: a6 c2 c8 d1 d1 e9 70 7f 41 9d 18 8f 9e 2b 7d 3f | data being hmac: f3 c8 86 3a 3e ea 6e 1d 57 2f c7 80 7c 51 5a ba | data being hmac: 8e c2 f7 e4 d3 c3 07 ca ea d5 b1 18 dd ec 34 2b | data being hmac: 04 3b 96 c7 ad 06 8e 92 40 f1 2c ac e8 91 49 7a | data being hmac: fa 93 3a b9 d8 e3 be e5 d3 e0 c3 fa 01 8a 49 ff | data being hmac: 29 64 e4 c4 dc 6b d1 44 c5 a6 64 80 3c de 8f 72 | data being hmac: 4c 98 60 81 7f 25 bc 32 6c 66 ed 6a 5e e8 85 ab | data being hmac: ee c8 ff b8 70 f9 9d ae c5 fa 77 2b 58 b8 b1 b4 | data being hmac: aa 94 f4 b8 76 fe 27 e5 9f 85 59 75 ca b4 e4 31 | data being hmac: 98 d6 5f 4c 87 8f 7b 07 | out calculated auth: | a6 98 a5 a0 de c6 11 6c eb 31 67 d0 | suspend processing: state #19 connection "3des" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #20 connection "3des" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #20 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #20: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #20 to 0 after switching state | Message ID: recv #19.#20 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #19.#20 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "3des" #20: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=3DES_CBC_192 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 196 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #19) | 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | a6 c2 c8 d1 d1 e9 70 7f 41 9d 18 8f 9e 2b 7d 3f | f3 c8 86 3a 3e ea 6e 1d 57 2f c7 80 7c 51 5a ba | 8e c2 f7 e4 d3 c3 07 ca ea d5 b1 18 dd ec 34 2b | 04 3b 96 c7 ad 06 8e 92 40 f1 2c ac e8 91 49 7a | fa 93 3a b9 d8 e3 be e5 d3 e0 c3 fa 01 8a 49 ff | 29 64 e4 c4 dc 6b d1 44 c5 a6 64 80 3c de 8f 72 | 4c 98 60 81 7f 25 bc 32 6c 66 ed 6a 5e e8 85 ab | ee c8 ff b8 70 f9 9d ae c5 fa 77 2b 58 b8 b1 b4 | aa 94 f4 b8 76 fe 27 e5 9f 85 59 75 ca b4 e4 31 | 98 d6 5f 4c 87 8f 7b 07 a6 98 a5 a0 de c6 11 6c | eb 31 67 d0 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "3des" #20: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x7f5cc4001560 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #20 | libevent_malloc: new ptr-libevent@0x7f5cbc006560 size 128 | #20 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48959.794475 | resume sending helper answer for #19 suppresed complete_v2_state_transition() | #19 spent 1.07 milliseconds in resume sending helper answer | stop processing: state #20 connection "3des" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5cb80068c0 | spent 0.00275 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 188 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | 60 75 d1 ed 13 c9 3e b1 a8 b6 d1 69 d4 c4 83 ef | a3 cc 2d 68 3b 7c c6 fb 71 2c ad e1 36 e6 8b 0d | ea 39 82 cc d2 b3 64 a1 40 f2 4d 23 a4 10 9f 4f | 4f 74 b1 55 3b df ea 12 b9 dc b6 9f 1d 07 dc f3 | a1 91 9e e0 63 fe 68 61 5c 85 24 33 93 ec 11 90 | ef ac 72 f2 ac 6b bd f7 77 fb 9c 88 fc 0b 01 f4 | 91 d1 e8 52 0b 5d 99 ac ea 94 b9 d1 99 41 5d 47 | 7f 3e 62 fc 1a d1 a5 ba 9b 32 f4 21 72 6d 96 5b | 32 ce 23 11 24 c3 6e eb db b8 62 64 6c 77 33 1b | 72 c3 f8 ca 44 e1 88 6d d0 39 2f 0d | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 77 b7 16 f5 93 c2 45 01 | responder cookie: | 4d 0c 58 38 db f7 da 56 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 188 (0xbc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #19 in PARENT_I2 (find_v2_ike_sa) | start processing: state #19 connection "3des" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #20 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #19 connection "3des" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | start processing: state #20 connection "3des" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #20 is idle | #20 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 160 (0xa0) | processing payload: ISAKMP_NEXT_v2SK (len=156) | #20 in state PARENT_I2: sent v2I2, expected v2R2 | hmac PRF sha init symkey-key@0x564021e01140 (size 20) | hmac: symkey-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db7a8 | result: clone-key@0x564021df9ff0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564021dfd2a0 from symkey-key@0x564021df9ff0 | hmac prf: begin sha with context 0x564021dfd2a0 from symkey-key@0x564021df9ff0 | hmac: release clone-key@0x564021df9ff0 | hmac PRF sha crypt-prf@0x564021e17be0 | hmac PRF sha update data-bytes@0x564021d954b0 (length 176) | 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | 60 75 d1 ed 13 c9 3e b1 a8 b6 d1 69 d4 c4 83 ef | a3 cc 2d 68 3b 7c c6 fb 71 2c ad e1 36 e6 8b 0d | ea 39 82 cc d2 b3 64 a1 40 f2 4d 23 a4 10 9f 4f | 4f 74 b1 55 3b df ea 12 b9 dc b6 9f 1d 07 dc f3 | a1 91 9e e0 63 fe 68 61 5c 85 24 33 93 ec 11 90 | ef ac 72 f2 ac 6b bd f7 77 fb 9c 88 fc 0b 01 f4 | 91 d1 e8 52 0b 5d 99 ac ea 94 b9 d1 99 41 5d 47 | 7f 3e 62 fc 1a d1 a5 ba 9b 32 f4 21 72 6d 96 5b | 32 ce 23 11 24 c3 6e eb db b8 62 64 6c 77 33 1b | hmac PRF sha final-bytes@0x7fff864db970 (length 20) | 72 c3 f8 ca 44 e1 88 6d d0 39 2f 0d cd dd 21 1c | bb 43 f6 c0 | data for hmac: 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | data for hmac: 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | data for hmac: 60 75 d1 ed 13 c9 3e b1 a8 b6 d1 69 d4 c4 83 ef | data for hmac: a3 cc 2d 68 3b 7c c6 fb 71 2c ad e1 36 e6 8b 0d | data for hmac: ea 39 82 cc d2 b3 64 a1 40 f2 4d 23 a4 10 9f 4f | data for hmac: 4f 74 b1 55 3b df ea 12 b9 dc b6 9f 1d 07 dc f3 | data for hmac: a1 91 9e e0 63 fe 68 61 5c 85 24 33 93 ec 11 90 | data for hmac: ef ac 72 f2 ac 6b bd f7 77 fb 9c 88 fc 0b 01 f4 | data for hmac: 91 d1 e8 52 0b 5d 99 ac ea 94 b9 d1 99 41 5d 47 | data for hmac: 7f 3e 62 fc 1a d1 a5 ba 9b 32 f4 21 72 6d 96 5b | data for hmac: 32 ce 23 11 24 c3 6e eb db b8 62 64 6c 77 33 1b | calculated auth: 72 c3 f8 ca 44 e1 88 6d d0 39 2f 0d | provided auth: 72 c3 f8 ca 44 e1 88 6d d0 39 2f 0d | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 60 75 d1 ed 13 c9 3e b1 | payload before decryption: | a8 b6 d1 69 d4 c4 83 ef a3 cc 2d 68 3b 7c c6 fb | 71 2c ad e1 36 e6 8b 0d ea 39 82 cc d2 b3 64 a1 | 40 f2 4d 23 a4 10 9f 4f 4f 74 b1 55 3b df ea 12 | b9 dc b6 9f 1d 07 dc f3 a1 91 9e e0 63 fe 68 61 | 5c 85 24 33 93 ec 11 90 ef ac 72 f2 ac 6b bd f7 | 77 fb 9c 88 fc 0b 01 f4 91 d1 e8 52 0b 5d 99 ac | ea 94 b9 d1 99 41 5d 47 7f 3e 62 fc 1a d1 a5 ba | 9b 32 f4 21 72 6d 96 5b 32 ce 23 11 24 c3 6e eb | db b8 62 64 6c 77 33 1b | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | payload after decryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 c8 cc 08 80 af 92 26 31 d3 01 33 bd | a8 f9 b2 b9 80 ce c6 52 2c 00 00 28 00 00 00 24 | 01 03 04 03 f9 22 83 f4 03 00 00 08 01 00 00 03 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 | stripping 8 octets as pad | #20 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SA (len=36) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Initiator: process IKE_AUTH response | Now let's proceed with state specific processing | calling processor Initiator: process IKE_AUTH response | offered CA: '%none' "3des" #20: IKEv2 mode peer ID is ID_FQDN: '@east' | hmac PRF sha init symkey-key@0x7f5cc800d640 (size 20) | hmac: symkey-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc800d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db8d8 | result: clone-key@0x564021df9ff0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564021dfd2a0 from symkey-key@0x564021df9ff0 | hmac prf: begin sha with context 0x564021dfd2a0 from symkey-key@0x564021df9ff0 | hmac: release clone-key@0x564021df9ff0 | hmac PRF sha crypt-prf@0x564021e181a0 | idhash auth R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x564021d954dc (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7fff864dba30 (length 20) | b5 0b 3f 0e 9a 56 cf 6c 78 9c 3c 93 19 95 0e 1c | 43 a8 a1 73 | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x564021e0a240 (line=1) | concluding with best_match=014 best=0x564021e0a240 (lineno=1) | inputs to hash1 (first packet) | 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | 3b d2 e1 39 da 3d e9 2a 83 0c d2 04 be ce d8 df | f5 48 b7 94 ce 04 9d 8c 0b b1 42 07 1f 6d 4a 7a | 4f 4c 03 3e de 3d b6 fe e3 d1 d2 62 9e 26 8d 80 | 51 fa a1 55 77 04 5b f6 cb 15 28 d9 9f a1 25 e9 | b9 c7 05 cc 85 c2 c2 b0 a4 6f b0 fe 95 21 cc 77 | af 3d 89 a5 7e de b2 2f db 81 6c 24 be 21 b6 b3 | b4 5c 3a 25 fe b8 22 c4 ba c2 2d 48 ee 23 62 bc | 44 cf 53 22 62 85 ca d8 27 42 cf 8c 45 f5 16 20 | a6 1d fd ae 99 9c eb 0a 87 c5 0e 89 05 ff 4c 6f | 41 d4 4d 46 49 60 90 c1 4c 18 34 ed 03 8a 70 e3 | d0 33 2d 45 ea db 58 c0 27 81 dd cb 43 39 a7 bc | 38 59 7e ba bd 4c 30 c9 0a 28 79 a5 54 6e e4 13 | 42 6b 68 ed f7 ea 2d 88 89 24 35 9a 21 ee 33 17 | 8f ad 85 00 85 e6 58 3b 96 d2 ea 28 06 73 dd 20 | d8 3d 2a 54 fe 1a bf b9 9a 66 66 dd 85 26 51 c7 | 4c 04 15 c7 4f c0 64 bc a4 1d b4 1a 7c ad 72 c4 | 29 00 00 24 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 | 7b f1 e3 e6 35 4f 19 fb cf a6 4f 83 35 0a 52 1a | c7 9c 46 ce 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 f1 05 de 2d 07 2f 07 6d f2 56 c0 e2 | 35 f6 36 ab 3f 59 63 c6 00 00 00 1c 00 00 40 05 | db 3f ad ff d9 41 57 4c 05 c7 50 98 15 16 56 5d | cf 1d 80 22 | verify: initiator inputs to hash2 (initiator nonce) | 82 a0 03 80 06 37 a7 c5 93 c8 65 21 86 0b 0b d6 | 1f 11 93 80 f9 76 4e c6 bb 49 37 fc 0f 0b dd 83 | idhash b5 0b 3f 0e 9a 56 cf 6c 78 9c 3c 93 19 95 0e 1c | idhash 43 a8 a1 73 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x564021e14a20 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db6e0 | result: shared secret-key@0x7f5cd0006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7f5cd0006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6c8 | result: shared secret-key@0x564021df9ff0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7f5cd0006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x564021dfd2a0 from shared secret-key@0x564021df9ff0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x564021dfd2a0 from shared secret-key@0x564021df9ff0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x564021df9ff0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x564021e17be0 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x5640204d6bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db700 | result: final-key@0x7f5cd0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cd0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6e8 | result: final-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f5cd0006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x564021df9ff0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x564021df9ff0 (size 20) | = prf(, ): -key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6f8 | result: clone-key@0x7f5cd0006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x564021dfd2a0 from -key@0x7f5cd0006900 | = prf(, ) prf: begin sha with context 0x564021dfd2a0 from -key@0x7f5cd0006900 | = prf(, ): release clone-key@0x7f5cd0006900 | = prf(, ) PRF sha crypt-prf@0x564021e17610 | = prf(, ) PRF sha update first-packet-bytes@0x564021e17970 (length 436) | 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | 3b d2 e1 39 da 3d e9 2a 83 0c d2 04 be ce d8 df | f5 48 b7 94 ce 04 9d 8c 0b b1 42 07 1f 6d 4a 7a | 4f 4c 03 3e de 3d b6 fe e3 d1 d2 62 9e 26 8d 80 | 51 fa a1 55 77 04 5b f6 cb 15 28 d9 9f a1 25 e9 | b9 c7 05 cc 85 c2 c2 b0 a4 6f b0 fe 95 21 cc 77 | af 3d 89 a5 7e de b2 2f db 81 6c 24 be 21 b6 b3 | b4 5c 3a 25 fe b8 22 c4 ba c2 2d 48 ee 23 62 bc | 44 cf 53 22 62 85 ca d8 27 42 cf 8c 45 f5 16 20 | a6 1d fd ae 99 9c eb 0a 87 c5 0e 89 05 ff 4c 6f | 41 d4 4d 46 49 60 90 c1 4c 18 34 ed 03 8a 70 e3 | d0 33 2d 45 ea db 58 c0 27 81 dd cb 43 39 a7 bc | 38 59 7e ba bd 4c 30 c9 0a 28 79 a5 54 6e e4 13 | 42 6b 68 ed f7 ea 2d 88 89 24 35 9a 21 ee 33 17 | 8f ad 85 00 85 e6 58 3b 96 d2 ea 28 06 73 dd 20 | d8 3d 2a 54 fe 1a bf b9 9a 66 66 dd 85 26 51 c7 | 4c 04 15 c7 4f c0 64 bc a4 1d b4 1a 7c ad 72 c4 | 29 00 00 24 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 | 7b f1 e3 e6 35 4f 19 fb cf a6 4f 83 35 0a 52 1a | c7 9c 46 ce 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 f1 05 de 2d 07 2f 07 6d f2 56 c0 e2 | 35 f6 36 ab 3f 59 63 c6 00 00 00 1c 00 00 40 05 | db 3f ad ff d9 41 57 4c 05 c7 50 98 15 16 56 5d | cf 1d 80 22 | = prf(, ) PRF sha update nonce-bytes@0x7f5cc40010b0 (length 32) | 82 a0 03 80 06 37 a7 c5 93 c8 65 21 86 0b 0b d6 | 1f 11 93 80 f9 76 4e c6 bb 49 37 fc 0f 0b dd 83 | = prf(, ) PRF sha update hash-bytes@0x7fff864dba30 (length 20) | b5 0b 3f 0e 9a 56 cf 6c 78 9c 3c 93 19 95 0e 1c | 43 a8 a1 73 | = prf(, ) PRF sha final-chunk@0x564021e181a0 (length 20) | c8 cc 08 80 af 92 26 31 d3 01 33 bd a8 f9 b2 b9 | 80 ce c6 52 | psk_auth: release prf-psk-key@0x564021df9ff0 | Received PSK auth octets | c8 cc 08 80 af 92 26 31 d3 01 33 bd a8 f9 b2 b9 | 80 ce c6 52 | Calculated PSK auth octets | c8 cc 08 80 af 92 26 31 d3 01 33 bd a8 f9 b2 b9 | 80 ce c6 52 "3des" #20: Authenticated using authby=secret | parent state #19: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) | #19 will start re-keying in 2879 seconds with margin of 721 seconds (attempting re-key) | state #19 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f5cc40016a0 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f5cc0001560 | event_schedule: new EVENT_SA_REKEY-pe@0x7f5cc0001560 | inserting event EVENT_SA_REKEY, timeout in 2879 seconds for #19 | libevent_malloc: new ptr-libevent@0x7f5cc40016a0 size 128 | pstats #19 ikev2.ike established | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | evaluating our conn="3des" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found an acceptable TSi/TSr Traffic Selector | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | using existing local ESP/AH proposals for 3des (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 36 (0x24) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI f9 22 83 f4 | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | remote proposal 1 transform 0 (ENCR=3DES) matches local proposal 1 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=f92283f4;ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: 3DES=3, found 3DES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | integ=sha: .key_size=20 encrypt=3des_cbc: .key_size=24 .salt_size=0 keymat_len=44 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db7e0 | result: data=Ni-key@0x7f5cd0006900 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x7f5cd0006900 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db7c8 | result: data=Ni-key@0x564021df9ff0 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x7f5cd0006900 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021df9ff0 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff864db7d0 | result: data+=Nr-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564021df9ff0 | prf+0 PRF sha init key-key@0x564021e04570 (size 20) | prf+0: key-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6f8 | result: clone-key@0x564021df9ff0 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x564021dfd2a0 from key-key@0x564021df9ff0 | prf+0 prf: begin sha with context 0x564021dfd2a0 from key-key@0x564021df9ff0 | prf+0: release clone-key@0x564021df9ff0 | prf+0 PRF sha crypt-prf@0x564021e1e1a0 | prf+0 PRF sha update seed-key@0x7f5cd0006900 (size 64) | prf+0: seed-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f5cd0006900 | nss hmac digest hack: symkey-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-2041728192: 3c 34 ffffffe6 00 2e fffffff3 ffffff93 ffffffaf ffffffb2 ffffffde 08 73 11 1a fffffff0 fffffffe ffffffce ffffff89 ffffff8a ffffff9f 03 6d 05 ffffffd2 56 ffffffed 66 59 ffffffd7 42 ffffff8a fffffffb 19 ffffffc7 0b 18 5b ffffffab ffffffdd ffffffa4 fffffffc ffffffb0 18 ffffffaa 3a ffffff8b 47 09 1c ffffffde ffffffa2 65 7f 4e ffffffc4 29 ffffffae 13 ffffffc2 fffffffb ffffffb8 ffffffee fffffffd 34 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 64 bytes at 0x564021e1fbe0 | unwrapped: 82 a0 03 80 06 37 a7 c5 93 c8 65 21 86 0b 0b d6 | unwrapped: 1f 11 93 80 f9 76 4e c6 bb 49 37 fc 0f 0b dd 83 | unwrapped: 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 7b f1 e3 e6 | unwrapped: 35 4f 19 fb cf a6 4f 83 35 0a 52 1a c7 9c 46 ce | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db700 | result: final-key@0x7f5cc800eec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cc800eec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6e8 | result: final-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f5cc800eec0 | prf+0 PRF sha final-key@0x564021df9ff0 (size 20) | prf+0: key-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x564021df9ff0 | prf+N PRF sha init key-key@0x564021e04570 (size 20) | prf+N: key-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6f8 | result: clone-key@0x7f5cc800eec0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x564021dfd2a0 from key-key@0x7f5cc800eec0 | prf+N prf: begin sha with context 0x564021dfd2a0 from key-key@0x7f5cc800eec0 | prf+N: release clone-key@0x7f5cc800eec0 | prf+N PRF sha crypt-prf@0x564021e17be0 | prf+N PRF sha update old_t-key@0x564021df9ff0 (size 20) | prf+N: old_t-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021df9ff0 | nss hmac digest hack: symkey-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-2041728192: 54 ffffffc9 0a ffffffc9 59 ffffffa3 28 01 1e ffffffa1 1e ffffffcc 76 20 53 34 ffffffc4 27 fffffff1 ffffff9c ffffff91 ffffffdd 03 ffffff92 ffffffdc 7b fffffffa 58 71 ffffffc1 ffffffe4 ffffffff | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x564021e1e200 | unwrapped: 85 f9 86 b4 3d ba 5a 88 6e cc 1e 46 98 e5 c6 93 | unwrapped: 9e a7 5e b4 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f5cd0006900 (size 64) | prf+N: seed-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f5cd0006900 | nss hmac digest hack: symkey-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-2041728192: 3c 34 ffffffe6 00 2e fffffff3 ffffff93 ffffffaf ffffffb2 ffffffde 08 73 11 1a fffffff0 fffffffe ffffffce ffffff89 ffffff8a ffffff9f 03 6d 05 ffffffd2 56 ffffffed 66 59 ffffffd7 42 ffffff8a fffffffb 19 ffffffc7 0b 18 5b ffffffab ffffffdd ffffffa4 fffffffc ffffffb0 18 ffffffaa 3a ffffff8b 47 09 1c ffffffde ffffffa2 65 7f 4e ffffffc4 29 ffffffae 13 ffffffc2 fffffffb ffffffb8 ffffffee fffffffd 34 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 64 bytes at 0x564021e1a0f0 | unwrapped: 82 a0 03 80 06 37 a7 c5 93 c8 65 21 86 0b 0b d6 | unwrapped: 1f 11 93 80 f9 76 4e c6 bb 49 37 fc 0f 0b dd 83 | unwrapped: 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 7b f1 e3 e6 | unwrapped: 35 4f 19 fb cf a6 4f 83 35 0a 52 1a c7 9c 46 ce | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db700 | result: final-key@0x564021e06230 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e06230 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6e8 | result: final-key@0x7f5cc800eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e06230 | prf+N PRF sha final-key@0x7f5cc800eec0 (size 20) | prf+N: key-key@0x7f5cc800eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff864db778 | result: result-key@0x564021e06230 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021df9ff0 | prfplus: release old_t[N]-key@0x564021df9ff0 | prf+N PRF sha init key-key@0x564021e04570 (size 20) | prf+N: key-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6f8 | result: clone-key@0x564021df9ff0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x564021dfd2a0 from key-key@0x564021df9ff0 | prf+N prf: begin sha with context 0x564021dfd2a0 from key-key@0x564021df9ff0 | prf+N: release clone-key@0x564021df9ff0 | prf+N PRF sha crypt-prf@0x564021e17610 | prf+N PRF sha update old_t-key@0x7f5cc800eec0 (size 20) | prf+N: old_t-key@0x7f5cc800eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f5cc800eec0 | nss hmac digest hack: symkey-key@0x7f5cc800eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-2041728192: 14 69 6c ffffff87 5c ffffff94 05 ffffffbb ffffff9e ffffffec ffffffa9 59 ffffffe5 5c ffffffdc ffffffdc ffffff84 0f ffffffc5 ffffffc8 ffffffb3 37 fffffff5 6c ffffff94 23 64 15 6d 52 ffffffee ffffffca | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x564021e17240 | unwrapped: 37 b6 8e d1 50 64 00 f6 3a 65 ab eb 86 43 7d 5a | unwrapped: 2c 55 e1 10 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f5cd0006900 (size 64) | prf+N: seed-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f5cd0006900 | nss hmac digest hack: symkey-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-2041728192: 3c 34 ffffffe6 00 2e fffffff3 ffffff93 ffffffaf ffffffb2 ffffffde 08 73 11 1a fffffff0 fffffffe ffffffce ffffff89 ffffff8a ffffff9f 03 6d 05 ffffffd2 56 ffffffed 66 59 ffffffd7 42 ffffff8a fffffffb 19 ffffffc7 0b 18 5b ffffffab ffffffdd ffffffa4 fffffffc ffffffb0 18 ffffffaa 3a ffffff8b 47 09 1c ffffffde ffffffa2 65 7f 4e ffffffc4 29 ffffffae 13 ffffffc2 fffffffb ffffffb8 ffffffee fffffffd 34 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 64 bytes at 0x564021e1a190 | unwrapped: 82 a0 03 80 06 37 a7 c5 93 c8 65 21 86 0b 0b d6 | unwrapped: 1f 11 93 80 f9 76 4e c6 bb 49 37 fc 0f 0b dd 83 | unwrapped: 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 7b f1 e3 e6 | unwrapped: 35 4f 19 fb cf a6 4f 83 35 0a 52 1a c7 9c 46 ce | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db700 | result: final-key@0x564021e1e110 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e1e110 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6e8 | result: final-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e1e110 | prf+N PRF sha final-key@0x564021df9ff0 (size 20) | prf+N: key-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e06230 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff864db778 | result: result-key@0x564021e1e110 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021e06230 | prfplus: release old_t[N]-key@0x7f5cc800eec0 | prf+N PRF sha init key-key@0x564021e04570 (size 20) | prf+N: key-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6f8 | result: clone-key@0x7f5cc800eec0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x564021dfd2a0 from key-key@0x7f5cc800eec0 | prf+N prf: begin sha with context 0x564021dfd2a0 from key-key@0x7f5cc800eec0 | prf+N: release clone-key@0x7f5cc800eec0 | prf+N PRF sha crypt-prf@0x564021e17be0 | prf+N PRF sha update old_t-key@0x564021df9ff0 (size 20) | prf+N: old_t-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021df9ff0 | nss hmac digest hack: symkey-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-2041728192: 2d 6a 0b ffffffd9 57 5b ffffffb5 ffffff9f fffffff6 ffffffe3 3f 64 ffffffbf 18 ffffff84 1c 3a ffffffd1 ffffffff 21 4d 02 ffffffc4 ffffffc4 ffffffba 68 ffffff8c ffffffa0 ffffffe6 ffffffcd ffffffb0 ffffffd5 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x564021e17240 | unwrapped: f9 b3 94 bb af a0 94 35 a2 20 8a 27 60 76 22 21 | unwrapped: fe 5e 93 93 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f5cd0006900 (size 64) | prf+N: seed-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f5cd0006900 | nss hmac digest hack: symkey-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-2041728192: 3c 34 ffffffe6 00 2e fffffff3 ffffff93 ffffffaf ffffffb2 ffffffde 08 73 11 1a fffffff0 fffffffe ffffffce ffffff89 ffffff8a ffffff9f 03 6d 05 ffffffd2 56 ffffffed 66 59 ffffffd7 42 ffffff8a fffffffb 19 ffffffc7 0b 18 5b ffffffab ffffffdd ffffffa4 fffffffc ffffffb0 18 ffffffaa 3a ffffff8b 47 09 1c ffffffde ffffffa2 65 7f 4e ffffffc4 29 ffffffae 13 ffffffc2 fffffffb ffffffb8 ffffffee fffffffd 34 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 64 bytes at 0x564021e19f00 | unwrapped: 82 a0 03 80 06 37 a7 c5 93 c8 65 21 86 0b 0b d6 | unwrapped: 1f 11 93 80 f9 76 4e c6 bb 49 37 fc 0f 0b dd 83 | unwrapped: 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 7b f1 e3 e6 | unwrapped: 35 4f 19 fb cf a6 4f 83 35 0a 52 1a c7 9c 46 ce | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db700 | result: final-key@0x564021e06230 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e06230 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6e8 | result: final-key@0x7f5cc800eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e06230 | prf+N PRF sha final-key@0x7f5cc800eec0 (size 20) | prf+N: key-key@0x7f5cc800eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e1e110 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff864db778 | result: result-key@0x564021e06230 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021e1e110 | prfplus: release old_t[N]-key@0x564021df9ff0 | prf+N PRF sha init key-key@0x564021e04570 (size 20) | prf+N: key-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e04570 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6f8 | result: clone-key@0x564021df9ff0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x564021dfd2a0 from key-key@0x564021df9ff0 | prf+N prf: begin sha with context 0x564021dfd2a0 from key-key@0x564021df9ff0 | prf+N: release clone-key@0x564021df9ff0 | prf+N PRF sha crypt-prf@0x564021e17610 | prf+N PRF sha update old_t-key@0x7f5cc800eec0 (size 20) | prf+N: old_t-key@0x7f5cc800eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f5cc800eec0 | nss hmac digest hack: symkey-key@0x7f5cc800eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-2041728192: 56 43 6a 1d ffffffe9 ffffffb9 0f 54 ffffffc2 51 ffffffd2 33 68 ffffffeb ffffff86 4e 0e fffffff9 ffffffc9 ffffffe3 fffffff1 fffffff8 ffffff85 59 ffffffaa 5d fffffffb 76 ffffffe8 23 ffffffce 0e | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x564021e1e200 | unwrapped: 54 9a 4b 8c 5e d7 63 ea 6d 63 34 12 50 1a b5 ed | unwrapped: 71 0a a7 99 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f5cd0006900 (size 64) | prf+N: seed-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f5cd0006900 | nss hmac digest hack: symkey-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-2041728192: 3c 34 ffffffe6 00 2e fffffff3 ffffff93 ffffffaf ffffffb2 ffffffde 08 73 11 1a fffffff0 fffffffe ffffffce ffffff89 ffffff8a ffffff9f 03 6d 05 ffffffd2 56 ffffffed 66 59 ffffffd7 42 ffffff8a fffffffb 19 ffffffc7 0b 18 5b ffffffab ffffffdd ffffffa4 fffffffc ffffffb0 18 ffffffaa 3a ffffff8b 47 09 1c ffffffde ffffffa2 65 7f 4e ffffffc4 29 ffffffae 13 ffffffc2 fffffffb ffffffb8 ffffffee fffffffd 34 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 64 bytes at 0x564021e1fbe0 | unwrapped: 82 a0 03 80 06 37 a7 c5 93 c8 65 21 86 0b 0b d6 | unwrapped: 1f 11 93 80 f9 76 4e c6 bb 49 37 fc 0f 0b dd 83 | unwrapped: 3b 3c 35 32 0c 79 fc 2e 70 0c 29 67 7b f1 e3 e6 | unwrapped: 35 4f 19 fb cf a6 4f 83 35 0a 52 1a c7 9c 46 ce | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db700 | result: final-key@0x564021e1e110 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e1e110 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6e8 | result: final-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e1e110 | prf+N PRF sha final-key@0x564021df9ff0 (size 20) | prf+N: key-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e06230 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff864db778 | result: result-key@0x564021e1e110 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021e06230 | prfplus: release old_t[N]-key@0x7f5cc800eec0 | prfplus: release old_t[final]-key@0x564021df9ff0 | child_sa_keymat: release data-key@0x7f5cd0006900 | key-offset: 0, key-size: 44 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 44-bytes | base: base-key@0x564021e1e110 (100-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db858 | result: result-key@0x7f5cd0006900 (44-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 44 bytes of key@0x7f5cd0006900 | initiator to responder keys: symkey-key@0x7f5cd0006900 (44-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x564021dfdd40 (44-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)538982709: 54 ffffffc9 0a ffffffc9 59 ffffffa3 28 01 1e ffffffa1 1e ffffffcc 76 20 53 34 79 02 ffffffb8 ffffffa4 17 ffffffae 4b 02 22 ffffffae ffffff94 ffffffb1 7e ffffffbe 7c ffffffc5 fffffff7 66 ffffffd8 00 3a 0d fffffff1 0a 2c ffffff96 7c 0d 35 76 ffffffe6 67 | initiator to responder keys: release slot-key-key@0x564021dfdd40 | initiator to responder keys extracted len 48 bytes at 0x564021e1b3c0 | unwrapped: 85 f9 86 b4 3d ba 5a 88 6e cc 1e 46 98 e5 c6 93 | unwrapped: 9e a7 5e b4 37 b6 8e d1 50 64 00 f6 3a 65 ab eb | unwrapped: 86 43 7d 5a 2c 55 e1 10 f9 b3 94 bb 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x7f5cd0006900 | key-offset: 44, key-size: 44 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 44-bytes | base: base-key@0x564021e1e110 (100-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db858 | result: result-key@0x7f5cd0006900 (44-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 44 bytes of key@0x7f5cd0006900 | responder to initiator keys:: symkey-key@0x7f5cd0006900 (44-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x564021dfdd40 (44-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)538982709: ffffffe4 6b 16 2b fffffff9 57 ffffffe0 ffffff9a 19 3f 3e 61 ffffffc1 2b fffffff3 ffffffb0 56 43 6a 1d ffffffe9 ffffffb9 0f 54 ffffffc2 51 ffffffd2 33 68 ffffffeb ffffff86 4e ffffffdc fffffffd ffffffe4 78 ffffffcc 7a 40 ffffff93 6e 56 13 55 ffffffd2 ffffffe9 1e fffffff7 | responder to initiator keys:: release slot-key-key@0x564021dfdd40 | responder to initiator keys: extracted len 48 bytes at 0x564021e1b400 | unwrapped: af a0 94 35 a2 20 8a 27 60 76 22 21 fe 5e 93 93 | unwrapped: 54 9a 4b 8c 5e d7 63 ea 6d 63 34 12 50 1a b5 ed | unwrapped: 71 0a a7 99 32 1f 08 9e 64 76 ab 17 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x7f5cd0006900 | ikev2_derive_child_keys: release keymat-key@0x564021e1e110 | #19 spent 2.55 milliseconds | install_ipsec_sa() for #20: inbound and outbound | could_route called for 3des (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn 3des mark 0/00000000, 0/00000000 vs | conn 3des mark 0/00000000, 0/00000000 | route owner of "3des" unrouted: NULL; eroute owner: NULL | looking for alg with encrypt: 3DES_CBC keylen: 192 integ: HMAC_SHA1_96 | encrypt 3DES_CBC keylen=192 transid=3, key_size=24, encryptalg=3 | st->st_esp.keymat_len=44 is encrypt_keymat_size=24 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection '3des' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.f92283f4@192.1.2.23 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: 3DES_CBC keylen: 192 integ: HMAC_SHA1_96 | encrypt 3DES_CBC keylen=192 transid=3, key_size=24, encryptalg=3 | st->st_esp.keymat_len=44 is encrypt_keymat_size=24 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection '3des' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.e5852e50@192.1.2.45 included non-error error | priority calculation of connection "3des" is 0xfe7e7 | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #20: unrouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn 3des mark 0/00000000, 0/00000000 vs | conn 3des mark 0/00000000, 0/00000000 | route owner of "3des" unrouted: NULL; eroute owner: NULL | route_and_eroute with c: 3des (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #20 | priority calculation of connection "3des" is 0xfe7e7 | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16424' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xf92283f4 SPI_OUT=0x | popen cmd is 1023 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFA: | cmd( 80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' : | cmd( 160):PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_M: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1642: | cmd( 320):4' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_: | cmd( 400):CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK=': | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+: | cmd( 640):IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PL: | cmd( 720):UTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS: | cmd( 800):_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLU: | cmd( 880):TO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR: | cmd( 960):ED='no' SPI_IN=0xf92283f4 SPI_OUT=0xe5852e50 ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | running updown command "ipsec _updown" for verb prepare | command executing prepare-client | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16424' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xf92283f4 | popen cmd is 1028 chars long | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_IN: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@w: | cmd( 160):est' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLI: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: | cmd( 320):'16424' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_: | cmd( 400):PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_M: | cmd( 480):ASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='': | cmd( 560): PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PF: | cmd( 640):S+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANEN: | cmd( 720):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: | cmd( 800):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: | cmd( 880):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: | cmd( 960):_SHARED='no' SPI_IN=0xf92283f4 SPI_OUT=0xe5852e50 ipsec _updown 2>&1: | running updown command "ipsec _updown" for verb route | command executing route-client | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16424' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xf92283f4 SPI_ | popen cmd is 1026 chars long | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTE: | cmd( 80):RFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@wes: | cmd( 160):t' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIEN: | cmd( 240):T_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1: | cmd( 320):6424' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PE: | cmd( 400):ER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MAS: | cmd( 480):K='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' P: | cmd( 560):LUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+: | cmd( 640):UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT': | cmd( 720): PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_: | cmd( 800):DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' : | cmd( 880):PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S: | cmd( 960):HARED='no' SPI_IN=0xf92283f4 SPI_OUT=0xe5852e50 ipsec _updown 2>&1: | route_and_eroute: instance "3des", setting eroute_owner {spd=0x564021e15b10,sr=0x564021e15b10} to #20 (was #0) (newest_ipsec_sa=#0) | #19 spent 0.931 milliseconds in install_ipsec_sa() | inR2: instance 3des[0], setting IKEv2 newest_ipsec_sa to #20 (was #0) (spd.eroute=#20) cloned from #19 | state #20 requesting EVENT_RETRANSMIT to be deleted | #20 STATE_PARENT_I2: retransmits: cleared | libevent_free: release ptr-libevent@0x7f5cbc006560 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f5cc4001560 | #20 spent 3.11 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() | [RE]START processing: state #20 connection "3des" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #20 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I | child state #20: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) | Message ID: updating counters for #20 to 1 after switching state | Message ID: recv #19.#20 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 | Message ID: #19.#20 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 | pstats #20 ikev2.child established "3des" #20: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] | NAT-T: encaps is 'auto' "3des" #20: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xf92283f4 <0xe5852e50 xfrm=3DES_CBC-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | releasing whack for #20 (sock=fd@25) | close_any(fd@25) (in release_whack() at state.c:654) | releasing whack and unpending for parent #19 | unpending state #19 connection "3des" | delete from pending Child SA with 192.1.2.23 "3des" | removing pending policy for no connection {0x7f5cc8002d20} | close_any(fd@24) (in release_whack() at state.c:654) | #20 will start re-keying in 27846 seconds with margin of 954 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x7f5cc4001560 | inserting event EVENT_SA_REKEY, timeout in 27846 seconds for #20 | libevent_malloc: new ptr-libevent@0x7f5cbc006560 size 128 | stop processing: state #20 connection "3des" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #19 spent 3.61 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 3.62 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00424 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00266 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00274 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | get_sa_info esp.e5852e50@192.1.2.45 | get_sa_info esp.f92283f4@192.1.2.23 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0782 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in terminate_a_connection() at terminate.c:69) "3des": terminating SAs using this connection | connection '3des' -POLICY_UP | FOR_EACH_STATE_... in shared_phase1_connection | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #20 | suspend processing: connection "3des" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #20 connection "3des" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #20 ikev2.child deleted completed | #20 spent 3.11 milliseconds in total | [RE]START processing: state #20 connection "3des" from 192.1.2.23:500 (in delete_state() at state.c:879) "3des" #20: deleting state (STATE_V2_IPSEC_I) aged 0.677s and sending notification | child state #20: V2_IPSEC_I(established CHILD SA) => delete | get_sa_info esp.f92283f4@192.1.2.23 | get_sa_info esp.e5852e50@192.1.2.45 "3des" #20: ESP traffic information: in=84B out=84B | #20 send IKEv2 delete notification for STATE_V2_IPSEC_I | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | 77 b7 16 f5 93 c2 45 01 | responder cookie: | 4d 0c 58 38 db f7 da 56 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting 4 raw bytes of local spis into IKEv2 Delete Payload | local spis e5 85 2e 50 | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 40 | emitting length of ISAKMP Message: 68 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | bb 9e 19 6b ad 07 f7 2e | data before encryption: | 00 00 00 0c 03 04 00 01 e5 85 2e 50 00 01 02 03 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | 73 8f 29 86 9c 6f 2e 95 1d ed 87 c1 6a 12 2c 0c | hmac PRF sha init symkey-key@0x564021e07b90 (size 20) | hmac: symkey-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864d8698 | result: clone-key@0x564021e1e110 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564021dfd2a0 from symkey-key@0x564021e1e110 | hmac prf: begin sha with context 0x564021dfd2a0 from symkey-key@0x564021e1e110 | hmac: release clone-key@0x564021e1e110 | hmac PRF sha crypt-prf@0x564021e1e1a0 | hmac PRF sha update data-bytes@0x7fff864d8a70 (length 56) | 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | bb 9e 19 6b ad 07 f7 2e 73 8f 29 86 9c 6f 2e 95 | 1d ed 87 c1 6a 12 2c 0c | hmac PRF sha final-bytes@0x7fff864d8aa8 (length 20) | 6e fc 92 f3 b5 7a 75 8f ca 22 eb 66 00 0a a5 84 | 1a 4b af fd | data being hmac: 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | data being hmac: 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | data being hmac: bb 9e 19 6b ad 07 f7 2e 73 8f 29 86 9c 6f 2e 95 | data being hmac: 1d ed 87 c1 6a 12 2c 0c | out calculated auth: | 6e fc 92 f3 b5 7a 75 8f ca 22 eb 66 | sending 68 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #20) | 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | bb 9e 19 6b ad 07 f7 2e 73 8f 29 86 9c 6f 2e 95 | 1d ed 87 c1 6a 12 2c 0c 6e fc 92 f3 b5 7a 75 8f | ca 22 eb 66 | Message ID: IKE #19 sender #20 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 | Message ID: IKE #19 sender #20 in send_delete hacking around record ' send | Message ID: sent #19 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->2 wip.responder=-1 | state #20 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7f5cbc006560 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f5cc4001560 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16424' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050313' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xf92283f4 | popen cmd is 1031 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west: | cmd( 160):' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):424' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='1569050313' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUN: | cmd( 640):NEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMA: | cmd( 720):NENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_: | cmd( 800):PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER: | cmd( 880):='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' : | cmd( 960):VTI_SHARED='no' SPI_IN=0xf92283f4 SPI_OUT=0xe5852e50 ipsec _updown 2>&1: | shunt_eroute() called for connection '3des' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 | priority calculation of connection "3des" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.f92283f4@192.1.2.23 | netlink response for Del SA esp.f92283f4@192.1.2.23 included non-error error | priority calculation of connection "3des" is 0xfe7e7 | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | delete esp.e5852e50@192.1.2.45 | netlink response for Del SA esp.e5852e50@192.1.2.45 included non-error error | stop processing: connection "3des" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection 3des | State DB: deleting IKEv2 state #20 in V2_IPSEC_I | child state #20: V2_IPSEC_I(established CHILD SA) => UNDEFINED(ignore) | stop processing: state #20 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x564021e04570 | delete_state: release st->st_skey_ai_nss-key@0x564021e07b90 | delete_state: release st->st_skey_ar_nss-key@0x564021e01140 | delete_state: release st->st_skey_ei_nss-key@0x564021dfb870 | delete_state: release st->st_skey_er_nss-key@0x564021e19e70 | delete_state: release st->st_skey_pi_nss-key@0x7f5cc80069f0 | delete_state: release st->st_skey_pr_nss-key@0x7f5cc800d640 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #19 | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #19 | start processing: state #19 connection "3des" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #19 ikev2.ike deleted completed | #19 spent 10.1 milliseconds in total | [RE]START processing: state #19 connection "3des" from 192.1.2.23:500 (in delete_state() at state.c:879) "3des" #19: deleting state (STATE_PARENT_I3) aged 0.731s and sending notification | parent state #19: PARENT_I3(established IKE SA) => delete | #19 send IKEv2 delete notification for STATE_PARENT_I3 | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | 77 b7 16 f5 93 c2 45 01 | responder cookie: | 4d 0c 58 38 db f7 da 56 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting length of IKEv2 Delete Payload: 8 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 40 | emitting length of ISAKMP Message: 68 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 93 f0 74 5e 13 64 17 50 | data before encryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | 9b 7c c8 6a fc 0d cd b9 de 22 46 9a c1 c9 66 b6 | hmac PRF sha init symkey-key@0x564021e07b90 (size 20) | hmac: symkey-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864d8698 | result: clone-key@0x564021e1e110 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564021dfd2a0 from symkey-key@0x564021e1e110 | hmac prf: begin sha with context 0x564021dfd2a0 from symkey-key@0x564021e1e110 | hmac: release clone-key@0x564021e1e110 | hmac PRF sha crypt-prf@0x564021e1e1c0 | hmac PRF sha update data-bytes@0x7fff864d8a70 (length 56) | 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | 93 f0 74 5e 13 64 17 50 9b 7c c8 6a fc 0d cd b9 | de 22 46 9a c1 c9 66 b6 | hmac PRF sha final-bytes@0x7fff864d8aa8 (length 20) | ff 81 e6 49 c7 a4 e7 cd 42 2e a4 b3 d7 b4 3d a6 | 29 7b 44 b4 | data being hmac: 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | data being hmac: 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | data being hmac: 93 f0 74 5e 13 64 17 50 9b 7c c8 6a fc 0d cd b9 | data being hmac: de 22 46 9a c1 c9 66 b6 | out calculated auth: | ff 81 e6 49 c7 a4 e7 cd 42 2e a4 b3 | sending 68 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #19) | 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | 93 f0 74 5e 13 64 17 50 9b 7c c8 6a fc 0d cd b9 | de 22 46 9a c1 c9 66 b6 ff 81 e6 49 c7 a4 e7 cd | 42 2e a4 b3 | Message ID: IKE #19 sender #19 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 | Message ID: IKE #19 sender #19 in send_delete hacking around record ' send | Message ID: #19 XXX: expecting sender.wip.initiator 2 == -1 - suspect record'n'send out-of-order?); initiator.sent=3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=3 wip.responder=-1 | Message ID: sent #19 request 3; ike: initiator.sent=2->3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=2->3 wip.responder=-1 | state #19 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7f5cc40016a0 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f5cc0001560 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection 3des | State DB: deleting IKEv2 state #19 in PARENT_I3 | parent state #19: PARENT_I3(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f5cc4002a80: destroyed | stop processing: state #19 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x7f5cc800a510 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x564021e04570 | delete_state: release st->st_skey_ai_nss-key@0x564021e07b90 | delete_state: release st->st_skey_ar_nss-key@0x564021e01140 | delete_state: release st->st_skey_ei_nss-key@0x564021dfb870 | delete_state: release st->st_skey_er_nss-key@0x564021e19e70 | delete_state: release st->st_skey_pi_nss-key@0x7f5cc80069f0 | delete_state: release st->st_skey_pr_nss-key@0x7f5cc800d640 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.23 milliseconds in whack | spent 0.00153 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 68 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | 2e 20 25 20 00 00 00 02 00 00 00 44 2a 00 00 28 | 89 79 e9 32 91 4e e9 10 19 a1 f0 bf 18 23 88 b1 | bd d5 48 35 ef 7a 75 08 96 c1 22 a0 c7 99 18 6f | fa fb 0e 27 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 77 b7 16 f5 93 c2 45 01 | responder cookie: | 4d 0c 58 38 db f7 da 56 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | length: 68 (0x44) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0604 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00424 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00209 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 60 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 77 b7 16 f5 93 c2 45 01 4d 0c 58 38 db f7 da 56 | 2e 20 25 20 00 00 00 03 00 00 00 3c 00 00 00 20 | e0 4a 58 68 84 78 25 ba 75 e9 97 f6 10 26 17 bd | a9 19 6b e8 a3 ab 57 67 c3 3b 16 e3 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 77 b7 16 f5 93 c2 45 01 | responder cookie: | 4d 0c 58 38 db f7 da 56 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | length: 60 (0x3c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0617 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in terminate_a_connection() at terminate.c:69) "3des": terminating SAs using this connection | connection '3des' -POLICY_UP | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | stop processing: connection "3des" (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | shunt_eroute() called for connection '3des' to 'delete' for rt_kind 'unrouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 | priority calculation of connection "3des" is 0xfe7e7 | priority calculation of connection "3des" is 0xfe7e7 | FOR_EACH_CONNECTION_... in route_owner | conn 3des mark 0/00000000, 0/00000000 vs | conn 3des mark 0/00000000, 0/00000000 | route owner of "3des" unrouted: NULL | running updown command "ipsec _updown" for verb unroute | command executing unroute-client | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16424' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0 | popen cmd is 1012 chars long | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_IN: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@w: | cmd( 160):est' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLI: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: | cmd( 320):'16424' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO: | cmd( 400):_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_: | cmd( 480):MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=': | cmd( 560):' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+P: | cmd( 640):FS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT': | cmd( 720): PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_: | cmd( 800):DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' : | cmd( 880):PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S: | cmd( 960):HARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. | free hp@0x564021de15d0 | flush revival: connection '3des' wasn't on the list | stop processing: connection "3des" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.941 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00497 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing suppress-retransmits + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0574 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + delete-on-retransmit | base impairing = delete-on-retransmit | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0448 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | ike-key-length-attribute:0 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.047 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection 3des with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: 3DES_CBC-HMAC_SHA1-MODP2048 | from whack: got --esp=3des-sha1;modp2048 | ESP/AH string values: 3DES_CBC-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x564021e17eb0 added connection description "3des" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.121 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in initiate_a_connection() at initiate.c:186) | connection '3des' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #21 at 0x564021e16060 | State DB: adding IKEv2 state #21 in UNDEFINED | pstats #21 ikev2.ike started | Message ID: init #21: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #21: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #21; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "3des" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #21 connection "3des" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "3des" IKE SA #21 "3des" "3des" #21: initiating v2 parent SA | constructing local IKE proposals for 3des (IKE SA initiator selecting KE) | converting ike_info 3DES_CBC-HMAC_SHA1-MODP2048 to ikev2 ... | omitting IKEv2 PROTO_v2_IKE 3des_cbc ENCRYPT transform key-length | ... ikev2_proposal: 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "3des": constructed local IKE proposals for 3des (IKE SA initiator selecting KE): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 21 for state #21 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564021e16cc0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #21 | libevent_malloc: new ptr-libevent@0x7f5cbc006560 size 128 | #21 spent 0.126 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 0 resuming | crypto helper 0 starting work-order 21 for state #21 | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 21 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f5cbc0010c0: created | NSS: Local DH MODP2048 secret (pointer): 0x7f5cbc0010c0 | NSS: Public DH wire value: | 16 47 44 cb 23 ac 7c 65 06 4b 4a c9 bd c6 bc 54 | 43 1e 85 ad 0f 33 4b 94 3f 1e f2 8f 68 d6 56 5a | 49 f4 3a a1 f8 74 ec 94 e4 7b a8 6c 90 bf 70 50 | 1c e6 c8 4b f7 d1 96 bf c8 67 72 85 29 4b ce 00 | 50 57 9e 4e 3e bb 02 95 71 63 0f 88 cb 85 a7 22 | df 4d 00 28 a9 96 53 a1 1f 6d 75 24 2c 7b 50 1c | 67 a6 1a 75 fe cd be 5d e0 e4 39 c5 f8 3f a6 71 | 23 2b b7 b5 e1 c1 a8 40 6e b4 71 5f 0d 01 79 32 | dd ea 68 e1 9d ae df bc 15 60 33 2d aa b7 13 84 | c3 7e 03 9e 91 46 85 8d c5 e8 c8 e2 66 0a 97 3d | 4b e4 80 77 fe 13 fc 56 07 dd f8 12 d6 fd 3b 5f | 27 ed db 2d 82 aa ef 2e 72 be d7 ae 9f 45 a0 ae | 1e 55 87 bb 90 27 84 19 36 fd 51 29 d4 c4 74 7c | f0 13 d1 b7 d2 2f 87 8c ab 3c 5f 29 4d cb 9b 2d | ab 89 58 28 a2 ab 25 6f 2c 87 95 ed 34 4a 51 d3 | d7 6b 23 98 2d 9f e5 93 06 cc 6c 95 01 55 49 31 | Generated nonce: 11 fb d8 80 92 48 63 a3 19 68 72 2b 24 e9 26 b7 | Generated nonce: 50 59 d5 5d 84 72 9d 73 fb bb 93 fc 39 17 f0 df | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 21 time elapsed 0.001013 seconds | (#21) spent 1.01 milliseconds in crypto helper computing work-order 21: ikev2_outI1 KE (pcr) | crypto helper 0 sending results from work-order 21 for state #21 to event queue | scheduling resume sending helper answer for #21 | libevent_malloc: new ptr-libevent@0x7f5cbc008840 size 128 | crypto helper 0 waiting (nothing to do) | RESET processing: state #21 connection "3des" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "3des" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.204 milliseconds in whack | processing resume sending helper answer for #21 | start processing: state #21 connection "3des" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 21 | calling continuation function 0x564020443630 | ikev2_parent_outI1_continue for #21 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f5cbc0010c0: transferring ownership from helper KE to state #21 | **emit ISAKMP Message: | initiator cookie: | a5 70 a7 02 5a 87 dd 89 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection 3des (IKE SA initiator emitting local proposals): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "3des" #21: IMPAIR: emitting fixed-length key-length attribute with 0 key | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 0 (0x0) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 16 47 44 cb 23 ac 7c 65 06 4b 4a c9 bd c6 bc 54 | ikev2 g^x 43 1e 85 ad 0f 33 4b 94 3f 1e f2 8f 68 d6 56 5a | ikev2 g^x 49 f4 3a a1 f8 74 ec 94 e4 7b a8 6c 90 bf 70 50 | ikev2 g^x 1c e6 c8 4b f7 d1 96 bf c8 67 72 85 29 4b ce 00 | ikev2 g^x 50 57 9e 4e 3e bb 02 95 71 63 0f 88 cb 85 a7 22 | ikev2 g^x df 4d 00 28 a9 96 53 a1 1f 6d 75 24 2c 7b 50 1c | ikev2 g^x 67 a6 1a 75 fe cd be 5d e0 e4 39 c5 f8 3f a6 71 | ikev2 g^x 23 2b b7 b5 e1 c1 a8 40 6e b4 71 5f 0d 01 79 32 | ikev2 g^x dd ea 68 e1 9d ae df bc 15 60 33 2d aa b7 13 84 | ikev2 g^x c3 7e 03 9e 91 46 85 8d c5 e8 c8 e2 66 0a 97 3d | ikev2 g^x 4b e4 80 77 fe 13 fc 56 07 dd f8 12 d6 fd 3b 5f | ikev2 g^x 27 ed db 2d 82 aa ef 2e 72 be d7 ae 9f 45 a0 ae | ikev2 g^x 1e 55 87 bb 90 27 84 19 36 fd 51 29 d4 c4 74 7c | ikev2 g^x f0 13 d1 b7 d2 2f 87 8c ab 3c 5f 29 4d cb 9b 2d | ikev2 g^x ab 89 58 28 a2 ab 25 6f 2c 87 95 ed 34 4a 51 d3 | ikev2 g^x d7 6b 23 98 2d 9f e5 93 06 cc 6c 95 01 55 49 31 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 11 fb d8 80 92 48 63 a3 19 68 72 2b 24 e9 26 b7 | IKEv2 nonce 50 59 d5 5d 84 72 9d 73 fb bb 93 fc 39 17 f0 df | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864dbf00 (length 8) | a5 70 a7 02 5a 87 dd 89 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864dbf08 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff864dbe34 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff864dbe26 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864dbeb0 (length 20) | 21 08 d2 37 60 ad cd 6a 13 51 70 04 1f 54 ea c5 | b8 8a bf 60 | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= a5 70 a7 02 5a 87 dd 89 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 21 08 d2 37 60 ad cd 6a 13 51 70 04 1f 54 ea c5 | natd_hash: hash= b8 8a bf 60 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 21 08 d2 37 60 ad cd 6a 13 51 70 04 1f 54 ea c5 | Notify data b8 8a bf 60 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864dbf00 (length 8) | a5 70 a7 02 5a 87 dd 89 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864dbf08 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff864dbe34 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff864dbe26 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864dbeb0 (length 20) | b3 ec 68 c9 16 91 3f b1 ae 3f 86 cd 46 0d 2d 2e | a7 74 68 b3 | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= a5 70 a7 02 5a 87 dd 89 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= b3 ec 68 c9 16 91 3f b1 ae 3f 86 cd 46 0d 2d 2e | natd_hash: hash= a7 74 68 b3 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data b3 ec 68 c9 16 91 3f b1 ae 3f 86 cd 46 0d 2d 2e | Notify data a7 74 68 b3 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #21 connection "3des" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #21 connection "3des" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #21 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #21: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #21 to 4294967295 after switching state | Message ID: IKE #21 skipping update_recv as MD is fake | Message ID: sent #21 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "3des" #21: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #21) | a5 70 a7 02 5a 87 dd 89 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 16 47 44 cb 23 ac 7c 65 06 4b 4a c9 | bd c6 bc 54 43 1e 85 ad 0f 33 4b 94 3f 1e f2 8f | 68 d6 56 5a 49 f4 3a a1 f8 74 ec 94 e4 7b a8 6c | 90 bf 70 50 1c e6 c8 4b f7 d1 96 bf c8 67 72 85 | 29 4b ce 00 50 57 9e 4e 3e bb 02 95 71 63 0f 88 | cb 85 a7 22 df 4d 00 28 a9 96 53 a1 1f 6d 75 24 | 2c 7b 50 1c 67 a6 1a 75 fe cd be 5d e0 e4 39 c5 | f8 3f a6 71 23 2b b7 b5 e1 c1 a8 40 6e b4 71 5f | 0d 01 79 32 dd ea 68 e1 9d ae df bc 15 60 33 2d | aa b7 13 84 c3 7e 03 9e 91 46 85 8d c5 e8 c8 e2 | 66 0a 97 3d 4b e4 80 77 fe 13 fc 56 07 dd f8 12 | d6 fd 3b 5f 27 ed db 2d 82 aa ef 2e 72 be d7 ae | 9f 45 a0 ae 1e 55 87 bb 90 27 84 19 36 fd 51 29 | d4 c4 74 7c f0 13 d1 b7 d2 2f 87 8c ab 3c 5f 29 | 4d cb 9b 2d ab 89 58 28 a2 ab 25 6f 2c 87 95 ed | 34 4a 51 d3 d7 6b 23 98 2d 9f e5 93 06 cc 6c 95 | 01 55 49 31 29 00 00 24 11 fb d8 80 92 48 63 a3 | 19 68 72 2b 24 e9 26 b7 50 59 d5 5d 84 72 9d 73 | fb bb 93 fc 39 17 f0 df 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 21 08 d2 37 60 ad cd 6a | 13 51 70 04 1f 54 ea c5 b8 8a bf 60 00 00 00 1c | 00 00 40 05 b3 ec 68 c9 16 91 3f b1 ae 3f 86 cd | 46 0d 2d 2e a7 74 68 b3 | state #21 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f5cbc006560 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564021e16cc0 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x564021e16cc0 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #21 | libevent_malloc: new ptr-libevent@0x7f5cbc006560 size 128 | #21 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48961.28342 | resume sending helper answer for #21 suppresed complete_v2_state_transition() and stole MD | #21 spent 0.494 milliseconds in resume sending helper answer | stop processing: state #21 connection "3des" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5cbc008840 | spent 0.00287 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 436 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | 7c 89 07 e2 3f c6 b7 6d 85 15 65 a9 b4 5a c8 b5 | 33 2f 56 da b5 44 08 02 af c2 86 cc 6a 7f 6c 7d | 22 55 be 0f a2 42 25 92 26 e7 45 60 66 c0 e9 ec | ec 61 84 76 c7 8b 35 44 86 e0 50 38 50 72 05 c8 | ea f9 cf 29 49 54 61 2f 6e 15 a4 8a db 58 16 01 | 39 fd 0a f3 59 68 a5 79 0d 5e 0e 9f f6 c0 44 46 | 0a 20 f0 2e c7 89 03 8e 22 f1 46 87 33 b6 40 f7 | 45 94 73 9c 4f 8e e1 95 cb 5a c7 1f 7a 25 06 9e | d9 a9 ae fb 71 8e 8c 0d db 00 e7 5e ce e3 5f 7a | b5 db 5a 45 ff 36 96 7b dd a1 4d 39 24 c2 3b 8d | f3 e1 cf 1c ab f1 9b 84 59 b2 41 68 3e 7c e6 81 | f4 fb f4 69 e2 c8 79 72 99 7c 18 3b b2 0e 56 44 | 9f 76 7b 31 7c d0 50 e6 33 68 68 f7 d5 ae 72 aa | f8 ac 1f 3f 3f 9a 3c ec 2b 0b 9f f7 de b1 e0 1c | 51 4b d4 5a b9 70 2d f8 d3 9d 06 db 99 a5 11 67 | 43 11 37 2c 25 23 05 19 7a 87 05 3d 7d 65 6e eb | 29 00 00 24 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 | 7f 84 c9 ef 77 12 15 95 94 21 1e 67 2d e6 61 7b | 58 a5 6f b2 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 16 34 12 ff be de 72 95 e6 a6 e8 e6 | 79 f3 76 0c 21 d7 96 91 00 00 00 1c 00 00 40 05 | 59 1f b9 7f 5a 69 25 9a 86 19 93 92 e7 4d b5 f2 | e1 c3 80 7d | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | a5 70 a7 02 5a 87 dd 89 | responder cookie: | 61 87 c1 53 46 1c 40 b4 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 436 (0x1b4) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #21 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #21 connection "3des" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #21 connection "3des" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #21 is idle | #21 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | State DB: re-hashing IKEv2 state #21 IKE SPIi and SPI[ir] | #21 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | DH public value received: | 7c 89 07 e2 3f c6 b7 6d 85 15 65 a9 b4 5a c8 b5 | 33 2f 56 da b5 44 08 02 af c2 86 cc 6a 7f 6c 7d | 22 55 be 0f a2 42 25 92 26 e7 45 60 66 c0 e9 ec | ec 61 84 76 c7 8b 35 44 86 e0 50 38 50 72 05 c8 | ea f9 cf 29 49 54 61 2f 6e 15 a4 8a db 58 16 01 | 39 fd 0a f3 59 68 a5 79 0d 5e 0e 9f f6 c0 44 46 | 0a 20 f0 2e c7 89 03 8e 22 f1 46 87 33 b6 40 f7 | 45 94 73 9c 4f 8e e1 95 cb 5a c7 1f 7a 25 06 9e | d9 a9 ae fb 71 8e 8c 0d db 00 e7 5e ce e3 5f 7a | b5 db 5a 45 ff 36 96 7b dd a1 4d 39 24 c2 3b 8d | f3 e1 cf 1c ab f1 9b 84 59 b2 41 68 3e 7c e6 81 | f4 fb f4 69 e2 c8 79 72 99 7c 18 3b b2 0e 56 44 | 9f 76 7b 31 7c d0 50 e6 33 68 68 f7 d5 ae 72 aa | f8 ac 1f 3f 3f 9a 3c ec 2b 0b 9f f7 de b1 e0 1c | 51 4b d4 5a b9 70 2d f8 d3 9d 06 db 99 a5 11 67 | 43 11 37 2c 25 23 05 19 7a 87 05 3d 7d 65 6e eb | using existing local IKE proposals for connection 3des (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE initiator (accepting) 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | remote proposal 1 transform 0 (ENCR=3DES) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: 3DES=3, found 3DES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864db9c0 (length 8) | a5 70 a7 02 5a 87 dd 89 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864db9c8 (length 8) | 61 87 c1 53 46 1c 40 b4 | NATD hash sha digest IP addr-bytes@0x7fff864db954 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff864db946 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864db9d0 (length 20) | 59 1f b9 7f 5a 69 25 9a 86 19 93 92 e7 4d b5 f2 | e1 c3 80 7d | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= a5 70 a7 02 5a 87 dd 89 | natd_hash: rcookie= 61 87 c1 53 46 1c 40 b4 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 59 1f b9 7f 5a 69 25 9a 86 19 93 92 e7 4d b5 f2 | natd_hash: hash= e1 c3 80 7d | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864db9c0 (length 8) | a5 70 a7 02 5a 87 dd 89 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864db9c8 (length 8) | 61 87 c1 53 46 1c 40 b4 | NATD hash sha digest IP addr-bytes@0x7fff864db954 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff864db946 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864db9f0 (length 20) | 16 34 12 ff be de 72 95 e6 a6 e8 e6 79 f3 76 0c | 21 d7 96 91 | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= a5 70 a7 02 5a 87 dd 89 | natd_hash: rcookie= 61 87 c1 53 46 1c 40 b4 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 16 34 12 ff be de 72 95 e6 a6 e8 e6 79 f3 76 0c | natd_hash: hash= 21 d7 96 91 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=3DES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f5cbc0010c0: transferring ownership from state #21 to helper IKEv2 DH | adding ikev2_inR1outI2 KE work-order 22 for state #21 | state #21 requesting EVENT_RETRANSMIT to be deleted | #21 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x7f5cbc006560 | free_event_entry: release EVENT_RETRANSMIT-pe@0x564021e16cc0 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564021e16cc0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #21 | libevent_malloc: new ptr-libevent@0x7f5cbc008840 size 128 | #21 spent 0.276 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | [RE]START processing: state #21 connection "3des" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #21 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #21 and saving MD | #21 is busy; has a suspended MD | [RE]START processing: state #21 connection "3des" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) | "3des" #21 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #21 connection "3des" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #21 spent 0.505 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.517 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 2 resuming | crypto helper 2 starting work-order 22 for state #21 | crypto helper 2 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 22 | peer's g: 7c 89 07 e2 3f c6 b7 6d 85 15 65 a9 b4 5a c8 b5 | peer's g: 33 2f 56 da b5 44 08 02 af c2 86 cc 6a 7f 6c 7d | peer's g: 22 55 be 0f a2 42 25 92 26 e7 45 60 66 c0 e9 ec | peer's g: ec 61 84 76 c7 8b 35 44 86 e0 50 38 50 72 05 c8 | peer's g: ea f9 cf 29 49 54 61 2f 6e 15 a4 8a db 58 16 01 | peer's g: 39 fd 0a f3 59 68 a5 79 0d 5e 0e 9f f6 c0 44 46 | peer's g: 0a 20 f0 2e c7 89 03 8e 22 f1 46 87 33 b6 40 f7 | peer's g: 45 94 73 9c 4f 8e e1 95 cb 5a c7 1f 7a 25 06 9e | peer's g: d9 a9 ae fb 71 8e 8c 0d db 00 e7 5e ce e3 5f 7a | peer's g: b5 db 5a 45 ff 36 96 7b dd a1 4d 39 24 c2 3b 8d | peer's g: f3 e1 cf 1c ab f1 9b 84 59 b2 41 68 3e 7c e6 81 | peer's g: f4 fb f4 69 e2 c8 79 72 99 7c 18 3b b2 0e 56 44 | peer's g: 9f 76 7b 31 7c d0 50 e6 33 68 68 f7 d5 ae 72 aa | peer's g: f8 ac 1f 3f 3f 9a 3c ec 2b 0b 9f f7 de b1 e0 1c | peer's g: 51 4b d4 5a b9 70 2d f8 d3 9d 06 db 99 a5 11 67 | peer's g: 43 11 37 2c 25 23 05 19 7a 87 05 3d 7d 65 6e eb | Started DH shared-secret computation in NSS: | new : g_ir-key@0x7f5cc800d640 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f5cbc0010c0: computed shared DH secret key@0x7f5cc800d640 | dh-shared : g^ir-key@0x7f5cc800d640 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=24 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f5cd00065a0 (length 64) | 11 fb d8 80 92 48 63 a3 19 68 72 2b 24 e9 26 b7 | 50 59 d5 5d 84 72 9d 73 fb bb 93 fc 39 17 f0 df | 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 7f 84 c9 ef | 77 12 15 95 94 21 1e 67 2d e6 61 7b 58 a5 6f b2 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd70e6670 | result: Ni | Nr-key@0x564021e19e70 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x564021e19e70 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6658 | result: Ni | Nr-key@0x7f5cc80069f0 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x564021e19e70 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f5cd0003aa0 from Ni | Nr-key@0x7f5cc80069f0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f5cd0003aa0 from Ni | Nr-key@0x7f5cc80069f0 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x7f5cc80069f0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f5cd0001900 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x7f5cc800d640 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x7f5cc800d640 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x7f5cc800d640 | nss hmac digest hack: symkey-key@0x7f5cc800d640 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)-686923056: ffffffd6 ffffffb0 fffffff5 ffffff97 2f ffffffed ffffffea ffffff8f ffffffdb 20 16 ffffffbb ffffffe5 1e ffffffbe 4f 5e 37 ffffffbb ffffffd8 ffffffde ffffffa2 25 ffffffa8 7c 4f ffffffa7 fffffffe ffffffdc 7e 6b ffffffce 5c ffffffc8 ffffff9c 35 ffffff82 ffffff90 ffffffe6 5b 5f 35 7b 46 ffffffb3 5c ffffffbe ffffffc8 ffffff94 49 ffffff8e ffffffec ffffffd9 fffffff5 5c 3d ffffffa1 ffffffbe fffffffb ffffffb4 15 2a ffffff92 ffffff8d 49 ffffffb0 6f 2d fffffff8 65 51 ffffffa5 ffffff9b ffffffb6 ffffff9c 09 ffffff99 54 ffffff82 29 fffffff4 16 ffffffee 63 ffffffbb 43 73 7d ffffff8d ffffffe8 25 53 73 ffffffcc ffffffd4 60 33 ffffffb5 1b ffffffb8 ffffffa6 22 71 09 ffffffb9 2d 33 4e 24 04 2a 57 ffffffaa ffffffd8 10 ffffff8e ffffffd2 60 ffffffe7 ffffffe0 fffffff8 ffffff9e ffffff8d 1e 10 1e ffffffef ffffffc1 ffffffad ffffff96 fffffffa 0f 06 0f ffffffa4 05 fffffff5 ffffff8a ffffffac ffffffca 03 ffffff94 1d 34 2a ffffffd5 fffffff4 ffffffe8 ffffffbe ffffffc | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 256 bytes at 0x7f5cd0006cd0 | unwrapped: dc 8a 95 4b f5 b6 13 df 30 b9 14 16 03 f6 46 f1 | unwrapped: 91 78 49 d3 da 74 70 25 00 2b 8d b7 23 a9 c1 a1 | unwrapped: 7c cc f7 a0 33 8e 4b 71 4f 77 de 7c af 60 a1 51 | unwrapped: 8a 75 dd b4 27 61 40 3f 9a 0a c9 8a 52 fd 65 e4 | unwrapped: 2c d2 bd 94 1c 40 0e 88 ba 23 45 9f 61 f0 cb 25 | unwrapped: ab cd 8d f0 e6 0c 12 27 0e 9d fb a9 50 e0 4a 60 | unwrapped: 33 3a 36 d8 37 ac 33 f1 61 e9 bd 5d 83 fe 4a aa | unwrapped: d8 33 4b 1a 6d 4e 36 aa a8 ea 9e dd 5c 3b 23 52 | unwrapped: f8 82 68 6a 1a eb d1 08 e5 54 a4 ab 19 b1 59 2d | unwrapped: 44 ad 48 64 98 30 6c b4 b6 00 71 b1 2f ae 92 9f | unwrapped: d2 7b c8 8f b1 5a 51 15 bc 71 e4 0f 02 0b 8a a9 | unwrapped: 23 ef 1a 2f b0 7b 47 c2 c4 a4 68 fa 29 6f fd 0f | unwrapped: d4 bb 6a c6 76 0b 87 e1 b5 e5 a1 dd b9 4d 26 42 | unwrapped: a8 92 ba 53 8a 98 05 0b ea e4 0a 6e 47 63 16 c6 | unwrapped: cc af 7d 51 f9 0f 00 ff aa 07 9f 5f d7 99 8c 2d | unwrapped: f9 86 ff fd b4 97 bd 55 07 42 3b d5 84 ab 27 a5 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd70e6690 | result: final-key@0x564021e19e70 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e19e70 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6678 | result: final-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e19e70 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x7f5cc80069f0 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd70e6600 | result: data=Ni-key@0x564021dfb870 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x564021dfb870 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e65e8 | result: data=Ni-key@0x564021e19e70 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x564021dfb870 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e19e70 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f5cd70e65f0 | result: data+=Nr-key@0x564021dfb870 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564021e19e70 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021dfb870 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f5cd70e65f0 | result: data+=SPIi-key@0x564021e19e70 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564021dfb870 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e19e70 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f5cd70e65f0 | result: data+=SPIr-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564021e19e70 | prf+0 PRF sha init key-key@0x7f5cc80069f0 (size 20) | prf+0: key-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6518 | result: clone-key@0x564021e19e70 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f5cd0003aa0 from key-key@0x564021e19e70 | prf+0 prf: begin sha with context 0x7f5cd0003aa0 from key-key@0x564021e19e70 | prf+0: release clone-key@0x564021e19e70 | prf+0 PRF sha crypt-prf@0x7f5cd0003980 | prf+0 PRF sha update seed-key@0x564021dfb870 (size 80) | prf+0: seed-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021dfb870 | nss hmac digest hack: symkey-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-686923424: 5f ffffffb6 4a 6f ffffffbd ffffffc4 ffffffb3 5a ffffffe2 2e ffffffdc 1e ffffffb8 6f ffffffd8 03 12 79 49 fffffff8 08 35 ffffffda 5a 6c 67 14 42 ffffffc0 7e ffffff99 52 0c ffffffb2 09 74 6e 6b ffffffcc 19 39 69 69 16 03 ffffffec 44 73 ffffff99 40 57 4b ffffffd1 25 ffffffd4 ffffffeb fffffffd ffffff96 ffffffbf 3a ffffffa0 74 ffffff8d fffffff1 73 ffffff98 ffffff82 ffffffe4 ffffffa5 ffffffc0 ffffffa0 6f fffffff6 39 ffffffb7 ffffffad ffffffb6 04 00 67 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cd00017c0 | unwrapped: 11 fb d8 80 92 48 63 a3 19 68 72 2b 24 e9 26 b7 | unwrapped: 50 59 d5 5d 84 72 9d 73 fb bb 93 fc 39 17 f0 df | unwrapped: 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 7f 84 c9 ef | unwrapped: 77 12 15 95 94 21 1e 67 2d e6 61 7b 58 a5 6f b2 | unwrapped: a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd70e6520 | result: final-key@0x564021e01140 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e01140 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6508 | result: final-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e01140 | prf+0 PRF sha final-key@0x564021e19e70 (size 20) | prf+0: key-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x564021e19e70 | prf+N PRF sha init key-key@0x7f5cc80069f0 (size 20) | prf+N: key-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6518 | result: clone-key@0x564021e01140 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5cd0003aa0 from key-key@0x564021e01140 | prf+N prf: begin sha with context 0x7f5cd0003aa0 from key-key@0x564021e01140 | prf+N: release clone-key@0x564021e01140 | prf+N PRF sha crypt-prf@0x7f5cd00010c0 | prf+N PRF sha update old_t-key@0x564021e19e70 (size 20) | prf+N: old_t-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021e19e70 | nss hmac digest hack: symkey-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-686923424: 5e ffffff9b 64 ffffffeb ffffffbd 0a 36 2d ffffffce ffffff8d 4a ffffffb6 ffffff9d 5c 0d ffffffe4 0f 56 75 69 ffffff90 43 6a fffffffd ffffffe6 ffffffa4 0a 79 fffffff7 42 73 ffffffa2 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5cd00058b0 | unwrapped: fd 2f c3 06 dd 92 cc ce c5 c3 bb 6a f0 4a c1 f0 | unwrapped: 04 3d 46 89 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021dfb870 (size 80) | prf+N: seed-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021dfb870 | nss hmac digest hack: symkey-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-686923424: 5f ffffffb6 4a 6f ffffffbd ffffffc4 ffffffb3 5a ffffffe2 2e ffffffdc 1e ffffffb8 6f ffffffd8 03 12 79 49 fffffff8 08 35 ffffffda 5a 6c 67 14 42 ffffffc0 7e ffffff99 52 0c ffffffb2 09 74 6e 6b ffffffcc 19 39 69 69 16 03 ffffffec 44 73 ffffff99 40 57 4b ffffffd1 25 ffffffd4 ffffffeb fffffffd ffffff96 ffffffbf 3a ffffffa0 74 ffffff8d fffffff1 73 ffffff98 ffffff82 ffffffe4 ffffffa5 ffffffc0 ffffffa0 6f fffffff6 39 ffffffb7 ffffffad ffffffb6 04 00 67 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cd0001880 | unwrapped: 11 fb d8 80 92 48 63 a3 19 68 72 2b 24 e9 26 b7 | unwrapped: 50 59 d5 5d 84 72 9d 73 fb bb 93 fc 39 17 f0 df | unwrapped: 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 7f 84 c9 ef | unwrapped: 77 12 15 95 94 21 1e 67 2d e6 61 7b 58 a5 6f b2 | unwrapped: a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd70e6520 | result: final-key@0x564021e07b90 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e07b90 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6508 | result: final-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e07b90 | prf+N PRF sha final-key@0x564021e01140 (size 20) | prf+N: key-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd70e6598 | result: result-key@0x564021e07b90 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021e19e70 | prfplus: release old_t[N]-key@0x564021e19e70 | prf+N PRF sha init key-key@0x7f5cc80069f0 (size 20) | prf+N: key-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6518 | result: clone-key@0x564021e19e70 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5cd0003aa0 from key-key@0x564021e19e70 | prf+N prf: begin sha with context 0x7f5cd0003aa0 from key-key@0x564021e19e70 | prf+N: release clone-key@0x564021e19e70 | prf+N PRF sha crypt-prf@0x7f5cd0001ae0 | prf+N PRF sha update old_t-key@0x564021e01140 (size 20) | prf+N: old_t-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021e01140 | nss hmac digest hack: symkey-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-686923424: 16 62 36 ffffff84 ffffffe8 ffffffee ffffffa1 7b fffffff3 21 fffffff9 00 ffffffb7 ffffffd8 ffffffeb ffffffd6 ffffffeb ffffff9e 32 30 ffffffdf 00 ffffffee fffffff4 58 fffffff9 41 71 ffffffb0 ffffffbd 67 ffffffff | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5cd00065f0 | unwrapped: 68 d5 96 66 94 5d 0f 94 28 a9 09 41 94 0e a9 3c | unwrapped: 93 e3 62 d5 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021dfb870 (size 80) | prf+N: seed-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021dfb870 | nss hmac digest hack: symkey-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-686923424: 5f ffffffb6 4a 6f ffffffbd ffffffc4 ffffffb3 5a ffffffe2 2e ffffffdc 1e ffffffb8 6f ffffffd8 03 12 79 49 fffffff8 08 35 ffffffda 5a 6c 67 14 42 ffffffc0 7e ffffff99 52 0c ffffffb2 09 74 6e 6b ffffffcc 19 39 69 69 16 03 ffffffec 44 73 ffffff99 40 57 4b ffffffd1 25 ffffffd4 ffffffeb fffffffd ffffff96 ffffffbf 3a ffffffa0 74 ffffff8d fffffff1 73 ffffff98 ffffff82 ffffffe4 ffffffa5 ffffffc0 ffffffa0 6f fffffff6 39 ffffffb7 ffffffad ffffffb6 04 00 67 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cd0001820 | unwrapped: 11 fb d8 80 92 48 63 a3 19 68 72 2b 24 e9 26 b7 | unwrapped: 50 59 d5 5d 84 72 9d 73 fb bb 93 fc 39 17 f0 df | unwrapped: 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 7f 84 c9 ef | unwrapped: 77 12 15 95 94 21 1e 67 2d e6 61 7b 58 a5 6f b2 | unwrapped: a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd70e6520 | result: final-key@0x564021e04570 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e04570 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6508 | result: final-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e04570 | prf+N PRF sha final-key@0x564021e19e70 (size 20) | prf+N: key-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e07b90 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd70e6598 | result: result-key@0x564021e04570 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021e07b90 | prfplus: release old_t[N]-key@0x564021e01140 | prf+N PRF sha init key-key@0x7f5cc80069f0 (size 20) | prf+N: key-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6518 | result: clone-key@0x564021e01140 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5cd0003aa0 from key-key@0x564021e01140 | prf+N prf: begin sha with context 0x7f5cd0003aa0 from key-key@0x564021e01140 | prf+N: release clone-key@0x564021e01140 | prf+N PRF sha crypt-prf@0x7f5cd00010c0 | prf+N PRF sha update old_t-key@0x564021e19e70 (size 20) | prf+N: old_t-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021e19e70 | nss hmac digest hack: symkey-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-686923424: 25 18 ffffffe5 2d ffffff82 ffffffae ffffffc0 ffffffd2 ffffffff 54 13 ffffffb4 ffffffdf 6d ffffffe9 0b ffffff8f fffffffd ffffff9a 50 12 46 fffffff1 43 ffffff8d 78 ffffffc0 0e ffffffcc 50 28 ffffffec | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5cd00068b0 | unwrapped: e7 87 c7 bb af 44 9f 42 fb 30 b8 56 66 bb 77 f7 | unwrapped: 86 87 92 36 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021dfb870 (size 80) | prf+N: seed-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021dfb870 | nss hmac digest hack: symkey-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-686923424: 5f ffffffb6 4a 6f ffffffbd ffffffc4 ffffffb3 5a ffffffe2 2e ffffffdc 1e ffffffb8 6f ffffffd8 03 12 79 49 fffffff8 08 35 ffffffda 5a 6c 67 14 42 ffffffc0 7e ffffff99 52 0c ffffffb2 09 74 6e 6b ffffffcc 19 39 69 69 16 03 ffffffec 44 73 ffffff99 40 57 4b ffffffd1 25 ffffffd4 ffffffeb fffffffd ffffff96 ffffffbf 3a ffffffa0 74 ffffff8d fffffff1 73 ffffff98 ffffff82 ffffffe4 ffffffa5 ffffffc0 ffffffa0 6f fffffff6 39 ffffffb7 ffffffad ffffffb6 04 00 67 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cd0005b80 | unwrapped: 11 fb d8 80 92 48 63 a3 19 68 72 2b 24 e9 26 b7 | unwrapped: 50 59 d5 5d 84 72 9d 73 fb bb 93 fc 39 17 f0 df | unwrapped: 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 7f 84 c9 ef | unwrapped: 77 12 15 95 94 21 1e 67 2d e6 61 7b 58 a5 6f b2 | unwrapped: a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd70e6520 | result: final-key@0x564021e07b90 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e07b90 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6508 | result: final-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e07b90 | prf+N PRF sha final-key@0x564021e01140 (size 20) | prf+N: key-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e04570 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd70e6598 | result: result-key@0x564021e07b90 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021e04570 | prfplus: release old_t[N]-key@0x564021e19e70 | prf+N PRF sha init key-key@0x7f5cc80069f0 (size 20) | prf+N: key-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6518 | result: clone-key@0x564021e19e70 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5cd0003aa0 from key-key@0x564021e19e70 | prf+N prf: begin sha with context 0x7f5cd0003aa0 from key-key@0x564021e19e70 | prf+N: release clone-key@0x564021e19e70 | prf+N PRF sha crypt-prf@0x7f5cd0001ae0 | prf+N PRF sha update old_t-key@0x564021e01140 (size 20) | prf+N: old_t-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021e01140 | nss hmac digest hack: symkey-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-686923424: 26 24 ffffff81 fffffffd 57 59 ffffffe1 ffffffa7 ffffffde 11 ffffff8a ffffffd1 ffffffe4 fffffffd ffffff81 3c 3f 30 4b 4e ffffffe0 14 38 ffffffb4 5b ffffffb6 ffffffbe 38 ffffff86 1e 0e 2f | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5cd00037a0 | unwrapped: 26 f9 e9 ad 30 e9 26 8d 61 75 15 ae 37 9c 26 bc | unwrapped: 41 61 36 57 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021dfb870 (size 80) | prf+N: seed-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021dfb870 | nss hmac digest hack: symkey-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-686923424: 5f ffffffb6 4a 6f ffffffbd ffffffc4 ffffffb3 5a ffffffe2 2e ffffffdc 1e ffffffb8 6f ffffffd8 03 12 79 49 fffffff8 08 35 ffffffda 5a 6c 67 14 42 ffffffc0 7e ffffff99 52 0c ffffffb2 09 74 6e 6b ffffffcc 19 39 69 69 16 03 ffffffec 44 73 ffffff99 40 57 4b ffffffd1 25 ffffffd4 ffffffeb fffffffd ffffff96 ffffffbf 3a ffffffa0 74 ffffff8d fffffff1 73 ffffff98 ffffff82 ffffffe4 ffffffa5 ffffffc0 ffffffa0 6f fffffff6 39 ffffffb7 ffffffad ffffffb6 04 00 67 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cd00037a0 | unwrapped: 11 fb d8 80 92 48 63 a3 19 68 72 2b 24 e9 26 b7 | unwrapped: 50 59 d5 5d 84 72 9d 73 fb bb 93 fc 39 17 f0 df | unwrapped: 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 7f 84 c9 ef | unwrapped: 77 12 15 95 94 21 1e 67 2d e6 61 7b 58 a5 6f b2 | unwrapped: a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd70e6520 | result: final-key@0x564021e04570 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e04570 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6508 | result: final-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e04570 | prf+N PRF sha final-key@0x564021e19e70 (size 20) | prf+N: key-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e07b90 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd70e6598 | result: result-key@0x564021e04570 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021e07b90 | prfplus: release old_t[N]-key@0x564021e01140 | prf+N PRF sha init key-key@0x7f5cc80069f0 (size 20) | prf+N: key-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6518 | result: clone-key@0x564021e01140 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5cd00043d0 from key-key@0x564021e01140 | prf+N prf: begin sha with context 0x7f5cd00043d0 from key-key@0x564021e01140 | prf+N: release clone-key@0x564021e01140 | prf+N PRF sha crypt-prf@0x7f5cd00010c0 | prf+N PRF sha update old_t-key@0x564021e19e70 (size 20) | prf+N: old_t-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021e19e70 | nss hmac digest hack: symkey-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-686923424: ffffffa1 ffffff86 ffffffad ffffffda ffffffbf 32 64 28 1e ffffffaf ffffffa9 ffffffc8 1e 4b ffffff97 ffffffb6 52 fffffffc ffffffe3 02 ffffffed 2e 0f ffffffb3 ffffffbe 2e 66 ffffff9f ffffffca 16 ffffffd6 40 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5cd0006a40 | unwrapped: 23 af 36 0f 89 e0 17 8e d4 0c b9 30 4d 6e e1 74 | unwrapped: bd 76 90 4f 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021dfb870 (size 80) | prf+N: seed-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021dfb870 | nss hmac digest hack: symkey-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-686923424: 5f ffffffb6 4a 6f ffffffbd ffffffc4 ffffffb3 5a ffffffe2 2e ffffffdc 1e ffffffb8 6f ffffffd8 03 12 79 49 fffffff8 08 35 ffffffda 5a 6c 67 14 42 ffffffc0 7e ffffff99 52 0c ffffffb2 09 74 6e 6b ffffffcc 19 39 69 69 16 03 ffffffec 44 73 ffffff99 40 57 4b ffffffd1 25 ffffffd4 ffffffeb fffffffd ffffff96 ffffffbf 3a ffffffa0 74 ffffff8d fffffff1 73 ffffff98 ffffff82 ffffffe4 ffffffa5 ffffffc0 ffffffa0 6f fffffff6 39 ffffffb7 ffffffad ffffffb6 04 00 67 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cd0001880 | unwrapped: 11 fb d8 80 92 48 63 a3 19 68 72 2b 24 e9 26 b7 | unwrapped: 50 59 d5 5d 84 72 9d 73 fb bb 93 fc 39 17 f0 df | unwrapped: 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 7f 84 c9 ef | unwrapped: 77 12 15 95 94 21 1e 67 2d e6 61 7b 58 a5 6f b2 | unwrapped: a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd70e6520 | result: final-key@0x564021e07b90 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e07b90 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6508 | result: final-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e07b90 | prf+N PRF sha final-key@0x564021e01140 (size 20) | prf+N: key-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e04570 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd70e6598 | result: result-key@0x564021e07b90 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021e04570 | prfplus: release old_t[N]-key@0x564021e19e70 | prf+N PRF sha init key-key@0x7f5cc80069f0 (size 20) | prf+N: key-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6518 | result: clone-key@0x564021e19e70 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5cd0003aa0 from key-key@0x564021e19e70 | prf+N prf: begin sha with context 0x7f5cd0003aa0 from key-key@0x564021e19e70 | prf+N: release clone-key@0x564021e19e70 | prf+N PRF sha crypt-prf@0x7f5cd0001ae0 | prf+N PRF sha update old_t-key@0x564021e01140 (size 20) | prf+N: old_t-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021e01140 | nss hmac digest hack: symkey-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-686923424: ffffffad 71 ffffffad ffffffee ffffffdb 09 ffffffbe fffffff2 2c 26 ffffffa5 ffffff8c ffffffcc ffffffe2 ffffff8d 2c 03 4a ffffffc7 70 6f ffffffaf ffffffce ffffffd8 7f 4d ffffffee ffffffe5 6f 79 03 ffffffb1 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5cd0006a40 | unwrapped: e2 40 fd d1 c9 e1 ca 07 5a e6 61 67 61 76 db 09 | unwrapped: fd 83 b4 50 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021dfb870 (size 80) | prf+N: seed-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021dfb870 | nss hmac digest hack: symkey-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-686923424: 5f ffffffb6 4a 6f ffffffbd ffffffc4 ffffffb3 5a ffffffe2 2e ffffffdc 1e ffffffb8 6f ffffffd8 03 12 79 49 fffffff8 08 35 ffffffda 5a 6c 67 14 42 ffffffc0 7e ffffff99 52 0c ffffffb2 09 74 6e 6b ffffffcc 19 39 69 69 16 03 ffffffec 44 73 ffffff99 40 57 4b ffffffd1 25 ffffffd4 ffffffeb fffffffd ffffff96 ffffffbf 3a ffffffa0 74 ffffff8d fffffff1 73 ffffff98 ffffff82 ffffffe4 ffffffa5 ffffffc0 ffffffa0 6f fffffff6 39 ffffffb7 ffffffad ffffffb6 04 00 67 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cd00037a0 | unwrapped: 11 fb d8 80 92 48 63 a3 19 68 72 2b 24 e9 26 b7 | unwrapped: 50 59 d5 5d 84 72 9d 73 fb bb 93 fc 39 17 f0 df | unwrapped: 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 7f 84 c9 ef | unwrapped: 77 12 15 95 94 21 1e 67 2d e6 61 7b 58 a5 6f b2 | unwrapped: a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd70e6520 | result: final-key@0x564021e04570 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e04570 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6508 | result: final-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e04570 | prf+N PRF sha final-key@0x564021e19e70 (size 20) | prf+N: key-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e07b90 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd70e6598 | result: result-key@0x564021e04570 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021e07b90 | prfplus: release old_t[N]-key@0x564021e01140 | prf+N PRF sha init key-key@0x7f5cc80069f0 (size 20) | prf+N: key-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6518 | result: clone-key@0x564021e01140 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5cd0003aa0 from key-key@0x564021e01140 | prf+N prf: begin sha with context 0x7f5cd0003aa0 from key-key@0x564021e01140 | prf+N: release clone-key@0x564021e01140 | prf+N PRF sha crypt-prf@0x7f5cd00010c0 | prf+N PRF sha update old_t-key@0x564021e19e70 (size 20) | prf+N: old_t-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021e19e70 | nss hmac digest hack: symkey-key@0x564021e19e70 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-686923424: fffffff7 ffffffaf 21 1f 20 22 fffffffc fffffffe 45 29 53 ffffffc3 ffffffbb 6d 45 3b ffffffd2 34 ffffffd3 ffffffae ffffff95 ffffffc4 ffffff9e ffffffbd 7d 60 12 ffffff95 2f ffffffef 13 63 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x7f5cd0006a40 | unwrapped: 0c af 06 84 74 92 95 6e e6 cf 0b 47 97 ec 09 69 | unwrapped: e2 83 3d ed 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x564021dfb870 (size 80) | prf+N: seed-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x564021dfb870 | nss hmac digest hack: symkey-key@0x564021dfb870 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-686923424: 5f ffffffb6 4a 6f ffffffbd ffffffc4 ffffffb3 5a ffffffe2 2e ffffffdc 1e ffffffb8 6f ffffffd8 03 12 79 49 fffffff8 08 35 ffffffda 5a 6c 67 14 42 ffffffc0 7e ffffff99 52 0c ffffffb2 09 74 6e 6b ffffffcc 19 39 69 69 16 03 ffffffec 44 73 ffffff99 40 57 4b ffffffd1 25 ffffffd4 ffffffeb fffffffd ffffff96 ffffffbf 3a ffffffa0 74 ffffff8d fffffff1 73 ffffff98 ffffff82 ffffffe4 ffffffa5 ffffffc0 ffffffa0 6f fffffff6 39 ffffffb7 ffffffad ffffffb6 04 00 67 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 80 bytes at 0x7f5cd0001820 | unwrapped: 11 fb d8 80 92 48 63 a3 19 68 72 2b 24 e9 26 b7 | unwrapped: 50 59 d5 5d 84 72 9d 73 fb bb 93 fc 39 17 f0 df | unwrapped: 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 7f 84 c9 ef | unwrapped: 77 12 15 95 94 21 1e 67 2d e6 61 7b 58 a5 6f b2 | unwrapped: a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | prf+N PRF sha update N++-byte@0x8 (8) | 08 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f5cd70e6520 | result: final-key@0x564021e07b90 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e07b90 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6508 | result: final-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e07b90 | prf+N PRF sha final-key@0x564021e01140 (size 20) | prf+N: key-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e04570 (140-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f5cd70e6598 | result: result-key@0x564021e07b90 (160-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021e04570 | prfplus: release old_t[N]-key@0x564021e19e70 | prfplus: release old_t[final]-key@0x564021e01140 | ike_sa_keymat: release data-key@0x564021dfb870 | calc_skeyseed_v2: release skeyseed_k-key@0x7f5cc80069f0 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e07b90 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6738 | result: result-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e07b90 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6738 | result: result-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e07b90 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6738 | result: result-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: DES3_CBC | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x564021e07b90 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6748 | result: SK_ei_k-key@0x564021e19e70 (24-bytes, DES3_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 84, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: DES3_CBC | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x564021e07b90 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6748 | result: SK_er_k-key@0x564021e04570 (24-bytes, DES3_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 108, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e07b90 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6748 | result: result-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x7f5cc800a510 | chunk_SK_pi: symkey-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1717986918: 7a 6e 69 03 ffffff82 54 41 ffffff82 50 ffffff9c ffffffbd ffffff8a ffffffe1 ffffffbb ffffffaa ffffffae ffffffe5 fffffffb ffffffcf ffffffb0 79 49 32 ffffff91 fffffff2 5f 1d ffffffd0 67 6e ffffffa6 44 | chunk_SK_pi: release slot-key-key@0x564021dfdd40 | chunk_SK_pi extracted len 32 bytes at 0x7f5cd00062f0 | unwrapped: 5a e6 61 67 61 76 db 09 fd 83 b4 50 0c af 06 84 | unwrapped: 74 92 95 6e 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 128, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e07b90 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f5cd70e6748 | result: result-key@0x564021e1e110 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x564021e1e110 | chunk_SK_pr: symkey-key@0x564021e1e110 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1717986918: 35 ffffffe0 6a fffffffe 6a 66 1a 4d ffffff84 76 ffffff87 74 1a 2a ffffffab ffffffd3 ffffffde ffffffcd ffffffd7 fffffff0 1e 72 21 0f 5e 2b ffffffa8 1c 2b 51 ffffffc1 fffffff1 | chunk_SK_pr: release slot-key-key@0x564021dfdd40 | chunk_SK_pr extracted len 32 bytes at 0x7f5cd0006320 | unwrapped: e6 cf 0b 47 97 ec 09 69 e2 83 3d ed cf 1d 5b a7 | unwrapped: db d1 b1 c2 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x564021e07b90 | calc_skeyseed_v2 pointers: shared-key@0x7f5cc800d640, SK_d-key@0x7f5cc80069f0, SK_ai-key@0x564021dfb870, SK_ar-key@0x564021e01140, SK_ei-key@0x564021e19e70, SK_er-key@0x564021e04570, SK_pi-key@0x7f5cc800a510, SK_pr-key@0x564021e1e110 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | 5a e6 61 67 61 76 db 09 fd 83 b4 50 0c af 06 84 | 74 92 95 6e | calc_skeyseed_v2 SK_pr | e6 cf 0b 47 97 ec 09 69 e2 83 3d ed cf 1d 5b a7 | db d1 b1 c2 | crypto helper 2 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 22 time elapsed 0.003214 seconds | (#21) spent 3.21 milliseconds in crypto helper computing work-order 22: ikev2_inR1outI2 KE (pcr) | crypto helper 2 sending results from work-order 22 for state #21 to event queue | scheduling resume sending helper answer for #21 | libevent_malloc: new ptr-libevent@0x7f5cd0004b10 size 128 | crypto helper 2 waiting (nothing to do) | processing resume sending helper answer for #21 | start processing: state #21 connection "3des" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 2 replies to request ID 22 | calling continuation function 0x564020443630 | ikev2_parent_inR1outI2_continue for #21: calculating g^{xy}, sending I2 | DH secret MODP2048@0x7f5cbc0010c0: transferring ownership from helper IKEv2 DH to state #21 | finish_dh_v2: release st_shared_nss-key@NULL | creating state object #22 at 0x564021e1a900 | State DB: adding IKEv2 state #22 in UNDEFINED | pstats #22 ikev2.child started | duplicating state object #21 "3des" as #22 for IPSEC SA | #22 setting local endpoint to 192.1.2.45:500 from #21.st_localport (in duplicate_state() at state.c:1481) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x7f5cc80069f0 | duplicate_state: reference st_skey_ai_nss-key@0x564021dfb870 | duplicate_state: reference st_skey_ar_nss-key@0x564021e01140 | duplicate_state: reference st_skey_ei_nss-key@0x564021e19e70 | duplicate_state: reference st_skey_er_nss-key@0x564021e04570 | duplicate_state: reference st_skey_pi_nss-key@0x7f5cc800a510 | duplicate_state: reference st_skey_pr_nss-key@0x564021e1e110 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #21.#22; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #21 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #21.#22 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #21 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f5cbc008840 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564021e16cc0 | event_schedule: new EVENT_SA_REPLACE-pe@0x564021e16cc0 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #21 | libevent_malloc: new ptr-libevent@0x7f5cbc008840 size 128 | parent state #21: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | a5 70 a7 02 5a 87 dd 89 | responder cookie: | 61 87 c1 53 46 1c 40 b4 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | IDr payload will be sent | hmac PRF sha init symkey-key@0x7f5cc800a510 (size 20) | hmac: symkey-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc800a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db978 | result: clone-key@0x564021e07b90 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564021dfd2a0 from symkey-key@0x564021e07b90 | hmac prf: begin sha with context 0x564021dfd2a0 from symkey-key@0x564021e07b90 | hmac: release clone-key@0x564021e07b90 | hmac PRF sha crypt-prf@0x564021da3860 | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 77 65 73 74 | emitting length of IKEv2 Identification - Initiator - Payload: 12 | idhash calc I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x56402054296c (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7fff864dbf10 (length 20) | 54 8d 07 01 31 fc e8 10 24 18 9e 5c 29 0a 67 b0 | 0f d6 83 24 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload | IDr 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x564021e0a240 (line=1) | concluding with best_match=014 best=0x564021e0a240 (lineno=1) | inputs to hash1 (first packet) | a5 70 a7 02 5a 87 dd 89 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 16 47 44 cb 23 ac 7c 65 06 4b 4a c9 | bd c6 bc 54 43 1e 85 ad 0f 33 4b 94 3f 1e f2 8f | 68 d6 56 5a 49 f4 3a a1 f8 74 ec 94 e4 7b a8 6c | 90 bf 70 50 1c e6 c8 4b f7 d1 96 bf c8 67 72 85 | 29 4b ce 00 50 57 9e 4e 3e bb 02 95 71 63 0f 88 | cb 85 a7 22 df 4d 00 28 a9 96 53 a1 1f 6d 75 24 | 2c 7b 50 1c 67 a6 1a 75 fe cd be 5d e0 e4 39 c5 | f8 3f a6 71 23 2b b7 b5 e1 c1 a8 40 6e b4 71 5f | 0d 01 79 32 dd ea 68 e1 9d ae df bc 15 60 33 2d | aa b7 13 84 c3 7e 03 9e 91 46 85 8d c5 e8 c8 e2 | 66 0a 97 3d 4b e4 80 77 fe 13 fc 56 07 dd f8 12 | d6 fd 3b 5f 27 ed db 2d 82 aa ef 2e 72 be d7 ae | 9f 45 a0 ae 1e 55 87 bb 90 27 84 19 36 fd 51 29 | d4 c4 74 7c f0 13 d1 b7 d2 2f 87 8c ab 3c 5f 29 | 4d cb 9b 2d ab 89 58 28 a2 ab 25 6f 2c 87 95 ed | 34 4a 51 d3 d7 6b 23 98 2d 9f e5 93 06 cc 6c 95 | 01 55 49 31 29 00 00 24 11 fb d8 80 92 48 63 a3 | 19 68 72 2b 24 e9 26 b7 50 59 d5 5d 84 72 9d 73 | fb bb 93 fc 39 17 f0 df 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 21 08 d2 37 60 ad cd 6a | 13 51 70 04 1f 54 ea c5 b8 8a bf 60 00 00 00 1c | 00 00 40 05 b3 ec 68 c9 16 91 3f b1 ae 3f 86 cd | 46 0d 2d 2e a7 74 68 b3 | create: initiator inputs to hash2 (responder nonce) | 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 7f 84 c9 ef | 77 12 15 95 94 21 1e 67 2d e6 61 7b 58 a5 6f b2 | idhash 54 8d 07 01 31 fc e8 10 24 18 9e 5c 29 0a 67 b0 | idhash 0f d6 83 24 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x564021e14a20 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db770 | result: shared secret-key@0x7f5cd0006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7f5cd0006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db758 | result: shared secret-key@0x564021e07b90 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7f5cd0006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x564021dfd2a0 from shared secret-key@0x564021e07b90 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x564021dfd2a0 from shared secret-key@0x564021e07b90 | = prf(,"Key Pad for IKEv2"): release clone-key@0x564021e07b90 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x564021e18160 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x5640204d6bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db790 | result: final-key@0x7f5cd0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cd0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db778 | result: final-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f5cd0006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x564021e07b90 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x564021e07b90 (size 20) | = prf(, ): -key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db788 | result: clone-key@0x7f5cd0006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x564021dfd2a0 from -key@0x7f5cd0006900 | = prf(, ) prf: begin sha with context 0x564021dfd2a0 from -key@0x7f5cd0006900 | = prf(, ): release clone-key@0x7f5cd0006900 | = prf(, ) PRF sha crypt-prf@0x564021da3880 | = prf(, ) PRF sha update first-packet-bytes@0x564021e17970 (length 440) | a5 70 a7 02 5a 87 dd 89 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 16 47 44 cb 23 ac 7c 65 06 4b 4a c9 | bd c6 bc 54 43 1e 85 ad 0f 33 4b 94 3f 1e f2 8f | 68 d6 56 5a 49 f4 3a a1 f8 74 ec 94 e4 7b a8 6c | 90 bf 70 50 1c e6 c8 4b f7 d1 96 bf c8 67 72 85 | 29 4b ce 00 50 57 9e 4e 3e bb 02 95 71 63 0f 88 | cb 85 a7 22 df 4d 00 28 a9 96 53 a1 1f 6d 75 24 | 2c 7b 50 1c 67 a6 1a 75 fe cd be 5d e0 e4 39 c5 | f8 3f a6 71 23 2b b7 b5 e1 c1 a8 40 6e b4 71 5f | 0d 01 79 32 dd ea 68 e1 9d ae df bc 15 60 33 2d | aa b7 13 84 c3 7e 03 9e 91 46 85 8d c5 e8 c8 e2 | 66 0a 97 3d 4b e4 80 77 fe 13 fc 56 07 dd f8 12 | d6 fd 3b 5f 27 ed db 2d 82 aa ef 2e 72 be d7 ae | 9f 45 a0 ae 1e 55 87 bb 90 27 84 19 36 fd 51 29 | d4 c4 74 7c f0 13 d1 b7 d2 2f 87 8c ab 3c 5f 29 | 4d cb 9b 2d ab 89 58 28 a2 ab 25 6f 2c 87 95 ed | 34 4a 51 d3 d7 6b 23 98 2d 9f e5 93 06 cc 6c 95 | 01 55 49 31 29 00 00 24 11 fb d8 80 92 48 63 a3 | 19 68 72 2b 24 e9 26 b7 50 59 d5 5d 84 72 9d 73 | fb bb 93 fc 39 17 f0 df 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 21 08 d2 37 60 ad cd 6a | 13 51 70 04 1f 54 ea c5 b8 8a bf 60 00 00 00 1c | 00 00 40 05 b3 ec 68 c9 16 91 3f b1 ae 3f 86 cd | 46 0d 2d 2e a7 74 68 b3 | = prf(, ) PRF sha update nonce-bytes@0x564021e1e200 (length 32) | 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 7f 84 c9 ef | 77 12 15 95 94 21 1e 67 2d e6 61 7b 58 a5 6f b2 | = prf(, ) PRF sha update hash-bytes@0x7fff864dbf10 (length 20) | 54 8d 07 01 31 fc e8 10 24 18 9e 5c 29 0a 67 b0 | 0f d6 83 24 | = prf(, ) PRF sha final-chunk@0x564021da3860 (length 20) | 99 bd 0a 89 01 4d 2d 64 4e 14 9b b4 f5 4d 32 95 | 7e da b9 2d | psk_auth: release prf-psk-key@0x564021e07b90 | PSK auth octets 99 bd 0a 89 01 4d 2d 64 4e 14 9b b4 f5 4d 32 95 | PSK auth octets 7e da b9 2d | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth 99 bd 0a 89 01 4d 2d 64 4e 14 9b b4 f5 4d 32 95 | PSK auth 7e da b9 2d | emitting length of IKEv2 Authentication Payload: 28 | getting first pending from state #21 | netlink_get_spi: allocated 0x7b0b5dcb for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for 3des (IKE SA initiator emitting ESP/AH proposals) | converting proposal 3DES_CBC-HMAC_SHA1_96-MODP2048 to ikev2 ... | omitting IKEv2 PROTO_v2_ESP 3des_cbc ENCRYPT transform key-length | ... ikev2_proposal: 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED "3des": constructed local ESP/AH proposals for 3des (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 7b 0b 5d cb | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 36 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 40 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 01 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 02 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 168 | emitting length of ISAKMP Message: 196 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | ce 67 57 a6 40 69 12 a4 | data before encryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | 99 bd 0a 89 01 4d 2d 64 4e 14 9b b4 f5 4d 32 95 | 7e da b9 2d 2c 00 00 28 00 00 00 24 01 03 04 03 | 7b 0b 5d cb 03 00 00 08 01 00 00 03 03 00 00 08 | 03 00 00 02 00 00 00 08 05 00 00 00 2d 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 01 00 | c0 00 01 ff 00 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 02 00 c0 00 02 ff 00 01 02 03 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | 0d 9b f6 75 fd d8 19 9c af 43 7b 7c cd a3 5a b0 | 6f 17 22 61 32 cb ea ca a5 b3 d3 1c 41 91 71 07 | ed 44 eb 50 05 c2 41 ce 49 96 84 01 4a c3 9e ce | e4 1d ad 95 7b aa 83 61 2b a9 39 d0 d4 95 2d ef | 77 ec 08 6f c8 3b f2 4f 08 57 dd c5 a5 79 27 75 | 19 9c 78 2e bf 25 82 2c 43 0b a2 49 df 2e 45 44 | 48 93 aa ae 97 92 7a 0f 3f f9 54 18 e1 08 cf 42 | a9 4d 50 72 30 86 7e b4 36 29 fc c8 35 3a 73 af | cc f4 37 dd f3 9f 77 99 f0 5a 33 be 82 5c 5d 96 | hmac PRF sha init symkey-key@0x564021dfb870 (size 20) | hmac: symkey-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db888 | result: clone-key@0x564021e07b90 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564021dfd2a0 from symkey-key@0x564021e07b90 | hmac prf: begin sha with context 0x564021dfd2a0 from symkey-key@0x564021e07b90 | hmac: release clone-key@0x564021e07b90 | hmac PRF sha crypt-prf@0x564021e18160 | hmac PRF sha update data-bytes@0x564020542940 (length 184) | a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | ce 67 57 a6 40 69 12 a4 0d 9b f6 75 fd d8 19 9c | af 43 7b 7c cd a3 5a b0 6f 17 22 61 32 cb ea ca | a5 b3 d3 1c 41 91 71 07 ed 44 eb 50 05 c2 41 ce | 49 96 84 01 4a c3 9e ce e4 1d ad 95 7b aa 83 61 | 2b a9 39 d0 d4 95 2d ef 77 ec 08 6f c8 3b f2 4f | 08 57 dd c5 a5 79 27 75 19 9c 78 2e bf 25 82 2c | 43 0b a2 49 df 2e 45 44 48 93 aa ae 97 92 7a 0f | 3f f9 54 18 e1 08 cf 42 a9 4d 50 72 30 86 7e b4 | 36 29 fc c8 35 3a 73 af cc f4 37 dd f3 9f 77 99 | f0 5a 33 be 82 5c 5d 96 | hmac PRF sha final-bytes@0x5640205429f8 (length 20) | e0 6e be 1c c7 8c 8a 9e 21 9f 4a 70 a5 3f 36 13 | 12 bf f0 e2 | data being hmac: a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | data being hmac: 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | data being hmac: ce 67 57 a6 40 69 12 a4 0d 9b f6 75 fd d8 19 9c | data being hmac: af 43 7b 7c cd a3 5a b0 6f 17 22 61 32 cb ea ca | data being hmac: a5 b3 d3 1c 41 91 71 07 ed 44 eb 50 05 c2 41 ce | data being hmac: 49 96 84 01 4a c3 9e ce e4 1d ad 95 7b aa 83 61 | data being hmac: 2b a9 39 d0 d4 95 2d ef 77 ec 08 6f c8 3b f2 4f | data being hmac: 08 57 dd c5 a5 79 27 75 19 9c 78 2e bf 25 82 2c | data being hmac: 43 0b a2 49 df 2e 45 44 48 93 aa ae 97 92 7a 0f | data being hmac: 3f f9 54 18 e1 08 cf 42 a9 4d 50 72 30 86 7e b4 | data being hmac: 36 29 fc c8 35 3a 73 af cc f4 37 dd f3 9f 77 99 | data being hmac: f0 5a 33 be 82 5c 5d 96 | out calculated auth: | e0 6e be 1c c7 8c 8a 9e 21 9f 4a 70 | suspend processing: state #21 connection "3des" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #22 connection "3des" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #22 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #22: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #22 to 0 after switching state | Message ID: recv #21.#22 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #21.#22 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "3des" #22: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=3DES_CBC_192 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 196 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #21) | a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | ce 67 57 a6 40 69 12 a4 0d 9b f6 75 fd d8 19 9c | af 43 7b 7c cd a3 5a b0 6f 17 22 61 32 cb ea ca | a5 b3 d3 1c 41 91 71 07 ed 44 eb 50 05 c2 41 ce | 49 96 84 01 4a c3 9e ce e4 1d ad 95 7b aa 83 61 | 2b a9 39 d0 d4 95 2d ef 77 ec 08 6f c8 3b f2 4f | 08 57 dd c5 a5 79 27 75 19 9c 78 2e bf 25 82 2c | 43 0b a2 49 df 2e 45 44 48 93 aa ae 97 92 7a 0f | 3f f9 54 18 e1 08 cf 42 a9 4d 50 72 30 86 7e b4 | 36 29 fc c8 35 3a 73 af cc f4 37 dd f3 9f 77 99 | f0 5a 33 be 82 5c 5d 96 e0 6e be 1c c7 8c 8a 9e | 21 9f 4a 70 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x564021e1fb00 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #22 | libevent_malloc: new ptr-libevent@0x7f5cb80068c0 size 128 | #22 STATE_PARENT_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48961.290759 | resume sending helper answer for #21 suppresed complete_v2_state_transition() | #21 spent 1.11 milliseconds in resume sending helper answer | stop processing: state #22 connection "3des" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5cd0004b10 | spent 0.00291 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 188 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | 50 9f 3c e1 4a 55 0d 58 d3 0b e3 a8 91 c2 5f ac | 9c a9 b8 a9 a3 69 28 b7 a8 60 4d 3b 98 11 b7 c0 | 31 c5 d2 ea 14 9c 00 66 91 93 89 06 da 3a b6 a0 | 71 a7 1f 23 3e c9 3f e9 37 ce 2e 0d 4a c3 a2 60 | b2 2a ea 47 c9 e3 be ff 64 c3 c3 de ca a6 d6 b8 | 6e 03 c6 70 a3 a9 b3 a8 88 3f 3d 7b 0a a9 10 af | 2c c3 a3 a7 30 3d 9f 81 a3 a0 5d 7b 27 cf 6b dc | 22 f2 23 96 cd f5 7e 11 3d 79 24 43 15 51 64 82 | f4 94 c0 b3 03 fa f6 db 4b fe 27 44 a1 e6 3e f2 | 9a 7c fe 8f b6 e6 f7 68 b6 52 d8 5c | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | a5 70 a7 02 5a 87 dd 89 | responder cookie: | 61 87 c1 53 46 1c 40 b4 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 188 (0xbc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #21 in PARENT_I2 (find_v2_ike_sa) | start processing: state #21 connection "3des" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #22 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #21 connection "3des" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | start processing: state #22 connection "3des" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #22 is idle | #22 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 160 (0xa0) | processing payload: ISAKMP_NEXT_v2SK (len=156) | #22 in state PARENT_I2: sent v2I2, expected v2R2 | hmac PRF sha init symkey-key@0x564021e01140 (size 20) | hmac: symkey-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e01140 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db7a8 | result: clone-key@0x564021e07b90 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564021dfd2a0 from symkey-key@0x564021e07b90 | hmac prf: begin sha with context 0x564021dfd2a0 from symkey-key@0x564021e07b90 | hmac: release clone-key@0x564021e07b90 | hmac PRF sha crypt-prf@0x564021e18180 | hmac PRF sha update data-bytes@0x564021d954b0 (length 176) | a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | 50 9f 3c e1 4a 55 0d 58 d3 0b e3 a8 91 c2 5f ac | 9c a9 b8 a9 a3 69 28 b7 a8 60 4d 3b 98 11 b7 c0 | 31 c5 d2 ea 14 9c 00 66 91 93 89 06 da 3a b6 a0 | 71 a7 1f 23 3e c9 3f e9 37 ce 2e 0d 4a c3 a2 60 | b2 2a ea 47 c9 e3 be ff 64 c3 c3 de ca a6 d6 b8 | 6e 03 c6 70 a3 a9 b3 a8 88 3f 3d 7b 0a a9 10 af | 2c c3 a3 a7 30 3d 9f 81 a3 a0 5d 7b 27 cf 6b dc | 22 f2 23 96 cd f5 7e 11 3d 79 24 43 15 51 64 82 | f4 94 c0 b3 03 fa f6 db 4b fe 27 44 a1 e6 3e f2 | hmac PRF sha final-bytes@0x7fff864db970 (length 20) | 9a 7c fe 8f b6 e6 f7 68 b6 52 d8 5c b1 a8 88 71 | 0e a6 99 90 | data for hmac: a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | data for hmac: 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | data for hmac: 50 9f 3c e1 4a 55 0d 58 d3 0b e3 a8 91 c2 5f ac | data for hmac: 9c a9 b8 a9 a3 69 28 b7 a8 60 4d 3b 98 11 b7 c0 | data for hmac: 31 c5 d2 ea 14 9c 00 66 91 93 89 06 da 3a b6 a0 | data for hmac: 71 a7 1f 23 3e c9 3f e9 37 ce 2e 0d 4a c3 a2 60 | data for hmac: b2 2a ea 47 c9 e3 be ff 64 c3 c3 de ca a6 d6 b8 | data for hmac: 6e 03 c6 70 a3 a9 b3 a8 88 3f 3d 7b 0a a9 10 af | data for hmac: 2c c3 a3 a7 30 3d 9f 81 a3 a0 5d 7b 27 cf 6b dc | data for hmac: 22 f2 23 96 cd f5 7e 11 3d 79 24 43 15 51 64 82 | data for hmac: f4 94 c0 b3 03 fa f6 db 4b fe 27 44 a1 e6 3e f2 | calculated auth: 9a 7c fe 8f b6 e6 f7 68 b6 52 d8 5c | provided auth: 9a 7c fe 8f b6 e6 f7 68 b6 52 d8 5c | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 50 9f 3c e1 4a 55 0d 58 | payload before decryption: | d3 0b e3 a8 91 c2 5f ac 9c a9 b8 a9 a3 69 28 b7 | a8 60 4d 3b 98 11 b7 c0 31 c5 d2 ea 14 9c 00 66 | 91 93 89 06 da 3a b6 a0 71 a7 1f 23 3e c9 3f e9 | 37 ce 2e 0d 4a c3 a2 60 b2 2a ea 47 c9 e3 be ff | 64 c3 c3 de ca a6 d6 b8 6e 03 c6 70 a3 a9 b3 a8 | 88 3f 3d 7b 0a a9 10 af 2c c3 a3 a7 30 3d 9f 81 | a3 a0 5d 7b 27 cf 6b dc 22 f2 23 96 cd f5 7e 11 | 3d 79 24 43 15 51 64 82 f4 94 c0 b3 03 fa f6 db | 4b fe 27 44 a1 e6 3e f2 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | payload after decryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 09 be 8a 64 9e b5 bd 3b 6e 2e eb ab | 12 e3 5e 81 d8 c1 b3 e3 2c 00 00 28 00 00 00 24 | 01 03 04 03 44 f6 52 0a 03 00 00 08 01 00 00 03 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 | stripping 8 octets as pad | #22 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SA (len=36) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Initiator: process IKE_AUTH response | Now let's proceed with state specific processing | calling processor Initiator: process IKE_AUTH response | offered CA: '%none' "3des" #22: IKEv2 mode peer ID is ID_FQDN: '@east' | hmac PRF sha init symkey-key@0x564021e1e110 (size 20) | hmac: symkey-key@0x564021e1e110 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e1e110 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db8d8 | result: clone-key@0x564021e07b90 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564021dfd2a0 from symkey-key@0x564021e07b90 | hmac prf: begin sha with context 0x564021dfd2a0 from symkey-key@0x564021e07b90 | hmac: release clone-key@0x564021e07b90 | hmac PRF sha crypt-prf@0x564021e18140 | idhash auth R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x564021d954dc (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7fff864dba30 (length 20) | 97 1e 63 6b e2 90 b9 62 95 e9 3f 7b 6c 2a 1a db | db 5e a5 99 | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x564021e0a240 (line=1) | concluding with best_match=014 best=0x564021e0a240 (lineno=1) | inputs to hash1 (first packet) | a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | 7c 89 07 e2 3f c6 b7 6d 85 15 65 a9 b4 5a c8 b5 | 33 2f 56 da b5 44 08 02 af c2 86 cc 6a 7f 6c 7d | 22 55 be 0f a2 42 25 92 26 e7 45 60 66 c0 e9 ec | ec 61 84 76 c7 8b 35 44 86 e0 50 38 50 72 05 c8 | ea f9 cf 29 49 54 61 2f 6e 15 a4 8a db 58 16 01 | 39 fd 0a f3 59 68 a5 79 0d 5e 0e 9f f6 c0 44 46 | 0a 20 f0 2e c7 89 03 8e 22 f1 46 87 33 b6 40 f7 | 45 94 73 9c 4f 8e e1 95 cb 5a c7 1f 7a 25 06 9e | d9 a9 ae fb 71 8e 8c 0d db 00 e7 5e ce e3 5f 7a | b5 db 5a 45 ff 36 96 7b dd a1 4d 39 24 c2 3b 8d | f3 e1 cf 1c ab f1 9b 84 59 b2 41 68 3e 7c e6 81 | f4 fb f4 69 e2 c8 79 72 99 7c 18 3b b2 0e 56 44 | 9f 76 7b 31 7c d0 50 e6 33 68 68 f7 d5 ae 72 aa | f8 ac 1f 3f 3f 9a 3c ec 2b 0b 9f f7 de b1 e0 1c | 51 4b d4 5a b9 70 2d f8 d3 9d 06 db 99 a5 11 67 | 43 11 37 2c 25 23 05 19 7a 87 05 3d 7d 65 6e eb | 29 00 00 24 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 | 7f 84 c9 ef 77 12 15 95 94 21 1e 67 2d e6 61 7b | 58 a5 6f b2 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 16 34 12 ff be de 72 95 e6 a6 e8 e6 | 79 f3 76 0c 21 d7 96 91 00 00 00 1c 00 00 40 05 | 59 1f b9 7f 5a 69 25 9a 86 19 93 92 e7 4d b5 f2 | e1 c3 80 7d | verify: initiator inputs to hash2 (initiator nonce) | 11 fb d8 80 92 48 63 a3 19 68 72 2b 24 e9 26 b7 | 50 59 d5 5d 84 72 9d 73 fb bb 93 fc 39 17 f0 df | idhash 97 1e 63 6b e2 90 b9 62 95 e9 3f 7b 6c 2a 1a db | idhash db 5e a5 99 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x564021e14a20 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db6e0 | result: shared secret-key@0x7f5cd0006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7f5cd0006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6c8 | result: shared secret-key@0x564021e07b90 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7f5cd0006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x564021dfd2a0 from shared secret-key@0x564021e07b90 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x564021dfd2a0 from shared secret-key@0x564021e07b90 | = prf(,"Key Pad for IKEv2"): release clone-key@0x564021e07b90 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x564021e18180 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x5640204d6bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db700 | result: final-key@0x7f5cd0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cd0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6e8 | result: final-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f5cd0006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x564021e07b90 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x564021e07b90 (size 20) | = prf(, ): -key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6f8 | result: clone-key@0x7f5cd0006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x564021dfd2a0 from -key@0x7f5cd0006900 | = prf(, ) prf: begin sha with context 0x564021dfd2a0 from -key@0x7f5cd0006900 | = prf(, ): release clone-key@0x7f5cd0006900 | = prf(, ) PRF sha crypt-prf@0x564021da3880 | = prf(, ) PRF sha update first-packet-bytes@0x564021da9230 (length 436) | a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | 7c 89 07 e2 3f c6 b7 6d 85 15 65 a9 b4 5a c8 b5 | 33 2f 56 da b5 44 08 02 af c2 86 cc 6a 7f 6c 7d | 22 55 be 0f a2 42 25 92 26 e7 45 60 66 c0 e9 ec | ec 61 84 76 c7 8b 35 44 86 e0 50 38 50 72 05 c8 | ea f9 cf 29 49 54 61 2f 6e 15 a4 8a db 58 16 01 | 39 fd 0a f3 59 68 a5 79 0d 5e 0e 9f f6 c0 44 46 | 0a 20 f0 2e c7 89 03 8e 22 f1 46 87 33 b6 40 f7 | 45 94 73 9c 4f 8e e1 95 cb 5a c7 1f 7a 25 06 9e | d9 a9 ae fb 71 8e 8c 0d db 00 e7 5e ce e3 5f 7a | b5 db 5a 45 ff 36 96 7b dd a1 4d 39 24 c2 3b 8d | f3 e1 cf 1c ab f1 9b 84 59 b2 41 68 3e 7c e6 81 | f4 fb f4 69 e2 c8 79 72 99 7c 18 3b b2 0e 56 44 | 9f 76 7b 31 7c d0 50 e6 33 68 68 f7 d5 ae 72 aa | f8 ac 1f 3f 3f 9a 3c ec 2b 0b 9f f7 de b1 e0 1c | 51 4b d4 5a b9 70 2d f8 d3 9d 06 db 99 a5 11 67 | 43 11 37 2c 25 23 05 19 7a 87 05 3d 7d 65 6e eb | 29 00 00 24 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 | 7f 84 c9 ef 77 12 15 95 94 21 1e 67 2d e6 61 7b | 58 a5 6f b2 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 16 34 12 ff be de 72 95 e6 a6 e8 e6 | 79 f3 76 0c 21 d7 96 91 00 00 00 1c 00 00 40 05 | 59 1f b9 7f 5a 69 25 9a 86 19 93 92 e7 4d b5 f2 | e1 c3 80 7d | = prf(, ) PRF sha update nonce-bytes@0x7f5cbc0061b0 (length 32) | 11 fb d8 80 92 48 63 a3 19 68 72 2b 24 e9 26 b7 | 50 59 d5 5d 84 72 9d 73 fb bb 93 fc 39 17 f0 df | = prf(, ) PRF sha update hash-bytes@0x7fff864dba30 (length 20) | 97 1e 63 6b e2 90 b9 62 95 e9 3f 7b 6c 2a 1a db | db 5e a5 99 | = prf(, ) PRF sha final-chunk@0x564021e18140 (length 20) | 09 be 8a 64 9e b5 bd 3b 6e 2e eb ab 12 e3 5e 81 | d8 c1 b3 e3 | psk_auth: release prf-psk-key@0x564021e07b90 | Received PSK auth octets | 09 be 8a 64 9e b5 bd 3b 6e 2e eb ab 12 e3 5e 81 | d8 c1 b3 e3 | Calculated PSK auth octets | 09 be 8a 64 9e b5 bd 3b 6e 2e eb ab 12 e3 5e 81 | d8 c1 b3 e3 "3des" #22: Authenticated using authby=secret | parent state #21: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) | #21 will start re-keying in 2911 seconds with margin of 689 seconds (attempting re-key) | state #21 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f5cbc008840 | free_event_entry: release EVENT_SA_REPLACE-pe@0x564021e16cc0 | event_schedule: new EVENT_SA_REKEY-pe@0x564021e16cc0 | inserting event EVENT_SA_REKEY, timeout in 2911 seconds for #21 | libevent_malloc: new ptr-libevent@0x7f5cbc008840 size 128 | pstats #21 ikev2.ike established | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | evaluating our conn="3des" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found an acceptable TSi/TSr Traffic Selector | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | using existing local ESP/AH proposals for 3des (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 36 (0x24) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI 44 f6 52 0a | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | remote proposal 1 transform 0 (ENCR=3DES) matches local proposal 1 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=44f6520a;ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: 3DES=3, found 3DES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | integ=sha: .key_size=20 encrypt=3des_cbc: .key_size=24 .salt_size=0 keymat_len=44 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db7e0 | result: data=Ni-key@0x7f5cd0006900 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x7f5cd0006900 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db7c8 | result: data=Ni-key@0x564021e07b90 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x7f5cd0006900 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e07b90 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff864db7d0 | result: data+=Nr-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x564021e07b90 | prf+0 PRF sha init key-key@0x7f5cc80069f0 (size 20) | prf+0: key-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6f8 | result: clone-key@0x564021e07b90 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x564021dfd2a0 from key-key@0x564021e07b90 | prf+0 prf: begin sha with context 0x564021dfd2a0 from key-key@0x564021e07b90 | prf+0: release clone-key@0x564021e07b90 | prf+0 PRF sha crypt-prf@0x564021e18160 | prf+0 PRF sha update seed-key@0x7f5cd0006900 (size 64) | prf+0: seed-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f5cd0006900 | nss hmac digest hack: symkey-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-2041728192: 5f ffffffb6 4a 6f ffffffbd ffffffc4 ffffffb3 5a ffffffe2 2e ffffffdc 1e ffffffb8 6f ffffffd8 03 12 79 49 fffffff8 08 35 ffffffda 5a 6c 67 14 42 ffffffc0 7e ffffff99 52 0c ffffffb2 09 74 6e 6b ffffffcc 19 39 69 69 16 03 ffffffec 44 73 ffffff99 40 57 4b ffffffd1 25 ffffffd4 ffffffeb fffffffd ffffff96 ffffffbf 3a ffffffa0 74 ffffff8d fffffff1 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 64 bytes at 0x564021e15300 | unwrapped: 11 fb d8 80 92 48 63 a3 19 68 72 2b 24 e9 26 b7 | unwrapped: 50 59 d5 5d 84 72 9d 73 fb bb 93 fc 39 17 f0 df | unwrapped: 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 7f 84 c9 ef | unwrapped: 77 12 15 95 94 21 1e 67 2d e6 61 7b 58 a5 6f b2 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db700 | result: final-key@0x564021df9ff0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021df9ff0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6e8 | result: final-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021df9ff0 | prf+0 PRF sha final-key@0x564021e07b90 (size 20) | prf+0: key-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x564021e07b90 | prf+N PRF sha init key-key@0x7f5cc80069f0 (size 20) | prf+N: key-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6f8 | result: clone-key@0x564021df9ff0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x564021dfd2a0 from key-key@0x564021df9ff0 | prf+N prf: begin sha with context 0x564021dfd2a0 from key-key@0x564021df9ff0 | prf+N: release clone-key@0x564021df9ff0 | prf+N PRF sha crypt-prf@0x564021e18180 | prf+N PRF sha update old_t-key@0x564021e07b90 (size 20) | prf+N: old_t-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021e07b90 | nss hmac digest hack: symkey-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-2041728192: ffffff98 ffffff98 ffffffbe 14 ffffff94 01 5d 43 fffffff1 70 5b ffffffac ffffffc4 0b 55 ffffffdd 7a ffffffc1 ffffff9a 3a ffffffc9 45 3b 23 79 3f 53 17 24 29 fffffff3 58 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x564021e1faa0 | unwrapped: b6 10 4a 0d cc 72 8b 38 f0 ec c8 dc 59 49 27 78 | unwrapped: 4d b8 2d 3b 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f5cd0006900 (size 64) | prf+N: seed-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f5cd0006900 | nss hmac digest hack: symkey-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-2041728192: 5f ffffffb6 4a 6f ffffffbd ffffffc4 ffffffb3 5a ffffffe2 2e ffffffdc 1e ffffffb8 6f ffffffd8 03 12 79 49 fffffff8 08 35 ffffffda 5a 6c 67 14 42 ffffffc0 7e ffffff99 52 0c ffffffb2 09 74 6e 6b ffffffcc 19 39 69 69 16 03 ffffffec 44 73 ffffff99 40 57 4b ffffffd1 25 ffffffd4 ffffffeb fffffffd ffffff96 ffffffbf 3a ffffffa0 74 ffffff8d fffffff1 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 64 bytes at 0x564021e19f00 | unwrapped: 11 fb d8 80 92 48 63 a3 19 68 72 2b 24 e9 26 b7 | unwrapped: 50 59 d5 5d 84 72 9d 73 fb bb 93 fc 39 17 f0 df | unwrapped: 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 7f 84 c9 ef | unwrapped: 77 12 15 95 94 21 1e 67 2d e6 61 7b 58 a5 6f b2 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db700 | result: final-key@0x7f5cc800eec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cc800eec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6e8 | result: final-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f5cc800eec0 | prf+N PRF sha final-key@0x564021df9ff0 (size 20) | prf+N: key-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff864db778 | result: result-key@0x7f5cc800eec0 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021e07b90 | prfplus: release old_t[N]-key@0x564021e07b90 | prf+N PRF sha init key-key@0x7f5cc80069f0 (size 20) | prf+N: key-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6f8 | result: clone-key@0x564021e07b90 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x564021dfd2a0 from key-key@0x564021e07b90 | prf+N prf: begin sha with context 0x564021dfd2a0 from key-key@0x564021e07b90 | prf+N: release clone-key@0x564021e07b90 | prf+N PRF sha crypt-prf@0x564021da3880 | prf+N PRF sha update old_t-key@0x564021df9ff0 (size 20) | prf+N: old_t-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021df9ff0 | nss hmac digest hack: symkey-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-2041728192: 1e 39 ffffff9c ffffff8c 11 51 ffffffa5 34 0a 3f ffffff84 5f 7f ffffffa7 1a fffffff1 fffffffb 08 ffffffdf 56 7b ffffffff 2e 54 fffffff6 ffffffcb 1b ffffff9b 3c 3c 57 22 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x564021e17f60 | unwrapped: 96 74 ef de 0f 0e c3 b3 48 26 bb 46 d1 1e ec 81 | unwrapped: 97 96 4b 48 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f5cd0006900 (size 64) | prf+N: seed-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f5cd0006900 | nss hmac digest hack: symkey-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-2041728192: 5f ffffffb6 4a 6f ffffffbd ffffffc4 ffffffb3 5a ffffffe2 2e ffffffdc 1e ffffffb8 6f ffffffd8 03 12 79 49 fffffff8 08 35 ffffffda 5a 6c 67 14 42 ffffffc0 7e ffffff99 52 0c ffffffb2 09 74 6e 6b ffffffcc 19 39 69 69 16 03 ffffffec 44 73 ffffff99 40 57 4b ffffffd1 25 ffffffd4 ffffffeb fffffffd ffffff96 ffffffbf 3a ffffffa0 74 ffffff8d fffffff1 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 64 bytes at 0x564021e1a0f0 | unwrapped: 11 fb d8 80 92 48 63 a3 19 68 72 2b 24 e9 26 b7 | unwrapped: 50 59 d5 5d 84 72 9d 73 fb bb 93 fc 39 17 f0 df | unwrapped: 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 7f 84 c9 ef | unwrapped: 77 12 15 95 94 21 1e 67 2d e6 61 7b 58 a5 6f b2 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db700 | result: final-key@0x564021e06230 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e06230 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6e8 | result: final-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e06230 | prf+N PRF sha final-key@0x564021e07b90 (size 20) | prf+N: key-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f5cc800eec0 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff864db778 | result: result-key@0x564021e06230 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f5cc800eec0 | prfplus: release old_t[N]-key@0x564021df9ff0 | prf+N PRF sha init key-key@0x7f5cc80069f0 (size 20) | prf+N: key-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6f8 | result: clone-key@0x564021df9ff0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x564021dfd2a0 from key-key@0x564021df9ff0 | prf+N prf: begin sha with context 0x564021dfd2a0 from key-key@0x564021df9ff0 | prf+N: release clone-key@0x564021df9ff0 | prf+N PRF sha crypt-prf@0x564021e18180 | prf+N PRF sha update old_t-key@0x564021e07b90 (size 20) | prf+N: old_t-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021e07b90 | nss hmac digest hack: symkey-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-2041728192: ffffffe8 ffffffc5 6f ffffff9c 7a ffffff84 3d ffffff9e 68 ffffffd7 35 3b ffffffae ffffffa1 ffffffe9 ffffff8d ffffffab ffffffa1 ffffffd8 ffffffe8 56 fffffffb 3f ffffff85 ffffff94 32 78 37 fffffff9 6d 78 22 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x564021e1faa0 | unwrapped: 0d ac 22 f4 0d 90 05 4a ab 80 14 24 90 d8 37 88 | unwrapped: 6d 5e 55 15 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f5cd0006900 (size 64) | prf+N: seed-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f5cd0006900 | nss hmac digest hack: symkey-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-2041728192: 5f ffffffb6 4a 6f ffffffbd ffffffc4 ffffffb3 5a ffffffe2 2e ffffffdc 1e ffffffb8 6f ffffffd8 03 12 79 49 fffffff8 08 35 ffffffda 5a 6c 67 14 42 ffffffc0 7e ffffff99 52 0c ffffffb2 09 74 6e 6b ffffffcc 19 39 69 69 16 03 ffffffec 44 73 ffffff99 40 57 4b ffffffd1 25 ffffffd4 ffffffeb fffffffd ffffff96 ffffffbf 3a ffffffa0 74 ffffff8d fffffff1 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 64 bytes at 0x564021e1b3c0 | unwrapped: 11 fb d8 80 92 48 63 a3 19 68 72 2b 24 e9 26 b7 | unwrapped: 50 59 d5 5d 84 72 9d 73 fb bb 93 fc 39 17 f0 df | unwrapped: 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 7f 84 c9 ef | unwrapped: 77 12 15 95 94 21 1e 67 2d e6 61 7b 58 a5 6f b2 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db700 | result: final-key@0x7f5cc800eec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f5cc800eec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6e8 | result: final-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f5cc800eec0 | prf+N PRF sha final-key@0x564021df9ff0 (size 20) | prf+N: key-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021e06230 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff864db778 | result: result-key@0x7f5cc800eec0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x564021e06230 | prfplus: release old_t[N]-key@0x564021e07b90 | prf+N PRF sha init key-key@0x7f5cc80069f0 (size 20) | prf+N: key-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f5cc80069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6f8 | result: clone-key@0x564021e07b90 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x564021dfd2a0 from key-key@0x564021e07b90 | prf+N prf: begin sha with context 0x564021dfd2a0 from key-key@0x564021e07b90 | prf+N: release clone-key@0x564021e07b90 | prf+N PRF sha crypt-prf@0x564021da3880 | prf+N PRF sha update old_t-key@0x564021df9ff0 (size 20) | prf+N: old_t-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x564021df9ff0 | nss hmac digest hack: symkey-key@0x564021df9ff0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-2041728192: ffffffee ffffffba 2f ffffffa5 63 4c ffffff81 ffffffc2 2b 55 ffffffd1 ffffffa0 ffffffd0 fffffffe ffffffd0 ffffffa2 ffffffbb 49 17 5c 04 ffffffd2 5a ffffffc1 20 ffffffde ffffffda ffffffab 26 3d ffffffaa 04 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 32 bytes at 0x564021e1faa0 | unwrapped: 35 e5 b4 7e e0 f2 71 9d 83 1c ae b6 75 eb 16 af | unwrapped: d1 35 81 1d 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f5cd0006900 (size 64) | prf+N: seed-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f5cd0006900 | nss hmac digest hack: symkey-key@0x7f5cd0006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x564021dfdd40 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-2041728192: 5f ffffffb6 4a 6f ffffffbd ffffffc4 ffffffb3 5a ffffffe2 2e ffffffdc 1e ffffffb8 6f ffffffd8 03 12 79 49 fffffff8 08 35 ffffffda 5a 6c 67 14 42 ffffffc0 7e ffffff99 52 0c ffffffb2 09 74 6e 6b ffffffcc 19 39 69 69 16 03 ffffffec 44 73 ffffff99 40 57 4b ffffffd1 25 ffffffd4 ffffffeb fffffffd ffffff96 ffffffbf 3a ffffffa0 74 ffffff8d fffffff1 | nss hmac digest hack: release slot-key-key@0x564021dfdd40 | nss hmac digest hack extracted len 64 bytes at 0x564021e15300 | unwrapped: 11 fb d8 80 92 48 63 a3 19 68 72 2b 24 e9 26 b7 | unwrapped: 50 59 d5 5d 84 72 9d 73 fb bb 93 fc 39 17 f0 df | unwrapped: 93 a8 f6 35 41 c3 07 20 a6 38 c4 00 7f 84 c9 ef | unwrapped: 77 12 15 95 94 21 1e 67 2d e6 61 7b 58 a5 6f b2 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff864db700 | result: final-key@0x564021e06230 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x564021e06230 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db6e8 | result: final-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x564021e06230 | prf+N PRF sha final-key@0x564021e07b90 (size 20) | prf+N: key-key@0x564021e07b90 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f5cc800eec0 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff864db778 | result: result-key@0x564021e06230 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f5cc800eec0 | prfplus: release old_t[N]-key@0x564021df9ff0 | prfplus: release old_t[final]-key@0x564021e07b90 | child_sa_keymat: release data-key@0x7f5cd0006900 | key-offset: 0, key-size: 44 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 44-bytes | base: base-key@0x564021e06230 (100-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db858 | result: result-key@0x7f5cd0006900 (44-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 44 bytes of key@0x7f5cd0006900 | initiator to responder keys: symkey-key@0x7f5cd0006900 (44-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x564021dfdd40 (44-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)540161312: ffffff98 ffffff98 ffffffbe 14 ffffff94 01 5d 43 fffffff1 70 5b ffffffac ffffffc4 0b 55 ffffffdd 12 61 ffffffdc 17 ffffff9b 46 2d 53 68 19 27 39 ffffffdc 59 68 60 ffffffd7 50 ffffffe6 ffffffa3 14 ffffffb9 6b 2b 5c 52 ffffff87 fffffffa ffffffa9 ffffffc2 ffffff89 0b | initiator to responder keys: release slot-key-key@0x564021dfdd40 | initiator to responder keys extracted len 48 bytes at 0x564021e17fb0 | unwrapped: b6 10 4a 0d cc 72 8b 38 f0 ec c8 dc 59 49 27 78 | unwrapped: 4d b8 2d 3b 96 74 ef de 0f 0e c3 b3 48 26 bb 46 | unwrapped: d1 1e ec 81 97 96 4b 48 0d ac 22 f4 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x7f5cd0006900 | key-offset: 44, key-size: 44 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 44-bytes | base: base-key@0x564021e06230 (100-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864db858 | result: result-key@0x7f5cd0006900 (44-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 44 bytes of key@0x7f5cd0006900 | responder to initiator keys:: symkey-key@0x7f5cd0006900 (44-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x564021d7a080 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x564021dfdd40 (44-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)540161312: ffffff84 ffffffc0 ffffff85 ffffff8b ffffffbc ffffffa2 ffffff9f ffffffb1 ffffffc7 ffffffac ffffffe9 63 7c ffffffe5 ffffffaa fffffff0 ffffffee ffffffba 2f ffffffa5 63 4c ffffff81 ffffffc2 2b 55 ffffffd1 ffffffa0 ffffffd0 fffffffe ffffffd0 ffffffa2 ffffffb8 2a 23 ffffffb8 ffffffa2 11 71 ffffffbd fffffff4 44 ffffffbd fffffff7 2b ffffffd9 1f 1a | responder to initiator keys:: release slot-key-key@0x564021dfdd40 | responder to initiator keys: extracted len 48 bytes at 0x564021e1b410 | unwrapped: 0d 90 05 4a ab 80 14 24 90 d8 37 88 6d 5e 55 15 | unwrapped: 35 e5 b4 7e e0 f2 71 9d 83 1c ae b6 75 eb 16 af | unwrapped: d1 35 81 1d bd 8c 16 57 cb 7b 63 49 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x7f5cd0006900 | ikev2_derive_child_keys: release keymat-key@0x564021e06230 | #21 spent 2.35 milliseconds | install_ipsec_sa() for #22: inbound and outbound | could_route called for 3des (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn 3des mark 0/00000000, 0/00000000 vs | conn 3des mark 0/00000000, 0/00000000 | route owner of "3des" unrouted: NULL; eroute owner: NULL | looking for alg with encrypt: 3DES_CBC keylen: 192 integ: HMAC_SHA1_96 | encrypt 3DES_CBC keylen=192 transid=3, key_size=24, encryptalg=3 | st->st_esp.keymat_len=44 is encrypt_keymat_size=24 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection '3des' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.44f6520a@192.1.2.23 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: 3DES_CBC keylen: 192 integ: HMAC_SHA1_96 | encrypt 3DES_CBC keylen=192 transid=3, key_size=24, encryptalg=3 | st->st_esp.keymat_len=44 is encrypt_keymat_size=24 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection '3des' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.7b0b5dcb@192.1.2.45 included non-error error | priority calculation of connection "3des" is 0xfe7e7 | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #22: unrouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn 3des mark 0/00000000, 0/00000000 vs | conn 3des mark 0/00000000, 0/00000000 | route owner of "3des" unrouted: NULL; eroute owner: NULL | route_and_eroute with c: 3des (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #22 | priority calculation of connection "3des" is 0xfe7e7 | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16428' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x44f6520a SPI_OUT=0x | popen cmd is 1023 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFA: | cmd( 80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' : | cmd( 160):PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_M: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1642: | cmd( 320):8' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_: | cmd( 400):CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK=': | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+: | cmd( 640):IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PL: | cmd( 720):UTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS: | cmd( 800):_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLU: | cmd( 880):TO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR: | cmd( 960):ED='no' SPI_IN=0x44f6520a SPI_OUT=0x7b0b5dcb ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | running updown command "ipsec _updown" for verb prepare | command executing prepare-client | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16428' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x44f6520a | popen cmd is 1028 chars long | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_IN: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@w: | cmd( 160):est' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLI: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: | cmd( 320):'16428' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_: | cmd( 400):PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_M: | cmd( 480):ASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='': | cmd( 560): PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PF: | cmd( 640):S+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANEN: | cmd( 720):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: | cmd( 800):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: | cmd( 880):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: | cmd( 960):_SHARED='no' SPI_IN=0x44f6520a SPI_OUT=0x7b0b5dcb ipsec _updown 2>&1: | running updown command "ipsec _updown" for verb route | command executing route-client | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16428' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x44f6520a SPI_ | popen cmd is 1026 chars long | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTE: | cmd( 80):RFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@wes: | cmd( 160):t' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIEN: | cmd( 240):T_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1: | cmd( 320):6428' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PE: | cmd( 400):ER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MAS: | cmd( 480):K='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' P: | cmd( 560):LUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+: | cmd( 640):UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT': | cmd( 720): PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_: | cmd( 800):DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' : | cmd( 880):PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S: | cmd( 960):HARED='no' SPI_IN=0x44f6520a SPI_OUT=0x7b0b5dcb ipsec _updown 2>&1: | route_and_eroute: instance "3des", setting eroute_owner {spd=0x564021e15b10,sr=0x564021e15b10} to #22 (was #0) (newest_ipsec_sa=#0) | #21 spent 0.865 milliseconds in install_ipsec_sa() | inR2: instance 3des[0], setting IKEv2 newest_ipsec_sa to #22 (was #0) (spd.eroute=#22) cloned from #21 | state #22 requesting EVENT_RETRANSMIT to be deleted | #22 STATE_PARENT_I2: retransmits: cleared | libevent_free: release ptr-libevent@0x7f5cb80068c0 | free_event_entry: release EVENT_RETRANSMIT-pe@0x564021e1fb00 | #22 spent 2.9 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() | [RE]START processing: state #22 connection "3des" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #22 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I | child state #22: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) | Message ID: updating counters for #22 to 1 after switching state | Message ID: recv #21.#22 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 | Message ID: #21.#22 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 | pstats #22 ikev2.child established "3des" #22: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] | NAT-T: encaps is 'auto' "3des" #22: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x44f6520a <0x7b0b5dcb xfrm=3DES_CBC-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | releasing whack for #22 (sock=fd@25) | close_any(fd@25) (in release_whack() at state.c:654) | releasing whack and unpending for parent #21 | unpending state #21 connection "3des" | delete from pending Child SA with 192.1.2.23 "3des" | removing pending policy for no connection {0x7f5cc8002d20} | close_any(fd@24) (in release_whack() at state.c:654) | #22 will start re-keying in 27961 seconds with margin of 839 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x564021e1fb00 | inserting event EVENT_SA_REKEY, timeout in 27961 seconds for #22 | libevent_malloc: new ptr-libevent@0x7f5cb80068c0 size 128 | stop processing: state #22 connection "3des" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #21 spent 3.34 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 3.36 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.0043 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00276 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00272 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | get_sa_info esp.7b0b5dcb@192.1.2.45 | get_sa_info esp.44f6520a@192.1.2.23 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0901 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in terminate_a_connection() at terminate.c:69) "3des": terminating SAs using this connection | connection '3des' -POLICY_UP | FOR_EACH_STATE_... in shared_phase1_connection | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #22 | suspend processing: connection "3des" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #22 connection "3des" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #22 ikev2.child deleted completed | #22 spent 2.9 milliseconds in total | [RE]START processing: state #22 connection "3des" from 192.1.2.23:500 (in delete_state() at state.c:879) "3des" #22: deleting state (STATE_V2_IPSEC_I) aged 0.323s and sending notification | child state #22: V2_IPSEC_I(established CHILD SA) => delete | get_sa_info esp.44f6520a@192.1.2.23 | get_sa_info esp.7b0b5dcb@192.1.2.45 "3des" #22: ESP traffic information: in=84B out=84B | #22 send IKEv2 delete notification for STATE_V2_IPSEC_I | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | a5 70 a7 02 5a 87 dd 89 | responder cookie: | 61 87 c1 53 46 1c 40 b4 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting 4 raw bytes of local spis into IKEv2 Delete Payload | local spis 7b 0b 5d cb | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 40 | emitting length of ISAKMP Message: 68 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 52 65 51 c0 e5 be 98 16 | data before encryption: | 00 00 00 0c 03 04 00 01 7b 0b 5d cb 00 01 02 03 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | 61 49 30 02 49 2c 48 7e 0e 0b 08 07 a9 28 03 08 | hmac PRF sha init symkey-key@0x564021dfb870 (size 20) | hmac: symkey-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864d8698 | result: clone-key@0x564021e06230 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564021dfd2a0 from symkey-key@0x564021e06230 | hmac prf: begin sha with context 0x564021dfd2a0 from symkey-key@0x564021e06230 | hmac: release clone-key@0x564021e06230 | hmac PRF sha crypt-prf@0x564021e18160 | hmac PRF sha update data-bytes@0x7fff864d8a70 (length 56) | a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | 52 65 51 c0 e5 be 98 16 61 49 30 02 49 2c 48 7e | 0e 0b 08 07 a9 28 03 08 | hmac PRF sha final-bytes@0x7fff864d8aa8 (length 20) | 61 46 6f d4 1f 12 7f 0f 06 01 e2 85 ac 77 6f ec | cc 40 a0 cb | data being hmac: a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | data being hmac: 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | data being hmac: 52 65 51 c0 e5 be 98 16 61 49 30 02 49 2c 48 7e | data being hmac: 0e 0b 08 07 a9 28 03 08 | out calculated auth: | 61 46 6f d4 1f 12 7f 0f 06 01 e2 85 | sending 68 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #22) | a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | 52 65 51 c0 e5 be 98 16 61 49 30 02 49 2c 48 7e | 0e 0b 08 07 a9 28 03 08 61 46 6f d4 1f 12 7f 0f | 06 01 e2 85 | Message ID: IKE #21 sender #22 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 | Message ID: IKE #21 sender #22 in send_delete hacking around record ' send | Message ID: sent #21 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->2 wip.responder=-1 | state #22 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7f5cb80068c0 | free_event_entry: release EVENT_SA_REKEY-pe@0x564021e1fb00 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16428' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050314' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x44f6520a | popen cmd is 1031 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west: | cmd( 160):' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):428' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='1569050314' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUN: | cmd( 640):NEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMA: | cmd( 720):NENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_: | cmd( 800):PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER: | cmd( 880):='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' : | cmd( 960):VTI_SHARED='no' SPI_IN=0x44f6520a SPI_OUT=0x7b0b5dcb ipsec _updown 2>&1: | shunt_eroute() called for connection '3des' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 | priority calculation of connection "3des" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.44f6520a@192.1.2.23 | netlink response for Del SA esp.44f6520a@192.1.2.23 included non-error error | priority calculation of connection "3des" is 0xfe7e7 | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | delete esp.7b0b5dcb@192.1.2.45 | netlink response for Del SA esp.7b0b5dcb@192.1.2.45 included non-error error | stop processing: connection "3des" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection 3des | State DB: deleting IKEv2 state #22 in V2_IPSEC_I | child state #22: V2_IPSEC_I(established CHILD SA) => UNDEFINED(ignore) | stop processing: state #22 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f5cc80069f0 | delete_state: release st->st_skey_ai_nss-key@0x564021dfb870 | delete_state: release st->st_skey_ar_nss-key@0x564021e01140 | delete_state: release st->st_skey_ei_nss-key@0x564021e19e70 | delete_state: release st->st_skey_er_nss-key@0x564021e04570 | delete_state: release st->st_skey_pi_nss-key@0x7f5cc800a510 | delete_state: release st->st_skey_pr_nss-key@0x564021e1e110 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #21 | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #21 | start processing: state #21 connection "3des" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #21 ikev2.ike deleted completed | #21 spent 9.8 milliseconds in total | [RE]START processing: state #21 connection "3des" from 192.1.2.23:500 (in delete_state() at state.c:879) "3des" #21: deleting state (STATE_PARENT_I3) aged 0.363s and sending notification | parent state #21: PARENT_I3(established IKE SA) => delete | #21 send IKEv2 delete notification for STATE_PARENT_I3 | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | a5 70 a7 02 5a 87 dd 89 | responder cookie: | 61 87 c1 53 46 1c 40 b4 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting length of IKEv2 Delete Payload: 8 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 40 | emitting length of ISAKMP Message: 68 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | df 6f 31 60 fc 18 3b 3f | data before encryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | 40 08 08 7e 05 b2 98 03 ed 7f 08 db 5c 07 c6 84 | hmac PRF sha init symkey-key@0x564021dfb870 (size 20) | hmac: symkey-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x564021dfb870 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff864d8698 | result: clone-key@0x564021e06230 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x564021dfd2a0 from symkey-key@0x564021e06230 | hmac prf: begin sha with context 0x564021dfd2a0 from symkey-key@0x564021e06230 | hmac: release clone-key@0x564021e06230 | hmac PRF sha crypt-prf@0x564021da38a0 | hmac PRF sha update data-bytes@0x7fff864d8a70 (length 56) | a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | df 6f 31 60 fc 18 3b 3f 40 08 08 7e 05 b2 98 03 | ed 7f 08 db 5c 07 c6 84 | hmac PRF sha final-bytes@0x7fff864d8aa8 (length 20) | f1 5b 38 2d 13 73 4e 36 ae 45 68 db 7e 2f 6e af | b9 85 f5 df | data being hmac: a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | data being hmac: 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | data being hmac: df 6f 31 60 fc 18 3b 3f 40 08 08 7e 05 b2 98 03 | data being hmac: ed 7f 08 db 5c 07 c6 84 | out calculated auth: | f1 5b 38 2d 13 73 4e 36 ae 45 68 db | sending 68 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #21) | a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | df 6f 31 60 fc 18 3b 3f 40 08 08 7e 05 b2 98 03 | ed 7f 08 db 5c 07 c6 84 f1 5b 38 2d 13 73 4e 36 | ae 45 68 db | Message ID: IKE #21 sender #21 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 | Message ID: IKE #21 sender #21 in send_delete hacking around record ' send | Message ID: #21 XXX: expecting sender.wip.initiator 2 == -1 - suspect record'n'send out-of-order?); initiator.sent=3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=3 wip.responder=-1 | Message ID: sent #21 request 3; ike: initiator.sent=2->3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=2->3 wip.responder=-1 | state #21 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7f5cbc008840 | free_event_entry: release EVENT_SA_REKEY-pe@0x564021e16cc0 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection 3des | State DB: deleting IKEv2 state #21 in PARENT_I3 | parent state #21: PARENT_I3(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f5cbc0010c0: destroyed | stop processing: state #21 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x7f5cc800d640 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f5cc80069f0 | delete_state: release st->st_skey_ai_nss-key@0x564021dfb870 | delete_state: release st->st_skey_ar_nss-key@0x564021e01140 | delete_state: release st->st_skey_ei_nss-key@0x564021e19e70 | delete_state: release st->st_skey_er_nss-key@0x564021e04570 | delete_state: release st->st_skey_pi_nss-key@0x7f5cc800a510 | delete_state: release st->st_skey_pr_nss-key@0x564021e1e110 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.27 milliseconds in whack | spent 0.0016 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 68 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | 2e 20 25 20 00 00 00 02 00 00 00 44 2a 00 00 28 | 1b e9 e6 9e f3 88 c2 04 96 2a 11 64 e5 88 44 91 | dc e1 92 62 a1 71 4b fe 92 9b 37 f1 7e dd 1e f7 | 92 08 7d 19 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | a5 70 a7 02 5a 87 dd 89 | responder cookie: | 61 87 c1 53 46 1c 40 b4 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | length: 68 (0x44) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0649 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00429 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00193 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 60 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | a5 70 a7 02 5a 87 dd 89 61 87 c1 53 46 1c 40 b4 | 2e 20 25 20 00 00 00 03 00 00 00 3c 00 00 00 20 | 92 74 09 05 4f a4 7c a9 d4 65 56 05 f5 d5 c0 8a | eb f0 79 7a b9 8e 13 91 15 84 bc f5 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | a5 70 a7 02 5a 87 dd 89 | responder cookie: | 61 87 c1 53 46 1c 40 b4 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | length: 60 (0x3c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0611 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in terminate_a_connection() at terminate.c:69) "3des": terminating SAs using this connection | connection '3des' -POLICY_UP | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | stop processing: connection "3des" (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | shunt_eroute() called for connection '3des' to 'delete' for rt_kind 'unrouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 | priority calculation of connection "3des" is 0xfe7e7 | priority calculation of connection "3des" is 0xfe7e7 | FOR_EACH_CONNECTION_... in route_owner | conn 3des mark 0/00000000, 0/00000000 vs | conn 3des mark 0/00000000, 0/00000000 | route owner of "3des" unrouted: NULL | running updown command "ipsec _updown" for verb unroute | command executing unroute-client | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16428' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0 | popen cmd is 1012 chars long | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_IN: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@w: | cmd( 160):est' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLI: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: | cmd( 320):'16428' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO: | cmd( 400):_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_: | cmd( 480):MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=': | cmd( 560):' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+P: | cmd( 640):FS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT': | cmd( 720): PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_: | cmd( 800):DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' : | cmd( 880):PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S: | cmd( 960):HARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. | free hp@0x564021e17eb0 | flush revival: connection '3des' wasn't on the list | stop processing: connection "3des" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.14 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00443 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | ike-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0626 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + delete-on-retransmit | base impairing = delete-on-retransmit | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0512 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | ike-key-length-attribute:192 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.049 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection 3des with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: 3DES_CBC-HMAC_SHA1-MODP2048 | from whack: got --esp=3des-sha1;modp2048 | ESP/AH string values: 3DES_CBC-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x564021e16c10 added connection description "3des" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.116 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in initiate_a_connection() at initiate.c:186) | connection '3des' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #23 at 0x564021e16060 | State DB: adding IKEv2 state #23 in UNDEFINED | pstats #23 ikev2.ike started | Message ID: init #23: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #23: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #23; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "3des" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #23 connection "3des" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "3des" IKE SA #23 "3des" "3des" #23: initiating v2 parent SA | constructing local IKE proposals for 3des (IKE SA initiator selecting KE) | converting ike_info 3DES_CBC-HMAC_SHA1-MODP2048 to ikev2 ... | omitting IKEv2 PROTO_v2_IKE 3des_cbc ENCRYPT transform key-length | ... ikev2_proposal: 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "3des": constructed local IKE proposals for 3des (IKE SA initiator selecting KE): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 23 for state #23 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564021e1b410 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #23 | libevent_malloc: new ptr-libevent@0x7f5cb80068c0 size 128 | #23 spent 0.104 milliseconds in ikev2_parent_outI1() | crypto helper 3 resuming | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 3 starting work-order 23 for state #23 | RESET processing: state #23 connection "3des" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 3 doing build KE and nonce (ikev2_outI1 KE); request ID 23 | RESET processing: connection "3des" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | close_any(fd@23) (in initiate_connection() at initiate.c:372) | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | spent 0.196 milliseconds in whack | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f5cc80018a0: created | NSS: Local DH MODP2048 secret (pointer): 0x7f5cc80018a0 | NSS: Public DH wire value: | 28 06 3d 66 7e d1 93 08 36 2f e4 1d bf 5d b2 27 | 35 c5 8e 60 e6 1d 68 33 52 49 e7 c2 a2 6d 6d 51 | 90 55 72 c4 00 56 ff 8c 64 ff ab 3d 04 9c bf 43 | 90 db 9d 2d 88 5e a0 9a 39 12 a0 ab ae 0f c4 2c | b7 3b 26 4d 7c cc 99 87 80 a1 d0 aa 65 e8 47 6a | 47 99 29 24 40 13 15 8e c0 f8 d8 cc 23 c5 89 e1 | 3b 04 61 9d 14 4a ac 7f 2c b4 a5 ad 25 3f d5 cd | 2c 5b 0a 4f a6 e0 62 2a 4d d8 ed 11 e6 cd 3c c7 | 34 6b df 92 0c 81 5b 26 86 f9 a4 4d bf 5f ef 7e | c4 a5 0d 78 cc 14 ca 1a b1 e6 53 2d 20 76 e9 da | 85 b6 b5 dc 74 bc 69 51 56 ba 6f 2d e4 ab 25 b5 | d9 91 89 2d a2 d3 da 5a c7 eb e7 77 df 7d 2a 52 | 0a 15 dc 07 0c d0 e5 98 cb fa 7f e1 91 4f 61 3e | 26 ae 20 e3 93 27 9e da dd 92 75 88 64 c2 87 86 | 85 2e 8c de e8 2c cf a0 c6 4a 8a 0f 9d ad 17 af | 9f 33 0d 35 51 9e e6 fe 16 0b e4 b0 a3 b5 00 90 | Generated nonce: be cd 92 62 41 3d a4 fd 29 5d ab 8d c9 4e 5d 8a | Generated nonce: 39 01 33 54 7d 6a af 8e e0 7b 3d 32 79 9b 17 3b | crypto helper 3 finished build KE and nonce (ikev2_outI1 KE); request ID 23 time elapsed 0.000968 seconds | (#23) spent 0.959 milliseconds in crypto helper computing work-order 23: ikev2_outI1 KE (pcr) | crypto helper 3 sending results from work-order 23 for state #23 to event queue | scheduling resume sending helper answer for #23 | libevent_malloc: new ptr-libevent@0x7f5cc800fd00 size 128 | crypto helper 3 waiting (nothing to do) | processing resume sending helper answer for #23 | start processing: state #23 connection "3des" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 23 | calling continuation function 0x564020443630 | ikev2_parent_outI1_continue for #23 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f5cc80018a0: transferring ownership from helper KE to state #23 | **emit ISAKMP Message: | initiator cookie: | a3 08 92 f5 70 72 62 39 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection 3des (IKE SA initiator emitting local proposals): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "3des" #23: IMPAIR: emitting fixed-length key-length attribute with 192 key | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 192 (0xc0) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 28 06 3d 66 7e d1 93 08 36 2f e4 1d bf 5d b2 27 | ikev2 g^x 35 c5 8e 60 e6 1d 68 33 52 49 e7 c2 a2 6d 6d 51 | ikev2 g^x 90 55 72 c4 00 56 ff 8c 64 ff ab 3d 04 9c bf 43 | ikev2 g^x 90 db 9d 2d 88 5e a0 9a 39 12 a0 ab ae 0f c4 2c | ikev2 g^x b7 3b 26 4d 7c cc 99 87 80 a1 d0 aa 65 e8 47 6a | ikev2 g^x 47 99 29 24 40 13 15 8e c0 f8 d8 cc 23 c5 89 e1 | ikev2 g^x 3b 04 61 9d 14 4a ac 7f 2c b4 a5 ad 25 3f d5 cd | ikev2 g^x 2c 5b 0a 4f a6 e0 62 2a 4d d8 ed 11 e6 cd 3c c7 | ikev2 g^x 34 6b df 92 0c 81 5b 26 86 f9 a4 4d bf 5f ef 7e | ikev2 g^x c4 a5 0d 78 cc 14 ca 1a b1 e6 53 2d 20 76 e9 da | ikev2 g^x 85 b6 b5 dc 74 bc 69 51 56 ba 6f 2d e4 ab 25 b5 | ikev2 g^x d9 91 89 2d a2 d3 da 5a c7 eb e7 77 df 7d 2a 52 | ikev2 g^x 0a 15 dc 07 0c d0 e5 98 cb fa 7f e1 91 4f 61 3e | ikev2 g^x 26 ae 20 e3 93 27 9e da dd 92 75 88 64 c2 87 86 | ikev2 g^x 85 2e 8c de e8 2c cf a0 c6 4a 8a 0f 9d ad 17 af | ikev2 g^x 9f 33 0d 35 51 9e e6 fe 16 0b e4 b0 a3 b5 00 90 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce be cd 92 62 41 3d a4 fd 29 5d ab 8d c9 4e 5d 8a | IKEv2 nonce 39 01 33 54 7d 6a af 8e e0 7b 3d 32 79 9b 17 3b | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864dbf00 (length 8) | a3 08 92 f5 70 72 62 39 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864dbf08 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff864dbe34 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff864dbe26 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864dbeb0 (length 20) | a1 b4 93 31 19 da 58 ac 53 11 59 85 cb af 6e 31 | fa 44 a8 83 | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= a3 08 92 f5 70 72 62 39 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= a1 b4 93 31 19 da 58 ac 53 11 59 85 cb af 6e 31 | natd_hash: hash= fa 44 a8 83 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data a1 b4 93 31 19 da 58 ac 53 11 59 85 cb af 6e 31 | Notify data fa 44 a8 83 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864dbf00 (length 8) | a3 08 92 f5 70 72 62 39 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864dbf08 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff864dbe34 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff864dbe26 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864dbeb0 (length 20) | 94 35 8a 7a 0c d9 cf 01 0c 85 fa ff 79 42 0b 0d | 84 0a 36 9c | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= a3 08 92 f5 70 72 62 39 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 94 35 8a 7a 0c d9 cf 01 0c 85 fa ff 79 42 0b 0d | natd_hash: hash= 84 0a 36 9c | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 94 35 8a 7a 0c d9 cf 01 0c 85 fa ff 79 42 0b 0d | Notify data 84 0a 36 9c | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #23 connection "3des" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #23 connection "3des" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #23 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #23: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #23 to 4294967295 after switching state | Message ID: IKE #23 skipping update_recv as MD is fake | Message ID: sent #23 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "3des" #23: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #23) | a3 08 92 f5 70 72 62 39 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 c0 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 28 06 3d 66 7e d1 93 08 36 2f e4 1d | bf 5d b2 27 35 c5 8e 60 e6 1d 68 33 52 49 e7 c2 | a2 6d 6d 51 90 55 72 c4 00 56 ff 8c 64 ff ab 3d | 04 9c bf 43 90 db 9d 2d 88 5e a0 9a 39 12 a0 ab | ae 0f c4 2c b7 3b 26 4d 7c cc 99 87 80 a1 d0 aa | 65 e8 47 6a 47 99 29 24 40 13 15 8e c0 f8 d8 cc | 23 c5 89 e1 3b 04 61 9d 14 4a ac 7f 2c b4 a5 ad | 25 3f d5 cd 2c 5b 0a 4f a6 e0 62 2a 4d d8 ed 11 | e6 cd 3c c7 34 6b df 92 0c 81 5b 26 86 f9 a4 4d | bf 5f ef 7e c4 a5 0d 78 cc 14 ca 1a b1 e6 53 2d | 20 76 e9 da 85 b6 b5 dc 74 bc 69 51 56 ba 6f 2d | e4 ab 25 b5 d9 91 89 2d a2 d3 da 5a c7 eb e7 77 | df 7d 2a 52 0a 15 dc 07 0c d0 e5 98 cb fa 7f e1 | 91 4f 61 3e 26 ae 20 e3 93 27 9e da dd 92 75 88 | 64 c2 87 86 85 2e 8c de e8 2c cf a0 c6 4a 8a 0f | 9d ad 17 af 9f 33 0d 35 51 9e e6 fe 16 0b e4 b0 | a3 b5 00 90 29 00 00 24 be cd 92 62 41 3d a4 fd | 29 5d ab 8d c9 4e 5d 8a 39 01 33 54 7d 6a af 8e | e0 7b 3d 32 79 9b 17 3b 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 a1 b4 93 31 19 da 58 ac | 53 11 59 85 cb af 6e 31 fa 44 a8 83 00 00 00 1c | 00 00 40 05 94 35 8a 7a 0c d9 cf 01 0c 85 fa ff | 79 42 0b 0d 84 0a 36 9c | state #23 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f5cb80068c0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564021e1b410 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x564021e1b410 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #23 | libevent_malloc: new ptr-libevent@0x7f5cb80068c0 size 128 | #23 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48962.413199 | resume sending helper answer for #23 suppresed complete_v2_state_transition() and stole MD | #23 spent 0.495 milliseconds in resume sending helper answer | stop processing: state #23 connection "3des" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5cc800fd00 | spent 0.00187 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | a3 08 92 f5 70 72 62 39 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | a3 08 92 f5 70 72 62 39 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #23 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #23 connection "3des" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #23 connection "3des" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #23 is idle | #23 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #23 IKE SPIi and SPI[ir] | #23 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "3des" #23: STATE_PARENT_I1: received unauthenticated v2N_NO_PROPOSAL_CHOSEN - ignored | #23 spent 0.00953 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #23 connection "3des" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #23 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #23 connection "3des" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #23 spent 0.138 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.152 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x564021e1b410 | handling event EVENT_RETRANSMIT for parent state #23 | start processing: state #23 connection "3des" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) | IKEv2 retransmit event | [RE]START processing: state #23 connection "3des" from 192.1.2.23:500 (in retransmit_v2_msg() at retry.c:144) | handling event EVENT_RETRANSMIT for 192.1.2.23 "3des" #23 attempt 2 of 0 | and parent for 192.1.2.23 "3des" #23 keying attempt 1 of 0; retransmit 1 "3des" #23: IMPAIR: retransmit so deleting SA | maximum number of keyingtries reached - deleting state | [RE]START processing: state #23 connection "3des" from 192.1.2.23:500 (in retransmit_v2_msg() at retry.c:234) | pstats #23 ikev2.ike failed too-many-retransmits | pstats #23 ikev2.ike deleted too-many-retransmits | #23 spent 1.7 milliseconds in total | [RE]START processing: state #23 connection "3des" from 192.1.2.23:500 (in delete_state() at state.c:879) "3des" #23: deleting state (STATE_PARENT_I1) aged 0.502s and NOT sending notification | parent state #23: PARENT_I1(half-open IKE SA) => delete | in connection_discard for connection 3des | close_any(fd@25) (in delete_pending() at pending.c:244) | removing pending policy for "3des" {0x7f5cc8002d20} | State DB: IKEv2 state not found (flush_incomplete_children) | picked newest_isakmp_sa #0 for #23 "3des" #23: deleting IKE SA for connection '3des' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS | add revival: connection '3des' added to the list and scheduled for 0 seconds | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds | in connection_discard for connection 3des | State DB: deleting IKEv2 state #23 in PARENT_I1 | parent state #23: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | close_any(fd@24) (in release_whack() at state.c:654) | DH secret MODP2048@0x7f5cc80018a0: destroyed | stop processing: state #23 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | libevent_free: release ptr-libevent@0x7f5cb80068c0 | free_event_entry: release EVENT_RETRANSMIT-pe@0x564021e1b410 | in statetime_stop() and could not find #23 | processing: STOP state #0 (in timer_event_cb() at timer.c:557) | processing global timer EVENT_REVIVE_CONNS Initiating connection 3des which received a Delete/Notify but must remain up per local policy | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in initiate_a_connection() at initiate.c:186) | connection '3des' +POLICY_UP | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #24 at 0x564021e1a900 | State DB: adding IKEv2 state #24 in UNDEFINED | pstats #24 ikev2.ike started | Message ID: init #24: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #24: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #24; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "3des" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #24 connection "3des" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "3des" IKE SA #24 "3des" "3des" #24: initiating v2 parent SA | using existing local IKE proposals for connection 3des (IKE SA initiator selecting KE): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 24 for state #24 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564021e1b410 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #24 | libevent_malloc: new ptr-libevent@0x7f5cc800fd00 size 128 | #24 spent 0.0838 milliseconds in ikev2_parent_outI1() | crypto helper 4 resuming | crypto helper 4 starting work-order 24 for state #24 | crypto helper 4 doing build KE and nonce (ikev2_outI1 KE); request ID 24 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f5ccc000d60: created | NSS: Local DH MODP2048 secret (pointer): 0x7f5ccc000d60 | NSS: Public DH wire value: | 83 67 02 08 fe fa 26 2c 21 11 36 f0 2f 38 e1 66 | 58 ea d1 f8 80 8f 29 67 35 b5 be 7e 1e 14 db 3c | 72 a2 9a 93 a6 d8 12 26 0a 01 f0 0a fc 89 f9 92 | a1 57 b8 49 50 10 35 57 ad a3 f5 07 e8 5e 0e d4 | 11 57 2b 77 af 5d 62 7b 16 d6 f5 67 11 27 a6 38 | fb f7 af 2d 2c 3d 97 19 9c 9f b4 99 75 1d c3 b8 | a3 77 76 0c 9d 45 cb fb 78 28 5d 62 c9 cc 73 3d | 7e f6 bf a5 e7 e6 f7 6f 60 0f e2 9b fe 9e 4a de | ab 5b 70 1d 45 0b 80 c2 bd 1a 3d 93 b7 b3 59 76 | 1e 46 64 19 e2 d8 8c 81 b5 3e fd 15 db 5c 74 6e | 89 2b 18 8e 01 a7 06 50 6a 73 6d 4f 4c 8c c8 3f | b8 e3 3f 07 bf 26 35 c2 30 b8 ae 1e 3c bb 7a 48 | 97 eb 0f da 54 6e 0e 6d 9b e4 e9 d5 ed e2 42 8c | 7a 18 ed 02 22 a2 45 6a eb 73 a7 59 d3 02 b4 c1 | 25 b7 e3 81 fc f7 7c 8e 58 62 41 f7 03 05 7e 37 | f5 b8 25 3d 40 36 b4 80 61 b2 63 cf d0 11 62 b6 | Generated nonce: 06 da 58 94 9c d6 7f df ec 95 b6 78 b6 81 1f f9 | Generated nonce: f3 92 aa 52 4b cb a4 f5 a9 8f 6f 14 b4 08 94 5e | crypto helper 4 finished build KE and nonce (ikev2_outI1 KE); request ID 24 time elapsed 0.001037 seconds | (#24) spent 1.04 milliseconds in crypto helper computing work-order 24: ikev2_outI1 KE (pcr) | crypto helper 4 sending results from work-order 24 for state #24 to event queue | scheduling resume sending helper answer for #24 | libevent_malloc: new ptr-libevent@0x7f5ccc0067e0 size 128 | crypto helper 4 waiting (nothing to do) | RESET processing: state #24 connection "3des" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "3des" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | spent 0.108 milliseconds in global timer EVENT_REVIVE_CONNS | processing resume sending helper answer for #24 | start processing: state #24 connection "3des" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 4 replies to request ID 24 | calling continuation function 0x564020443630 | ikev2_parent_outI1_continue for #24 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f5ccc000d60: transferring ownership from helper KE to state #24 | **emit ISAKMP Message: | initiator cookie: | d5 47 a6 34 3e 72 71 10 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection 3des (IKE SA initiator emitting local proposals): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "3des" #24: IMPAIR: emitting fixed-length key-length attribute with 192 key | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 192 (0xc0) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 83 67 02 08 fe fa 26 2c 21 11 36 f0 2f 38 e1 66 | ikev2 g^x 58 ea d1 f8 80 8f 29 67 35 b5 be 7e 1e 14 db 3c | ikev2 g^x 72 a2 9a 93 a6 d8 12 26 0a 01 f0 0a fc 89 f9 92 | ikev2 g^x a1 57 b8 49 50 10 35 57 ad a3 f5 07 e8 5e 0e d4 | ikev2 g^x 11 57 2b 77 af 5d 62 7b 16 d6 f5 67 11 27 a6 38 | ikev2 g^x fb f7 af 2d 2c 3d 97 19 9c 9f b4 99 75 1d c3 b8 | ikev2 g^x a3 77 76 0c 9d 45 cb fb 78 28 5d 62 c9 cc 73 3d | ikev2 g^x 7e f6 bf a5 e7 e6 f7 6f 60 0f e2 9b fe 9e 4a de | ikev2 g^x ab 5b 70 1d 45 0b 80 c2 bd 1a 3d 93 b7 b3 59 76 | ikev2 g^x 1e 46 64 19 e2 d8 8c 81 b5 3e fd 15 db 5c 74 6e | ikev2 g^x 89 2b 18 8e 01 a7 06 50 6a 73 6d 4f 4c 8c c8 3f | ikev2 g^x b8 e3 3f 07 bf 26 35 c2 30 b8 ae 1e 3c bb 7a 48 | ikev2 g^x 97 eb 0f da 54 6e 0e 6d 9b e4 e9 d5 ed e2 42 8c | ikev2 g^x 7a 18 ed 02 22 a2 45 6a eb 73 a7 59 d3 02 b4 c1 | ikev2 g^x 25 b7 e3 81 fc f7 7c 8e 58 62 41 f7 03 05 7e 37 | ikev2 g^x f5 b8 25 3d 40 36 b4 80 61 b2 63 cf d0 11 62 b6 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 06 da 58 94 9c d6 7f df ec 95 b6 78 b6 81 1f f9 | IKEv2 nonce f3 92 aa 52 4b cb a4 f5 a9 8f 6f 14 b4 08 94 5e | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864dbf00 (length 8) | d5 47 a6 34 3e 72 71 10 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864dbf08 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff864dbe34 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff864dbe26 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864dbeb0 (length 20) | 8c 48 39 67 6e a6 89 8c 8d fc f9 8a c9 21 28 c7 | 21 05 51 f5 | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= d5 47 a6 34 3e 72 71 10 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 8c 48 39 67 6e a6 89 8c 8d fc f9 8a c9 21 28 c7 | natd_hash: hash= 21 05 51 f5 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 8c 48 39 67 6e a6 89 8c 8d fc f9 8a c9 21 28 c7 | Notify data 21 05 51 f5 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff864dbf00 (length 8) | d5 47 a6 34 3e 72 71 10 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff864dbf08 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff864dbe34 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff864dbe26 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff864dbeb0 (length 20) | 79 ef b8 a3 3a 99 63 fc 31 11 85 a6 cb 6b 7e 2b | 4c 1e e5 d1 | natd_hash: hasher=0x5640205197a0(20) | natd_hash: icookie= d5 47 a6 34 3e 72 71 10 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 79 ef b8 a3 3a 99 63 fc 31 11 85 a6 cb 6b 7e 2b | natd_hash: hash= 4c 1e e5 d1 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 79 ef b8 a3 3a 99 63 fc 31 11 85 a6 cb 6b 7e 2b | Notify data 4c 1e e5 d1 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #24 connection "3des" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #24 connection "3des" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #24 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #24: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #24 to 4294967295 after switching state | Message ID: IKE #24 skipping update_recv as MD is fake | Message ID: sent #24 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "3des" #24: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #24) | d5 47 a6 34 3e 72 71 10 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 c0 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 83 67 02 08 fe fa 26 2c 21 11 36 f0 | 2f 38 e1 66 58 ea d1 f8 80 8f 29 67 35 b5 be 7e | 1e 14 db 3c 72 a2 9a 93 a6 d8 12 26 0a 01 f0 0a | fc 89 f9 92 a1 57 b8 49 50 10 35 57 ad a3 f5 07 | e8 5e 0e d4 11 57 2b 77 af 5d 62 7b 16 d6 f5 67 | 11 27 a6 38 fb f7 af 2d 2c 3d 97 19 9c 9f b4 99 | 75 1d c3 b8 a3 77 76 0c 9d 45 cb fb 78 28 5d 62 | c9 cc 73 3d 7e f6 bf a5 e7 e6 f7 6f 60 0f e2 9b | fe 9e 4a de ab 5b 70 1d 45 0b 80 c2 bd 1a 3d 93 | b7 b3 59 76 1e 46 64 19 e2 d8 8c 81 b5 3e fd 15 | db 5c 74 6e 89 2b 18 8e 01 a7 06 50 6a 73 6d 4f | 4c 8c c8 3f b8 e3 3f 07 bf 26 35 c2 30 b8 ae 1e | 3c bb 7a 48 97 eb 0f da 54 6e 0e 6d 9b e4 e9 d5 | ed e2 42 8c 7a 18 ed 02 22 a2 45 6a eb 73 a7 59 | d3 02 b4 c1 25 b7 e3 81 fc f7 7c 8e 58 62 41 f7 | 03 05 7e 37 f5 b8 25 3d 40 36 b4 80 61 b2 63 cf | d0 11 62 b6 29 00 00 24 06 da 58 94 9c d6 7f df | ec 95 b6 78 b6 81 1f f9 f3 92 aa 52 4b cb a4 f5 | a9 8f 6f 14 b4 08 94 5e 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 8c 48 39 67 6e a6 89 8c | 8d fc f9 8a c9 21 28 c7 21 05 51 f5 00 00 00 1c | 00 00 40 05 79 ef b8 a3 3a 99 63 fc 31 11 85 a6 | cb 6b 7e 2b 4c 1e e5 d1 | state #24 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f5cc800fd00 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564021e1b410 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x564021e1b410 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #24 | libevent_malloc: new ptr-libevent@0x7f5cc800fd00 size 128 | #24 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48962.915794 | resume sending helper answer for #24 suppresed complete_v2_state_transition() and stole MD | #24 spent 0.486 milliseconds in resume sending helper answer | stop processing: state #24 connection "3des" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5ccc0067e0 | spent 0.00202 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | d5 47 a6 34 3e 72 71 10 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | d5 47 a6 34 3e 72 71 10 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #24 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #24 connection "3des" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #24 connection "3des" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #24 is idle | #24 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #24 IKE SPIi and SPI[ir] | #24 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "3des" #24: STATE_PARENT_I1: received unauthenticated v2N_NO_PROPOSAL_CHOSEN - ignored | #24 spent 0.00407 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #24 connection "3des" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #24 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #24 connection "3des" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #24 spent 0.112 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.125 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0426 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in terminate_a_connection() at terminate.c:69) "3des": terminating SAs using this connection | connection '3des' -POLICY_UP | removing pending policy for no connection {0x7f5cc8002d20} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #24 | suspend processing: connection "3des" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #24 connection "3des" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #24 ikev2.ike deleted other | #24 spent 1.72 milliseconds in total | [RE]START processing: state #24 connection "3des" from 192.1.2.23:500 (in delete_state() at state.c:879) "3des" #24: deleting state (STATE_PARENT_I1) aged 0.067s and NOT sending notification | parent state #24: PARENT_I1(half-open IKE SA) => delete | state #24 requesting EVENT_RETRANSMIT to be deleted | #24 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x7f5cc800fd00 | free_event_entry: release EVENT_RETRANSMIT-pe@0x564021e1b410 | State DB: IKEv2 state not found (flush_incomplete_children) | stop processing: connection "3des" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection 3des | State DB: deleting IKEv2 state #24 in PARENT_I1 | parent state #24: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f5ccc000d60: destroyed | stop processing: state #24 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x564021e16c10 | flush revival: connection '3des' wasn't on the list | stop processing: connection "3des" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.233 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | ike-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0532 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_STATE_... in show_states_status (sort_states) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.261 milliseconds in whack | spent 0.00296 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 32 8c 0a 7b f8 de 47 71 2c 2f 54 a7 a1 72 6f 05 | 2e 20 25 00 00 00 00 00 00 00 00 4c 2a 00 00 30 | 32 d1 a1 27 64 41 0a c9 be 2e ec b2 38 f9 e2 43 | 49 fb 56 da dc 17 98 7f ba 97 d1 45 f5 f6 45 7c | 15 19 59 cb 62 ac ec f4 4e f4 a9 29 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 32 8c 0a 7b f8 de 47 71 | responder cookie: | 2c 2f 54 a7 a1 72 6f 05 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: none (0x0) | Message ID: 0 (0x0) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: INFORMATIONAL message request has no corresponding IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0672 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00172 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 82 4c a5 cc c5 8a 82 5d f8 1a 3c da 95 9b 7d 53 | 2e 20 25 00 00 00 00 00 00 00 00 4c 2a 00 00 30 | 78 cb 5f d1 6a 9b 25 42 08 c1 5a be eb f3 7e e0 | 9e cd ff 30 bd 62 ba 9e 8f f8 05 b5 30 9c 85 b2 | 5e 11 15 d5 56 3a 0c d6 0e 5f 05 9e | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 82 4c a5 cc c5 8a 82 5d | responder cookie: | f8 1a 3c da 95 9b 7d 53 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: none (0x0) | Message ID: 0 (0x0) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: INFORMATIONAL message request has no corresponding IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0652 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) shutting down | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) | pluto_sd: executing action action: stopping(6), status 0 | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' | crl fetch request list locked by 'free_crl_fetch' | crl fetch request list unlocked by 'free_crl_fetch' shutting down interface lo/lo 127.0.0.1:4500 shutting down interface lo/lo 127.0.0.1:500 shutting down interface eth0/eth0 192.0.1.254:4500 shutting down interface eth0/eth0 192.0.1.254:500 shutting down interface eth1/eth1 192.1.2.45:4500 shutting down interface eth1/eth1 192.1.2.45:500 | FOR_EACH_STATE_... in delete_states_dead_interfaces | libevent_free: release ptr-libevent@0x564021e14cc0 | free_event_entry: release EVENT_NULL-pe@0x564021e14c80 | libevent_free: release ptr-libevent@0x564021e14db0 | free_event_entry: release EVENT_NULL-pe@0x564021e14d70 | libevent_free: release ptr-libevent@0x564021e14ea0 | free_event_entry: release EVENT_NULL-pe@0x564021e14e60 | libevent_free: release ptr-libevent@0x564021e14f90 | free_event_entry: release EVENT_NULL-pe@0x564021e14f50 | libevent_free: release ptr-libevent@0x564021e15080 | free_event_entry: release EVENT_NULL-pe@0x564021e15040 | libevent_free: release ptr-libevent@0x564021e15170 | free_event_entry: release EVENT_NULL-pe@0x564021e15130 | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | libevent_free: release ptr-libevent@0x564021e145a0 | free_event_entry: release EVENT_NULL-pe@0x564021dfd260 | libevent_free: release ptr-libevent@0x564021e0a0f0 | free_event_entry: release EVENT_NULL-pe@0x564021df8360 | libevent_free: release ptr-libevent@0x564021e0a060 | free_event_entry: release EVENT_NULL-pe@0x564021dfd350 | global timer EVENT_REINIT_SECRET uninitialized | global timer EVENT_SHUNT_SCAN uninitialized | global timer EVENT_PENDING_DDNS uninitialized | global timer EVENT_PENDING_PHASE2 uninitialized | global timer EVENT_CHECK_CRLS uninitialized | global timer EVENT_REVIVE_CONNS uninitialized | global timer EVENT_FREE_ROOT_CERTS uninitialized | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized | global timer EVENT_NAT_T_KEEPALIVE uninitialized | libevent_free: release ptr-libevent@0x564021e14670 | signal event handler PLUTO_SIGCHLD uninstalled | libevent_free: release ptr-libevent@0x564021e14750 | signal event handler PLUTO_SIGTERM uninstalled | libevent_free: release ptr-libevent@0x564021e14810 | signal event handler PLUTO_SIGHUP uninstalled | libevent_free: release ptr-libevent@0x564021e09370 | signal event handler PLUTO_SIGSYS uninstalled | releasing event base | libevent_free: release ptr-libevent@0x564021e148d0 | libevent_free: release ptr-libevent@0x564021de9e30 | libevent_free: release ptr-libevent@0x564021df86a0 | libevent_free: release ptr-libevent@0x564021df8770 | libevent_free: release ptr-libevent@0x564021df86c0 | libevent_free: release ptr-libevent@0x564021e14630 | libevent_free: release ptr-libevent@0x564021e14710 | libevent_free: release ptr-libevent@0x564021df8750 | libevent_free: release ptr-libevent@0x564021df8980 | libevent_free: release ptr-libevent@0x564021dfd3e0 | libevent_free: release ptr-libevent@0x564021e15200 | libevent_free: release ptr-libevent@0x564021e15110 | libevent_free: release ptr-libevent@0x564021e15020 | libevent_free: release ptr-libevent@0x564021e14f30 | libevent_free: release ptr-libevent@0x564021e14e40 | libevent_free: release ptr-libevent@0x564021e14d50 | libevent_free: release ptr-libevent@0x564021d7a370 | libevent_free: release ptr-libevent@0x564021e147f0 | libevent_free: release ptr-libevent@0x564021e14730 | libevent_free: release ptr-libevent@0x564021e14650 | libevent_free: release ptr-libevent@0x564021e148b0 | libevent_free: release ptr-libevent@0x564021d785b0 | libevent_free: release ptr-libevent@0x564021df86e0 | libevent_free: release ptr-libevent@0x564021df8710 | libevent_free: release ptr-libevent@0x564021df8400 | releasing global libevent data | libevent_free: release ptr-libevent@0x564021df70f0 | libevent_free: release ptr-libevent@0x564021df83a0 | libevent_free: release ptr-libevent@0x564021df83d0